Malware Analysis Report

2025-01-06 21:38

Sample ID 240614-pc6htstfkl
Target be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe
SHA256 0a0f53caff64472261a827aff5a3637aaf445ad1f5344c97e7bb7f6927dbe2a1
Tags
miner upx xmrig execution
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0a0f53caff64472261a827aff5a3637aaf445ad1f5344c97e7bb7f6927dbe2a1

Threat Level: Known bad

The file be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx xmrig execution

Xmrig family

xmrig

XMRig Miner payload

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 12:12

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 12:12

Reported

2024-06-14 12:14

Platform

win7-20240611-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zdgNpuU.exe N/A
N/A N/A C:\Windows\System\nqliapA.exe N/A
N/A N/A C:\Windows\System\zxPXzuc.exe N/A
N/A N/A C:\Windows\System\IJoxyNf.exe N/A
N/A N/A C:\Windows\System\ElCFDnq.exe N/A
N/A N/A C:\Windows\System\dfPnvQP.exe N/A
N/A N/A C:\Windows\System\buKxklk.exe N/A
N/A N/A C:\Windows\System\ATKJEAo.exe N/A
N/A N/A C:\Windows\System\lTGwcnT.exe N/A
N/A N/A C:\Windows\System\RSBAcgT.exe N/A
N/A N/A C:\Windows\System\PIKyXSk.exe N/A
N/A N/A C:\Windows\System\efNPtSY.exe N/A
N/A N/A C:\Windows\System\VdDyzME.exe N/A
N/A N/A C:\Windows\System\zvsnAiP.exe N/A
N/A N/A C:\Windows\System\vsRqnqd.exe N/A
N/A N/A C:\Windows\System\eKDEugr.exe N/A
N/A N/A C:\Windows\System\yXevchP.exe N/A
N/A N/A C:\Windows\System\MTAUNhn.exe N/A
N/A N/A C:\Windows\System\PjUNGfl.exe N/A
N/A N/A C:\Windows\System\YCzcZNu.exe N/A
N/A N/A C:\Windows\System\xvICOgl.exe N/A
N/A N/A C:\Windows\System\LlRwEIm.exe N/A
N/A N/A C:\Windows\System\dRKeYyY.exe N/A
N/A N/A C:\Windows\System\EYztHeg.exe N/A
N/A N/A C:\Windows\System\WLGDBKO.exe N/A
N/A N/A C:\Windows\System\PPVEtaS.exe N/A
N/A N/A C:\Windows\System\hKugkgc.exe N/A
N/A N/A C:\Windows\System\dIZTIii.exe N/A
N/A N/A C:\Windows\System\CJdRuQq.exe N/A
N/A N/A C:\Windows\System\whHuwCd.exe N/A
N/A N/A C:\Windows\System\lBicuMK.exe N/A
N/A N/A C:\Windows\System\amghxrO.exe N/A
N/A N/A C:\Windows\System\tUhVWwn.exe N/A
N/A N/A C:\Windows\System\hJIeeQR.exe N/A
N/A N/A C:\Windows\System\KiBjViK.exe N/A
N/A N/A C:\Windows\System\ZdAZbMx.exe N/A
N/A N/A C:\Windows\System\ERSkeGK.exe N/A
N/A N/A C:\Windows\System\XSAZhdY.exe N/A
N/A N/A C:\Windows\System\rdQpNOK.exe N/A
N/A N/A C:\Windows\System\BuhsoYb.exe N/A
N/A N/A C:\Windows\System\lhmbUmu.exe N/A
N/A N/A C:\Windows\System\vYLJSsY.exe N/A
N/A N/A C:\Windows\System\IdXRwPZ.exe N/A
N/A N/A C:\Windows\System\FjOyrQs.exe N/A
N/A N/A C:\Windows\System\XfbVMCd.exe N/A
N/A N/A C:\Windows\System\QQwZFkh.exe N/A
N/A N/A C:\Windows\System\KDzNEqb.exe N/A
N/A N/A C:\Windows\System\pEHjJUu.exe N/A
N/A N/A C:\Windows\System\rOaHSNb.exe N/A
N/A N/A C:\Windows\System\Bhlhwuh.exe N/A
N/A N/A C:\Windows\System\cgNvFQd.exe N/A
N/A N/A C:\Windows\System\AoeZnGX.exe N/A
N/A N/A C:\Windows\System\VNLwhEL.exe N/A
N/A N/A C:\Windows\System\geNHsQi.exe N/A
N/A N/A C:\Windows\System\eHfGbpl.exe N/A
N/A N/A C:\Windows\System\qZaYAkn.exe N/A
N/A N/A C:\Windows\System\AfwymdI.exe N/A
N/A N/A C:\Windows\System\qdXuEmg.exe N/A
N/A N/A C:\Windows\System\FJXZHuV.exe N/A
N/A N/A C:\Windows\System\tsLCzSf.exe N/A
N/A N/A C:\Windows\System\vQBfPAp.exe N/A
N/A N/A C:\Windows\System\VysvRoS.exe N/A
N/A N/A C:\Windows\System\HCNNcDr.exe N/A
N/A N/A C:\Windows\System\mukAECu.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\GsDBneH.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwFVbXa.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KfoEffy.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\synhkSJ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MpULBEM.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqkLdMz.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVPiAZr.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFRRqZZ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OTmpBCM.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dWUsice.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dCEiQFO.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DCGXefQ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DYXSQlD.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbVbUER.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SsGweXr.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\slfpVNQ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bmTrYQD.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WQOoScW.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AgmWwfT.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHNlhkE.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qZZBNWc.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kcXOgJE.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ryXZVNW.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\freDMuU.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WIRgczw.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qwkyBpm.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IuVsSMx.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VTZvyRe.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ndOwobB.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kZrEREj.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pyxKKOo.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMymbdh.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmAvcgl.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zgoqPTf.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkxLLYL.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBjoBvx.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SWMRFCv.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NLDKXhH.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEmfxSM.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ewVxFRc.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PQtlwgU.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xTiqhEq.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOuIzHm.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Qudqidm.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdMnWBk.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NaNHpNv.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NNTaApp.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rEvEdRq.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ygutNTU.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gfhXsmG.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJBKMrh.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GGradhF.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJdyqqD.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjTuXpP.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RyORvtZ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YAznGtE.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iXufeLe.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jBkVeUC.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AQAIRAv.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFlvepH.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YkqNomL.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzAaPxN.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZvyZCzX.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CjFAwBP.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2460 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2460 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2460 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2460 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zdgNpuU.exe
PID 2460 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zdgNpuU.exe
PID 2460 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zdgNpuU.exe
PID 2460 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\nqliapA.exe
PID 2460 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\nqliapA.exe
PID 2460 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\nqliapA.exe
PID 2460 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zxPXzuc.exe
PID 2460 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zxPXzuc.exe
PID 2460 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zxPXzuc.exe
PID 2460 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IJoxyNf.exe
PID 2460 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IJoxyNf.exe
PID 2460 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IJoxyNf.exe
PID 2460 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ElCFDnq.exe
PID 2460 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ElCFDnq.exe
PID 2460 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ElCFDnq.exe
PID 2460 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\lTGwcnT.exe
PID 2460 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\lTGwcnT.exe
PID 2460 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\lTGwcnT.exe
PID 2460 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\dfPnvQP.exe
PID 2460 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\dfPnvQP.exe
PID 2460 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\dfPnvQP.exe
PID 2460 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\qZaYAkn.exe
PID 2460 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\qZaYAkn.exe
PID 2460 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\qZaYAkn.exe
PID 2460 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\buKxklk.exe
PID 2460 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\buKxklk.exe
PID 2460 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\buKxklk.exe
PID 2460 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\eHfGbpl.exe
PID 2460 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\eHfGbpl.exe
PID 2460 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\eHfGbpl.exe
PID 2460 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ATKJEAo.exe
PID 2460 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ATKJEAo.exe
PID 2460 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ATKJEAo.exe
PID 2460 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\OxgfCiM.exe
PID 2460 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\OxgfCiM.exe
PID 2460 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\OxgfCiM.exe
PID 2460 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\RSBAcgT.exe
PID 2460 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\RSBAcgT.exe
PID 2460 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\RSBAcgT.exe
PID 2460 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IybNbpu.exe
PID 2460 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IybNbpu.exe
PID 2460 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IybNbpu.exe
PID 2460 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PIKyXSk.exe
PID 2460 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PIKyXSk.exe
PID 2460 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PIKyXSk.exe
PID 2460 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\phaCPOQ.exe
PID 2460 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\phaCPOQ.exe
PID 2460 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\phaCPOQ.exe
PID 2460 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\efNPtSY.exe
PID 2460 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\efNPtSY.exe
PID 2460 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\efNPtSY.exe
PID 2460 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\aMlnHZc.exe
PID 2460 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\aMlnHZc.exe
PID 2460 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\aMlnHZc.exe
PID 2460 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\VdDyzME.exe
PID 2460 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\VdDyzME.exe
PID 2460 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\VdDyzME.exe
PID 2460 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ZLxMOGL.exe
PID 2460 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ZLxMOGL.exe
PID 2460 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ZLxMOGL.exe
PID 2460 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zvsnAiP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\zdgNpuU.exe

C:\Windows\System\zdgNpuU.exe

C:\Windows\System\nqliapA.exe

C:\Windows\System\nqliapA.exe

C:\Windows\System\zxPXzuc.exe

C:\Windows\System\zxPXzuc.exe

C:\Windows\System\IJoxyNf.exe

C:\Windows\System\IJoxyNf.exe

C:\Windows\System\ElCFDnq.exe

C:\Windows\System\ElCFDnq.exe

C:\Windows\System\lTGwcnT.exe

C:\Windows\System\lTGwcnT.exe

C:\Windows\System\dfPnvQP.exe

C:\Windows\System\dfPnvQP.exe

C:\Windows\System\qZaYAkn.exe

C:\Windows\System\qZaYAkn.exe

C:\Windows\System\buKxklk.exe

C:\Windows\System\buKxklk.exe

C:\Windows\System\eHfGbpl.exe

C:\Windows\System\eHfGbpl.exe

C:\Windows\System\ATKJEAo.exe

C:\Windows\System\ATKJEAo.exe

C:\Windows\System\OxgfCiM.exe

C:\Windows\System\OxgfCiM.exe

C:\Windows\System\RSBAcgT.exe

C:\Windows\System\RSBAcgT.exe

C:\Windows\System\IybNbpu.exe

C:\Windows\System\IybNbpu.exe

C:\Windows\System\PIKyXSk.exe

C:\Windows\System\PIKyXSk.exe

C:\Windows\System\phaCPOQ.exe

C:\Windows\System\phaCPOQ.exe

C:\Windows\System\efNPtSY.exe

C:\Windows\System\efNPtSY.exe

C:\Windows\System\aMlnHZc.exe

C:\Windows\System\aMlnHZc.exe

C:\Windows\System\VdDyzME.exe

C:\Windows\System\VdDyzME.exe

C:\Windows\System\ZLxMOGL.exe

C:\Windows\System\ZLxMOGL.exe

C:\Windows\System\zvsnAiP.exe

C:\Windows\System\zvsnAiP.exe

C:\Windows\System\WPKdoyW.exe

C:\Windows\System\WPKdoyW.exe

C:\Windows\System\vsRqnqd.exe

C:\Windows\System\vsRqnqd.exe

C:\Windows\System\JMgFrXf.exe

C:\Windows\System\JMgFrXf.exe

C:\Windows\System\eKDEugr.exe

C:\Windows\System\eKDEugr.exe

C:\Windows\System\lYftCpJ.exe

C:\Windows\System\lYftCpJ.exe

C:\Windows\System\yXevchP.exe

C:\Windows\System\yXevchP.exe

C:\Windows\System\PEHcyLv.exe

C:\Windows\System\PEHcyLv.exe

C:\Windows\System\MTAUNhn.exe

C:\Windows\System\MTAUNhn.exe

C:\Windows\System\PnMTOlS.exe

C:\Windows\System\PnMTOlS.exe

C:\Windows\System\PjUNGfl.exe

C:\Windows\System\PjUNGfl.exe

C:\Windows\System\ExIIutc.exe

C:\Windows\System\ExIIutc.exe

C:\Windows\System\YCzcZNu.exe

C:\Windows\System\YCzcZNu.exe

C:\Windows\System\YdDnokB.exe

C:\Windows\System\YdDnokB.exe

C:\Windows\System\xvICOgl.exe

C:\Windows\System\xvICOgl.exe

C:\Windows\System\WlxFsuk.exe

C:\Windows\System\WlxFsuk.exe

C:\Windows\System\LlRwEIm.exe

C:\Windows\System\LlRwEIm.exe

C:\Windows\System\BncgNky.exe

C:\Windows\System\BncgNky.exe

C:\Windows\System\dRKeYyY.exe

C:\Windows\System\dRKeYyY.exe

C:\Windows\System\ZiGdAJb.exe

C:\Windows\System\ZiGdAJb.exe

C:\Windows\System\EYztHeg.exe

C:\Windows\System\EYztHeg.exe

C:\Windows\System\JYPRrAF.exe

C:\Windows\System\JYPRrAF.exe

C:\Windows\System\WLGDBKO.exe

C:\Windows\System\WLGDBKO.exe

C:\Windows\System\WKYagJz.exe

C:\Windows\System\WKYagJz.exe

C:\Windows\System\PPVEtaS.exe

C:\Windows\System\PPVEtaS.exe

C:\Windows\System\XpMLRNH.exe

C:\Windows\System\XpMLRNH.exe

C:\Windows\System\hKugkgc.exe

C:\Windows\System\hKugkgc.exe

C:\Windows\System\BFiraZZ.exe

C:\Windows\System\BFiraZZ.exe

C:\Windows\System\dIZTIii.exe

C:\Windows\System\dIZTIii.exe

C:\Windows\System\dwPHIdk.exe

C:\Windows\System\dwPHIdk.exe

C:\Windows\System\CJdRuQq.exe

C:\Windows\System\CJdRuQq.exe

C:\Windows\System\lAkibZZ.exe

C:\Windows\System\lAkibZZ.exe

C:\Windows\System\whHuwCd.exe

C:\Windows\System\whHuwCd.exe

C:\Windows\System\YzRVXUS.exe

C:\Windows\System\YzRVXUS.exe

C:\Windows\System\lBicuMK.exe

C:\Windows\System\lBicuMK.exe

C:\Windows\System\eKIJriX.exe

C:\Windows\System\eKIJriX.exe

C:\Windows\System\amghxrO.exe

C:\Windows\System\amghxrO.exe

C:\Windows\System\xCqXAyz.exe

C:\Windows\System\xCqXAyz.exe

C:\Windows\System\tUhVWwn.exe

C:\Windows\System\tUhVWwn.exe

C:\Windows\System\DzHvdQC.exe

C:\Windows\System\DzHvdQC.exe

C:\Windows\System\hJIeeQR.exe

C:\Windows\System\hJIeeQR.exe

C:\Windows\System\QFmMDZw.exe

C:\Windows\System\QFmMDZw.exe

C:\Windows\System\KiBjViK.exe

C:\Windows\System\KiBjViK.exe

C:\Windows\System\nLQVYWg.exe

C:\Windows\System\nLQVYWg.exe

C:\Windows\System\ZdAZbMx.exe

C:\Windows\System\ZdAZbMx.exe

C:\Windows\System\GzLuSPe.exe

C:\Windows\System\GzLuSPe.exe

C:\Windows\System\ERSkeGK.exe

C:\Windows\System\ERSkeGK.exe

C:\Windows\System\MfCjAOm.exe

C:\Windows\System\MfCjAOm.exe

C:\Windows\System\XSAZhdY.exe

C:\Windows\System\XSAZhdY.exe

C:\Windows\System\ZpitQIf.exe

C:\Windows\System\ZpitQIf.exe

C:\Windows\System\rdQpNOK.exe

C:\Windows\System\rdQpNOK.exe

C:\Windows\System\XQyuTcl.exe

C:\Windows\System\XQyuTcl.exe

C:\Windows\System\BuhsoYb.exe

C:\Windows\System\BuhsoYb.exe

C:\Windows\System\GJaDBsj.exe

C:\Windows\System\GJaDBsj.exe

C:\Windows\System\lhmbUmu.exe

C:\Windows\System\lhmbUmu.exe

C:\Windows\System\NVYFgSc.exe

C:\Windows\System\NVYFgSc.exe

C:\Windows\System\vYLJSsY.exe

C:\Windows\System\vYLJSsY.exe

C:\Windows\System\CwQcTSr.exe

C:\Windows\System\CwQcTSr.exe

C:\Windows\System\IdXRwPZ.exe

C:\Windows\System\IdXRwPZ.exe

C:\Windows\System\tipUmwI.exe

C:\Windows\System\tipUmwI.exe

C:\Windows\System\FjOyrQs.exe

C:\Windows\System\FjOyrQs.exe

C:\Windows\System\jRuTsfD.exe

C:\Windows\System\jRuTsfD.exe

C:\Windows\System\XfbVMCd.exe

C:\Windows\System\XfbVMCd.exe

C:\Windows\System\PvCAEmv.exe

C:\Windows\System\PvCAEmv.exe

C:\Windows\System\QQwZFkh.exe

C:\Windows\System\QQwZFkh.exe

C:\Windows\System\qFyleUB.exe

C:\Windows\System\qFyleUB.exe

C:\Windows\System\KDzNEqb.exe

C:\Windows\System\KDzNEqb.exe

C:\Windows\System\VMnbrwe.exe

C:\Windows\System\VMnbrwe.exe

C:\Windows\System\pEHjJUu.exe

C:\Windows\System\pEHjJUu.exe

C:\Windows\System\hDyeSKF.exe

C:\Windows\System\hDyeSKF.exe

C:\Windows\System\rOaHSNb.exe

C:\Windows\System\rOaHSNb.exe

C:\Windows\System\HhIGjZz.exe

C:\Windows\System\HhIGjZz.exe

C:\Windows\System\Bhlhwuh.exe

C:\Windows\System\Bhlhwuh.exe

C:\Windows\System\XKOmGkS.exe

C:\Windows\System\XKOmGkS.exe

C:\Windows\System\cgNvFQd.exe

C:\Windows\System\cgNvFQd.exe

C:\Windows\System\SclQJmD.exe

C:\Windows\System\SclQJmD.exe

C:\Windows\System\AoeZnGX.exe

C:\Windows\System\AoeZnGX.exe

C:\Windows\System\ucYwomP.exe

C:\Windows\System\ucYwomP.exe

C:\Windows\System\VNLwhEL.exe

C:\Windows\System\VNLwhEL.exe

C:\Windows\System\goakxyC.exe

C:\Windows\System\goakxyC.exe

C:\Windows\System\geNHsQi.exe

C:\Windows\System\geNHsQi.exe

C:\Windows\System\jHrpIQu.exe

C:\Windows\System\jHrpIQu.exe

C:\Windows\System\AfwymdI.exe

C:\Windows\System\AfwymdI.exe

C:\Windows\System\KwxXTdZ.exe

C:\Windows\System\KwxXTdZ.exe

C:\Windows\System\qdXuEmg.exe

C:\Windows\System\qdXuEmg.exe

C:\Windows\System\WKktsJG.exe

C:\Windows\System\WKktsJG.exe

C:\Windows\System\FJXZHuV.exe

C:\Windows\System\FJXZHuV.exe

C:\Windows\System\KtlCzdx.exe

C:\Windows\System\KtlCzdx.exe

C:\Windows\System\tsLCzSf.exe

C:\Windows\System\tsLCzSf.exe

C:\Windows\System\BXJEPjV.exe

C:\Windows\System\BXJEPjV.exe

C:\Windows\System\vQBfPAp.exe

C:\Windows\System\vQBfPAp.exe

C:\Windows\System\jLOEbYH.exe

C:\Windows\System\jLOEbYH.exe

C:\Windows\System\VysvRoS.exe

C:\Windows\System\VysvRoS.exe

C:\Windows\System\hzwcBso.exe

C:\Windows\System\hzwcBso.exe

C:\Windows\System\HCNNcDr.exe

C:\Windows\System\HCNNcDr.exe

C:\Windows\System\JqQhMAR.exe

C:\Windows\System\JqQhMAR.exe

C:\Windows\System\mukAECu.exe

C:\Windows\System\mukAECu.exe

C:\Windows\System\ZYUShEs.exe

C:\Windows\System\ZYUShEs.exe

C:\Windows\System\gQRVhIG.exe

C:\Windows\System\gQRVhIG.exe

C:\Windows\System\GdXnrbm.exe

C:\Windows\System\GdXnrbm.exe

C:\Windows\System\NzYrtoP.exe

C:\Windows\System\NzYrtoP.exe

C:\Windows\System\JumsWAa.exe

C:\Windows\System\JumsWAa.exe

C:\Windows\System\DsewzPh.exe

C:\Windows\System\DsewzPh.exe

C:\Windows\System\fbNvwyz.exe

C:\Windows\System\fbNvwyz.exe

C:\Windows\System\tvFYhpI.exe

C:\Windows\System\tvFYhpI.exe

C:\Windows\System\wwJdsJa.exe

C:\Windows\System\wwJdsJa.exe

C:\Windows\System\spxFHOS.exe

C:\Windows\System\spxFHOS.exe

C:\Windows\System\GsqxJxy.exe

C:\Windows\System\GsqxJxy.exe

C:\Windows\System\PRCGscO.exe

C:\Windows\System\PRCGscO.exe

C:\Windows\System\DRwpmUB.exe

C:\Windows\System\DRwpmUB.exe

C:\Windows\System\rRFnENw.exe

C:\Windows\System\rRFnENw.exe

C:\Windows\System\IYSqTll.exe

C:\Windows\System\IYSqTll.exe

C:\Windows\System\ZpGvSHf.exe

C:\Windows\System\ZpGvSHf.exe

C:\Windows\System\sQPPynH.exe

C:\Windows\System\sQPPynH.exe

C:\Windows\System\uDrscGP.exe

C:\Windows\System\uDrscGP.exe

C:\Windows\System\PyZOehD.exe

C:\Windows\System\PyZOehD.exe

C:\Windows\System\bHlrWRV.exe

C:\Windows\System\bHlrWRV.exe

C:\Windows\System\MYdWTHm.exe

C:\Windows\System\MYdWTHm.exe

C:\Windows\System\VwZJhck.exe

C:\Windows\System\VwZJhck.exe

C:\Windows\System\McZsgbn.exe

C:\Windows\System\McZsgbn.exe

C:\Windows\System\ggkVocO.exe

C:\Windows\System\ggkVocO.exe

C:\Windows\System\tKCnJJu.exe

C:\Windows\System\tKCnJJu.exe

C:\Windows\System\kpxwyaF.exe

C:\Windows\System\kpxwyaF.exe

C:\Windows\System\jASoFFE.exe

C:\Windows\System\jASoFFE.exe

C:\Windows\System\zyEjatA.exe

C:\Windows\System\zyEjatA.exe

C:\Windows\System\vPtJFmf.exe

C:\Windows\System\vPtJFmf.exe

C:\Windows\System\eCGKNdv.exe

C:\Windows\System\eCGKNdv.exe

C:\Windows\System\tejbEHu.exe

C:\Windows\System\tejbEHu.exe

C:\Windows\System\rdXCDWk.exe

C:\Windows\System\rdXCDWk.exe

C:\Windows\System\aHwOPPM.exe

C:\Windows\System\aHwOPPM.exe

C:\Windows\System\uuLwDvs.exe

C:\Windows\System\uuLwDvs.exe

C:\Windows\System\wKpKriK.exe

C:\Windows\System\wKpKriK.exe

C:\Windows\System\IVcbeiM.exe

C:\Windows\System\IVcbeiM.exe

C:\Windows\System\unouOqG.exe

C:\Windows\System\unouOqG.exe

C:\Windows\System\iHZZspI.exe

C:\Windows\System\iHZZspI.exe

C:\Windows\System\IRikzne.exe

C:\Windows\System\IRikzne.exe

C:\Windows\System\BFwwoqx.exe

C:\Windows\System\BFwwoqx.exe

C:\Windows\System\CJphjkm.exe

C:\Windows\System\CJphjkm.exe

C:\Windows\System\QREJqfR.exe

C:\Windows\System\QREJqfR.exe

C:\Windows\System\qyoXcjs.exe

C:\Windows\System\qyoXcjs.exe

C:\Windows\System\lpmOPdz.exe

C:\Windows\System\lpmOPdz.exe

C:\Windows\System\ilBYIvL.exe

C:\Windows\System\ilBYIvL.exe

C:\Windows\System\zpFVrPa.exe

C:\Windows\System\zpFVrPa.exe

C:\Windows\System\jXMXbwJ.exe

C:\Windows\System\jXMXbwJ.exe

C:\Windows\System\eloxMEc.exe

C:\Windows\System\eloxMEc.exe

C:\Windows\System\hfrHSpJ.exe

C:\Windows\System\hfrHSpJ.exe

C:\Windows\System\HdzQzST.exe

C:\Windows\System\HdzQzST.exe

C:\Windows\System\txIRaCE.exe

C:\Windows\System\txIRaCE.exe

C:\Windows\System\whzIDso.exe

C:\Windows\System\whzIDso.exe

C:\Windows\System\BmgnIdQ.exe

C:\Windows\System\BmgnIdQ.exe

C:\Windows\System\WVweleC.exe

C:\Windows\System\WVweleC.exe

C:\Windows\System\llaHwMl.exe

C:\Windows\System\llaHwMl.exe

C:\Windows\System\FfwGOxe.exe

C:\Windows\System\FfwGOxe.exe

C:\Windows\System\IFMxiKb.exe

C:\Windows\System\IFMxiKb.exe

C:\Windows\System\KDuqluN.exe

C:\Windows\System\KDuqluN.exe

C:\Windows\System\yJZsITa.exe

C:\Windows\System\yJZsITa.exe

C:\Windows\System\yXJLbbt.exe

C:\Windows\System\yXJLbbt.exe

C:\Windows\System\oZbfuql.exe

C:\Windows\System\oZbfuql.exe

C:\Windows\System\KroLxpF.exe

C:\Windows\System\KroLxpF.exe

C:\Windows\System\dLUKwwv.exe

C:\Windows\System\dLUKwwv.exe

C:\Windows\System\WBZovqY.exe

C:\Windows\System\WBZovqY.exe

C:\Windows\System\fzkTpuT.exe

C:\Windows\System\fzkTpuT.exe

C:\Windows\System\YTlypWN.exe

C:\Windows\System\YTlypWN.exe

C:\Windows\System\wKYYLcC.exe

C:\Windows\System\wKYYLcC.exe

C:\Windows\System\gMGNEbm.exe

C:\Windows\System\gMGNEbm.exe

C:\Windows\System\MDGbRnK.exe

C:\Windows\System\MDGbRnK.exe

C:\Windows\System\EVOeXos.exe

C:\Windows\System\EVOeXos.exe

C:\Windows\System\IPkUsmQ.exe

C:\Windows\System\IPkUsmQ.exe

C:\Windows\System\UikYchM.exe

C:\Windows\System\UikYchM.exe

C:\Windows\System\DzdrfZz.exe

C:\Windows\System\DzdrfZz.exe

C:\Windows\System\fHmrvIN.exe

C:\Windows\System\fHmrvIN.exe

C:\Windows\System\jinvSYV.exe

C:\Windows\System\jinvSYV.exe

C:\Windows\System\OANMrha.exe

C:\Windows\System\OANMrha.exe

C:\Windows\System\eVoOCNZ.exe

C:\Windows\System\eVoOCNZ.exe

C:\Windows\System\JwedDEw.exe

C:\Windows\System\JwedDEw.exe

C:\Windows\System\chiJFWu.exe

C:\Windows\System\chiJFWu.exe

C:\Windows\System\odCgoQI.exe

C:\Windows\System\odCgoQI.exe

C:\Windows\System\QJGVbva.exe

C:\Windows\System\QJGVbva.exe

C:\Windows\System\ZxaQeUr.exe

C:\Windows\System\ZxaQeUr.exe

C:\Windows\System\epfNlIv.exe

C:\Windows\System\epfNlIv.exe

C:\Windows\System\ZDdwinW.exe

C:\Windows\System\ZDdwinW.exe

C:\Windows\System\gxmwaJq.exe

C:\Windows\System\gxmwaJq.exe

C:\Windows\System\fpvZhmw.exe

C:\Windows\System\fpvZhmw.exe

C:\Windows\System\krDLSGt.exe

C:\Windows\System\krDLSGt.exe

C:\Windows\System\PdBLvfR.exe

C:\Windows\System\PdBLvfR.exe

C:\Windows\System\bXGiFxx.exe

C:\Windows\System\bXGiFxx.exe

C:\Windows\System\ViNcDmZ.exe

C:\Windows\System\ViNcDmZ.exe

C:\Windows\System\UvTDQVO.exe

C:\Windows\System\UvTDQVO.exe

C:\Windows\System\pdvQYHr.exe

C:\Windows\System\pdvQYHr.exe

C:\Windows\System\pAAeeUw.exe

C:\Windows\System\pAAeeUw.exe

C:\Windows\System\gvNRrqy.exe

C:\Windows\System\gvNRrqy.exe

C:\Windows\System\fNagWeU.exe

C:\Windows\System\fNagWeU.exe

C:\Windows\System\gtOeFjx.exe

C:\Windows\System\gtOeFjx.exe

C:\Windows\System\qRWEuTV.exe

C:\Windows\System\qRWEuTV.exe

C:\Windows\System\mEwcRec.exe

C:\Windows\System\mEwcRec.exe

C:\Windows\System\ZZeNXCD.exe

C:\Windows\System\ZZeNXCD.exe

C:\Windows\System\byabeWt.exe

C:\Windows\System\byabeWt.exe

C:\Windows\System\GxBVDTN.exe

C:\Windows\System\GxBVDTN.exe

C:\Windows\System\MReyjUy.exe

C:\Windows\System\MReyjUy.exe

C:\Windows\System\kNeoUUQ.exe

C:\Windows\System\kNeoUUQ.exe

C:\Windows\System\ujvmDuF.exe

C:\Windows\System\ujvmDuF.exe

C:\Windows\System\KPOFHtp.exe

C:\Windows\System\KPOFHtp.exe

C:\Windows\System\xBAQqcD.exe

C:\Windows\System\xBAQqcD.exe

C:\Windows\System\UBjITHu.exe

C:\Windows\System\UBjITHu.exe

C:\Windows\System\BukQVNf.exe

C:\Windows\System\BukQVNf.exe

C:\Windows\System\EIZKcUb.exe

C:\Windows\System\EIZKcUb.exe

C:\Windows\System\oGmAyRa.exe

C:\Windows\System\oGmAyRa.exe

C:\Windows\System\pqsqAfa.exe

C:\Windows\System\pqsqAfa.exe

C:\Windows\System\nayFjDn.exe

C:\Windows\System\nayFjDn.exe

C:\Windows\System\regWxEQ.exe

C:\Windows\System\regWxEQ.exe

C:\Windows\System\WGQVCst.exe

C:\Windows\System\WGQVCst.exe

C:\Windows\System\iHmVaxE.exe

C:\Windows\System\iHmVaxE.exe

C:\Windows\System\WIMuczH.exe

C:\Windows\System\WIMuczH.exe

C:\Windows\System\msrccWG.exe

C:\Windows\System\msrccWG.exe

C:\Windows\System\RvTNYhl.exe

C:\Windows\System\RvTNYhl.exe

C:\Windows\System\JshUMcR.exe

C:\Windows\System\JshUMcR.exe

C:\Windows\System\nbjioMB.exe

C:\Windows\System\nbjioMB.exe

C:\Windows\System\HuYrLLX.exe

C:\Windows\System\HuYrLLX.exe

C:\Windows\System\FRIOFxh.exe

C:\Windows\System\FRIOFxh.exe

C:\Windows\System\MmkaVBL.exe

C:\Windows\System\MmkaVBL.exe

C:\Windows\System\uAbVIEU.exe

C:\Windows\System\uAbVIEU.exe

C:\Windows\System\lgNBbge.exe

C:\Windows\System\lgNBbge.exe

C:\Windows\System\HPRsPaF.exe

C:\Windows\System\HPRsPaF.exe

C:\Windows\System\WzOKpSl.exe

C:\Windows\System\WzOKpSl.exe

C:\Windows\System\ERJvvNj.exe

C:\Windows\System\ERJvvNj.exe

C:\Windows\System\JjFFHOQ.exe

C:\Windows\System\JjFFHOQ.exe

C:\Windows\System\kSjsXKW.exe

C:\Windows\System\kSjsXKW.exe

C:\Windows\System\zsNIXZc.exe

C:\Windows\System\zsNIXZc.exe

C:\Windows\System\kFMbgAA.exe

C:\Windows\System\kFMbgAA.exe

C:\Windows\System\NyUwbdv.exe

C:\Windows\System\NyUwbdv.exe

C:\Windows\System\CAeCfGI.exe

C:\Windows\System\CAeCfGI.exe

C:\Windows\System\oLsmLjH.exe

C:\Windows\System\oLsmLjH.exe

C:\Windows\System\oOTjgZl.exe

C:\Windows\System\oOTjgZl.exe

C:\Windows\System\bheRgIz.exe

C:\Windows\System\bheRgIz.exe

C:\Windows\System\SFILGQv.exe

C:\Windows\System\SFILGQv.exe

C:\Windows\System\CqjEHye.exe

C:\Windows\System\CqjEHye.exe

C:\Windows\System\IPRbsMi.exe

C:\Windows\System\IPRbsMi.exe

C:\Windows\System\zqLFzqC.exe

C:\Windows\System\zqLFzqC.exe

C:\Windows\System\gwXmpzV.exe

C:\Windows\System\gwXmpzV.exe

C:\Windows\System\oisFFMj.exe

C:\Windows\System\oisFFMj.exe

C:\Windows\System\OaOYONN.exe

C:\Windows\System\OaOYONN.exe

C:\Windows\System\sfZchBU.exe

C:\Windows\System\sfZchBU.exe

C:\Windows\System\YSLsSmD.exe

C:\Windows\System\YSLsSmD.exe

C:\Windows\System\uSMKUMc.exe

C:\Windows\System\uSMKUMc.exe

C:\Windows\System\XqncMHa.exe

C:\Windows\System\XqncMHa.exe

C:\Windows\System\nzmMYnM.exe

C:\Windows\System\nzmMYnM.exe

C:\Windows\System\rroslDR.exe

C:\Windows\System\rroslDR.exe

C:\Windows\System\zeufSHm.exe

C:\Windows\System\zeufSHm.exe

C:\Windows\System\QtYjhxy.exe

C:\Windows\System\QtYjhxy.exe

C:\Windows\System\Koankvj.exe

C:\Windows\System\Koankvj.exe

C:\Windows\System\GepVuws.exe

C:\Windows\System\GepVuws.exe

C:\Windows\System\zMfBXqx.exe

C:\Windows\System\zMfBXqx.exe

C:\Windows\System\IojhXyN.exe

C:\Windows\System\IojhXyN.exe

C:\Windows\System\lBytrKD.exe

C:\Windows\System\lBytrKD.exe

C:\Windows\System\QVaEZQG.exe

C:\Windows\System\QVaEZQG.exe

C:\Windows\System\ZzjJvHG.exe

C:\Windows\System\ZzjJvHG.exe

C:\Windows\System\DiPomgL.exe

C:\Windows\System\DiPomgL.exe

C:\Windows\System\eOaGruG.exe

C:\Windows\System\eOaGruG.exe

C:\Windows\System\KvKckiQ.exe

C:\Windows\System\KvKckiQ.exe

C:\Windows\System\jqOyHnd.exe

C:\Windows\System\jqOyHnd.exe

C:\Windows\System\CShUAMB.exe

C:\Windows\System\CShUAMB.exe

C:\Windows\System\kpFyLmJ.exe

C:\Windows\System\kpFyLmJ.exe

C:\Windows\System\PVsFlYd.exe

C:\Windows\System\PVsFlYd.exe

C:\Windows\System\dtCggSJ.exe

C:\Windows\System\dtCggSJ.exe

C:\Windows\System\SnpuPuz.exe

C:\Windows\System\SnpuPuz.exe

C:\Windows\System\aBouCpG.exe

C:\Windows\System\aBouCpG.exe

C:\Windows\System\ypxcHmJ.exe

C:\Windows\System\ypxcHmJ.exe

C:\Windows\System\UthNWUF.exe

C:\Windows\System\UthNWUF.exe

C:\Windows\System\uTOXlzS.exe

C:\Windows\System\uTOXlzS.exe

C:\Windows\System\EkHzltV.exe

C:\Windows\System\EkHzltV.exe

C:\Windows\System\WRGWNEc.exe

C:\Windows\System\WRGWNEc.exe

C:\Windows\System\zcQzbUS.exe

C:\Windows\System\zcQzbUS.exe

C:\Windows\System\BxrQjaf.exe

C:\Windows\System\BxrQjaf.exe

C:\Windows\System\BOeJvRB.exe

C:\Windows\System\BOeJvRB.exe

C:\Windows\System\NbNYbga.exe

C:\Windows\System\NbNYbga.exe

C:\Windows\System\pWLsFtC.exe

C:\Windows\System\pWLsFtC.exe

C:\Windows\System\FkHpfgh.exe

C:\Windows\System\FkHpfgh.exe

C:\Windows\System\ybZElee.exe

C:\Windows\System\ybZElee.exe

C:\Windows\System\mmeDOkA.exe

C:\Windows\System\mmeDOkA.exe

C:\Windows\System\IWNOdNg.exe

C:\Windows\System\IWNOdNg.exe

C:\Windows\System\PFyYHvq.exe

C:\Windows\System\PFyYHvq.exe

C:\Windows\System\GXpCPGb.exe

C:\Windows\System\GXpCPGb.exe

C:\Windows\System\cfIvjRr.exe

C:\Windows\System\cfIvjRr.exe

C:\Windows\System\YkRjeno.exe

C:\Windows\System\YkRjeno.exe

C:\Windows\System\fBqaSil.exe

C:\Windows\System\fBqaSil.exe

C:\Windows\System\ckbitJp.exe

C:\Windows\System\ckbitJp.exe

C:\Windows\System\uAOoIsq.exe

C:\Windows\System\uAOoIsq.exe

C:\Windows\System\aAFooJm.exe

C:\Windows\System\aAFooJm.exe

C:\Windows\System\oXEhDoT.exe

C:\Windows\System\oXEhDoT.exe

C:\Windows\System\kiYbzTg.exe

C:\Windows\System\kiYbzTg.exe

C:\Windows\System\ZvhrTPH.exe

C:\Windows\System\ZvhrTPH.exe

C:\Windows\System\tQlujdz.exe

C:\Windows\System\tQlujdz.exe

C:\Windows\System\XdsybKy.exe

C:\Windows\System\XdsybKy.exe

C:\Windows\System\cjepmnt.exe

C:\Windows\System\cjepmnt.exe

C:\Windows\System\jRoscve.exe

C:\Windows\System\jRoscve.exe

C:\Windows\System\RXxwYWq.exe

C:\Windows\System\RXxwYWq.exe

C:\Windows\System\rVktQNr.exe

C:\Windows\System\rVktQNr.exe

C:\Windows\System\nHkfDAP.exe

C:\Windows\System\nHkfDAP.exe

C:\Windows\System\VnQPadM.exe

C:\Windows\System\VnQPadM.exe

C:\Windows\System\jfTHcgj.exe

C:\Windows\System\jfTHcgj.exe

C:\Windows\System\zxaiUhc.exe

C:\Windows\System\zxaiUhc.exe

C:\Windows\System\bxFwTfo.exe

C:\Windows\System\bxFwTfo.exe

C:\Windows\System\mFbdwVX.exe

C:\Windows\System\mFbdwVX.exe

C:\Windows\System\ROfiuwX.exe

C:\Windows\System\ROfiuwX.exe

C:\Windows\System\mxZGwyk.exe

C:\Windows\System\mxZGwyk.exe

C:\Windows\System\csqYyoZ.exe

C:\Windows\System\csqYyoZ.exe

C:\Windows\System\TzVVkXy.exe

C:\Windows\System\TzVVkXy.exe

C:\Windows\System\swFSsTK.exe

C:\Windows\System\swFSsTK.exe

C:\Windows\System\OpOaAdu.exe

C:\Windows\System\OpOaAdu.exe

C:\Windows\System\vDKvrVK.exe

C:\Windows\System\vDKvrVK.exe

C:\Windows\System\VfJBiki.exe

C:\Windows\System\VfJBiki.exe

C:\Windows\System\PYKHYxv.exe

C:\Windows\System\PYKHYxv.exe

C:\Windows\System\MtOPoYb.exe

C:\Windows\System\MtOPoYb.exe

C:\Windows\System\VlcwtGt.exe

C:\Windows\System\VlcwtGt.exe

C:\Windows\System\DRvyLAK.exe

C:\Windows\System\DRvyLAK.exe

C:\Windows\System\gzKNeiN.exe

C:\Windows\System\gzKNeiN.exe

C:\Windows\System\XORMZPK.exe

C:\Windows\System\XORMZPK.exe

C:\Windows\System\nFrrQjq.exe

C:\Windows\System\nFrrQjq.exe

C:\Windows\System\TVSweFH.exe

C:\Windows\System\TVSweFH.exe

C:\Windows\System\wVgXpxz.exe

C:\Windows\System\wVgXpxz.exe

C:\Windows\System\McwdwUx.exe

C:\Windows\System\McwdwUx.exe

C:\Windows\System\uXHweJi.exe

C:\Windows\System\uXHweJi.exe

C:\Windows\System\zwNptsm.exe

C:\Windows\System\zwNptsm.exe

C:\Windows\System\QhdiwHB.exe

C:\Windows\System\QhdiwHB.exe

C:\Windows\System\WGtirzc.exe

C:\Windows\System\WGtirzc.exe

C:\Windows\System\QSgVMqa.exe

C:\Windows\System\QSgVMqa.exe

C:\Windows\System\xaYXMqZ.exe

C:\Windows\System\xaYXMqZ.exe

C:\Windows\System\xQcgmKS.exe

C:\Windows\System\xQcgmKS.exe

C:\Windows\System\oALhvBB.exe

C:\Windows\System\oALhvBB.exe

C:\Windows\System\qSiryNr.exe

C:\Windows\System\qSiryNr.exe

C:\Windows\System\ncHgPGZ.exe

C:\Windows\System\ncHgPGZ.exe

C:\Windows\System\fXqLhfR.exe

C:\Windows\System\fXqLhfR.exe

C:\Windows\System\vfeTcTA.exe

C:\Windows\System\vfeTcTA.exe

C:\Windows\System\XONLtZM.exe

C:\Windows\System\XONLtZM.exe

C:\Windows\System\rdpDbOy.exe

C:\Windows\System\rdpDbOy.exe

C:\Windows\System\CKKHQnB.exe

C:\Windows\System\CKKHQnB.exe

C:\Windows\System\uZXGDEg.exe

C:\Windows\System\uZXGDEg.exe

C:\Windows\System\LglJzzW.exe

C:\Windows\System\LglJzzW.exe

C:\Windows\System\AMLjetW.exe

C:\Windows\System\AMLjetW.exe

C:\Windows\System\PLXhFQU.exe

C:\Windows\System\PLXhFQU.exe

C:\Windows\System\PfWlMOS.exe

C:\Windows\System\PfWlMOS.exe

C:\Windows\System\bsGWCxo.exe

C:\Windows\System\bsGWCxo.exe

C:\Windows\System\tnsoprE.exe

C:\Windows\System\tnsoprE.exe

C:\Windows\System\MUiJckq.exe

C:\Windows\System\MUiJckq.exe

C:\Windows\System\KNgYWZs.exe

C:\Windows\System\KNgYWZs.exe

C:\Windows\System\RfvVdqJ.exe

C:\Windows\System\RfvVdqJ.exe

C:\Windows\System\LAwdTYY.exe

C:\Windows\System\LAwdTYY.exe

C:\Windows\System\aDiaLti.exe

C:\Windows\System\aDiaLti.exe

C:\Windows\System\oZqVLKe.exe

C:\Windows\System\oZqVLKe.exe

C:\Windows\System\FjEtOTJ.exe

C:\Windows\System\FjEtOTJ.exe

C:\Windows\System\HTeOKIn.exe

C:\Windows\System\HTeOKIn.exe

C:\Windows\System\afQeqGf.exe

C:\Windows\System\afQeqGf.exe

C:\Windows\System\nOydrCp.exe

C:\Windows\System\nOydrCp.exe

C:\Windows\System\qtTWhqj.exe

C:\Windows\System\qtTWhqj.exe

C:\Windows\System\RxNCeWj.exe

C:\Windows\System\RxNCeWj.exe

C:\Windows\System\FOjXUBD.exe

C:\Windows\System\FOjXUBD.exe

C:\Windows\System\jRZycqb.exe

C:\Windows\System\jRZycqb.exe

C:\Windows\System\JdLMNcV.exe

C:\Windows\System\JdLMNcV.exe

C:\Windows\System\lzSmwrh.exe

C:\Windows\System\lzSmwrh.exe

C:\Windows\System\uabrjyQ.exe

C:\Windows\System\uabrjyQ.exe

C:\Windows\System\kwxlvYW.exe

C:\Windows\System\kwxlvYW.exe

C:\Windows\System\PcLjhlF.exe

C:\Windows\System\PcLjhlF.exe

C:\Windows\System\YkFEFYA.exe

C:\Windows\System\YkFEFYA.exe

C:\Windows\System\LqZpFuu.exe

C:\Windows\System\LqZpFuu.exe

C:\Windows\System\CPBqpIl.exe

C:\Windows\System\CPBqpIl.exe

C:\Windows\System\FGbBHLb.exe

C:\Windows\System\FGbBHLb.exe

C:\Windows\System\qIubLfS.exe

C:\Windows\System\qIubLfS.exe

C:\Windows\System\VaffypO.exe

C:\Windows\System\VaffypO.exe

C:\Windows\System\PCjrqaz.exe

C:\Windows\System\PCjrqaz.exe

C:\Windows\System\JgUQxxN.exe

C:\Windows\System\JgUQxxN.exe

C:\Windows\System\rjsiUBb.exe

C:\Windows\System\rjsiUBb.exe

C:\Windows\System\xAhJTuV.exe

C:\Windows\System\xAhJTuV.exe

C:\Windows\System\QoisPYI.exe

C:\Windows\System\QoisPYI.exe

C:\Windows\System\CNcJVWG.exe

C:\Windows\System\CNcJVWG.exe

C:\Windows\System\qdgNaNh.exe

C:\Windows\System\qdgNaNh.exe

C:\Windows\System\bGEAxZu.exe

C:\Windows\System\bGEAxZu.exe

C:\Windows\System\VYgcDqC.exe

C:\Windows\System\VYgcDqC.exe

C:\Windows\System\UBqJErx.exe

C:\Windows\System\UBqJErx.exe

C:\Windows\System\cEqYyVT.exe

C:\Windows\System\cEqYyVT.exe

C:\Windows\System\zYpPZZy.exe

C:\Windows\System\zYpPZZy.exe

C:\Windows\System\pIfDlmG.exe

C:\Windows\System\pIfDlmG.exe

C:\Windows\System\DiMwSAH.exe

C:\Windows\System\DiMwSAH.exe

C:\Windows\System\HqSQICC.exe

C:\Windows\System\HqSQICC.exe

C:\Windows\System\uTKNedS.exe

C:\Windows\System\uTKNedS.exe

C:\Windows\System\vpDEuVl.exe

C:\Windows\System\vpDEuVl.exe

C:\Windows\System\LXFUcTR.exe

C:\Windows\System\LXFUcTR.exe

C:\Windows\System\HGNXZIY.exe

C:\Windows\System\HGNXZIY.exe

C:\Windows\System\jWgUEvh.exe

C:\Windows\System\jWgUEvh.exe

C:\Windows\System\xibwhAS.exe

C:\Windows\System\xibwhAS.exe

C:\Windows\System\qpevVtk.exe

C:\Windows\System\qpevVtk.exe

C:\Windows\System\JVjcKdy.exe

C:\Windows\System\JVjcKdy.exe

C:\Windows\System\KbLBeLp.exe

C:\Windows\System\KbLBeLp.exe

C:\Windows\System\UXHemsh.exe

C:\Windows\System\UXHemsh.exe

C:\Windows\System\aYycwsQ.exe

C:\Windows\System\aYycwsQ.exe

C:\Windows\System\QLyxwIR.exe

C:\Windows\System\QLyxwIR.exe

C:\Windows\System\HbGBorK.exe

C:\Windows\System\HbGBorK.exe

C:\Windows\System\kbrrIEB.exe

C:\Windows\System\kbrrIEB.exe

C:\Windows\System\sduNuBn.exe

C:\Windows\System\sduNuBn.exe

C:\Windows\System\WDkGqfu.exe

C:\Windows\System\WDkGqfu.exe

C:\Windows\System\gcAlbrk.exe

C:\Windows\System\gcAlbrk.exe

C:\Windows\System\hubqrii.exe

C:\Windows\System\hubqrii.exe

C:\Windows\System\pjKaIvK.exe

C:\Windows\System\pjKaIvK.exe

C:\Windows\System\zILTDAh.exe

C:\Windows\System\zILTDAh.exe

C:\Windows\System\SCSlEec.exe

C:\Windows\System\SCSlEec.exe

C:\Windows\System\qJXGkCm.exe

C:\Windows\System\qJXGkCm.exe

C:\Windows\System\PKiPicW.exe

C:\Windows\System\PKiPicW.exe

C:\Windows\System\mtBXbRS.exe

C:\Windows\System\mtBXbRS.exe

C:\Windows\System\siIYmFf.exe

C:\Windows\System\siIYmFf.exe

C:\Windows\System\muFHMzb.exe

C:\Windows\System\muFHMzb.exe

C:\Windows\System\UjaxpUT.exe

C:\Windows\System\UjaxpUT.exe

C:\Windows\System\SRdbJAx.exe

C:\Windows\System\SRdbJAx.exe

C:\Windows\System\SYGUAOO.exe

C:\Windows\System\SYGUAOO.exe

C:\Windows\System\IdHwubq.exe

C:\Windows\System\IdHwubq.exe

C:\Windows\System\UbELQDe.exe

C:\Windows\System\UbELQDe.exe

C:\Windows\System\mbijoFm.exe

C:\Windows\System\mbijoFm.exe

C:\Windows\System\nPhQZdG.exe

C:\Windows\System\nPhQZdG.exe

C:\Windows\System\nDPADEf.exe

C:\Windows\System\nDPADEf.exe

C:\Windows\System\ofYKCWC.exe

C:\Windows\System\ofYKCWC.exe

C:\Windows\System\tGWOnWH.exe

C:\Windows\System\tGWOnWH.exe

C:\Windows\System\DVhjNkU.exe

C:\Windows\System\DVhjNkU.exe

C:\Windows\System\SBjvTfL.exe

C:\Windows\System\SBjvTfL.exe

C:\Windows\System\EFnprhp.exe

C:\Windows\System\EFnprhp.exe

C:\Windows\System\qbrBZLw.exe

C:\Windows\System\qbrBZLw.exe

C:\Windows\System\rZjTQsZ.exe

C:\Windows\System\rZjTQsZ.exe

C:\Windows\System\jGVYXiX.exe

C:\Windows\System\jGVYXiX.exe

C:\Windows\System\DFUfwlr.exe

C:\Windows\System\DFUfwlr.exe

C:\Windows\System\ntaJVcn.exe

C:\Windows\System\ntaJVcn.exe

C:\Windows\System\grLqjrW.exe

C:\Windows\System\grLqjrW.exe

C:\Windows\System\tlEmEIu.exe

C:\Windows\System\tlEmEIu.exe

C:\Windows\System\UcEIoTI.exe

C:\Windows\System\UcEIoTI.exe

C:\Windows\System\QNIwuca.exe

C:\Windows\System\QNIwuca.exe

C:\Windows\System\atVpJUM.exe

C:\Windows\System\atVpJUM.exe

C:\Windows\System\fJUesyw.exe

C:\Windows\System\fJUesyw.exe

C:\Windows\System\BEbtOwg.exe

C:\Windows\System\BEbtOwg.exe

C:\Windows\System\yHoNmNc.exe

C:\Windows\System\yHoNmNc.exe

C:\Windows\System\XaLSnEN.exe

C:\Windows\System\XaLSnEN.exe

C:\Windows\System\XDQGXdO.exe

C:\Windows\System\XDQGXdO.exe

C:\Windows\System\SkCdcvr.exe

C:\Windows\System\SkCdcvr.exe

C:\Windows\System\EYHPjFJ.exe

C:\Windows\System\EYHPjFJ.exe

C:\Windows\System\jAuyovx.exe

C:\Windows\System\jAuyovx.exe

C:\Windows\System\FMMtGfl.exe

C:\Windows\System\FMMtGfl.exe

C:\Windows\System\PxeHkyY.exe

C:\Windows\System\PxeHkyY.exe

C:\Windows\System\lzembor.exe

C:\Windows\System\lzembor.exe

C:\Windows\System\wWuNZgw.exe

C:\Windows\System\wWuNZgw.exe

C:\Windows\System\ourGjqx.exe

C:\Windows\System\ourGjqx.exe

C:\Windows\System\hNHfrlQ.exe

C:\Windows\System\hNHfrlQ.exe

C:\Windows\System\pSNWiuR.exe

C:\Windows\System\pSNWiuR.exe

C:\Windows\System\JceoEDJ.exe

C:\Windows\System\JceoEDJ.exe

C:\Windows\System\BvqLdUa.exe

C:\Windows\System\BvqLdUa.exe

C:\Windows\System\jfYkviD.exe

C:\Windows\System\jfYkviD.exe

C:\Windows\System\QvTtbFc.exe

C:\Windows\System\QvTtbFc.exe

C:\Windows\System\VMRphuO.exe

C:\Windows\System\VMRphuO.exe

C:\Windows\System\dNJjVaA.exe

C:\Windows\System\dNJjVaA.exe

C:\Windows\System\jucsZgP.exe

C:\Windows\System\jucsZgP.exe

C:\Windows\System\jORfRjg.exe

C:\Windows\System\jORfRjg.exe

C:\Windows\System\TWLjgmc.exe

C:\Windows\System\TWLjgmc.exe

C:\Windows\System\WbKmGLG.exe

C:\Windows\System\WbKmGLG.exe

C:\Windows\System\KIjXpoL.exe

C:\Windows\System\KIjXpoL.exe

C:\Windows\System\ZWOjQXI.exe

C:\Windows\System\ZWOjQXI.exe

C:\Windows\System\KhVVYKx.exe

C:\Windows\System\KhVVYKx.exe

C:\Windows\System\VeNPfTB.exe

C:\Windows\System\VeNPfTB.exe

C:\Windows\System\qSDimgI.exe

C:\Windows\System\qSDimgI.exe

C:\Windows\System\rbFAdtP.exe

C:\Windows\System\rbFAdtP.exe

C:\Windows\System\btILwlC.exe

C:\Windows\System\btILwlC.exe

C:\Windows\System\eGhtIkx.exe

C:\Windows\System\eGhtIkx.exe

C:\Windows\System\MFXPcVA.exe

C:\Windows\System\MFXPcVA.exe

C:\Windows\System\vokXuFM.exe

C:\Windows\System\vokXuFM.exe

C:\Windows\System\UCwbcYp.exe

C:\Windows\System\UCwbcYp.exe

C:\Windows\System\tQpehct.exe

C:\Windows\System\tQpehct.exe

C:\Windows\System\BSNeDrd.exe

C:\Windows\System\BSNeDrd.exe

C:\Windows\System\ChKtuHk.exe

C:\Windows\System\ChKtuHk.exe

C:\Windows\System\UwnAebM.exe

C:\Windows\System\UwnAebM.exe

C:\Windows\System\FlhRnQY.exe

C:\Windows\System\FlhRnQY.exe

C:\Windows\System\HbCBfwg.exe

C:\Windows\System\HbCBfwg.exe

C:\Windows\System\dOQihZw.exe

C:\Windows\System\dOQihZw.exe

C:\Windows\System\cHZxqTv.exe

C:\Windows\System\cHZxqTv.exe

C:\Windows\System\RQNUzbh.exe

C:\Windows\System\RQNUzbh.exe

C:\Windows\System\lIKwVAN.exe

C:\Windows\System\lIKwVAN.exe

C:\Windows\System\AloyOtm.exe

C:\Windows\System\AloyOtm.exe

C:\Windows\System\oKDYnFI.exe

C:\Windows\System\oKDYnFI.exe

C:\Windows\System\WqcBfSX.exe

C:\Windows\System\WqcBfSX.exe

C:\Windows\System\LBGOEUk.exe

C:\Windows\System\LBGOEUk.exe

C:\Windows\System\OzsTasl.exe

C:\Windows\System\OzsTasl.exe

C:\Windows\System\HuWFdnS.exe

C:\Windows\System\HuWFdnS.exe

C:\Windows\System\qoqYYDG.exe

C:\Windows\System\qoqYYDG.exe

C:\Windows\System\pSaReOP.exe

C:\Windows\System\pSaReOP.exe

C:\Windows\System\JNzAaXx.exe

C:\Windows\System\JNzAaXx.exe

C:\Windows\System\wbPXXcR.exe

C:\Windows\System\wbPXXcR.exe

C:\Windows\System\ohIKvBU.exe

C:\Windows\System\ohIKvBU.exe

C:\Windows\System\cOVMOSg.exe

C:\Windows\System\cOVMOSg.exe

C:\Windows\System\XClfUSC.exe

C:\Windows\System\XClfUSC.exe

C:\Windows\System\MJwJokz.exe

C:\Windows\System\MJwJokz.exe

C:\Windows\System\oegbSdl.exe

C:\Windows\System\oegbSdl.exe

C:\Windows\System\WEfTZSF.exe

C:\Windows\System\WEfTZSF.exe

C:\Windows\System\AERfpZz.exe

C:\Windows\System\AERfpZz.exe

C:\Windows\System\TQLvRxN.exe

C:\Windows\System\TQLvRxN.exe

C:\Windows\System\iVgMytm.exe

C:\Windows\System\iVgMytm.exe

C:\Windows\System\Cozjtgb.exe

C:\Windows\System\Cozjtgb.exe

C:\Windows\System\SvlbPbg.exe

C:\Windows\System\SvlbPbg.exe

C:\Windows\System\sZJOHeX.exe

C:\Windows\System\sZJOHeX.exe

C:\Windows\System\OBmSGEj.exe

C:\Windows\System\OBmSGEj.exe

C:\Windows\System\lhvsrHR.exe

C:\Windows\System\lhvsrHR.exe

C:\Windows\System\gpdxAJL.exe

C:\Windows\System\gpdxAJL.exe

C:\Windows\System\Txewkmf.exe

C:\Windows\System\Txewkmf.exe

C:\Windows\System\SpIcFRW.exe

C:\Windows\System\SpIcFRW.exe

C:\Windows\System\jNLaIGj.exe

C:\Windows\System\jNLaIGj.exe

C:\Windows\System\iSDtXca.exe

C:\Windows\System\iSDtXca.exe

C:\Windows\System\zNPtYTn.exe

C:\Windows\System\zNPtYTn.exe

C:\Windows\System\EXoCbws.exe

C:\Windows\System\EXoCbws.exe

C:\Windows\System\NBiBJhD.exe

C:\Windows\System\NBiBJhD.exe

C:\Windows\System\GXTTBiq.exe

C:\Windows\System\GXTTBiq.exe

C:\Windows\System\gNWXpCL.exe

C:\Windows\System\gNWXpCL.exe

C:\Windows\System\RuozjMl.exe

C:\Windows\System\RuozjMl.exe

C:\Windows\System\ULYktzE.exe

C:\Windows\System\ULYktzE.exe

C:\Windows\System\InJUjEs.exe

C:\Windows\System\InJUjEs.exe

C:\Windows\System\YHuAOdt.exe

C:\Windows\System\YHuAOdt.exe

C:\Windows\System\dwRqEuE.exe

C:\Windows\System\dwRqEuE.exe

C:\Windows\System\pQNEuKb.exe

C:\Windows\System\pQNEuKb.exe

C:\Windows\System\LsXtEhI.exe

C:\Windows\System\LsXtEhI.exe

C:\Windows\System\QsUlVHF.exe

C:\Windows\System\QsUlVHF.exe

C:\Windows\System\yJxZnVU.exe

C:\Windows\System\yJxZnVU.exe

C:\Windows\System\LZOyPel.exe

C:\Windows\System\LZOyPel.exe

C:\Windows\System\jpcJCQu.exe

C:\Windows\System\jpcJCQu.exe

C:\Windows\System\DYPvIAI.exe

C:\Windows\System\DYPvIAI.exe

C:\Windows\System\iRYJHjg.exe

C:\Windows\System\iRYJHjg.exe

C:\Windows\System\rlWafDH.exe

C:\Windows\System\rlWafDH.exe

C:\Windows\System\ysmYtOR.exe

C:\Windows\System\ysmYtOR.exe

C:\Windows\System\GmJqDJC.exe

C:\Windows\System\GmJqDJC.exe

C:\Windows\System\JrTKkiK.exe

C:\Windows\System\JrTKkiK.exe

C:\Windows\System\zmewDIa.exe

C:\Windows\System\zmewDIa.exe

C:\Windows\System\HcGoMvy.exe

C:\Windows\System\HcGoMvy.exe

C:\Windows\System\YkqNomL.exe

C:\Windows\System\YkqNomL.exe

C:\Windows\System\nJoMtYv.exe

C:\Windows\System\nJoMtYv.exe

C:\Windows\System\RkgUIZW.exe

C:\Windows\System\RkgUIZW.exe

C:\Windows\System\jbhaBNY.exe

C:\Windows\System\jbhaBNY.exe

C:\Windows\System\AtXFIPv.exe

C:\Windows\System\AtXFIPv.exe

C:\Windows\System\FVtWfxt.exe

C:\Windows\System\FVtWfxt.exe

C:\Windows\System\OqAabtg.exe

C:\Windows\System\OqAabtg.exe

C:\Windows\System\tOIxkJX.exe

C:\Windows\System\tOIxkJX.exe

C:\Windows\System\hQvgkcg.exe

C:\Windows\System\hQvgkcg.exe

C:\Windows\System\nDosToX.exe

C:\Windows\System\nDosToX.exe

C:\Windows\System\BzVLnYQ.exe

C:\Windows\System\BzVLnYQ.exe

C:\Windows\System\jpFYlZX.exe

C:\Windows\System\jpFYlZX.exe

C:\Windows\System\dlXffve.exe

C:\Windows\System\dlXffve.exe

C:\Windows\System\iLjVAfI.exe

C:\Windows\System\iLjVAfI.exe

C:\Windows\System\xWsDpTE.exe

C:\Windows\System\xWsDpTE.exe

C:\Windows\System\LoDoyEO.exe

C:\Windows\System\LoDoyEO.exe

C:\Windows\System\WITKuyN.exe

C:\Windows\System\WITKuyN.exe

C:\Windows\System\mXGqbjI.exe

C:\Windows\System\mXGqbjI.exe

C:\Windows\System\hpAUlya.exe

C:\Windows\System\hpAUlya.exe

C:\Windows\System\aUOdnTD.exe

C:\Windows\System\aUOdnTD.exe

C:\Windows\System\VZJPpaM.exe

C:\Windows\System\VZJPpaM.exe

C:\Windows\System\PSSWAzv.exe

C:\Windows\System\PSSWAzv.exe

C:\Windows\System\UOIhJko.exe

C:\Windows\System\UOIhJko.exe

C:\Windows\System\iaBpBGP.exe

C:\Windows\System\iaBpBGP.exe

C:\Windows\System\ulvXqYZ.exe

C:\Windows\System\ulvXqYZ.exe

C:\Windows\System\HveMmcQ.exe

C:\Windows\System\HveMmcQ.exe

C:\Windows\System\iiSwGVA.exe

C:\Windows\System\iiSwGVA.exe

C:\Windows\System\OgpsoGO.exe

C:\Windows\System\OgpsoGO.exe

C:\Windows\System\AzOOzoF.exe

C:\Windows\System\AzOOzoF.exe

C:\Windows\System\mPPtxFt.exe

C:\Windows\System\mPPtxFt.exe

C:\Windows\System\WUsRCqY.exe

C:\Windows\System\WUsRCqY.exe

C:\Windows\System\lCUrFeQ.exe

C:\Windows\System\lCUrFeQ.exe

C:\Windows\System\PieMzgN.exe

C:\Windows\System\PieMzgN.exe

C:\Windows\System\pmCiDYr.exe

C:\Windows\System\pmCiDYr.exe

C:\Windows\System\GnPNKEc.exe

C:\Windows\System\GnPNKEc.exe

C:\Windows\System\rYGgpUV.exe

C:\Windows\System\rYGgpUV.exe

C:\Windows\System\XmnfPDo.exe

C:\Windows\System\XmnfPDo.exe

C:\Windows\System\GMHmgCw.exe

C:\Windows\System\GMHmgCw.exe

C:\Windows\System\CkdmlMd.exe

C:\Windows\System\CkdmlMd.exe

C:\Windows\System\QIOdAmo.exe

C:\Windows\System\QIOdAmo.exe

C:\Windows\System\lTKjgZz.exe

C:\Windows\System\lTKjgZz.exe

C:\Windows\System\nomvicV.exe

C:\Windows\System\nomvicV.exe

C:\Windows\System\kvTKDtf.exe

C:\Windows\System\kvTKDtf.exe

C:\Windows\System\dZcCzqf.exe

C:\Windows\System\dZcCzqf.exe

C:\Windows\System\jyYMMvU.exe

C:\Windows\System\jyYMMvU.exe

C:\Windows\System\WnBvmvI.exe

C:\Windows\System\WnBvmvI.exe

C:\Windows\System\wHyCMxw.exe

C:\Windows\System\wHyCMxw.exe

C:\Windows\System\FIhvlgv.exe

C:\Windows\System\FIhvlgv.exe

C:\Windows\System\tIJXzkN.exe

C:\Windows\System\tIJXzkN.exe

C:\Windows\System\lDyuoXA.exe

C:\Windows\System\lDyuoXA.exe

C:\Windows\System\xssyAAc.exe

C:\Windows\System\xssyAAc.exe

C:\Windows\System\NsgNbGw.exe

C:\Windows\System\NsgNbGw.exe

C:\Windows\System\OSeoTBC.exe

C:\Windows\System\OSeoTBC.exe

C:\Windows\System\EQrffKn.exe

C:\Windows\System\EQrffKn.exe

C:\Windows\System\fxpJoJX.exe

C:\Windows\System\fxpJoJX.exe

C:\Windows\System\AnSIyvv.exe

C:\Windows\System\AnSIyvv.exe

C:\Windows\System\WIhxHTN.exe

C:\Windows\System\WIhxHTN.exe

C:\Windows\System\HAcyKBq.exe

C:\Windows\System\HAcyKBq.exe

C:\Windows\System\KNEscue.exe

C:\Windows\System\KNEscue.exe

C:\Windows\System\bfSfgGg.exe

C:\Windows\System\bfSfgGg.exe

C:\Windows\System\lDzxBaW.exe

C:\Windows\System\lDzxBaW.exe

C:\Windows\System\HtICBuH.exe

C:\Windows\System\HtICBuH.exe

C:\Windows\System\NApPbIQ.exe

C:\Windows\System\NApPbIQ.exe

C:\Windows\System\Gnsyvbi.exe

C:\Windows\System\Gnsyvbi.exe

C:\Windows\System\qoawEoi.exe

C:\Windows\System\qoawEoi.exe

C:\Windows\System\mXcevtZ.exe

C:\Windows\System\mXcevtZ.exe

C:\Windows\System\fjppCzn.exe

C:\Windows\System\fjppCzn.exe

C:\Windows\System\XDLFUeJ.exe

C:\Windows\System\XDLFUeJ.exe

C:\Windows\System\oxpSnxe.exe

C:\Windows\System\oxpSnxe.exe

C:\Windows\System\wfblCWD.exe

C:\Windows\System\wfblCWD.exe

C:\Windows\System\eNWgpAU.exe

C:\Windows\System\eNWgpAU.exe

C:\Windows\System\gudxoOx.exe

C:\Windows\System\gudxoOx.exe

C:\Windows\System\HaAqREP.exe

C:\Windows\System\HaAqREP.exe

C:\Windows\System\wyBGYeo.exe

C:\Windows\System\wyBGYeo.exe

C:\Windows\System\KoyJVHZ.exe

C:\Windows\System\KoyJVHZ.exe

C:\Windows\System\dqClbAi.exe

C:\Windows\System\dqClbAi.exe

C:\Windows\System\KfXspTL.exe

C:\Windows\System\KfXspTL.exe

C:\Windows\System\xAKQMEu.exe

C:\Windows\System\xAKQMEu.exe

C:\Windows\System\ckUlcNA.exe

C:\Windows\System\ckUlcNA.exe

C:\Windows\System\PsLuuZr.exe

C:\Windows\System\PsLuuZr.exe

C:\Windows\System\yIaODFZ.exe

C:\Windows\System\yIaODFZ.exe

C:\Windows\System\OpsklmF.exe

C:\Windows\System\OpsklmF.exe

C:\Windows\System\XSuJFae.exe

C:\Windows\System\XSuJFae.exe

C:\Windows\System\qFMxsKT.exe

C:\Windows\System\qFMxsKT.exe

C:\Windows\System\mOTpUpv.exe

C:\Windows\System\mOTpUpv.exe

C:\Windows\System\pkXAcYa.exe

C:\Windows\System\pkXAcYa.exe

C:\Windows\System\sWgLnIv.exe

C:\Windows\System\sWgLnIv.exe

C:\Windows\System\amSIQvk.exe

C:\Windows\System\amSIQvk.exe

C:\Windows\System\muykIIg.exe

C:\Windows\System\muykIIg.exe

C:\Windows\System\qklnkhC.exe

C:\Windows\System\qklnkhC.exe

C:\Windows\System\kNEjTjM.exe

C:\Windows\System\kNEjTjM.exe

C:\Windows\System\qxAVYSC.exe

C:\Windows\System\qxAVYSC.exe

C:\Windows\System\JlziIkN.exe

C:\Windows\System\JlziIkN.exe

C:\Windows\System\sGFELvV.exe

C:\Windows\System\sGFELvV.exe

C:\Windows\System\LXqLZGZ.exe

C:\Windows\System\LXqLZGZ.exe

C:\Windows\System\dFDLiCG.exe

C:\Windows\System\dFDLiCG.exe

C:\Windows\System\YIedXtV.exe

C:\Windows\System\YIedXtV.exe

C:\Windows\System\QTeqeWC.exe

C:\Windows\System\QTeqeWC.exe

C:\Windows\System\tzCdCbo.exe

C:\Windows\System\tzCdCbo.exe

C:\Windows\System\AIWzaTA.exe

C:\Windows\System\AIWzaTA.exe

C:\Windows\System\LrZaQKk.exe

C:\Windows\System\LrZaQKk.exe

C:\Windows\System\IFVasOv.exe

C:\Windows\System\IFVasOv.exe

C:\Windows\System\WvoaEwe.exe

C:\Windows\System\WvoaEwe.exe

C:\Windows\System\ixhdciC.exe

C:\Windows\System\ixhdciC.exe

C:\Windows\System\YdpNMLx.exe

C:\Windows\System\YdpNMLx.exe

C:\Windows\System\ihtwupa.exe

C:\Windows\System\ihtwupa.exe

C:\Windows\System\RKQNhMM.exe

C:\Windows\System\RKQNhMM.exe

C:\Windows\System\hFkMVdW.exe

C:\Windows\System\hFkMVdW.exe

C:\Windows\System\KuTIdtJ.exe

C:\Windows\System\KuTIdtJ.exe

C:\Windows\System\iWdhYmw.exe

C:\Windows\System\iWdhYmw.exe

C:\Windows\System\RZEcORg.exe

C:\Windows\System\RZEcORg.exe

C:\Windows\System\WEGQxqR.exe

C:\Windows\System\WEGQxqR.exe

C:\Windows\System\xPojQKC.exe

C:\Windows\System\xPojQKC.exe

C:\Windows\System\lxMXynL.exe

C:\Windows\System\lxMXynL.exe

C:\Windows\System\AmvvxCL.exe

C:\Windows\System\AmvvxCL.exe

C:\Windows\System\BuPAeXW.exe

C:\Windows\System\BuPAeXW.exe

C:\Windows\System\fbZYotC.exe

C:\Windows\System\fbZYotC.exe

C:\Windows\System\NqEDDcA.exe

C:\Windows\System\NqEDDcA.exe

C:\Windows\System\QNZdnqH.exe

C:\Windows\System\QNZdnqH.exe

C:\Windows\System\iYqrYbn.exe

C:\Windows\System\iYqrYbn.exe

C:\Windows\System\PDlEnhv.exe

C:\Windows\System\PDlEnhv.exe

C:\Windows\System\YvFlvZE.exe

C:\Windows\System\YvFlvZE.exe

C:\Windows\System\ALKpZAi.exe

C:\Windows\System\ALKpZAi.exe

C:\Windows\System\KblRjio.exe

C:\Windows\System\KblRjio.exe

C:\Windows\System\kHyVsFt.exe

C:\Windows\System\kHyVsFt.exe

C:\Windows\System\WVMVZja.exe

C:\Windows\System\WVMVZja.exe

C:\Windows\System\IVGGprY.exe

C:\Windows\System\IVGGprY.exe

C:\Windows\System\ueJABcu.exe

C:\Windows\System\ueJABcu.exe

C:\Windows\System\KZaTYVK.exe

C:\Windows\System\KZaTYVK.exe

C:\Windows\System\aENhTjl.exe

C:\Windows\System\aENhTjl.exe

C:\Windows\System\LMGdDVm.exe

C:\Windows\System\LMGdDVm.exe

C:\Windows\System\VTJzfbn.exe

C:\Windows\System\VTJzfbn.exe

C:\Windows\System\tSfsKcX.exe

C:\Windows\System\tSfsKcX.exe

C:\Windows\System\NvxSFOP.exe

C:\Windows\System\NvxSFOP.exe

C:\Windows\System\BUmKtwa.exe

C:\Windows\System\BUmKtwa.exe

C:\Windows\System\YOriHkK.exe

C:\Windows\System\YOriHkK.exe

C:\Windows\System\IKgXrQr.exe

C:\Windows\System\IKgXrQr.exe

C:\Windows\System\BEqzraU.exe

C:\Windows\System\BEqzraU.exe

C:\Windows\System\yCedfDO.exe

C:\Windows\System\yCedfDO.exe

C:\Windows\System\RRSsSfp.exe

C:\Windows\System\RRSsSfp.exe

C:\Windows\System\jBYlRUe.exe

C:\Windows\System\jBYlRUe.exe

C:\Windows\System\esgVdIR.exe

C:\Windows\System\esgVdIR.exe

C:\Windows\System\XoSXwjj.exe

C:\Windows\System\XoSXwjj.exe

C:\Windows\System\IXFYzIr.exe

C:\Windows\System\IXFYzIr.exe

C:\Windows\System\dGYshTv.exe

C:\Windows\System\dGYshTv.exe

C:\Windows\System\qHuvMSt.exe

C:\Windows\System\qHuvMSt.exe

C:\Windows\System\OAeOAVv.exe

C:\Windows\System\OAeOAVv.exe

C:\Windows\System\TXyvZpH.exe

C:\Windows\System\TXyvZpH.exe

C:\Windows\System\AcLvGhs.exe

C:\Windows\System\AcLvGhs.exe

C:\Windows\System\EYgeMdb.exe

C:\Windows\System\EYgeMdb.exe

C:\Windows\System\NRVdPaN.exe

C:\Windows\System\NRVdPaN.exe

C:\Windows\System\dtxIByQ.exe

C:\Windows\System\dtxIByQ.exe

C:\Windows\System\QJFDmEB.exe

C:\Windows\System\QJFDmEB.exe

C:\Windows\System\usZRMEz.exe

C:\Windows\System\usZRMEz.exe

C:\Windows\System\hSxZkGt.exe

C:\Windows\System\hSxZkGt.exe

C:\Windows\System\YNXEfma.exe

C:\Windows\System\YNXEfma.exe

C:\Windows\System\ePFqmpY.exe

C:\Windows\System\ePFqmpY.exe

C:\Windows\System\dLHeOya.exe

C:\Windows\System\dLHeOya.exe

C:\Windows\System\wRdrnPl.exe

C:\Windows\System\wRdrnPl.exe

C:\Windows\System\VAkHotL.exe

C:\Windows\System\VAkHotL.exe

C:\Windows\System\bIpJbCB.exe

C:\Windows\System\bIpJbCB.exe

C:\Windows\System\boAvXhg.exe

C:\Windows\System\boAvXhg.exe

C:\Windows\System\vlMcJPJ.exe

C:\Windows\System\vlMcJPJ.exe

C:\Windows\System\XiBIUup.exe

C:\Windows\System\XiBIUup.exe

C:\Windows\System\ULEyziz.exe

C:\Windows\System\ULEyziz.exe

C:\Windows\System\UMmhfuz.exe

C:\Windows\System\UMmhfuz.exe

C:\Windows\System\xJQihRS.exe

C:\Windows\System\xJQihRS.exe

C:\Windows\System\vnxexHO.exe

C:\Windows\System\vnxexHO.exe

C:\Windows\System\SSPsYNH.exe

C:\Windows\System\SSPsYNH.exe

C:\Windows\System\WBRiIoO.exe

C:\Windows\System\WBRiIoO.exe

C:\Windows\System\rkAvDTy.exe

C:\Windows\System\rkAvDTy.exe

C:\Windows\System\oDPlAkS.exe

C:\Windows\System\oDPlAkS.exe

C:\Windows\System\JyjysdA.exe

C:\Windows\System\JyjysdA.exe

C:\Windows\System\YiRVTYm.exe

C:\Windows\System\YiRVTYm.exe

C:\Windows\System\yAIiGnW.exe

C:\Windows\System\yAIiGnW.exe

C:\Windows\System\PrQQvCX.exe

C:\Windows\System\PrQQvCX.exe

C:\Windows\System\KsOLpwo.exe

C:\Windows\System\KsOLpwo.exe

C:\Windows\System\ZvzwbsZ.exe

C:\Windows\System\ZvzwbsZ.exe

C:\Windows\System\hVRyCDm.exe

C:\Windows\System\hVRyCDm.exe

C:\Windows\System\EJSmyPx.exe

C:\Windows\System\EJSmyPx.exe

C:\Windows\System\FcqQuuR.exe

C:\Windows\System\FcqQuuR.exe

C:\Windows\System\TZrdAhp.exe

C:\Windows\System\TZrdAhp.exe

C:\Windows\System\hgLmYVD.exe

C:\Windows\System\hgLmYVD.exe

C:\Windows\System\sVHnIAn.exe

C:\Windows\System\sVHnIAn.exe

C:\Windows\System\STxLzKa.exe

C:\Windows\System\STxLzKa.exe

C:\Windows\System\CtoUayE.exe

C:\Windows\System\CtoUayE.exe

C:\Windows\System\XfnwGaM.exe

C:\Windows\System\XfnwGaM.exe

C:\Windows\System\QmLFvCp.exe

C:\Windows\System\QmLFvCp.exe

C:\Windows\System\vifWSdo.exe

C:\Windows\System\vifWSdo.exe

C:\Windows\System\wDniqzm.exe

C:\Windows\System\wDniqzm.exe

C:\Windows\System\jRMOKrL.exe

C:\Windows\System\jRMOKrL.exe

C:\Windows\System\iAuLIYF.exe

C:\Windows\System\iAuLIYF.exe

C:\Windows\System\cMRMoaT.exe

C:\Windows\System\cMRMoaT.exe

C:\Windows\System\NhfNRfp.exe

C:\Windows\System\NhfNRfp.exe

C:\Windows\System\ZjeHcCu.exe

C:\Windows\System\ZjeHcCu.exe

C:\Windows\System\NmGXvza.exe

C:\Windows\System\NmGXvza.exe

C:\Windows\System\teXqedI.exe

C:\Windows\System\teXqedI.exe

C:\Windows\System\oEmfxSM.exe

C:\Windows\System\oEmfxSM.exe

C:\Windows\System\Jenloqo.exe

C:\Windows\System\Jenloqo.exe

C:\Windows\System\kpKHIkO.exe

C:\Windows\System\kpKHIkO.exe

C:\Windows\System\CbMyFrx.exe

C:\Windows\System\CbMyFrx.exe

C:\Windows\System\HKhJpoj.exe

C:\Windows\System\HKhJpoj.exe

C:\Windows\System\IqKJteB.exe

C:\Windows\System\IqKJteB.exe

C:\Windows\System\jGBGEmO.exe

C:\Windows\System\jGBGEmO.exe

C:\Windows\System\obDnTzx.exe

C:\Windows\System\obDnTzx.exe

C:\Windows\System\lNURKAZ.exe

C:\Windows\System\lNURKAZ.exe

C:\Windows\System\qdIyXEh.exe

C:\Windows\System\qdIyXEh.exe

C:\Windows\System\RbXPmJB.exe

C:\Windows\System\RbXPmJB.exe

C:\Windows\System\OtucGgl.exe

C:\Windows\System\OtucGgl.exe

C:\Windows\System\SJKrGcF.exe

C:\Windows\System\SJKrGcF.exe

C:\Windows\System\EUicnAV.exe

C:\Windows\System\EUicnAV.exe

C:\Windows\System\jzuUTvw.exe

C:\Windows\System\jzuUTvw.exe

C:\Windows\System\REYNFEJ.exe

C:\Windows\System\REYNFEJ.exe

C:\Windows\System\CuHWRyB.exe

C:\Windows\System\CuHWRyB.exe

C:\Windows\System\eYHMZZC.exe

C:\Windows\System\eYHMZZC.exe

C:\Windows\System\lMQBZCT.exe

C:\Windows\System\lMQBZCT.exe

C:\Windows\System\QyKFwHC.exe

C:\Windows\System\QyKFwHC.exe

C:\Windows\System\JAqJqsv.exe

C:\Windows\System\JAqJqsv.exe

C:\Windows\System\HYCSlbb.exe

C:\Windows\System\HYCSlbb.exe

C:\Windows\System\lOQVPes.exe

C:\Windows\System\lOQVPes.exe

C:\Windows\System\kRUPfkB.exe

C:\Windows\System\kRUPfkB.exe

C:\Windows\System\zaonVQx.exe

C:\Windows\System\zaonVQx.exe

C:\Windows\System\ZIevyqo.exe

C:\Windows\System\ZIevyqo.exe

C:\Windows\System\BquMdRw.exe

C:\Windows\System\BquMdRw.exe

C:\Windows\System\IWUIDfT.exe

C:\Windows\System\IWUIDfT.exe

C:\Windows\System\flTJaWd.exe

C:\Windows\System\flTJaWd.exe

C:\Windows\System\GkSppuc.exe

C:\Windows\System\GkSppuc.exe

C:\Windows\System\wZXgREv.exe

C:\Windows\System\wZXgREv.exe

C:\Windows\System\wqIfpje.exe

C:\Windows\System\wqIfpje.exe

C:\Windows\System\OgTzDCV.exe

C:\Windows\System\OgTzDCV.exe

C:\Windows\System\lzWotEh.exe

C:\Windows\System\lzWotEh.exe

C:\Windows\System\BMPoRSq.exe

C:\Windows\System\BMPoRSq.exe

C:\Windows\System\mQkrQOf.exe

C:\Windows\System\mQkrQOf.exe

C:\Windows\System\lIGdRFt.exe

C:\Windows\System\lIGdRFt.exe

C:\Windows\System\cuDHWyu.exe

C:\Windows\System\cuDHWyu.exe

C:\Windows\System\FiKELGb.exe

C:\Windows\System\FiKELGb.exe

C:\Windows\System\IZggVrT.exe

C:\Windows\System\IZggVrT.exe

C:\Windows\System\tBHseKJ.exe

C:\Windows\System\tBHseKJ.exe

C:\Windows\System\naNhwiA.exe

C:\Windows\System\naNhwiA.exe

C:\Windows\System\MOTqjwP.exe

C:\Windows\System\MOTqjwP.exe

C:\Windows\System\auUdiVn.exe

C:\Windows\System\auUdiVn.exe

C:\Windows\System\OITataW.exe

C:\Windows\System\OITataW.exe

C:\Windows\System\IOXUEEf.exe

C:\Windows\System\IOXUEEf.exe

C:\Windows\System\UCsKZbl.exe

C:\Windows\System\UCsKZbl.exe

C:\Windows\System\OFnBjSP.exe

C:\Windows\System\OFnBjSP.exe

C:\Windows\System\EhTnYhw.exe

C:\Windows\System\EhTnYhw.exe

C:\Windows\System\xfikDVC.exe

C:\Windows\System\xfikDVC.exe

C:\Windows\System\JWRcDEB.exe

C:\Windows\System\JWRcDEB.exe

C:\Windows\System\zIYszTu.exe

C:\Windows\System\zIYszTu.exe

C:\Windows\System\zyrwzRA.exe

C:\Windows\System\zyrwzRA.exe

C:\Windows\System\EYaCIsS.exe

C:\Windows\System\EYaCIsS.exe

C:\Windows\System\QhUUfJX.exe

C:\Windows\System\QhUUfJX.exe

C:\Windows\System\fmEjWbR.exe

C:\Windows\System\fmEjWbR.exe

C:\Windows\System\PvhCDzL.exe

C:\Windows\System\PvhCDzL.exe

C:\Windows\System\alDKQde.exe

C:\Windows\System\alDKQde.exe

C:\Windows\System\KCQzusv.exe

C:\Windows\System\KCQzusv.exe

C:\Windows\System\YJrUJqG.exe

C:\Windows\System\YJrUJqG.exe

C:\Windows\System\kdXRVBs.exe

C:\Windows\System\kdXRVBs.exe

C:\Windows\System\WnxXirz.exe

C:\Windows\System\WnxXirz.exe

C:\Windows\System\zytiqDX.exe

C:\Windows\System\zytiqDX.exe

C:\Windows\System\adkFUcY.exe

C:\Windows\System\adkFUcY.exe

C:\Windows\System\trtKMOG.exe

C:\Windows\System\trtKMOG.exe

C:\Windows\System\xMhBdGU.exe

C:\Windows\System\xMhBdGU.exe

C:\Windows\System\cAuNzuu.exe

C:\Windows\System\cAuNzuu.exe

C:\Windows\System\neSwLuL.exe

C:\Windows\System\neSwLuL.exe

C:\Windows\System\MYBAVjO.exe

C:\Windows\System\MYBAVjO.exe

C:\Windows\System\EYcuMcd.exe

C:\Windows\System\EYcuMcd.exe

C:\Windows\System\nkfTXMP.exe

C:\Windows\System\nkfTXMP.exe

C:\Windows\System\SAXNvsk.exe

C:\Windows\System\SAXNvsk.exe

C:\Windows\System\iYobjoW.exe

C:\Windows\System\iYobjoW.exe

C:\Windows\System\JVDJhif.exe

C:\Windows\System\JVDJhif.exe

C:\Windows\System\mGjrrXr.exe

C:\Windows\System\mGjrrXr.exe

C:\Windows\System\UGvkXmZ.exe

C:\Windows\System\UGvkXmZ.exe

C:\Windows\System\rGjHWLM.exe

C:\Windows\System\rGjHWLM.exe

C:\Windows\System\MSAGXbU.exe

C:\Windows\System\MSAGXbU.exe

C:\Windows\System\MpmkYNz.exe

C:\Windows\System\MpmkYNz.exe

C:\Windows\System\jBOYLgE.exe

C:\Windows\System\jBOYLgE.exe

C:\Windows\System\tJmoSrQ.exe

C:\Windows\System\tJmoSrQ.exe

C:\Windows\System\DrKcNCO.exe

C:\Windows\System\DrKcNCO.exe

C:\Windows\System\ZjgeSwV.exe

C:\Windows\System\ZjgeSwV.exe

C:\Windows\System\XZiBamB.exe

C:\Windows\System\XZiBamB.exe

C:\Windows\System\RHcRiqu.exe

C:\Windows\System\RHcRiqu.exe

C:\Windows\System\vMVpite.exe

C:\Windows\System\vMVpite.exe

C:\Windows\System\YkdqDdT.exe

C:\Windows\System\YkdqDdT.exe

C:\Windows\System\BKwxKNO.exe

C:\Windows\System\BKwxKNO.exe

C:\Windows\System\cuXCwRk.exe

C:\Windows\System\cuXCwRk.exe

C:\Windows\System\KGYnArm.exe

C:\Windows\System\KGYnArm.exe

C:\Windows\System\KQRSYCI.exe

C:\Windows\System\KQRSYCI.exe

C:\Windows\System\wJhRwzO.exe

C:\Windows\System\wJhRwzO.exe

C:\Windows\System\exXYTpu.exe

C:\Windows\System\exXYTpu.exe

C:\Windows\System\UJCxIof.exe

C:\Windows\System\UJCxIof.exe

C:\Windows\System\jOJSTue.exe

C:\Windows\System\jOJSTue.exe

C:\Windows\System\FOCRonD.exe

C:\Windows\System\FOCRonD.exe

C:\Windows\System\GJWDmJf.exe

C:\Windows\System\GJWDmJf.exe

C:\Windows\System\RZQanIP.exe

C:\Windows\System\RZQanIP.exe

C:\Windows\System\PYaabzd.exe

C:\Windows\System\PYaabzd.exe

C:\Windows\System\UUoUovU.exe

C:\Windows\System\UUoUovU.exe

C:\Windows\System\lAxoADr.exe

C:\Windows\System\lAxoADr.exe

C:\Windows\System\fnhKoQm.exe

C:\Windows\System\fnhKoQm.exe

C:\Windows\System\ozXqRIq.exe

C:\Windows\System\ozXqRIq.exe

C:\Windows\System\IsOXBuc.exe

C:\Windows\System\IsOXBuc.exe

C:\Windows\System\HQpyNXw.exe

C:\Windows\System\HQpyNXw.exe

C:\Windows\System\kcfpoLl.exe

C:\Windows\System\kcfpoLl.exe

C:\Windows\System\dNvMebW.exe

C:\Windows\System\dNvMebW.exe

C:\Windows\System\UaURQGL.exe

C:\Windows\System\UaURQGL.exe

C:\Windows\System\iZoFOWS.exe

C:\Windows\System\iZoFOWS.exe

C:\Windows\System\JIvFxth.exe

C:\Windows\System\JIvFxth.exe

C:\Windows\System\HsGtZLS.exe

C:\Windows\System\HsGtZLS.exe

C:\Windows\System\QxuXyKk.exe

C:\Windows\System\QxuXyKk.exe

C:\Windows\System\jvRvBen.exe

C:\Windows\System\jvRvBen.exe

C:\Windows\System\aVdKcvo.exe

C:\Windows\System\aVdKcvo.exe

C:\Windows\System\bbUBjlj.exe

C:\Windows\System\bbUBjlj.exe

C:\Windows\System\vzRYggb.exe

C:\Windows\System\vzRYggb.exe

C:\Windows\System\dAoMHyj.exe

C:\Windows\System\dAoMHyj.exe

C:\Windows\System\MbNvBNa.exe

C:\Windows\System\MbNvBNa.exe

C:\Windows\System\Fbcyjoj.exe

C:\Windows\System\Fbcyjoj.exe

C:\Windows\System\WhvBULx.exe

C:\Windows\System\WhvBULx.exe

C:\Windows\System\FICcYHN.exe

C:\Windows\System\FICcYHN.exe

C:\Windows\System\mpDXlMj.exe

C:\Windows\System\mpDXlMj.exe

C:\Windows\System\jkwXmDF.exe

C:\Windows\System\jkwXmDF.exe

C:\Windows\System\nXUGRqZ.exe

C:\Windows\System\nXUGRqZ.exe

C:\Windows\System\QBfhUde.exe

C:\Windows\System\QBfhUde.exe

C:\Windows\System\EYHjzvR.exe

C:\Windows\System\EYHjzvR.exe

C:\Windows\System\DIsgSLQ.exe

C:\Windows\System\DIsgSLQ.exe

C:\Windows\System\bQelRsz.exe

C:\Windows\System\bQelRsz.exe

C:\Windows\System\FjsPkpR.exe

C:\Windows\System\FjsPkpR.exe

C:\Windows\System\hekNzrE.exe

C:\Windows\System\hekNzrE.exe

C:\Windows\System\Menfgtk.exe

C:\Windows\System\Menfgtk.exe

C:\Windows\System\SWQUGBC.exe

C:\Windows\System\SWQUGBC.exe

C:\Windows\System\OxyEHwv.exe

C:\Windows\System\OxyEHwv.exe

C:\Windows\System\SHCLGCO.exe

C:\Windows\System\SHCLGCO.exe

C:\Windows\System\JMAqGmK.exe

C:\Windows\System\JMAqGmK.exe

C:\Windows\System\rxcsquB.exe

C:\Windows\System\rxcsquB.exe

C:\Windows\System\WZwdwMQ.exe

C:\Windows\System\WZwdwMQ.exe

C:\Windows\System\ZJQpEyz.exe

C:\Windows\System\ZJQpEyz.exe

C:\Windows\System\skYjTvg.exe

C:\Windows\System\skYjTvg.exe

C:\Windows\System\lhPyRWG.exe

C:\Windows\System\lhPyRWG.exe

C:\Windows\System\LPpkrQd.exe

C:\Windows\System\LPpkrQd.exe

C:\Windows\System\eRGtPGN.exe

C:\Windows\System\eRGtPGN.exe

C:\Windows\System\IUseOPf.exe

C:\Windows\System\IUseOPf.exe

C:\Windows\System\lFGwfhj.exe

C:\Windows\System\lFGwfhj.exe

C:\Windows\System\zakCaHJ.exe

C:\Windows\System\zakCaHJ.exe

C:\Windows\System\QuPdTpG.exe

C:\Windows\System\QuPdTpG.exe

C:\Windows\System\RJuLCUe.exe

C:\Windows\System\RJuLCUe.exe

C:\Windows\System\ndOIMVI.exe

C:\Windows\System\ndOIMVI.exe

C:\Windows\System\BLXuNJl.exe

C:\Windows\System\BLXuNJl.exe

C:\Windows\System\OeLTwaW.exe

C:\Windows\System\OeLTwaW.exe

C:\Windows\System\YIRhvkz.exe

C:\Windows\System\YIRhvkz.exe

C:\Windows\System\vXBnbkS.exe

C:\Windows\System\vXBnbkS.exe

C:\Windows\System\nMWYjnV.exe

C:\Windows\System\nMWYjnV.exe

C:\Windows\System\gPGRchr.exe

C:\Windows\System\gPGRchr.exe

C:\Windows\System\WelVZCz.exe

C:\Windows\System\WelVZCz.exe

C:\Windows\System\RyGEoPy.exe

C:\Windows\System\RyGEoPy.exe

C:\Windows\System\ytsvnNN.exe

C:\Windows\System\ytsvnNN.exe

C:\Windows\System\LgmIcbU.exe

C:\Windows\System\LgmIcbU.exe

C:\Windows\System\UFRLgze.exe

C:\Windows\System\UFRLgze.exe

C:\Windows\System\ClASGcw.exe

C:\Windows\System\ClASGcw.exe

C:\Windows\System\ltBiiUq.exe

C:\Windows\System\ltBiiUq.exe

C:\Windows\System\xqkwbmk.exe

C:\Windows\System\xqkwbmk.exe

C:\Windows\System\xIWFvVX.exe

C:\Windows\System\xIWFvVX.exe

C:\Windows\System\MFbIcoS.exe

C:\Windows\System\MFbIcoS.exe

C:\Windows\System\xTgMdDI.exe

C:\Windows\System\xTgMdDI.exe

C:\Windows\System\EhOwaGM.exe

C:\Windows\System\EhOwaGM.exe

C:\Windows\System\mesDoeF.exe

C:\Windows\System\mesDoeF.exe

C:\Windows\System\MPCKaLd.exe

C:\Windows\System\MPCKaLd.exe

C:\Windows\System\zdpzcFR.exe

C:\Windows\System\zdpzcFR.exe

C:\Windows\System\aaeJPmp.exe

C:\Windows\System\aaeJPmp.exe

C:\Windows\System\mXcyXnd.exe

C:\Windows\System\mXcyXnd.exe

C:\Windows\System\ULTBijZ.exe

C:\Windows\System\ULTBijZ.exe

C:\Windows\System\DKvEJkt.exe

C:\Windows\System\DKvEJkt.exe

C:\Windows\System\oQysTpM.exe

C:\Windows\System\oQysTpM.exe

C:\Windows\System\wYOLkjI.exe

C:\Windows\System\wYOLkjI.exe

C:\Windows\System\mNOBbZp.exe

C:\Windows\System\mNOBbZp.exe

C:\Windows\System\Ybiteuo.exe

C:\Windows\System\Ybiteuo.exe

C:\Windows\System\PsWxzKB.exe

C:\Windows\System\PsWxzKB.exe

C:\Windows\System\ejwTqPf.exe

C:\Windows\System\ejwTqPf.exe

C:\Windows\System\YImKUVV.exe

C:\Windows\System\YImKUVV.exe

C:\Windows\System\fomlooZ.exe

C:\Windows\System\fomlooZ.exe

C:\Windows\System\ScjiTeT.exe

C:\Windows\System\ScjiTeT.exe

C:\Windows\System\FKcyDfI.exe

C:\Windows\System\FKcyDfI.exe

C:\Windows\System\KTqnIsd.exe

C:\Windows\System\KTqnIsd.exe

C:\Windows\System\liftFao.exe

C:\Windows\System\liftFao.exe

C:\Windows\System\hQZYAxA.exe

C:\Windows\System\hQZYAxA.exe

C:\Windows\System\HRoAJLJ.exe

C:\Windows\System\HRoAJLJ.exe

C:\Windows\System\brsvaCG.exe

C:\Windows\System\brsvaCG.exe

C:\Windows\System\fdhfUSz.exe

C:\Windows\System\fdhfUSz.exe

C:\Windows\System\NYkMpvg.exe

C:\Windows\System\NYkMpvg.exe

C:\Windows\System\GAqIaan.exe

C:\Windows\System\GAqIaan.exe

C:\Windows\System\QrRVzqB.exe

C:\Windows\System\QrRVzqB.exe

C:\Windows\System\axTPIsh.exe

C:\Windows\System\axTPIsh.exe

C:\Windows\System\xTAGwyj.exe

C:\Windows\System\xTAGwyj.exe

C:\Windows\System\gYyuzWK.exe

C:\Windows\System\gYyuzWK.exe

C:\Windows\System\XhJzUvD.exe

C:\Windows\System\XhJzUvD.exe

C:\Windows\System\wmAYfXU.exe

C:\Windows\System\wmAYfXU.exe

C:\Windows\System\ugLWJgw.exe

C:\Windows\System\ugLWJgw.exe

C:\Windows\System\mNcsNQi.exe

C:\Windows\System\mNcsNQi.exe

C:\Windows\System\helYmVt.exe

C:\Windows\System\helYmVt.exe

C:\Windows\System\rvmYBPo.exe

C:\Windows\System\rvmYBPo.exe

C:\Windows\System\cEtWVvX.exe

C:\Windows\System\cEtWVvX.exe

C:\Windows\System\ZLpAhIU.exe

C:\Windows\System\ZLpAhIU.exe

C:\Windows\System\dtmOaLA.exe

C:\Windows\System\dtmOaLA.exe

C:\Windows\System\QbINHSO.exe

C:\Windows\System\QbINHSO.exe

C:\Windows\System\Wmjgzsu.exe

C:\Windows\System\Wmjgzsu.exe

C:\Windows\System\OFWTsUn.exe

C:\Windows\System\OFWTsUn.exe

C:\Windows\System\LBGJhIl.exe

C:\Windows\System\LBGJhIl.exe

C:\Windows\System\nBEBfyW.exe

C:\Windows\System\nBEBfyW.exe

C:\Windows\System\RQMWcBB.exe

C:\Windows\System\RQMWcBB.exe

C:\Windows\System\VXBRruL.exe

C:\Windows\System\VXBRruL.exe

C:\Windows\System\qSUKnzZ.exe

C:\Windows\System\qSUKnzZ.exe

C:\Windows\System\cFMjpOq.exe

C:\Windows\System\cFMjpOq.exe

C:\Windows\System\zxlQJLU.exe

C:\Windows\System\zxlQJLU.exe

C:\Windows\System\fKIWzSY.exe

C:\Windows\System\fKIWzSY.exe

C:\Windows\System\MLPSmoF.exe

C:\Windows\System\MLPSmoF.exe

C:\Windows\System\sLIUqkf.exe

C:\Windows\System\sLIUqkf.exe

C:\Windows\System\FQGWmMv.exe

C:\Windows\System\FQGWmMv.exe

C:\Windows\System\qnCgAeF.exe

C:\Windows\System\qnCgAeF.exe

C:\Windows\System\pZWaJuI.exe

C:\Windows\System\pZWaJuI.exe

C:\Windows\System\JACGofk.exe

C:\Windows\System\JACGofk.exe

C:\Windows\System\VwttsFy.exe

C:\Windows\System\VwttsFy.exe

C:\Windows\System\wNRLOsL.exe

C:\Windows\System\wNRLOsL.exe

C:\Windows\System\bLMddWY.exe

C:\Windows\System\bLMddWY.exe

C:\Windows\System\tmGwSvv.exe

C:\Windows\System\tmGwSvv.exe

C:\Windows\System\ZHdvoiR.exe

C:\Windows\System\ZHdvoiR.exe

C:\Windows\System\LcLgeZs.exe

C:\Windows\System\LcLgeZs.exe

C:\Windows\System\uQOeJoN.exe

C:\Windows\System\uQOeJoN.exe

C:\Windows\System\dplIYkE.exe

C:\Windows\System\dplIYkE.exe

C:\Windows\System\wtvcpED.exe

C:\Windows\System\wtvcpED.exe

C:\Windows\System\BKEOfLt.exe

C:\Windows\System\BKEOfLt.exe

C:\Windows\System\LpiGaFd.exe

C:\Windows\System\LpiGaFd.exe

C:\Windows\System\eUhaXNf.exe

C:\Windows\System\eUhaXNf.exe

C:\Windows\System\nvaGXCE.exe

C:\Windows\System\nvaGXCE.exe

C:\Windows\System\AdrSRxz.exe

C:\Windows\System\AdrSRxz.exe

C:\Windows\System\uCiXDrf.exe

C:\Windows\System\uCiXDrf.exe

C:\Windows\System\PiOIaLk.exe

C:\Windows\System\PiOIaLk.exe

C:\Windows\System\JWpeBZs.exe

C:\Windows\System\JWpeBZs.exe

C:\Windows\System\ryNjMSk.exe

C:\Windows\System\ryNjMSk.exe

C:\Windows\System\cszcKxY.exe

C:\Windows\System\cszcKxY.exe

C:\Windows\System\nsDWbZK.exe

C:\Windows\System\nsDWbZK.exe

C:\Windows\System\BFoUtfN.exe

C:\Windows\System\BFoUtfN.exe

C:\Windows\System\wPtqXbj.exe

C:\Windows\System\wPtqXbj.exe

C:\Windows\System\gjXfIFl.exe

C:\Windows\System\gjXfIFl.exe

C:\Windows\System\RdlTUwG.exe

C:\Windows\System\RdlTUwG.exe

C:\Windows\System\tKtwEDJ.exe

C:\Windows\System\tKtwEDJ.exe

C:\Windows\System\zmmVPJN.exe

C:\Windows\System\zmmVPJN.exe

C:\Windows\System\eCziufL.exe

C:\Windows\System\eCziufL.exe

C:\Windows\System\bXHNeYF.exe

C:\Windows\System\bXHNeYF.exe

C:\Windows\System\oTHTxvg.exe

C:\Windows\System\oTHTxvg.exe

C:\Windows\System\saGZBYt.exe

C:\Windows\System\saGZBYt.exe

C:\Windows\System\OMzHatM.exe

C:\Windows\System\OMzHatM.exe

C:\Windows\System\LEoBDxX.exe

C:\Windows\System\LEoBDxX.exe

C:\Windows\System\gVIRPjh.exe

C:\Windows\System\gVIRPjh.exe

C:\Windows\System\SFoPJNm.exe

C:\Windows\System\SFoPJNm.exe

C:\Windows\System\JmBqgdD.exe

C:\Windows\System\JmBqgdD.exe

C:\Windows\System\iNcqAye.exe

C:\Windows\System\iNcqAye.exe

C:\Windows\System\xjigvah.exe

C:\Windows\System\xjigvah.exe

C:\Windows\System\cKpmkBq.exe

C:\Windows\System\cKpmkBq.exe

C:\Windows\System\rZFNjJJ.exe

C:\Windows\System\rZFNjJJ.exe

C:\Windows\System\yqrVhHA.exe

C:\Windows\System\yqrVhHA.exe

C:\Windows\System\NnbrXKT.exe

C:\Windows\System\NnbrXKT.exe

C:\Windows\System\oofUYdD.exe

C:\Windows\System\oofUYdD.exe

C:\Windows\System\LOpIVHY.exe

C:\Windows\System\LOpIVHY.exe

C:\Windows\System\fCDXmhg.exe

C:\Windows\System\fCDXmhg.exe

C:\Windows\System\LTwXBWB.exe

C:\Windows\System\LTwXBWB.exe

C:\Windows\System\vwAeZjY.exe

C:\Windows\System\vwAeZjY.exe

C:\Windows\System\KLkGwPn.exe

C:\Windows\System\KLkGwPn.exe

C:\Windows\System\ZDEXuCi.exe

C:\Windows\System\ZDEXuCi.exe

C:\Windows\System\NAvxbdp.exe

C:\Windows\System\NAvxbdp.exe

C:\Windows\System\KXnLWtd.exe

C:\Windows\System\KXnLWtd.exe

C:\Windows\System\lIzKKtO.exe

C:\Windows\System\lIzKKtO.exe

C:\Windows\System\NRMwAGl.exe

C:\Windows\System\NRMwAGl.exe

C:\Windows\System\SNTvyLK.exe

C:\Windows\System\SNTvyLK.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp
DE 3.120.98.217:8080 tcp

Files

memory/2460-1-0x000000013F6B0000-0x000000013FAA6000-memory.dmp

memory/2460-0-0x00000000002F0000-0x0000000000300000-memory.dmp

C:\Windows\system\zdgNpuU.exe

MD5 bf9f302b5346364c1ce93f7138ff87be
SHA1 d039f224d3e63c78c55d2778f504cfa8431174fd
SHA256 457a624e9365f7158397e12c22a8281c9366ebb51ae6ad9fa62dca05d8197418
SHA512 5d44d2d83167db06ff20bf1b2dbdbccc65d1356253150983c4501c7e2f3387b4415cef2b321c3a7907145a705d26a2b575b444e203de7903da8f3742c7820342

memory/2460-8-0x000000013FBE0000-0x000000013FFD6000-memory.dmp

\Windows\system\nqliapA.exe

MD5 d58f2f8df8400e4e619518b2907c167e
SHA1 8e40a85262e580f119dc1459c3eefcc56393ccf9
SHA256 888eb89d3a94ddf7e3fd37c59f7ffef58f89dda04f1dd437da4e119ee7c77bd9
SHA512 aee7dba4d73a9914014c2c24192f5c35b9b5476861b295b2a02f34dc1351a4136de3cf2a5331451bae39bb938932e890f22b76b7d85ffbfe0df009a78d92524f

memory/2304-13-0x000000013FBE0000-0x000000013FFD6000-memory.dmp

memory/2460-16-0x000000013FDE0000-0x00000001401D6000-memory.dmp

\Windows\system\zxPXzuc.exe

MD5 3b3f36d97a10d58a4027cebce0ebfc17
SHA1 fc6d2e373c9e6cde02d3a0ebd2d348822ca2fff4
SHA256 12278ab7c96c04ff7867b747f139903034271bc9c740b7c90d5490bb9bfa1975
SHA512 7f801dc62946bad1d470fb9655678bd6230baee69dea74644a6c9e232447414d4ad58fa704c3c2bbf4598d368094c0750454c1828db629cfc3a519f3391c9cd2

memory/2708-15-0x000000013FDE0000-0x00000001401D6000-memory.dmp

memory/2460-25-0x000000013FD00000-0x00000001400F6000-memory.dmp

memory/2628-26-0x000000013FD00000-0x00000001400F6000-memory.dmp

\Windows\system\IJoxyNf.exe

MD5 f42f25b7c66d08f1ac16fca3f42a6421
SHA1 02b322c5eabb7e518395b7f7f06728edf8715d24
SHA256 850883fadc8f0be661e5842336425fc28faf74f061c5d83db8266c687b19c9aa
SHA512 53d42453dff5086908853376ef2b9eb9a924e2740bc125e7035606a2e5cedbce18af613e54c2f961eba178d2310f800a06d495e3543179f80d516b8c1ed5c64f

\Windows\system\ElCFDnq.exe

MD5 f88490bdb3163aad3280c3b38ce752b1
SHA1 3f31ece10c6db5fe782b23c80f3420e9e5d82f49
SHA256 db451eb59dd87e1a1abae5d3711af004bec6cd9ccc52993c2023ad6e23aedc77
SHA512 38394393c08b34a6d3c751019621c6acd5686c28f85d2770e25de1537214b77a3c86c437d5adbbf48c5c2a34801c7b7592e7826811a6b1b33e6e3f28bc839bc4

memory/2064-29-0x000007FEF505E000-0x000007FEF505F000-memory.dmp

memory/2064-34-0x000000001B7B0000-0x000000001BA92000-memory.dmp

memory/2064-38-0x0000000002070000-0x0000000002078000-memory.dmp

\Windows\system\buKxklk.exe

MD5 7d23b4bdc1984cbea68e34e19dfb5ac9
SHA1 d38eff250488baad15c1d93bcb5839e9c98840bc
SHA256 82ddcb40d35021dae12ecf277e2e58270db1ec3101ccfba0c5459842053f8e54
SHA512 1e4dea3915d49f1811aff76a82e883c30ee42a51267bdfed27bc227174c3de01b830e6c52ce86258dc7cdc4b6631bb7239c6e9d5e107bbcecbed95c8a3ebf824

\Windows\system\dfPnvQP.exe

MD5 262479710c007716814f3d6d3a69d860
SHA1 a7f57f6707b71378c2473485f7fc643b3bc52e93
SHA256 c36c5c51a70b3034619a41197839e9a63dfa3b81c2baab28e4e8785200f8b9f9
SHA512 e734429c5db02219af7ff066825a5e29e36d88697b7ec0111784a4bce3587dba98058abcfb620a67f0c85bdd17f7e4641833005d15aab9e9f5d4cf7c77e68d91

C:\Windows\system\ATKJEAo.exe

MD5 55067c6979961622799b870061a6f16f
SHA1 cc0ccb21f35c470ed16bfe8c4b221b0ec03bb538
SHA256 db5db211ec359cced684fac5bfb118ea61eed25dd3a34c9be2d014df105832b2
SHA512 d6befb8c3a426405e936adc549fbcfb9fac46e6bcf95f459a703bc08fbe3902b817fdc45801d3f5b5c581c414f286bb72bb3608c615482eef5850e542224a9df

memory/2064-68-0x000007FEF4DA0000-0x000007FEF573D000-memory.dmp

memory/2460-72-0x0000000003690000-0x0000000003A86000-memory.dmp

C:\Windows\system\lTGwcnT.exe

MD5 a4d5f4e8ae2a4b89915a0d41fa6e29bf
SHA1 2e8528692fd7869164b5ce306c0125893809ae1c
SHA256 e01030d7e784d00b11786a10aa2da30d43e5d4dda743acfbd6bf86a67d4bd250
SHA512 33923e20713f0e58d45fee5086498a30e08be87aa3c53019eb7b2e23ad1dafedb75a38e62190d4b7760f429d969d31b24f85c1d7ddd0baf38173f4aebb68e625

memory/2524-75-0x000000013F640000-0x000000013FA36000-memory.dmp

memory/2780-76-0x000000013FC70000-0x0000000140066000-memory.dmp

memory/2608-74-0x000000013F050000-0x000000013F446000-memory.dmp

C:\Windows\system\RSBAcgT.exe

MD5 f047dffa2dc824851873b7b499f11462
SHA1 afa9944907672982bd14fc18b863a8158cdffa87
SHA256 977b3f76098dc334eb3b334c2d89321e196f81c6449545e772b7ae7a834a9ffa
SHA512 892a8e2c7e548f98c97ae99568a388a9ab7e50f4da35f563ce2b777d1d3fa75f6e24313e7cd8725bd05b7450d43f332e2643ec62904d878aaed4bde5d7dcd483

C:\Windows\system\VdDyzME.exe

MD5 f5394dd1f7aca0891905493a85f79e53
SHA1 62c475e4968ae8b2b26845a1b142b4c8c3249e43
SHA256 b9b6fffce48cde1cfe8ce1d0b233f412314b602d69e8fecad929c84380ac68e2
SHA512 c03528efc115aa34a25f9298f8d1302d166f798824625868666a908032594a1e5f60cfef48b30f04676be9924cff2c236ad4f1ddff5009ecf08bbfb13bdad671

C:\Windows\system\zvsnAiP.exe

MD5 bfff39845faad09f3dcf22f8f0ff4229
SHA1 b7f294da9e4dbc35c0d3eafc1e7428ccc95b5942
SHA256 1cab020914604d288aab2f8caaa5fa66737a5f6ef64d2c776be8eda5eef8ed7b
SHA512 77b26f7d988383ebf7b997186138f64c8f5c480d48827b59dc963163df4b3d57d72eb9b881bb219534ff5243cb7cc9df30a495f10fbd44b24509ee1b3638ae4b

C:\Windows\system\LlRwEIm.exe

MD5 5de8385875dc864190b302940409a143
SHA1 d8513a9f6a880097427db4628983bee176784c58
SHA256 91e5254f6d0b2868f34ef251196a014b65c8d26f878b660e233ad6b466ec5c4b
SHA512 5ddd2ac9ed7c3ee46e03e39279c9e1c3d394b24c410b210c2484ef534ebc78d1d5f0eae622e26374ac6ce92864992670749035f90aadd3e8f86928777b530bc2

\Windows\system\EYztHeg.exe

MD5 560f8348140ba4b70520c7397bd05d5a
SHA1 bd0662150d24886bd07efae1ad140d22142a6455
SHA256 0092ed26cdce6de452b64d79f93e47fdacedc24c9e0f457eb22ad6b0afb795c5
SHA512 9c0fef6a50b1692368e5adefc669f9b013e8d0ba8b0b7d0cce63707eeba7f618f354bdb692b000b5bad639fbfb1147ad886d48453b69d2a986da879a0a1ad69c

C:\Windows\system\dRKeYyY.exe

MD5 33328205adb9af0f267a36bb28c05e4c
SHA1 97feedc4e0de21ab3aa6a4855041216c4100147d
SHA256 d5beed06d7bd48e37bb08cebfc324a3e1cbc8dad8357c51311f5f1e3fce7ad36
SHA512 67832d3b0ed5a8b9e4450d23d571a7b0db54f0e83423ef9260a1cd1c0202f792cd1d7d540550c152eceddaf5642a13c64be192e9e80edde92ecd903f76e61eca

C:\Windows\system\xvICOgl.exe

MD5 b3065cb5a5ba205b12adc7adceb9b586
SHA1 3b21a934eeda67be02c89306fb76e113a48fc905
SHA256 d8ce8e648e1a9d69e700a6e19783bc526797acd01d7e68fdba47ca756a4506e9
SHA512 d1c0264674591615dcf25d97a230fda1746496421082078e3fd8d05fa31af01bb127daa2afcca9f0ce97dc8623d044c88cee6f774d841cd0d47b0dd4c37f1fb0

C:\Windows\system\YCzcZNu.exe

MD5 2621b99c917f56e777822133d75ceeb6
SHA1 39ccf18dfff0881a3c6151a81577ff14097821f4
SHA256 adf4d959eccfb4ea434e8d42b4d6ab0f31ad597b0cd69ac141276965453d1743
SHA512 c983e4009dad833bb815907489cedfa785556d419c93acbaf0124d466ffb9e1d6fa767b2f02a6c94d4b2d5e261313b0f143f68573e10ea40fc13bd6cf0e9b05c

C:\Windows\system\PjUNGfl.exe

MD5 263216f70350ce33ea01d109040334d7
SHA1 2aae4783110aea199ac5e4a4433163a91b276f17
SHA256 95d8cd6a721db50069404fb281a9eceb631354295e6722d9c255ec132b793771
SHA512 5cec8351bbaf4364bc3a032c030f099e5854a05c60371bd0a67037609d0da64aa9d4881a98e7194a3517d76387c4c6dfd164f891ee43839e927f92264d3a9594

C:\Windows\system\MTAUNhn.exe

MD5 52338cee63aaf3c449019cf06a8c9dfd
SHA1 4acf87afca0f9c1a26f3ae05ed256e60c5bc86c9
SHA256 5cd288742295cd01e303cd923b9668eead973e5749ccea1a79e4aa0959749965
SHA512 936315df0eca3008512b99d94a02482f14b0494413853fd9e8d77881f8e2e8a99f1b3d9020d02f5ddda7a67971835caaf5bd6de9750a09235baa2273ed8038e1

C:\Windows\system\yXevchP.exe

MD5 6c6de290ceea2f014179b58d11ca33b9
SHA1 c5f6da83793ebd435adbe22df4b4a6248b900c08
SHA256 3ff455d5caa9665a964ce712643196aa0673cda62dc4b257f20be15572775cca
SHA512 e3c9e92cb7a78a10ab0357436c992eb1d1ff37a31c5160efd965c4c84d93d91320cf6611e165f046d06545222f81f9c4f5f0d487c37ccd0eea9388bfa081abb8

C:\Windows\system\eKDEugr.exe

MD5 6060f942fb801dcf3c84ca87e9a80293
SHA1 5be1199146963daacb262482ea08fe09e64aec0c
SHA256 05768579f3af912b3816c5c7e7c20f76ba56345b0b902cfb74d6c7865a901c8d
SHA512 3f2552d947f804e73b6d2ce7ff67b0cda5a0bd804571a113d62cdcb5523ebc4f95625ef30bb103af61fc739020dab4647ee18c93c00ccb8673c52466dfbb220f

C:\Windows\system\vsRqnqd.exe

MD5 d1294361b453715ddf7e163e4328c2ed
SHA1 f482b401caea7be288bafec5ab7cc724570a7692
SHA256 dc47e119def4daf9ac66c04deca94ed74818537d9a5cedad04b3acb237a161a6
SHA512 0a2143fa0278032063a6bb9381992ecb4289eb10afb067b9cd32b4f788b2e4c6bba2915f910b0a56130da22ddc6facc26f0bac33bc85188016affefbd23159ff

C:\Windows\system\efNPtSY.exe

MD5 aab679b8a68ce460e004deef29be66f3
SHA1 c0e0092dd4165844c500b0b82dbf8cb77cbbf302
SHA256 e518c361b5981cfeec31807aff4d15b06f33f30e447f7233e2d659a2bddaebb6
SHA512 994dfb9bd241d3d8a44be2f8d04b639a58c31148d74d5d5e01f46bcf09026ff87f49674c60f3a68d88bf12eca031369e89df4e7b47f1b96de260f91b05db19d7

memory/2460-105-0x000000013F070000-0x000000013F466000-memory.dmp

C:\Windows\system\PIKyXSk.exe

MD5 a367c8bc92052ed60bf0e85c1a15bd4d
SHA1 a8fbd3f130b7cd132a71507112cd96dd9b46698a
SHA256 169a5f93a2152230eb3fc004b0a01881b8d1f4e69f792d1ea723bb7dfe81b4c0
SHA512 0ec6b579829b64f29a316302b1d10d071a31497532e7fae1864d3e8a03dcc985da811526f898b33f16c9bda33134dd8054e947e89351adfaea46ed1618898028

memory/1876-91-0x000000013FFA0000-0x0000000140396000-memory.dmp

memory/2460-70-0x000000013F0F0000-0x000000013F4E6000-memory.dmp

memory/2256-69-0x000000013FD60000-0x0000000140156000-memory.dmp

memory/2064-35-0x000007FEF4DA0000-0x000007FEF573D000-memory.dmp

\Windows\system\eHfGbpl.exe

MD5 bbdc5579d425b3d5282846149051dc04
SHA1 41205a6de1e7c30e69dbe0eaf0136445934b930f
SHA256 3574e7967f5a9528d362c01a725aa3bd7e50dddd86e4675f32b38a54722895f2
SHA512 bfdd6146c8f0f2c0e0f77c70139ff03fd64d2a0c6733c18f9f203f51d02cf7eded99b7fff8c754197c60f556f77aea7762867f029f7aa84c99d81ac5e2a8e4f9

\Windows\system\qZaYAkn.exe

MD5 ade2312bb4199916d3a76966b78dd638
SHA1 9b05b0d3a2b013920184d32628c6f48e2c2da6b5
SHA256 d3db4056d3d014802fe77014aff2899306d737ae18eac3779a30085879a87cd3
SHA512 3f3c5e317ca469ebbbb70be2905894c3baadb984a0c026a37b1473b2963244917553e5873511fe1d3b618c4dec5905bf8023c81d526cfb49c25fdaedbcd9666b

memory/2064-43-0x000007FEF4DA0000-0x000007FEF573D000-memory.dmp

memory/2064-58-0x000007FEF4DA0000-0x000007FEF573D000-memory.dmp

memory/2460-63-0x000000013FD60000-0x0000000140156000-memory.dmp

\Windows\system\OxgfCiM.exe

MD5 3a28b53d4455efeb85416e78ba1b10c1
SHA1 9513f9e31e3427f04c2d9c7dacedf99ddf6bb13b
SHA256 d239fdf8bde5db4cebd8c53e20b1d3e951868d1f9320dae5979908a02fd270ba
SHA512 e8e5c9467755eb663846912da192f60a65ef3d4920fc11a9d64778e94e51d29afa5d7e40e70c7cd051c24577b8b983eda6a81bcb530fa0c74b386892bac46a3d

memory/2460-80-0x000000013F220000-0x000000013F616000-memory.dmp

memory/2460-81-0x000000013F050000-0x000000013F446000-memory.dmp

memory/2708-569-0x000000013FDE0000-0x00000001401D6000-memory.dmp

memory/3016-83-0x000000013FF70000-0x0000000140366000-memory.dmp

\Windows\system\IybNbpu.exe

MD5 4c9311b592042a79989ccdf13c30282d
SHA1 97a77d4d7c44e69609c9e3c26422abad37fcf157
SHA256 a62519ef06bd662554c44a8ebebfcc270fbe069eab632da19a6b62b4bc5e0ce2
SHA512 bdfc2ce2a806e1eb3859a6b0174779974da34ef650510a111c1523de2f67b5025cefc9d860fe51db9df20ed8014baf688db68ebcf3b2f9e01f277f2544d35e2e

memory/2460-270-0x000000013F6B0000-0x000000013FAA6000-memory.dmp

memory/2460-82-0x000000013FF70000-0x0000000140366000-memory.dmp

memory/2460-85-0x000000013F1C0000-0x000000013F5B6000-memory.dmp

memory/2556-84-0x000000013F220000-0x000000013F616000-memory.dmp

\Windows\system\aMlnHZc.exe

MD5 6581fd00ec7994fda84f8bf4ce52b243
SHA1 8b012603ae6e783e724fea50387d921ae64b343d
SHA256 0408c991b26e7819b365acebb5eedb2d0b4db3cc0ca17f871eb36fc625d381db
SHA512 7b4a1fd2355a27f85669027e43822779c903d9da59823616b8089d8b60c951b95556afedd7ffb1a13def2cee8c12e02ce2dff960bcc32cc99069a5824efda8ec

\Windows\system\ZLxMOGL.exe

MD5 07af933ad5e7720b8be5f75dc7a741b8
SHA1 da950b4fb1e67b78145d7c3b0e7642836260e201
SHA256 c8f8575703eb6a15cf4ea9f3515493a959d6ea21e672dc856b2870638fe98f9c
SHA512 3f1538d25051774b576d0939bbeb3f778421e135bc79d070f0ee88f196df71dc8e76dfe1b2849bf99d312657e11e24047ec78fb9551211ab91f741a3f3d297ce

\Windows\system\phaCPOQ.exe

MD5 a58bc3b5bd7adf89ca0aa36b185f3d7d
SHA1 59962ea250de017557d26d49182bccb1cd6e0714
SHA256 e49beb59ad95e69d3205157ded8b08d323f157e7b39d028fedb0cfc46c5d0933
SHA512 f9fb5c829c03e00ed8c3834619d8c578d245715e1ae6529c4bedca18ec6acd642636dbc2b564404e36c0e5ed84deb9c6e1e86d1e111bd52c227c31e0a4933b68

\Windows\system\JMgFrXf.exe

MD5 91bba0bcc81ce0260cbc2c9be5f0be3a
SHA1 f4f6bebc8cf1e72d5bfec9533b9ff4903cbe6f00
SHA256 35049e931e446cfcf3aecdf8900585f9a373a183d9f9a3c4c11e7f7740a7dbd0
SHA512 46e8e88ff91f10c792483dec16217db89148d258a1ceaf52c1c01d5998a000313b1c35a1759ef2e45ff40dfaeb91bfda420e36be8ce57dd76145b62c624fd791

\Windows\system\ZiGdAJb.exe

MD5 99047b78a04b1137bf96aa438b85e01b
SHA1 bc83d70339968e54e572a629e4adb70eb2fd501a
SHA256 705fbf5d4bbab42d18926f9c927c66f145c7c3a9036178564177f1a2cc2a3a24
SHA512 a1ce89fc449b14cad2504b3d23ff3bf5e3cfd65b1b67276113938d13595556ff19c5e2a578d1b6996e37410b459f096d62fd7dc95bff8af47e448358ad1c9000

\Windows\system\BncgNky.exe

MD5 7614b900dedc567f7d1a52c4cfe03a63
SHA1 8e228acf7d356875a37d816cc00e771f9dec0a21
SHA256 5580434fae4f26eb59a5151f88591b8ac451508f48c8c43b6ffc462c8edf0af4
SHA512 0e4b888da9b9e53ca9d6b79db29890d7a554f72b4496f0afedab969e6e48daacc1dc436d14f0a50f3b42826c8e4c8cb025e3020b37fa4a0de64da9b2e49ce915

\Windows\system\WlxFsuk.exe

MD5 30e71d24b06f2f37c01f30aa0778e2c4
SHA1 8a50f6af0d2babeec92750eccf19b62cc801776d
SHA256 c99cd94d9b6304b311b7068440b845ca849c7e87af3a2693733a298a097f2c3e
SHA512 46daf4db2fa288e3b5ca1589cf7a9860d6363707d417ccd3b5b74023edfe0ab03e4d0e039de9dbc8fb29d353b373c441ce024578c39460c34741366aed0e212a

\Windows\system\YdDnokB.exe

MD5 59ac00abcce538f4d1796b86789ec806
SHA1 294b7972ed81c968d7bd28af3f7c098463bd12c1
SHA256 9b09683114debc0a0a45406b39acb507c4a7fd82ed125162262c3243c475e2e2
SHA512 ca60fbee5cfd3f6f8358bdeb5881eecf47f8f069e1b29378a2c5d2a40175bd24847c872f6607b90ca6739147b4ae921272256d790dd298a1f8bf9b42dd9ebd08

memory/2064-610-0x000007FEF4DA0000-0x000007FEF573D000-memory.dmp

\Windows\system\ExIIutc.exe

MD5 fac5ad71e714aaa52416e49c19e93197
SHA1 51797fb6b341fd771cea3c1767b3cb5914503ba4
SHA256 e23ad2d0cc653633611ecbcaeb59021454ef7302df35da8a2922093c361691d5
SHA512 94f5751ec1a003a42db5563b0241c2f6731a3ffe36364ac779a3a8c4d93b6bdafb394d7c509f4767f0a09452b95df139ae0c262f137349ac443a047529a4f0e0

\Windows\system\PnMTOlS.exe

MD5 049dec369c19d24c8228cd848ad71fff
SHA1 bce55324b80f08a2833c7fd582061ab211a52ab7
SHA256 0fb4824ae4b2c96d63a3803093d557e49bf8525709b92540686e9c00247153e5
SHA512 8f2bc360d54a700b1e177ac04b5b3acb7b69715dedc534efa8e220d563b4b0a9dc8b034e0ed29ae76a51cfbca276d228497f78bdcd0406a419f879f123482eba

\Windows\system\PEHcyLv.exe

MD5 023853ee4f74a3e094d7d33e4ddb7f5e
SHA1 448dcba296492e173f7720d95b9627db2bd7f834
SHA256 b4b784e9b7131ab6c0ba15d3775cd7cbeaaeac72454b63192ff2f6a214ebeb24
SHA512 17b425887d6c304099b835574488790905a1699eb0f076d3686d67897f46fb297941e3b250c1639ab0529089a020417a1fb4ff4a91429195c347097b2969148c

\Windows\system\lYftCpJ.exe

MD5 e20cf16e9cfd5ef0566108c8edd2c4b3
SHA1 7ccbda51393a03ba66b3702fdd0e80464bf1700f
SHA256 9e1f38b0744808fe59fe716dde110be7b723dd75dc3bb6e757b31404dc499734
SHA512 b86c86b04215b648dec0847fefe669303b4b0066690d99f5d43e8fe0d39427b292f17a23b6b986cd130f1e09abb1eac33bf906c4fa670db7c9f71d5d3be46ca2

\Windows\system\WPKdoyW.exe

MD5 2df126cbbb25ff758b85b73387407a6c
SHA1 e6bc8785a3e460f803422510edfbcb00fc624c03
SHA256 4f56cd4d79d717e7c6ba436502a9c1b9d1b6af243402fdd4d5431ea6307439cb
SHA512 6fd9d4201b9cca306f229bea740d12f35688a7d255d11005ce14950addd21e683d45d85c1dea0b32be43539230bc889783b3123ac83ac3d667fc192479d07eb2

memory/2628-1451-0x000000013FD00000-0x00000001400F6000-memory.dmp

memory/2460-2403-0x0000000003690000-0x0000000003A86000-memory.dmp

memory/2556-2896-0x000000013F220000-0x000000013F616000-memory.dmp

memory/1876-4051-0x000000013FFA0000-0x0000000140396000-memory.dmp

memory/2780-6069-0x000000013FC70000-0x0000000140066000-memory.dmp

memory/1876-7221-0x000000013FFA0000-0x0000000140396000-memory.dmp

C:\Windows\system\wDpgwHe.exe

MD5 cb861dc01542bb027088b0ee36a02976
SHA1 7e4b33d24ab6e40ecaed0eb6df98d365d0f61296
SHA256 b2497bb89ce65ae8ba4febb65190d8a6c87dae381303146ad60d48b53600835d
SHA512 e4c5c5e4b7faf4d2b7b38a9058852ed7707b91c6353084d07e086d5e4dd7a37e77124a608797b3681b110fa970269af12f4468ff7d72700a0977c9150e0f9691

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 12:12

Reported

2024-06-14 12:14

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zdgNpuU.exe N/A
N/A N/A C:\Windows\System\nqliapA.exe N/A
N/A N/A C:\Windows\System\zxPXzuc.exe N/A
N/A N/A C:\Windows\System\IJoxyNf.exe N/A
N/A N/A C:\Windows\System\ElCFDnq.exe N/A
N/A N/A C:\Windows\System\lTGwcnT.exe N/A
N/A N/A C:\Windows\System\dfPnvQP.exe N/A
N/A N/A C:\Windows\System\qZaYAkn.exe N/A
N/A N/A C:\Windows\System\buKxklk.exe N/A
N/A N/A C:\Windows\System\eHfGbpl.exe N/A
N/A N/A C:\Windows\System\ATKJEAo.exe N/A
N/A N/A C:\Windows\System\OxgfCiM.exe N/A
N/A N/A C:\Windows\System\RSBAcgT.exe N/A
N/A N/A C:\Windows\System\IybNbpu.exe N/A
N/A N/A C:\Windows\System\PIKyXSk.exe N/A
N/A N/A C:\Windows\System\phaCPOQ.exe N/A
N/A N/A C:\Windows\System\efNPtSY.exe N/A
N/A N/A C:\Windows\System\aMlnHZc.exe N/A
N/A N/A C:\Windows\System\VdDyzME.exe N/A
N/A N/A C:\Windows\System\ZLxMOGL.exe N/A
N/A N/A C:\Windows\System\zvsnAiP.exe N/A
N/A N/A C:\Windows\System\WPKdoyW.exe N/A
N/A N/A C:\Windows\System\vsRqnqd.exe N/A
N/A N/A C:\Windows\System\JMgFrXf.exe N/A
N/A N/A C:\Windows\System\eKDEugr.exe N/A
N/A N/A C:\Windows\System\lYftCpJ.exe N/A
N/A N/A C:\Windows\System\yXevchP.exe N/A
N/A N/A C:\Windows\System\PEHcyLv.exe N/A
N/A N/A C:\Windows\System\MTAUNhn.exe N/A
N/A N/A C:\Windows\System\PnMTOlS.exe N/A
N/A N/A C:\Windows\System\PjUNGfl.exe N/A
N/A N/A C:\Windows\System\ExIIutc.exe N/A
N/A N/A C:\Windows\System\YCzcZNu.exe N/A
N/A N/A C:\Windows\System\YdDnokB.exe N/A
N/A N/A C:\Windows\System\xvICOgl.exe N/A
N/A N/A C:\Windows\System\WlxFsuk.exe N/A
N/A N/A C:\Windows\System\LlRwEIm.exe N/A
N/A N/A C:\Windows\System\BncgNky.exe N/A
N/A N/A C:\Windows\System\dRKeYyY.exe N/A
N/A N/A C:\Windows\System\ZiGdAJb.exe N/A
N/A N/A C:\Windows\System\EYztHeg.exe N/A
N/A N/A C:\Windows\System\JYPRrAF.exe N/A
N/A N/A C:\Windows\System\WLGDBKO.exe N/A
N/A N/A C:\Windows\System\WKYagJz.exe N/A
N/A N/A C:\Windows\System\PPVEtaS.exe N/A
N/A N/A C:\Windows\System\XpMLRNH.exe N/A
N/A N/A C:\Windows\System\hKugkgc.exe N/A
N/A N/A C:\Windows\System\BFiraZZ.exe N/A
N/A N/A C:\Windows\System\dIZTIii.exe N/A
N/A N/A C:\Windows\System\dwPHIdk.exe N/A
N/A N/A C:\Windows\System\CJdRuQq.exe N/A
N/A N/A C:\Windows\System\lAkibZZ.exe N/A
N/A N/A C:\Windows\System\whHuwCd.exe N/A
N/A N/A C:\Windows\System\YzRVXUS.exe N/A
N/A N/A C:\Windows\System\lBicuMK.exe N/A
N/A N/A C:\Windows\System\eKIJriX.exe N/A
N/A N/A C:\Windows\System\amghxrO.exe N/A
N/A N/A C:\Windows\System\xCqXAyz.exe N/A
N/A N/A C:\Windows\System\tUhVWwn.exe N/A
N/A N/A C:\Windows\System\DzHvdQC.exe N/A
N/A N/A C:\Windows\System\hJIeeQR.exe N/A
N/A N/A C:\Windows\System\QFmMDZw.exe N/A
N/A N/A C:\Windows\System\KiBjViK.exe N/A
N/A N/A C:\Windows\System\nLQVYWg.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\IPkUsmQ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtYjhxy.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IojhXyN.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HqSQICC.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbrrIEB.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hNHfrlQ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPVEtaS.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFmMDZw.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCUrFeQ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qJXGkCm.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\grLqjrW.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZKVIvux.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVcbeiM.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\unouOqG.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfbVMCd.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQBfPAp.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqOyHnd.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UthNWUF.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oALhvBB.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DVhjNkU.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsRqnqd.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NVYFgSc.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jbhaBNY.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dZcCzqf.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aDiaLti.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwxlvYW.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dqClbAi.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oGmAyRa.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckbitJp.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpvZhmw.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SFILGQv.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZqVLKe.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsqxJxy.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\odCgoQI.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JshUMcR.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uTOXlzS.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FjEtOTJ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MJwJokz.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOIhJko.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzICTsO.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFyleUB.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gtOeFjx.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BEbtOwg.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pQNEuKb.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WdVDdas.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AfwymdI.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVsFlYd.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GnPNKEc.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jyYMMvU.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWYnMzq.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdHwubq.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mbijoFm.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WIhxHTN.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJIeeQR.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tlEmEIu.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OgpsoGO.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Gnsyvbi.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HkQQEXe.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElCFDnq.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwxXTdZ.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qoqYYDG.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QsUlVHF.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HaAqREP.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
File created C:\Windows\System\svubokj.exe C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3552 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3552 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3552 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zdgNpuU.exe
PID 3552 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zdgNpuU.exe
PID 3552 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\nqliapA.exe
PID 3552 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\nqliapA.exe
PID 3552 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zxPXzuc.exe
PID 3552 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zxPXzuc.exe
PID 3552 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IJoxyNf.exe
PID 3552 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IJoxyNf.exe
PID 3552 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ElCFDnq.exe
PID 3552 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ElCFDnq.exe
PID 3552 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\lTGwcnT.exe
PID 3552 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\lTGwcnT.exe
PID 3552 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\dfPnvQP.exe
PID 3552 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\dfPnvQP.exe
PID 3552 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\qZaYAkn.exe
PID 3552 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\qZaYAkn.exe
PID 3552 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\buKxklk.exe
PID 3552 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\buKxklk.exe
PID 3552 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\eHfGbpl.exe
PID 3552 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\eHfGbpl.exe
PID 3552 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ATKJEAo.exe
PID 3552 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ATKJEAo.exe
PID 3552 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\OxgfCiM.exe
PID 3552 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\OxgfCiM.exe
PID 3552 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\RSBAcgT.exe
PID 3552 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\RSBAcgT.exe
PID 3552 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IybNbpu.exe
PID 3552 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\IybNbpu.exe
PID 3552 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PIKyXSk.exe
PID 3552 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PIKyXSk.exe
PID 3552 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\phaCPOQ.exe
PID 3552 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\phaCPOQ.exe
PID 3552 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\efNPtSY.exe
PID 3552 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\efNPtSY.exe
PID 3552 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\aMlnHZc.exe
PID 3552 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\aMlnHZc.exe
PID 3552 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\VdDyzME.exe
PID 3552 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\VdDyzME.exe
PID 3552 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ZLxMOGL.exe
PID 3552 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\ZLxMOGL.exe
PID 3552 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zvsnAiP.exe
PID 3552 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\zvsnAiP.exe
PID 3552 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\WPKdoyW.exe
PID 3552 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\WPKdoyW.exe
PID 3552 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\vsRqnqd.exe
PID 3552 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\vsRqnqd.exe
PID 3552 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\JMgFrXf.exe
PID 3552 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\JMgFrXf.exe
PID 3552 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\eKDEugr.exe
PID 3552 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\eKDEugr.exe
PID 3552 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\lYftCpJ.exe
PID 3552 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\lYftCpJ.exe
PID 3552 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\yXevchP.exe
PID 3552 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\yXevchP.exe
PID 3552 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PEHcyLv.exe
PID 3552 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PEHcyLv.exe
PID 3552 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\MTAUNhn.exe
PID 3552 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\MTAUNhn.exe
PID 3552 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PnMTOlS.exe
PID 3552 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PnMTOlS.exe
PID 3552 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PjUNGfl.exe
PID 3552 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe C:\Windows\System\PjUNGfl.exe

Processes

C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\be6216bdda30cf4b4195fafb49a93aa0_NeikiAnalytics.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "

C:\Windows\System\zdgNpuU.exe

C:\Windows\System\zdgNpuU.exe

C:\Windows\System\nqliapA.exe

C:\Windows\System\nqliapA.exe

C:\Windows\System\zxPXzuc.exe

C:\Windows\System\zxPXzuc.exe

C:\Windows\System\IJoxyNf.exe

C:\Windows\System\IJoxyNf.exe

C:\Windows\System\ElCFDnq.exe

C:\Windows\System\ElCFDnq.exe

C:\Windows\System\lTGwcnT.exe

C:\Windows\System\lTGwcnT.exe

C:\Windows\System\dfPnvQP.exe

C:\Windows\System\dfPnvQP.exe

C:\Windows\System\qZaYAkn.exe

C:\Windows\System\qZaYAkn.exe

C:\Windows\System\buKxklk.exe

C:\Windows\System\buKxklk.exe

C:\Windows\System\eHfGbpl.exe

C:\Windows\System\eHfGbpl.exe

C:\Windows\System\ATKJEAo.exe

C:\Windows\System\ATKJEAo.exe

C:\Windows\System\OxgfCiM.exe

C:\Windows\System\OxgfCiM.exe

C:\Windows\System\RSBAcgT.exe

C:\Windows\System\RSBAcgT.exe

C:\Windows\System\IybNbpu.exe

C:\Windows\System\IybNbpu.exe

C:\Windows\System\PIKyXSk.exe

C:\Windows\System\PIKyXSk.exe

C:\Windows\System\phaCPOQ.exe

C:\Windows\System\phaCPOQ.exe

C:\Windows\System\efNPtSY.exe

C:\Windows\System\efNPtSY.exe

C:\Windows\System\aMlnHZc.exe

C:\Windows\System\aMlnHZc.exe

C:\Windows\System\VdDyzME.exe

C:\Windows\System\VdDyzME.exe

C:\Windows\System\ZLxMOGL.exe

C:\Windows\System\ZLxMOGL.exe

C:\Windows\System\zvsnAiP.exe

C:\Windows\System\zvsnAiP.exe

C:\Windows\System\WPKdoyW.exe

C:\Windows\System\WPKdoyW.exe

C:\Windows\System\vsRqnqd.exe

C:\Windows\System\vsRqnqd.exe

C:\Windows\System\JMgFrXf.exe

C:\Windows\System\JMgFrXf.exe

C:\Windows\System\eKDEugr.exe

C:\Windows\System\eKDEugr.exe

C:\Windows\System\lYftCpJ.exe

C:\Windows\System\lYftCpJ.exe

C:\Windows\System\yXevchP.exe

C:\Windows\System\yXevchP.exe

C:\Windows\System\PEHcyLv.exe

C:\Windows\System\PEHcyLv.exe

C:\Windows\System\MTAUNhn.exe

C:\Windows\System\MTAUNhn.exe

C:\Windows\System\PnMTOlS.exe

C:\Windows\System\PnMTOlS.exe

C:\Windows\System\PjUNGfl.exe

C:\Windows\System\PjUNGfl.exe

C:\Windows\System\ExIIutc.exe

C:\Windows\System\ExIIutc.exe

C:\Windows\System\YCzcZNu.exe

C:\Windows\System\YCzcZNu.exe

C:\Windows\System\YdDnokB.exe

C:\Windows\System\YdDnokB.exe

C:\Windows\System\xvICOgl.exe

C:\Windows\System\xvICOgl.exe

C:\Windows\System\WlxFsuk.exe

C:\Windows\System\WlxFsuk.exe

C:\Windows\System\LlRwEIm.exe

C:\Windows\System\LlRwEIm.exe

C:\Windows\System\BncgNky.exe

C:\Windows\System\BncgNky.exe

C:\Windows\System\dRKeYyY.exe

C:\Windows\System\dRKeYyY.exe

C:\Windows\System\ZiGdAJb.exe

C:\Windows\System\ZiGdAJb.exe

C:\Windows\System\EYztHeg.exe

C:\Windows\System\EYztHeg.exe

C:\Windows\System\JYPRrAF.exe

C:\Windows\System\JYPRrAF.exe

C:\Windows\System\WLGDBKO.exe

C:\Windows\System\WLGDBKO.exe

C:\Windows\System\WKYagJz.exe

C:\Windows\System\WKYagJz.exe

C:\Windows\System\PPVEtaS.exe

C:\Windows\System\PPVEtaS.exe

C:\Windows\System\XpMLRNH.exe

C:\Windows\System\XpMLRNH.exe

C:\Windows\System\hKugkgc.exe

C:\Windows\System\hKugkgc.exe

C:\Windows\System\BFiraZZ.exe

C:\Windows\System\BFiraZZ.exe

C:\Windows\System\dIZTIii.exe

C:\Windows\System\dIZTIii.exe

C:\Windows\System\dwPHIdk.exe

C:\Windows\System\dwPHIdk.exe

C:\Windows\System\CJdRuQq.exe

C:\Windows\System\CJdRuQq.exe

C:\Windows\System\lAkibZZ.exe

C:\Windows\System\lAkibZZ.exe

C:\Windows\System\whHuwCd.exe

C:\Windows\System\whHuwCd.exe

C:\Windows\System\YzRVXUS.exe

C:\Windows\System\YzRVXUS.exe

C:\Windows\System\lBicuMK.exe

C:\Windows\System\lBicuMK.exe

C:\Windows\System\eKIJriX.exe

C:\Windows\System\eKIJriX.exe

C:\Windows\System\amghxrO.exe

C:\Windows\System\amghxrO.exe

C:\Windows\System\xCqXAyz.exe

C:\Windows\System\xCqXAyz.exe

C:\Windows\System\tUhVWwn.exe

C:\Windows\System\tUhVWwn.exe

C:\Windows\System\DzHvdQC.exe

C:\Windows\System\DzHvdQC.exe

C:\Windows\System\hJIeeQR.exe

C:\Windows\System\hJIeeQR.exe

C:\Windows\System\QFmMDZw.exe

C:\Windows\System\QFmMDZw.exe

C:\Windows\System\KiBjViK.exe

C:\Windows\System\KiBjViK.exe

C:\Windows\System\nLQVYWg.exe

C:\Windows\System\nLQVYWg.exe

C:\Windows\System\ZdAZbMx.exe

C:\Windows\System\ZdAZbMx.exe

C:\Windows\System\GzLuSPe.exe

C:\Windows\System\GzLuSPe.exe

C:\Windows\System\ERSkeGK.exe

C:\Windows\System\ERSkeGK.exe

C:\Windows\System\MfCjAOm.exe

C:\Windows\System\MfCjAOm.exe

C:\Windows\System\XSAZhdY.exe

C:\Windows\System\XSAZhdY.exe

C:\Windows\System\ZpitQIf.exe

C:\Windows\System\ZpitQIf.exe

C:\Windows\System\rdQpNOK.exe

C:\Windows\System\rdQpNOK.exe

C:\Windows\System\XQyuTcl.exe

C:\Windows\System\XQyuTcl.exe

C:\Windows\System\BuhsoYb.exe

C:\Windows\System\BuhsoYb.exe

C:\Windows\System\GJaDBsj.exe

C:\Windows\System\GJaDBsj.exe

C:\Windows\System\lhmbUmu.exe

C:\Windows\System\lhmbUmu.exe

C:\Windows\System\NVYFgSc.exe

C:\Windows\System\NVYFgSc.exe

C:\Windows\System\vYLJSsY.exe

C:\Windows\System\vYLJSsY.exe

C:\Windows\System\CwQcTSr.exe

C:\Windows\System\CwQcTSr.exe

C:\Windows\System\IdXRwPZ.exe

C:\Windows\System\IdXRwPZ.exe

C:\Windows\System\tipUmwI.exe

C:\Windows\System\tipUmwI.exe

C:\Windows\System\FjOyrQs.exe

C:\Windows\System\FjOyrQs.exe

C:\Windows\System\jRuTsfD.exe

C:\Windows\System\jRuTsfD.exe

C:\Windows\System\XfbVMCd.exe

C:\Windows\System\XfbVMCd.exe

C:\Windows\System\PvCAEmv.exe

C:\Windows\System\PvCAEmv.exe

C:\Windows\System\QQwZFkh.exe

C:\Windows\System\QQwZFkh.exe

C:\Windows\System\qFyleUB.exe

C:\Windows\System\qFyleUB.exe

C:\Windows\System\KDzNEqb.exe

C:\Windows\System\KDzNEqb.exe

C:\Windows\System\VMnbrwe.exe

C:\Windows\System\VMnbrwe.exe

C:\Windows\System\pEHjJUu.exe

C:\Windows\System\pEHjJUu.exe

C:\Windows\System\hDyeSKF.exe

C:\Windows\System\hDyeSKF.exe

C:\Windows\System\rOaHSNb.exe

C:\Windows\System\rOaHSNb.exe

C:\Windows\System\HhIGjZz.exe

C:\Windows\System\HhIGjZz.exe

C:\Windows\System\Bhlhwuh.exe

C:\Windows\System\Bhlhwuh.exe

C:\Windows\System\XKOmGkS.exe

C:\Windows\System\XKOmGkS.exe

C:\Windows\System\cgNvFQd.exe

C:\Windows\System\cgNvFQd.exe

C:\Windows\System\SclQJmD.exe

C:\Windows\System\SclQJmD.exe

C:\Windows\System\AoeZnGX.exe

C:\Windows\System\AoeZnGX.exe

C:\Windows\System\ucYwomP.exe

C:\Windows\System\ucYwomP.exe

C:\Windows\System\VNLwhEL.exe

C:\Windows\System\VNLwhEL.exe

C:\Windows\System\goakxyC.exe

C:\Windows\System\goakxyC.exe

C:\Windows\System\geNHsQi.exe

C:\Windows\System\geNHsQi.exe

C:\Windows\System\jHrpIQu.exe

C:\Windows\System\jHrpIQu.exe

C:\Windows\System\AfwymdI.exe

C:\Windows\System\AfwymdI.exe

C:\Windows\System\KwxXTdZ.exe

C:\Windows\System\KwxXTdZ.exe

C:\Windows\System\qdXuEmg.exe

C:\Windows\System\qdXuEmg.exe

C:\Windows\System\WKktsJG.exe

C:\Windows\System\WKktsJG.exe

C:\Windows\System\FJXZHuV.exe

C:\Windows\System\FJXZHuV.exe

C:\Windows\System\KtlCzdx.exe

C:\Windows\System\KtlCzdx.exe

C:\Windows\System\tsLCzSf.exe

C:\Windows\System\tsLCzSf.exe

C:\Windows\System\BXJEPjV.exe

C:\Windows\System\BXJEPjV.exe

C:\Windows\System\vQBfPAp.exe

C:\Windows\System\vQBfPAp.exe

C:\Windows\System\jLOEbYH.exe

C:\Windows\System\jLOEbYH.exe

C:\Windows\System\VysvRoS.exe

C:\Windows\System\VysvRoS.exe

C:\Windows\System\hzwcBso.exe

C:\Windows\System\hzwcBso.exe

C:\Windows\System\HCNNcDr.exe

C:\Windows\System\HCNNcDr.exe

C:\Windows\System\JqQhMAR.exe

C:\Windows\System\JqQhMAR.exe

C:\Windows\System\mukAECu.exe

C:\Windows\System\mukAECu.exe

C:\Windows\System\ZYUShEs.exe

C:\Windows\System\ZYUShEs.exe

C:\Windows\System\gQRVhIG.exe

C:\Windows\System\gQRVhIG.exe

C:\Windows\System\GdXnrbm.exe

C:\Windows\System\GdXnrbm.exe

C:\Windows\System\NzYrtoP.exe

C:\Windows\System\NzYrtoP.exe

C:\Windows\System\JumsWAa.exe

C:\Windows\System\JumsWAa.exe

C:\Windows\System\DsewzPh.exe

C:\Windows\System\DsewzPh.exe

C:\Windows\System\fbNvwyz.exe

C:\Windows\System\fbNvwyz.exe

C:\Windows\System\tvFYhpI.exe

C:\Windows\System\tvFYhpI.exe

C:\Windows\System\wwJdsJa.exe

C:\Windows\System\wwJdsJa.exe

C:\Windows\System\spxFHOS.exe

C:\Windows\System\spxFHOS.exe

C:\Windows\System\GsqxJxy.exe

C:\Windows\System\GsqxJxy.exe

C:\Windows\System\PRCGscO.exe

C:\Windows\System\PRCGscO.exe

C:\Windows\System\DRwpmUB.exe

C:\Windows\System\DRwpmUB.exe

C:\Windows\System\rRFnENw.exe

C:\Windows\System\rRFnENw.exe

C:\Windows\System\IYSqTll.exe

C:\Windows\System\IYSqTll.exe

C:\Windows\System\ZpGvSHf.exe

C:\Windows\System\ZpGvSHf.exe

C:\Windows\System\sQPPynH.exe

C:\Windows\System\sQPPynH.exe

C:\Windows\System\uDrscGP.exe

C:\Windows\System\uDrscGP.exe

C:\Windows\System\PyZOehD.exe

C:\Windows\System\PyZOehD.exe

C:\Windows\System\bHlrWRV.exe

C:\Windows\System\bHlrWRV.exe

C:\Windows\System\MYdWTHm.exe

C:\Windows\System\MYdWTHm.exe

C:\Windows\System\VwZJhck.exe

C:\Windows\System\VwZJhck.exe

C:\Windows\System\McZsgbn.exe

C:\Windows\System\McZsgbn.exe

C:\Windows\System\ggkVocO.exe

C:\Windows\System\ggkVocO.exe

C:\Windows\System\tKCnJJu.exe

C:\Windows\System\tKCnJJu.exe

C:\Windows\System\kpxwyaF.exe

C:\Windows\System\kpxwyaF.exe

C:\Windows\System\jASoFFE.exe

C:\Windows\System\jASoFFE.exe

C:\Windows\System\zyEjatA.exe

C:\Windows\System\zyEjatA.exe

C:\Windows\System\vPtJFmf.exe

C:\Windows\System\vPtJFmf.exe

C:\Windows\System\eCGKNdv.exe

C:\Windows\System\eCGKNdv.exe

C:\Windows\System\tejbEHu.exe

C:\Windows\System\tejbEHu.exe

C:\Windows\System\rdXCDWk.exe

C:\Windows\System\rdXCDWk.exe

C:\Windows\System\aHwOPPM.exe

C:\Windows\System\aHwOPPM.exe

C:\Windows\System\uuLwDvs.exe

C:\Windows\System\uuLwDvs.exe

C:\Windows\System\wKpKriK.exe

C:\Windows\System\wKpKriK.exe

C:\Windows\System\IVcbeiM.exe

C:\Windows\System\IVcbeiM.exe

C:\Windows\System\unouOqG.exe

C:\Windows\System\unouOqG.exe

C:\Windows\System\iHZZspI.exe

C:\Windows\System\iHZZspI.exe

C:\Windows\System\IRikzne.exe

C:\Windows\System\IRikzne.exe

C:\Windows\System\BFwwoqx.exe

C:\Windows\System\BFwwoqx.exe

C:\Windows\System\CJphjkm.exe

C:\Windows\System\CJphjkm.exe

C:\Windows\System\QREJqfR.exe

C:\Windows\System\QREJqfR.exe

C:\Windows\System\qyoXcjs.exe

C:\Windows\System\qyoXcjs.exe

C:\Windows\System\lpmOPdz.exe

C:\Windows\System\lpmOPdz.exe

C:\Windows\System\ilBYIvL.exe

C:\Windows\System\ilBYIvL.exe

C:\Windows\System\zpFVrPa.exe

C:\Windows\System\zpFVrPa.exe

C:\Windows\System\jXMXbwJ.exe

C:\Windows\System\jXMXbwJ.exe

C:\Windows\System\eloxMEc.exe

C:\Windows\System\eloxMEc.exe

C:\Windows\System\hfrHSpJ.exe

C:\Windows\System\hfrHSpJ.exe

C:\Windows\System\HdzQzST.exe

C:\Windows\System\HdzQzST.exe

C:\Windows\System\txIRaCE.exe

C:\Windows\System\txIRaCE.exe

C:\Windows\System\whzIDso.exe

C:\Windows\System\whzIDso.exe

C:\Windows\System\BmgnIdQ.exe

C:\Windows\System\BmgnIdQ.exe

C:\Windows\System\WVweleC.exe

C:\Windows\System\WVweleC.exe

C:\Windows\System\llaHwMl.exe

C:\Windows\System\llaHwMl.exe

C:\Windows\System\FfwGOxe.exe

C:\Windows\System\FfwGOxe.exe

C:\Windows\System\IFMxiKb.exe

C:\Windows\System\IFMxiKb.exe

C:\Windows\System\KDuqluN.exe

C:\Windows\System\KDuqluN.exe

C:\Windows\System\yJZsITa.exe

C:\Windows\System\yJZsITa.exe

C:\Windows\System\yXJLbbt.exe

C:\Windows\System\yXJLbbt.exe

C:\Windows\System\oZbfuql.exe

C:\Windows\System\oZbfuql.exe

C:\Windows\System\KroLxpF.exe

C:\Windows\System\KroLxpF.exe

C:\Windows\System\dLUKwwv.exe

C:\Windows\System\dLUKwwv.exe

C:\Windows\System\WBZovqY.exe

C:\Windows\System\WBZovqY.exe

C:\Windows\System\fzkTpuT.exe

C:\Windows\System\fzkTpuT.exe

C:\Windows\System\YTlypWN.exe

C:\Windows\System\YTlypWN.exe

C:\Windows\System\wKYYLcC.exe

C:\Windows\System\wKYYLcC.exe

C:\Windows\System\gMGNEbm.exe

C:\Windows\System\gMGNEbm.exe

C:\Windows\System\MDGbRnK.exe

C:\Windows\System\MDGbRnK.exe

C:\Windows\System\EVOeXos.exe

C:\Windows\System\EVOeXos.exe

C:\Windows\System\IPkUsmQ.exe

C:\Windows\System\IPkUsmQ.exe

C:\Windows\System\UikYchM.exe

C:\Windows\System\UikYchM.exe

C:\Windows\System\DzdrfZz.exe

C:\Windows\System\DzdrfZz.exe

C:\Windows\System\fHmrvIN.exe

C:\Windows\System\fHmrvIN.exe

C:\Windows\System\jinvSYV.exe

C:\Windows\System\jinvSYV.exe

C:\Windows\System\OANMrha.exe

C:\Windows\System\OANMrha.exe

C:\Windows\System\eVoOCNZ.exe

C:\Windows\System\eVoOCNZ.exe

C:\Windows\System\JwedDEw.exe

C:\Windows\System\JwedDEw.exe

C:\Windows\System\chiJFWu.exe

C:\Windows\System\chiJFWu.exe

C:\Windows\System\odCgoQI.exe

C:\Windows\System\odCgoQI.exe

C:\Windows\System\QJGVbva.exe

C:\Windows\System\QJGVbva.exe

C:\Windows\System\ZxaQeUr.exe

C:\Windows\System\ZxaQeUr.exe

C:\Windows\System\epfNlIv.exe

C:\Windows\System\epfNlIv.exe

C:\Windows\System\ZDdwinW.exe

C:\Windows\System\ZDdwinW.exe

C:\Windows\System\gxmwaJq.exe

C:\Windows\System\gxmwaJq.exe

C:\Windows\System\fpvZhmw.exe

C:\Windows\System\fpvZhmw.exe

C:\Windows\System\krDLSGt.exe

C:\Windows\System\krDLSGt.exe

C:\Windows\System\PdBLvfR.exe

C:\Windows\System\PdBLvfR.exe

C:\Windows\System\bXGiFxx.exe

C:\Windows\System\bXGiFxx.exe

C:\Windows\System\ViNcDmZ.exe

C:\Windows\System\ViNcDmZ.exe

C:\Windows\System\UvTDQVO.exe

C:\Windows\System\UvTDQVO.exe

C:\Windows\System\pdvQYHr.exe

C:\Windows\System\pdvQYHr.exe

C:\Windows\System\pAAeeUw.exe

C:\Windows\System\pAAeeUw.exe

C:\Windows\System\gvNRrqy.exe

C:\Windows\System\gvNRrqy.exe

C:\Windows\System\fNagWeU.exe

C:\Windows\System\fNagWeU.exe

C:\Windows\System\gtOeFjx.exe

C:\Windows\System\gtOeFjx.exe

C:\Windows\System\qRWEuTV.exe

C:\Windows\System\qRWEuTV.exe

C:\Windows\System\mEwcRec.exe

C:\Windows\System\mEwcRec.exe

C:\Windows\System\ZZeNXCD.exe

C:\Windows\System\ZZeNXCD.exe

C:\Windows\System\byabeWt.exe

C:\Windows\System\byabeWt.exe

C:\Windows\System\GxBVDTN.exe

C:\Windows\System\GxBVDTN.exe

C:\Windows\System\MReyjUy.exe

C:\Windows\System\MReyjUy.exe

C:\Windows\System\kNeoUUQ.exe

C:\Windows\System\kNeoUUQ.exe

C:\Windows\System\ujvmDuF.exe

C:\Windows\System\ujvmDuF.exe

C:\Windows\System\KPOFHtp.exe

C:\Windows\System\KPOFHtp.exe

C:\Windows\System\xBAQqcD.exe

C:\Windows\System\xBAQqcD.exe

C:\Windows\System\UBjITHu.exe

C:\Windows\System\UBjITHu.exe

C:\Windows\System\BukQVNf.exe

C:\Windows\System\BukQVNf.exe

C:\Windows\System\EIZKcUb.exe

C:\Windows\System\EIZKcUb.exe

C:\Windows\System\oGmAyRa.exe

C:\Windows\System\oGmAyRa.exe

C:\Windows\System\pqsqAfa.exe

C:\Windows\System\pqsqAfa.exe

C:\Windows\System\nayFjDn.exe

C:\Windows\System\nayFjDn.exe

C:\Windows\System\regWxEQ.exe

C:\Windows\System\regWxEQ.exe

C:\Windows\System\WGQVCst.exe

C:\Windows\System\WGQVCst.exe

C:\Windows\System\iHmVaxE.exe

C:\Windows\System\iHmVaxE.exe

C:\Windows\System\WIMuczH.exe

C:\Windows\System\WIMuczH.exe

C:\Windows\System\msrccWG.exe

C:\Windows\System\msrccWG.exe

C:\Windows\System\RvTNYhl.exe

C:\Windows\System\RvTNYhl.exe

C:\Windows\System\JshUMcR.exe

C:\Windows\System\JshUMcR.exe

C:\Windows\System\nbjioMB.exe

C:\Windows\System\nbjioMB.exe

C:\Windows\System\HuYrLLX.exe

C:\Windows\System\HuYrLLX.exe

C:\Windows\System\FRIOFxh.exe

C:\Windows\System\FRIOFxh.exe

C:\Windows\System\MmkaVBL.exe

C:\Windows\System\MmkaVBL.exe

C:\Windows\System\uAbVIEU.exe

C:\Windows\System\uAbVIEU.exe

C:\Windows\System\lgNBbge.exe

C:\Windows\System\lgNBbge.exe

C:\Windows\System\HPRsPaF.exe

C:\Windows\System\HPRsPaF.exe

C:\Windows\System\WzOKpSl.exe

C:\Windows\System\WzOKpSl.exe

C:\Windows\System\ERJvvNj.exe

C:\Windows\System\ERJvvNj.exe

C:\Windows\System\JjFFHOQ.exe

C:\Windows\System\JjFFHOQ.exe

C:\Windows\System\kSjsXKW.exe

C:\Windows\System\kSjsXKW.exe

C:\Windows\System\zsNIXZc.exe

C:\Windows\System\zsNIXZc.exe

C:\Windows\System\kFMbgAA.exe

C:\Windows\System\kFMbgAA.exe

C:\Windows\System\NyUwbdv.exe

C:\Windows\System\NyUwbdv.exe

C:\Windows\System\CAeCfGI.exe

C:\Windows\System\CAeCfGI.exe

C:\Windows\System\oLsmLjH.exe

C:\Windows\System\oLsmLjH.exe

C:\Windows\System\oOTjgZl.exe

C:\Windows\System\oOTjgZl.exe

C:\Windows\System\bheRgIz.exe

C:\Windows\System\bheRgIz.exe

C:\Windows\System\SFILGQv.exe

C:\Windows\System\SFILGQv.exe

C:\Windows\System\CqjEHye.exe

C:\Windows\System\CqjEHye.exe

C:\Windows\System\IPRbsMi.exe

C:\Windows\System\IPRbsMi.exe

C:\Windows\System\zqLFzqC.exe

C:\Windows\System\zqLFzqC.exe

C:\Windows\System\gwXmpzV.exe

C:\Windows\System\gwXmpzV.exe

C:\Windows\system32\BackgroundTaskHost.exe

"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

C:\Windows\System\oisFFMj.exe

C:\Windows\System\oisFFMj.exe

C:\Windows\System\OaOYONN.exe

C:\Windows\System\OaOYONN.exe

C:\Windows\System\sfZchBU.exe

C:\Windows\System\sfZchBU.exe

C:\Windows\System\YSLsSmD.exe

C:\Windows\System\YSLsSmD.exe

C:\Windows\System\uSMKUMc.exe

C:\Windows\System\uSMKUMc.exe

C:\Windows\System\XqncMHa.exe

C:\Windows\System\XqncMHa.exe

C:\Windows\System\nzmMYnM.exe

C:\Windows\System\nzmMYnM.exe

C:\Windows\System\rroslDR.exe

C:\Windows\System\rroslDR.exe

C:\Windows\System\zeufSHm.exe

C:\Windows\System\zeufSHm.exe

C:\Windows\System\QtYjhxy.exe

C:\Windows\System\QtYjhxy.exe

C:\Windows\System\Koankvj.exe

C:\Windows\System\Koankvj.exe

C:\Windows\System\GepVuws.exe

C:\Windows\System\GepVuws.exe

C:\Windows\System\zMfBXqx.exe

C:\Windows\System\zMfBXqx.exe

C:\Windows\System\IojhXyN.exe

C:\Windows\System\IojhXyN.exe

C:\Windows\System\lBytrKD.exe

C:\Windows\System\lBytrKD.exe

C:\Windows\System\QVaEZQG.exe

C:\Windows\System\QVaEZQG.exe

C:\Windows\System\ZzjJvHG.exe

C:\Windows\System\ZzjJvHG.exe

C:\Windows\System\DiPomgL.exe

C:\Windows\System\DiPomgL.exe

C:\Windows\System\eOaGruG.exe

C:\Windows\System\eOaGruG.exe

C:\Windows\System\KvKckiQ.exe

C:\Windows\System\KvKckiQ.exe

C:\Windows\System\jqOyHnd.exe

C:\Windows\System\jqOyHnd.exe

C:\Windows\System\CShUAMB.exe

C:\Windows\System\CShUAMB.exe

C:\Windows\System\kpFyLmJ.exe

C:\Windows\System\kpFyLmJ.exe

C:\Windows\System\PVsFlYd.exe

C:\Windows\System\PVsFlYd.exe

C:\Windows\System\dtCggSJ.exe

C:\Windows\System\dtCggSJ.exe

C:\Windows\System\SnpuPuz.exe

C:\Windows\System\SnpuPuz.exe

C:\Windows\System\aBouCpG.exe

C:\Windows\System\aBouCpG.exe

C:\Windows\System\ypxcHmJ.exe

C:\Windows\System\ypxcHmJ.exe

C:\Windows\System\UthNWUF.exe

C:\Windows\System\UthNWUF.exe

C:\Windows\System\uTOXlzS.exe

C:\Windows\System\uTOXlzS.exe

C:\Windows\System\EkHzltV.exe

C:\Windows\System\EkHzltV.exe

C:\Windows\System\WRGWNEc.exe

C:\Windows\System\WRGWNEc.exe

C:\Windows\System\zcQzbUS.exe

C:\Windows\System\zcQzbUS.exe

C:\Windows\System\BxrQjaf.exe

C:\Windows\System\BxrQjaf.exe

C:\Windows\System\BOeJvRB.exe

C:\Windows\System\BOeJvRB.exe

C:\Windows\System\NbNYbga.exe

C:\Windows\System\NbNYbga.exe

C:\Windows\System\pWLsFtC.exe

C:\Windows\System\pWLsFtC.exe

C:\Windows\System\FkHpfgh.exe

C:\Windows\System\FkHpfgh.exe

C:\Windows\System\ybZElee.exe

C:\Windows\System\ybZElee.exe

C:\Windows\System\mmeDOkA.exe

C:\Windows\System\mmeDOkA.exe

C:\Windows\System\IWNOdNg.exe

C:\Windows\System\IWNOdNg.exe

C:\Windows\System\PFyYHvq.exe

C:\Windows\System\PFyYHvq.exe

C:\Windows\System\GXpCPGb.exe

C:\Windows\System\GXpCPGb.exe

C:\Windows\System\cfIvjRr.exe

C:\Windows\System\cfIvjRr.exe

C:\Windows\System\YkRjeno.exe

C:\Windows\System\YkRjeno.exe

C:\Windows\System\fBqaSil.exe

C:\Windows\System\fBqaSil.exe

C:\Windows\System\ckbitJp.exe

C:\Windows\System\ckbitJp.exe

C:\Windows\System\uAOoIsq.exe

C:\Windows\System\uAOoIsq.exe

C:\Windows\System\aAFooJm.exe

C:\Windows\System\aAFooJm.exe

C:\Windows\System\oXEhDoT.exe

C:\Windows\System\oXEhDoT.exe

C:\Windows\System\kiYbzTg.exe

C:\Windows\System\kiYbzTg.exe

C:\Windows\System\ZvhrTPH.exe

C:\Windows\System\ZvhrTPH.exe

C:\Windows\System\tQlujdz.exe

C:\Windows\System\tQlujdz.exe

C:\Windows\System\XdsybKy.exe

C:\Windows\System\XdsybKy.exe

C:\Windows\System\cjepmnt.exe

C:\Windows\System\cjepmnt.exe

C:\Windows\System\jRoscve.exe

C:\Windows\System\jRoscve.exe

C:\Windows\System\RXxwYWq.exe

C:\Windows\System\RXxwYWq.exe

C:\Windows\System\rVktQNr.exe

C:\Windows\System\rVktQNr.exe

C:\Windows\System\nHkfDAP.exe

C:\Windows\System\nHkfDAP.exe

C:\Windows\System\VnQPadM.exe

C:\Windows\System\VnQPadM.exe

C:\Windows\System\jfTHcgj.exe

C:\Windows\System\jfTHcgj.exe

C:\Windows\System\zxaiUhc.exe

C:\Windows\System\zxaiUhc.exe

C:\Windows\System\bxFwTfo.exe

C:\Windows\System\bxFwTfo.exe

C:\Windows\System\mFbdwVX.exe

C:\Windows\System\mFbdwVX.exe

C:\Windows\System\ROfiuwX.exe

C:\Windows\System\ROfiuwX.exe

C:\Windows\System\mxZGwyk.exe

C:\Windows\System\mxZGwyk.exe

C:\Windows\System\csqYyoZ.exe

C:\Windows\System\csqYyoZ.exe

C:\Windows\System\TzVVkXy.exe

C:\Windows\System\TzVVkXy.exe

C:\Windows\System\swFSsTK.exe

C:\Windows\System\swFSsTK.exe

C:\Windows\System\OpOaAdu.exe

C:\Windows\System\OpOaAdu.exe

C:\Windows\System\vDKvrVK.exe

C:\Windows\System\vDKvrVK.exe

C:\Windows\System\VfJBiki.exe

C:\Windows\System\VfJBiki.exe

C:\Windows\System\PYKHYxv.exe

C:\Windows\System\PYKHYxv.exe

C:\Windows\System\MtOPoYb.exe

C:\Windows\System\MtOPoYb.exe

C:\Windows\System\VlcwtGt.exe

C:\Windows\System\VlcwtGt.exe

C:\Windows\System\DRvyLAK.exe

C:\Windows\System\DRvyLAK.exe

C:\Windows\System\gzKNeiN.exe

C:\Windows\System\gzKNeiN.exe

C:\Windows\System\XORMZPK.exe

C:\Windows\System\XORMZPK.exe

C:\Windows\System\nFrrQjq.exe

C:\Windows\System\nFrrQjq.exe

C:\Windows\System\TVSweFH.exe

C:\Windows\System\TVSweFH.exe

C:\Windows\System\wVgXpxz.exe

C:\Windows\System\wVgXpxz.exe

C:\Windows\System\McwdwUx.exe

C:\Windows\System\McwdwUx.exe

C:\Windows\System\uXHweJi.exe

C:\Windows\System\uXHweJi.exe

C:\Windows\System\zwNptsm.exe

C:\Windows\System\zwNptsm.exe

C:\Windows\System\QhdiwHB.exe

C:\Windows\System\QhdiwHB.exe

C:\Windows\System\WGtirzc.exe

C:\Windows\System\WGtirzc.exe

C:\Windows\System\QSgVMqa.exe

C:\Windows\System\QSgVMqa.exe

C:\Windows\System\xaYXMqZ.exe

C:\Windows\System\xaYXMqZ.exe

C:\Windows\System\xQcgmKS.exe

C:\Windows\System\xQcgmKS.exe

C:\Windows\System\oALhvBB.exe

C:\Windows\System\oALhvBB.exe

C:\Windows\System\qSiryNr.exe

C:\Windows\System\qSiryNr.exe

C:\Windows\System\ncHgPGZ.exe

C:\Windows\System\ncHgPGZ.exe

C:\Windows\System\fXqLhfR.exe

C:\Windows\System\fXqLhfR.exe

C:\Windows\System\vfeTcTA.exe

C:\Windows\System\vfeTcTA.exe

C:\Windows\System\XONLtZM.exe

C:\Windows\System\XONLtZM.exe

C:\Windows\System\rdpDbOy.exe

C:\Windows\System\rdpDbOy.exe

C:\Windows\System\CKKHQnB.exe

C:\Windows\System\CKKHQnB.exe

C:\Windows\System\uZXGDEg.exe

C:\Windows\System\uZXGDEg.exe

C:\Windows\System\LglJzzW.exe

C:\Windows\System\LglJzzW.exe

C:\Windows\System\AMLjetW.exe

C:\Windows\System\AMLjetW.exe

C:\Windows\System\PLXhFQU.exe

C:\Windows\System\PLXhFQU.exe

C:\Windows\System\PfWlMOS.exe

C:\Windows\System\PfWlMOS.exe

C:\Windows\System\bsGWCxo.exe

C:\Windows\System\bsGWCxo.exe

C:\Windows\System\tnsoprE.exe

C:\Windows\System\tnsoprE.exe

C:\Windows\System\MUiJckq.exe

C:\Windows\System\MUiJckq.exe

C:\Windows\System\KNgYWZs.exe

C:\Windows\System\KNgYWZs.exe

C:\Windows\System\RfvVdqJ.exe

C:\Windows\System\RfvVdqJ.exe

C:\Windows\System\LAwdTYY.exe

C:\Windows\System\LAwdTYY.exe

C:\Windows\System\aDiaLti.exe

C:\Windows\System\aDiaLti.exe

C:\Windows\System\oZqVLKe.exe

C:\Windows\System\oZqVLKe.exe

C:\Windows\System\FjEtOTJ.exe

C:\Windows\System\FjEtOTJ.exe

C:\Windows\System\HTeOKIn.exe

C:\Windows\System\HTeOKIn.exe

C:\Windows\System\afQeqGf.exe

C:\Windows\System\afQeqGf.exe

C:\Windows\System\nOydrCp.exe

C:\Windows\System\nOydrCp.exe

C:\Windows\System\qtTWhqj.exe

C:\Windows\System\qtTWhqj.exe

C:\Windows\System\RxNCeWj.exe

C:\Windows\System\RxNCeWj.exe

C:\Windows\System\FOjXUBD.exe

C:\Windows\System\FOjXUBD.exe

C:\Windows\System\jRZycqb.exe

C:\Windows\System\jRZycqb.exe

C:\Windows\System\JdLMNcV.exe

C:\Windows\System\JdLMNcV.exe

C:\Windows\System\lzSmwrh.exe

C:\Windows\System\lzSmwrh.exe

C:\Windows\System\uabrjyQ.exe

C:\Windows\System\uabrjyQ.exe

C:\Windows\System\kwxlvYW.exe

C:\Windows\System\kwxlvYW.exe

C:\Windows\System\PcLjhlF.exe

C:\Windows\System\PcLjhlF.exe

C:\Windows\System\YkFEFYA.exe

C:\Windows\System\YkFEFYA.exe

C:\Windows\System\LqZpFuu.exe

C:\Windows\System\LqZpFuu.exe

C:\Windows\System\CPBqpIl.exe

C:\Windows\System\CPBqpIl.exe

C:\Windows\System\FGbBHLb.exe

C:\Windows\System\FGbBHLb.exe

C:\Windows\System\qIubLfS.exe

C:\Windows\System\qIubLfS.exe

C:\Windows\System\VaffypO.exe

C:\Windows\System\VaffypO.exe

C:\Windows\System\PCjrqaz.exe

C:\Windows\System\PCjrqaz.exe

C:\Windows\System\JgUQxxN.exe

C:\Windows\System\JgUQxxN.exe

C:\Windows\System\rjsiUBb.exe

C:\Windows\System\rjsiUBb.exe

C:\Windows\System\xAhJTuV.exe

C:\Windows\System\xAhJTuV.exe

C:\Windows\System\QoisPYI.exe

C:\Windows\System\QoisPYI.exe

C:\Windows\System\CNcJVWG.exe

C:\Windows\System\CNcJVWG.exe

C:\Windows\System\qdgNaNh.exe

C:\Windows\System\qdgNaNh.exe

C:\Windows\System\bGEAxZu.exe

C:\Windows\System\bGEAxZu.exe

C:\Windows\System\VYgcDqC.exe

C:\Windows\System\VYgcDqC.exe

C:\Windows\System\UBqJErx.exe

C:\Windows\System\UBqJErx.exe

C:\Windows\System\cEqYyVT.exe

C:\Windows\System\cEqYyVT.exe

C:\Windows\System\zYpPZZy.exe

C:\Windows\System\zYpPZZy.exe

C:\Windows\System\pIfDlmG.exe

C:\Windows\System\pIfDlmG.exe

C:\Windows\System\DiMwSAH.exe

C:\Windows\System\DiMwSAH.exe

C:\Windows\System\HqSQICC.exe

C:\Windows\System\HqSQICC.exe

C:\Windows\System\uTKNedS.exe

C:\Windows\System\uTKNedS.exe

C:\Windows\System\vpDEuVl.exe

C:\Windows\System\vpDEuVl.exe

C:\Windows\System\LXFUcTR.exe

C:\Windows\System\LXFUcTR.exe

C:\Windows\System\HGNXZIY.exe

C:\Windows\System\HGNXZIY.exe

C:\Windows\System\jWgUEvh.exe

C:\Windows\System\jWgUEvh.exe

C:\Windows\System\xibwhAS.exe

C:\Windows\System\xibwhAS.exe

C:\Windows\System\qpevVtk.exe

C:\Windows\System\qpevVtk.exe

C:\Windows\System\JVjcKdy.exe

C:\Windows\System\JVjcKdy.exe

C:\Windows\System\KbLBeLp.exe

C:\Windows\System\KbLBeLp.exe

C:\Windows\System\UXHemsh.exe

C:\Windows\System\UXHemsh.exe

C:\Windows\System\aYycwsQ.exe

C:\Windows\System\aYycwsQ.exe

C:\Windows\System\QLyxwIR.exe

C:\Windows\System\QLyxwIR.exe

C:\Windows\System\HbGBorK.exe

C:\Windows\System\HbGBorK.exe

C:\Windows\System\kbrrIEB.exe

C:\Windows\System\kbrrIEB.exe

C:\Windows\System\sduNuBn.exe

C:\Windows\System\sduNuBn.exe

C:\Windows\System\WDkGqfu.exe

C:\Windows\System\WDkGqfu.exe

C:\Windows\System\gcAlbrk.exe

C:\Windows\System\gcAlbrk.exe

C:\Windows\System\hubqrii.exe

C:\Windows\System\hubqrii.exe

C:\Windows\System\pjKaIvK.exe

C:\Windows\System\pjKaIvK.exe

C:\Windows\System\zILTDAh.exe

C:\Windows\System\zILTDAh.exe

C:\Windows\System\SCSlEec.exe

C:\Windows\System\SCSlEec.exe

C:\Windows\System\qJXGkCm.exe

C:\Windows\System\qJXGkCm.exe

C:\Windows\System\PKiPicW.exe

C:\Windows\System\PKiPicW.exe

C:\Windows\System\mtBXbRS.exe

C:\Windows\System\mtBXbRS.exe

C:\Windows\System\siIYmFf.exe

C:\Windows\System\siIYmFf.exe

C:\Windows\System\muFHMzb.exe

C:\Windows\System\muFHMzb.exe

C:\Windows\System\UjaxpUT.exe

C:\Windows\System\UjaxpUT.exe

C:\Windows\System\SRdbJAx.exe

C:\Windows\System\SRdbJAx.exe

C:\Windows\System\SYGUAOO.exe

C:\Windows\System\SYGUAOO.exe

C:\Windows\System\IdHwubq.exe

C:\Windows\System\IdHwubq.exe

C:\Windows\System\UbELQDe.exe

C:\Windows\System\UbELQDe.exe

C:\Windows\System\mbijoFm.exe

C:\Windows\System\mbijoFm.exe

C:\Windows\System\nPhQZdG.exe

C:\Windows\System\nPhQZdG.exe

C:\Windows\System\nDPADEf.exe

C:\Windows\System\nDPADEf.exe

C:\Windows\System\ofYKCWC.exe

C:\Windows\System\ofYKCWC.exe

C:\Windows\System\tGWOnWH.exe

C:\Windows\System\tGWOnWH.exe

C:\Windows\System\DVhjNkU.exe

C:\Windows\System\DVhjNkU.exe

C:\Windows\System\SBjvTfL.exe

C:\Windows\System\SBjvTfL.exe

C:\Windows\System\EFnprhp.exe

C:\Windows\System\EFnprhp.exe

C:\Windows\System\qbrBZLw.exe

C:\Windows\System\qbrBZLw.exe

C:\Windows\System\rZjTQsZ.exe

C:\Windows\System\rZjTQsZ.exe

C:\Windows\System\jGVYXiX.exe

C:\Windows\System\jGVYXiX.exe

C:\Windows\System\DFUfwlr.exe

C:\Windows\System\DFUfwlr.exe

C:\Windows\System\ntaJVcn.exe

C:\Windows\System\ntaJVcn.exe

C:\Windows\System\grLqjrW.exe

C:\Windows\System\grLqjrW.exe

C:\Windows\System\tlEmEIu.exe

C:\Windows\System\tlEmEIu.exe

C:\Windows\System\UcEIoTI.exe

C:\Windows\System\UcEIoTI.exe

C:\Windows\System\QNIwuca.exe

C:\Windows\System\QNIwuca.exe

C:\Windows\System\atVpJUM.exe

C:\Windows\System\atVpJUM.exe

C:\Windows\System\fJUesyw.exe

C:\Windows\System\fJUesyw.exe

C:\Windows\System\BEbtOwg.exe

C:\Windows\System\BEbtOwg.exe

C:\Windows\System\yHoNmNc.exe

C:\Windows\System\yHoNmNc.exe

C:\Windows\System\XaLSnEN.exe

C:\Windows\System\XaLSnEN.exe

C:\Windows\System\XDQGXdO.exe

C:\Windows\System\XDQGXdO.exe

C:\Windows\System\SkCdcvr.exe

C:\Windows\System\SkCdcvr.exe

C:\Windows\System\EYHPjFJ.exe

C:\Windows\System\EYHPjFJ.exe

C:\Windows\System\jAuyovx.exe

C:\Windows\System\jAuyovx.exe

C:\Windows\System\FMMtGfl.exe

C:\Windows\System\FMMtGfl.exe

C:\Windows\System\PxeHkyY.exe

C:\Windows\System\PxeHkyY.exe

C:\Windows\System\lzembor.exe

C:\Windows\System\lzembor.exe

C:\Windows\System\wWuNZgw.exe

C:\Windows\System\wWuNZgw.exe

C:\Windows\System\ourGjqx.exe

C:\Windows\System\ourGjqx.exe

C:\Windows\System\hNHfrlQ.exe

C:\Windows\System\hNHfrlQ.exe

C:\Windows\System\pSNWiuR.exe

C:\Windows\System\pSNWiuR.exe

C:\Windows\System\JceoEDJ.exe

C:\Windows\System\JceoEDJ.exe

C:\Windows\System\BvqLdUa.exe

C:\Windows\System\BvqLdUa.exe

C:\Windows\System\jfYkviD.exe

C:\Windows\System\jfYkviD.exe

C:\Windows\System\QvTtbFc.exe

C:\Windows\System\QvTtbFc.exe

C:\Windows\System\VMRphuO.exe

C:\Windows\System\VMRphuO.exe

C:\Windows\System\dNJjVaA.exe

C:\Windows\System\dNJjVaA.exe

C:\Windows\System\jucsZgP.exe

C:\Windows\System\jucsZgP.exe

C:\Windows\System\jORfRjg.exe

C:\Windows\System\jORfRjg.exe

C:\Windows\System\TWLjgmc.exe

C:\Windows\System\TWLjgmc.exe

C:\Windows\System\WbKmGLG.exe

C:\Windows\System\WbKmGLG.exe

C:\Windows\System\KIjXpoL.exe

C:\Windows\System\KIjXpoL.exe

C:\Windows\System\ZWOjQXI.exe

C:\Windows\System\ZWOjQXI.exe

C:\Windows\System\KhVVYKx.exe

C:\Windows\System\KhVVYKx.exe

C:\Windows\System\VeNPfTB.exe

C:\Windows\System\VeNPfTB.exe

C:\Windows\System\qSDimgI.exe

C:\Windows\System\qSDimgI.exe

C:\Windows\System\rbFAdtP.exe

C:\Windows\System\rbFAdtP.exe

C:\Windows\System\btILwlC.exe

C:\Windows\System\btILwlC.exe

C:\Windows\System\eGhtIkx.exe

C:\Windows\System\eGhtIkx.exe

C:\Windows\System\MFXPcVA.exe

C:\Windows\System\MFXPcVA.exe

C:\Windows\System\vokXuFM.exe

C:\Windows\System\vokXuFM.exe

C:\Windows\System\UCwbcYp.exe

C:\Windows\System\UCwbcYp.exe

C:\Windows\System\tQpehct.exe

C:\Windows\System\tQpehct.exe

C:\Windows\System\BSNeDrd.exe

C:\Windows\System\BSNeDrd.exe

C:\Windows\System\ChKtuHk.exe

C:\Windows\System\ChKtuHk.exe

C:\Windows\System\UwnAebM.exe

C:\Windows\System\UwnAebM.exe

C:\Windows\System\FlhRnQY.exe

C:\Windows\System\FlhRnQY.exe

C:\Windows\System\HbCBfwg.exe

C:\Windows\System\HbCBfwg.exe

C:\Windows\System\dOQihZw.exe

C:\Windows\System\dOQihZw.exe

C:\Windows\System\cHZxqTv.exe

C:\Windows\System\cHZxqTv.exe

C:\Windows\System\RQNUzbh.exe

C:\Windows\System\RQNUzbh.exe

C:\Windows\System\lIKwVAN.exe

C:\Windows\System\lIKwVAN.exe

C:\Windows\System\AloyOtm.exe

C:\Windows\System\AloyOtm.exe

C:\Windows\System\oKDYnFI.exe

C:\Windows\System\oKDYnFI.exe

C:\Windows\System\WqcBfSX.exe

C:\Windows\System\WqcBfSX.exe

C:\Windows\System\LBGOEUk.exe

C:\Windows\System\LBGOEUk.exe

C:\Windows\System\OzsTasl.exe

C:\Windows\System\OzsTasl.exe

C:\Windows\System\HuWFdnS.exe

C:\Windows\System\HuWFdnS.exe

C:\Windows\System\qoqYYDG.exe

C:\Windows\System\qoqYYDG.exe

C:\Windows\System\pSaReOP.exe

C:\Windows\System\pSaReOP.exe

C:\Windows\System\JNzAaXx.exe

C:\Windows\System\JNzAaXx.exe

C:\Windows\System\wbPXXcR.exe

C:\Windows\System\wbPXXcR.exe

C:\Windows\System\ohIKvBU.exe

C:\Windows\System\ohIKvBU.exe

C:\Windows\System\cOVMOSg.exe

C:\Windows\System\cOVMOSg.exe

C:\Windows\System\XClfUSC.exe

C:\Windows\System\XClfUSC.exe

C:\Windows\System\MJwJokz.exe

C:\Windows\System\MJwJokz.exe

C:\Windows\System\oegbSdl.exe

C:\Windows\System\oegbSdl.exe

C:\Windows\System\WEfTZSF.exe

C:\Windows\System\WEfTZSF.exe

C:\Windows\System\AERfpZz.exe

C:\Windows\System\AERfpZz.exe

C:\Windows\System\TQLvRxN.exe

C:\Windows\System\TQLvRxN.exe

C:\Windows\System\iVgMytm.exe

C:\Windows\System\iVgMytm.exe

C:\Windows\System\Cozjtgb.exe

C:\Windows\System\Cozjtgb.exe

C:\Windows\System\SvlbPbg.exe

C:\Windows\System\SvlbPbg.exe

C:\Windows\System\sZJOHeX.exe

C:\Windows\System\sZJOHeX.exe

C:\Windows\System\OBmSGEj.exe

C:\Windows\System\OBmSGEj.exe

C:\Windows\System\lhvsrHR.exe

C:\Windows\System\lhvsrHR.exe

C:\Windows\System\gpdxAJL.exe

C:\Windows\System\gpdxAJL.exe

C:\Windows\System\Txewkmf.exe

C:\Windows\System\Txewkmf.exe

C:\Windows\System\SpIcFRW.exe

C:\Windows\System\SpIcFRW.exe

C:\Windows\System\jNLaIGj.exe

C:\Windows\System\jNLaIGj.exe

C:\Windows\System\iSDtXca.exe

C:\Windows\System\iSDtXca.exe

C:\Windows\System\zNPtYTn.exe

C:\Windows\System\zNPtYTn.exe

C:\Windows\System\EXoCbws.exe

C:\Windows\System\EXoCbws.exe

C:\Windows\System\NBiBJhD.exe

C:\Windows\System\NBiBJhD.exe

C:\Windows\System\GXTTBiq.exe

C:\Windows\System\GXTTBiq.exe

C:\Windows\System\gNWXpCL.exe

C:\Windows\System\gNWXpCL.exe

C:\Windows\System\RuozjMl.exe

C:\Windows\System\RuozjMl.exe

C:\Windows\System\ULYktzE.exe

C:\Windows\System\ULYktzE.exe

C:\Windows\System\InJUjEs.exe

C:\Windows\System\InJUjEs.exe

C:\Windows\System\YHuAOdt.exe

C:\Windows\System\YHuAOdt.exe

C:\Windows\System\dwRqEuE.exe

C:\Windows\System\dwRqEuE.exe

C:\Windows\System\pQNEuKb.exe

C:\Windows\System\pQNEuKb.exe

C:\Windows\System\LsXtEhI.exe

C:\Windows\System\LsXtEhI.exe

C:\Windows\System\QsUlVHF.exe

C:\Windows\System\QsUlVHF.exe

C:\Windows\System\yJxZnVU.exe

C:\Windows\System\yJxZnVU.exe

C:\Windows\System\LZOyPel.exe

C:\Windows\System\LZOyPel.exe

C:\Windows\System\jpcJCQu.exe

C:\Windows\System\jpcJCQu.exe

C:\Windows\System\DYPvIAI.exe

C:\Windows\System\DYPvIAI.exe

C:\Windows\System\iRYJHjg.exe

C:\Windows\System\iRYJHjg.exe

C:\Windows\System\rlWafDH.exe

C:\Windows\System\rlWafDH.exe

C:\Windows\System\ysmYtOR.exe

C:\Windows\System\ysmYtOR.exe

C:\Windows\System\GmJqDJC.exe

C:\Windows\System\GmJqDJC.exe

C:\Windows\System\JrTKkiK.exe

C:\Windows\System\JrTKkiK.exe

C:\Windows\System\zmewDIa.exe

C:\Windows\System\zmewDIa.exe

C:\Windows\System\HcGoMvy.exe

C:\Windows\System\HcGoMvy.exe

C:\Windows\System\YkqNomL.exe

C:\Windows\System\YkqNomL.exe

C:\Windows\System\nJoMtYv.exe

C:\Windows\System\nJoMtYv.exe

C:\Windows\System\RkgUIZW.exe

C:\Windows\System\RkgUIZW.exe

C:\Windows\System\jbhaBNY.exe

C:\Windows\System\jbhaBNY.exe

C:\Windows\System\AtXFIPv.exe

C:\Windows\System\AtXFIPv.exe

C:\Windows\System\FVtWfxt.exe

C:\Windows\System\FVtWfxt.exe

C:\Windows\System\OqAabtg.exe

C:\Windows\System\OqAabtg.exe

C:\Windows\System\tOIxkJX.exe

C:\Windows\System\tOIxkJX.exe

C:\Windows\System\hQvgkcg.exe

C:\Windows\System\hQvgkcg.exe

C:\Windows\System\nDosToX.exe

C:\Windows\System\nDosToX.exe

C:\Windows\System\BzVLnYQ.exe

C:\Windows\System\BzVLnYQ.exe

C:\Windows\System\jpFYlZX.exe

C:\Windows\System\jpFYlZX.exe

C:\Windows\System\dlXffve.exe

C:\Windows\System\dlXffve.exe

C:\Windows\System\iLjVAfI.exe

C:\Windows\System\iLjVAfI.exe

C:\Windows\System\xWsDpTE.exe

C:\Windows\System\xWsDpTE.exe

C:\Windows\System\LoDoyEO.exe

C:\Windows\System\LoDoyEO.exe

C:\Windows\System\WITKuyN.exe

C:\Windows\System\WITKuyN.exe

C:\Windows\System\mXGqbjI.exe

C:\Windows\System\mXGqbjI.exe

C:\Windows\System\hpAUlya.exe

C:\Windows\System\hpAUlya.exe

C:\Windows\System\aUOdnTD.exe

C:\Windows\System\aUOdnTD.exe

C:\Windows\System\VZJPpaM.exe

C:\Windows\System\VZJPpaM.exe

C:\Windows\System\PSSWAzv.exe

C:\Windows\System\PSSWAzv.exe

C:\Windows\System\UOIhJko.exe

C:\Windows\System\UOIhJko.exe

C:\Windows\System\iaBpBGP.exe

C:\Windows\System\iaBpBGP.exe

C:\Windows\System\ulvXqYZ.exe

C:\Windows\System\ulvXqYZ.exe

C:\Windows\System\HveMmcQ.exe

C:\Windows\System\HveMmcQ.exe

C:\Windows\System\iiSwGVA.exe

C:\Windows\System\iiSwGVA.exe

C:\Windows\System\OgpsoGO.exe

C:\Windows\System\OgpsoGO.exe

C:\Windows\System\AzOOzoF.exe

C:\Windows\System\AzOOzoF.exe

C:\Windows\System\mPPtxFt.exe

C:\Windows\System\mPPtxFt.exe

C:\Windows\System\WUsRCqY.exe

C:\Windows\System\WUsRCqY.exe

C:\Windows\System\lCUrFeQ.exe

C:\Windows\System\lCUrFeQ.exe

C:\Windows\System\PieMzgN.exe

C:\Windows\System\PieMzgN.exe

C:\Windows\System\pmCiDYr.exe

C:\Windows\System\pmCiDYr.exe

C:\Windows\System\GnPNKEc.exe

C:\Windows\System\GnPNKEc.exe

C:\Windows\System\rYGgpUV.exe

C:\Windows\System\rYGgpUV.exe

C:\Windows\System\XmnfPDo.exe

C:\Windows\System\XmnfPDo.exe

C:\Windows\System\GMHmgCw.exe

C:\Windows\System\GMHmgCw.exe

C:\Windows\System\CkdmlMd.exe

C:\Windows\System\CkdmlMd.exe

C:\Windows\System\QIOdAmo.exe

C:\Windows\System\QIOdAmo.exe

C:\Windows\System\lTKjgZz.exe

C:\Windows\System\lTKjgZz.exe

C:\Windows\System\nomvicV.exe

C:\Windows\System\nomvicV.exe

C:\Windows\System\kvTKDtf.exe

C:\Windows\System\kvTKDtf.exe

C:\Windows\System\dZcCzqf.exe

C:\Windows\System\dZcCzqf.exe

C:\Windows\System\fxpJoJX.exe

C:\Windows\System\fxpJoJX.exe

C:\Windows\System\AnSIyvv.exe

C:\Windows\System\AnSIyvv.exe

C:\Windows\System\WIhxHTN.exe

C:\Windows\System\WIhxHTN.exe

C:\Windows\System\HAcyKBq.exe

C:\Windows\System\HAcyKBq.exe

C:\Windows\System\KNEscue.exe

C:\Windows\System\KNEscue.exe

C:\Windows\System\bfSfgGg.exe

C:\Windows\System\bfSfgGg.exe

C:\Windows\System\lDzxBaW.exe

C:\Windows\System\lDzxBaW.exe

C:\Windows\System\HtICBuH.exe

C:\Windows\System\HtICBuH.exe

C:\Windows\System\NApPbIQ.exe

C:\Windows\System\NApPbIQ.exe

C:\Windows\System\Gnsyvbi.exe

C:\Windows\System\Gnsyvbi.exe

C:\Windows\System\qoawEoi.exe

C:\Windows\System\qoawEoi.exe

C:\Windows\System\eNWgpAU.exe

C:\Windows\System\eNWgpAU.exe

C:\Windows\System\gudxoOx.exe

C:\Windows\System\gudxoOx.exe

Network

Country Destination Domain Proto
DE 3.120.98.217:8080 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

memory/3552-0-0x00007FF65C940000-0x00007FF65CD36000-memory.dmp

memory/3552-1-0x0000022676920000-0x0000022676930000-memory.dmp

C:\Windows\System\zdgNpuU.exe

MD5 bf9f302b5346364c1ce93f7138ff87be
SHA1 d039f224d3e63c78c55d2778f504cfa8431174fd
SHA256 457a624e9365f7158397e12c22a8281c9366ebb51ae6ad9fa62dca05d8197418
SHA512 5d44d2d83167db06ff20bf1b2dbdbccc65d1356253150983c4501c7e2f3387b4415cef2b321c3a7907145a705d26a2b575b444e203de7903da8f3742c7820342

memory/3332-9-0x00007FFDB2F23000-0x00007FFDB2F25000-memory.dmp

C:\Windows\System\nqliapA.exe

MD5 d58f2f8df8400e4e619518b2907c167e
SHA1 8e40a85262e580f119dc1459c3eefcc56393ccf9
SHA256 888eb89d3a94ddf7e3fd37c59f7ffef58f89dda04f1dd437da4e119ee7c77bd9
SHA512 aee7dba4d73a9914014c2c24192f5c35b9b5476861b295b2a02f34dc1351a4136de3cf2a5331451bae39bb938932e890f22b76b7d85ffbfe0df009a78d92524f

C:\Windows\System\zxPXzuc.exe

MD5 3b3f36d97a10d58a4027cebce0ebfc17
SHA1 fc6d2e373c9e6cde02d3a0ebd2d348822ca2fff4
SHA256 12278ab7c96c04ff7867b747f139903034271bc9c740b7c90d5490bb9bfa1975
SHA512 7f801dc62946bad1d470fb9655678bd6230baee69dea74644a6c9e232447414d4ad58fa704c3c2bbf4598d368094c0750454c1828db629cfc3a519f3391c9cd2

C:\Windows\System\IJoxyNf.exe

MD5 f42f25b7c66d08f1ac16fca3f42a6421
SHA1 02b322c5eabb7e518395b7f7f06728edf8715d24
SHA256 850883fadc8f0be661e5842336425fc28faf74f061c5d83db8266c687b19c9aa
SHA512 53d42453dff5086908853376ef2b9eb9a924e2740bc125e7035606a2e5cedbce18af613e54c2f961eba178d2310f800a06d495e3543179f80d516b8c1ed5c64f

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_udgrk1vh.evv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2472-8-0x00007FF6F0E00000-0x00007FF6F11F6000-memory.dmp

memory/3332-42-0x00007FFDB2F20000-0x00007FFDB39E1000-memory.dmp

C:\Windows\System\lTGwcnT.exe

MD5 a4d5f4e8ae2a4b89915a0d41fa6e29bf
SHA1 2e8528692fd7869164b5ce306c0125893809ae1c
SHA256 e01030d7e784d00b11786a10aa2da30d43e5d4dda743acfbd6bf86a67d4bd250
SHA512 33923e20713f0e58d45fee5086498a30e08be87aa3c53019eb7b2e23ad1dafedb75a38e62190d4b7760f429d969d31b24f85c1d7ddd0baf38173f4aebb68e625

C:\Windows\System\dfPnvQP.exe

MD5 262479710c007716814f3d6d3a69d860
SHA1 a7f57f6707b71378c2473485f7fc643b3bc52e93
SHA256 c36c5c51a70b3034619a41197839e9a63dfa3b81c2baab28e4e8785200f8b9f9
SHA512 e734429c5db02219af7ff066825a5e29e36d88697b7ec0111784a4bce3587dba98058abcfb620a67f0c85bdd17f7e4641833005d15aab9e9f5d4cf7c77e68d91

C:\Windows\System\qZaYAkn.exe

MD5 ade2312bb4199916d3a76966b78dd638
SHA1 9b05b0d3a2b013920184d32628c6f48e2c2da6b5
SHA256 d3db4056d3d014802fe77014aff2899306d737ae18eac3779a30085879a87cd3
SHA512 3f3c5e317ca469ebbbb70be2905894c3baadb984a0c026a37b1473b2963244917553e5873511fe1d3b618c4dec5905bf8023c81d526cfb49c25fdaedbcd9666b

memory/1184-59-0x00007FF7A8B70000-0x00007FF7A8F66000-memory.dmp

C:\Windows\System\eHfGbpl.exe

MD5 bbdc5579d425b3d5282846149051dc04
SHA1 41205a6de1e7c30e69dbe0eaf0136445934b930f
SHA256 3574e7967f5a9528d362c01a725aa3bd7e50dddd86e4675f32b38a54722895f2
SHA512 bfdd6146c8f0f2c0e0f77c70139ff03fd64d2a0c6733c18f9f203f51d02cf7eded99b7fff8c754197c60f556f77aea7762867f029f7aa84c99d81ac5e2a8e4f9

C:\Windows\System\ATKJEAo.exe

MD5 55067c6979961622799b870061a6f16f
SHA1 cc0ccb21f35c470ed16bfe8c4b221b0ec03bb538
SHA256 db5db211ec359cced684fac5bfb118ea61eed25dd3a34c9be2d014df105832b2
SHA512 d6befb8c3a426405e936adc549fbcfb9fac46e6bcf95f459a703bc08fbe3902b817fdc45801d3f5b5c581c414f286bb72bb3608c615482eef5850e542224a9df

C:\Windows\System\OxgfCiM.exe

MD5 3a28b53d4455efeb85416e78ba1b10c1
SHA1 9513f9e31e3427f04c2d9c7dacedf99ddf6bb13b
SHA256 d239fdf8bde5db4cebd8c53e20b1d3e951868d1f9320dae5979908a02fd270ba
SHA512 e8e5c9467755eb663846912da192f60a65ef3d4920fc11a9d64778e94e51d29afa5d7e40e70c7cd051c24577b8b983eda6a81bcb530fa0c74b386892bac46a3d

C:\Windows\System\IybNbpu.exe

MD5 4c9311b592042a79989ccdf13c30282d
SHA1 97a77d4d7c44e69609c9e3c26422abad37fcf157
SHA256 a62519ef06bd662554c44a8ebebfcc270fbe069eab632da19a6b62b4bc5e0ce2
SHA512 bdfc2ce2a806e1eb3859a6b0174779974da34ef650510a111c1523de2f67b5025cefc9d860fe51db9df20ed8014baf688db68ebcf3b2f9e01f277f2544d35e2e

C:\Windows\System\phaCPOQ.exe

MD5 a58bc3b5bd7adf89ca0aa36b185f3d7d
SHA1 59962ea250de017557d26d49182bccb1cd6e0714
SHA256 e49beb59ad95e69d3205157ded8b08d323f157e7b39d028fedb0cfc46c5d0933
SHA512 f9fb5c829c03e00ed8c3834619d8c578d245715e1ae6529c4bedca18ec6acd642636dbc2b564404e36c0e5ed84deb9c6e1e86d1e111bd52c227c31e0a4933b68

memory/2480-120-0x00007FF7A09B0000-0x00007FF7A0DA6000-memory.dmp

C:\Windows\System\zvsnAiP.exe

MD5 bfff39845faad09f3dcf22f8f0ff4229
SHA1 b7f294da9e4dbc35c0d3eafc1e7428ccc95b5942
SHA256 1cab020914604d288aab2f8caaa5fa66737a5f6ef64d2c776be8eda5eef8ed7b
SHA512 77b26f7d988383ebf7b997186138f64c8f5c480d48827b59dc963163df4b3d57d72eb9b881bb219534ff5243cb7cc9df30a495f10fbd44b24509ee1b3638ae4b

C:\Windows\System\JMgFrXf.exe

MD5 91bba0bcc81ce0260cbc2c9be5f0be3a
SHA1 f4f6bebc8cf1e72d5bfec9533b9ff4903cbe6f00
SHA256 35049e931e446cfcf3aecdf8900585f9a373a183d9f9a3c4c11e7f7740a7dbd0
SHA512 46e8e88ff91f10c792483dec16217db89148d258a1ceaf52c1c01d5998a000313b1c35a1759ef2e45ff40dfaeb91bfda420e36be8ce57dd76145b62c624fd791

C:\Windows\System\ExIIutc.exe

MD5 fac5ad71e714aaa52416e49c19e93197
SHA1 51797fb6b341fd771cea3c1767b3cb5914503ba4
SHA256 e23ad2d0cc653633611ecbcaeb59021454ef7302df35da8a2922093c361691d5
SHA512 94f5751ec1a003a42db5563b0241c2f6731a3ffe36364ac779a3a8c4d93b6bdafb394d7c509f4767f0a09452b95df139ae0c262f137349ac443a047529a4f0e0

memory/3332-763-0x00007FFDB2F20000-0x00007FFDB39E1000-memory.dmp

memory/1080-776-0x00007FF6161C0000-0x00007FF6165B6000-memory.dmp

memory/4800-788-0x00007FF66AB40000-0x00007FF66AF36000-memory.dmp

memory/3332-1061-0x00007FFDB2F23000-0x00007FFDB2F25000-memory.dmp

memory/3332-1067-0x00007FFDB2F20000-0x00007FFDB39E1000-memory.dmp

memory/4420-796-0x00007FF7D6B70000-0x00007FF7D6F66000-memory.dmp

memory/2912-791-0x00007FF744480000-0x00007FF744876000-memory.dmp

memory/220-780-0x00007FF719560000-0x00007FF719956000-memory.dmp

memory/3552-783-0x00007FF65C940000-0x00007FF65CD36000-memory.dmp

memory/1596-772-0x00007FF7165D0000-0x00007FF7169C6000-memory.dmp

memory/3440-768-0x00007FF7144C0000-0x00007FF7148B6000-memory.dmp

C:\Windows\System\YCzcZNu.exe

MD5 2621b99c917f56e777822133d75ceeb6
SHA1 39ccf18dfff0881a3c6151a81577ff14097821f4
SHA256 adf4d959eccfb4ea434e8d42b4d6ab0f31ad597b0cd69ac141276965453d1743
SHA512 c983e4009dad833bb815907489cedfa785556d419c93acbaf0124d466ffb9e1d6fa767b2f02a6c94d4b2d5e261313b0f143f68573e10ea40fc13bd6cf0e9b05c

C:\Windows\System\PjUNGfl.exe

MD5 263216f70350ce33ea01d109040334d7
SHA1 2aae4783110aea199ac5e4a4433163a91b276f17
SHA256 95d8cd6a721db50069404fb281a9eceb631354295e6722d9c255ec132b793771
SHA512 5cec8351bbaf4364bc3a032c030f099e5854a05c60371bd0a67037609d0da64aa9d4881a98e7194a3517d76387c4c6dfd164f891ee43839e927f92264d3a9594

C:\Windows\System\PnMTOlS.exe

MD5 049dec369c19d24c8228cd848ad71fff
SHA1 bce55324b80f08a2833c7fd582061ab211a52ab7
SHA256 0fb4824ae4b2c96d63a3803093d557e49bf8525709b92540686e9c00247153e5
SHA512 8f2bc360d54a700b1e177ac04b5b3acb7b69715dedc534efa8e220d563b4b0a9dc8b034e0ed29ae76a51cfbca276d228497f78bdcd0406a419f879f123482eba

C:\Windows\System\MTAUNhn.exe

MD5 52338cee63aaf3c449019cf06a8c9dfd
SHA1 4acf87afca0f9c1a26f3ae05ed256e60c5bc86c9
SHA256 5cd288742295cd01e303cd923b9668eead973e5749ccea1a79e4aa0959749965
SHA512 936315df0eca3008512b99d94a02482f14b0494413853fd9e8d77881f8e2e8a99f1b3d9020d02f5ddda7a67971835caaf5bd6de9750a09235baa2273ed8038e1

C:\Windows\System\PEHcyLv.exe

MD5 023853ee4f74a3e094d7d33e4ddb7f5e
SHA1 448dcba296492e173f7720d95b9627db2bd7f834
SHA256 b4b784e9b7131ab6c0ba15d3775cd7cbeaaeac72454b63192ff2f6a214ebeb24
SHA512 17b425887d6c304099b835574488790905a1699eb0f076d3686d67897f46fb297941e3b250c1639ab0529089a020417a1fb4ff4a91429195c347097b2969148c

C:\Windows\System\yXevchP.exe

MD5 6c6de290ceea2f014179b58d11ca33b9
SHA1 c5f6da83793ebd435adbe22df4b4a6248b900c08
SHA256 3ff455d5caa9665a964ce712643196aa0673cda62dc4b257f20be15572775cca
SHA512 e3c9e92cb7a78a10ab0357436c992eb1d1ff37a31c5160efd965c4c84d93d91320cf6611e165f046d06545222f81f9c4f5f0d487c37ccd0eea9388bfa081abb8

C:\Windows\System\lYftCpJ.exe

MD5 e20cf16e9cfd5ef0566108c8edd2c4b3
SHA1 7ccbda51393a03ba66b3702fdd0e80464bf1700f
SHA256 9e1f38b0744808fe59fe716dde110be7b723dd75dc3bb6e757b31404dc499734
SHA512 b86c86b04215b648dec0847fefe669303b4b0066690d99f5d43e8fe0d39427b292f17a23b6b986cd130f1e09abb1eac33bf906c4fa670db7c9f71d5d3be46ca2

C:\Windows\System\eKDEugr.exe

MD5 6060f942fb801dcf3c84ca87e9a80293
SHA1 5be1199146963daacb262482ea08fe09e64aec0c
SHA256 05768579f3af912b3816c5c7e7c20f76ba56345b0b902cfb74d6c7865a901c8d
SHA512 3f2552d947f804e73b6d2ce7ff67b0cda5a0bd804571a113d62cdcb5523ebc4f95625ef30bb103af61fc739020dab4647ee18c93c00ccb8673c52466dfbb220f

C:\Windows\System\vsRqnqd.exe

MD5 d1294361b453715ddf7e163e4328c2ed
SHA1 f482b401caea7be288bafec5ab7cc724570a7692
SHA256 dc47e119def4daf9ac66c04deca94ed74818537d9a5cedad04b3acb237a161a6
SHA512 0a2143fa0278032063a6bb9381992ecb4289eb10afb067b9cd32b4f788b2e4c6bba2915f910b0a56130da22ddc6facc26f0bac33bc85188016affefbd23159ff

C:\Windows\System\WPKdoyW.exe

MD5 2df126cbbb25ff758b85b73387407a6c
SHA1 e6bc8785a3e460f803422510edfbcb00fc624c03
SHA256 4f56cd4d79d717e7c6ba436502a9c1b9d1b6af243402fdd4d5431ea6307439cb
SHA512 6fd9d4201b9cca306f229bea740d12f35688a7d255d11005ce14950addd21e683d45d85c1dea0b32be43539230bc889783b3123ac83ac3d667fc192479d07eb2

C:\Windows\System\ZLxMOGL.exe

MD5 07af933ad5e7720b8be5f75dc7a741b8
SHA1 da950b4fb1e67b78145d7c3b0e7642836260e201
SHA256 c8f8575703eb6a15cf4ea9f3515493a959d6ea21e672dc856b2870638fe98f9c
SHA512 3f1538d25051774b576d0939bbeb3f778421e135bc79d070f0ee88f196df71dc8e76dfe1b2849bf99d312657e11e24047ec78fb9551211ab91f741a3f3d297ce

C:\Windows\System\VdDyzME.exe

MD5 f5394dd1f7aca0891905493a85f79e53
SHA1 62c475e4968ae8b2b26845a1b142b4c8c3249e43
SHA256 b9b6fffce48cde1cfe8ce1d0b233f412314b602d69e8fecad929c84380ac68e2
SHA512 c03528efc115aa34a25f9298f8d1302d166f798824625868666a908032594a1e5f60cfef48b30f04676be9924cff2c236ad4f1ddff5009ecf08bbfb13bdad671

C:\Windows\System\aMlnHZc.exe

MD5 6581fd00ec7994fda84f8bf4ce52b243
SHA1 8b012603ae6e783e724fea50387d921ae64b343d
SHA256 0408c991b26e7819b365acebb5eedb2d0b4db3cc0ca17f871eb36fc625d381db
SHA512 7b4a1fd2355a27f85669027e43822779c903d9da59823616b8089d8b60c951b95556afedd7ffb1a13def2cee8c12e02ce2dff960bcc32cc99069a5824efda8ec

C:\Windows\System\efNPtSY.exe

MD5 aab679b8a68ce460e004deef29be66f3
SHA1 c0e0092dd4165844c500b0b82dbf8cb77cbbf302
SHA256 e518c361b5981cfeec31807aff4d15b06f33f30e447f7233e2d659a2bddaebb6
SHA512 994dfb9bd241d3d8a44be2f8d04b639a58c31148d74d5d5e01f46bcf09026ff87f49674c60f3a68d88bf12eca031369e89df4e7b47f1b96de260f91b05db19d7

memory/3372-116-0x00007FF65A260000-0x00007FF65A656000-memory.dmp

C:\Windows\System\PIKyXSk.exe

MD5 a367c8bc92052ed60bf0e85c1a15bd4d
SHA1 a8fbd3f130b7cd132a71507112cd96dd9b46698a
SHA256 169a5f93a2152230eb3fc004b0a01881b8d1f4e69f792d1ea723bb7dfe81b4c0
SHA512 0ec6b579829b64f29a316302b1d10d071a31497532e7fae1864d3e8a03dcc985da811526f898b33f16c9bda33134dd8054e947e89351adfaea46ed1618898028

memory/628-108-0x00007FF712D40000-0x00007FF713136000-memory.dmp

memory/2776-104-0x00007FF72B390000-0x00007FF72B786000-memory.dmp

memory/2596-98-0x00007FF675BC0000-0x00007FF675FB6000-memory.dmp

C:\Windows\System\RSBAcgT.exe

MD5 f047dffa2dc824851873b7b499f11462
SHA1 afa9944907672982bd14fc18b863a8158cdffa87
SHA256 977b3f76098dc334eb3b334c2d89321e196f81c6449545e772b7ae7a834a9ffa
SHA512 892a8e2c7e548f98c97ae99568a388a9ab7e50f4da35f563ce2b777d1d3fa75f6e24313e7cd8725bd05b7450d43f332e2643ec62904d878aaed4bde5d7dcd483

memory/1860-93-0x00007FF7E5920000-0x00007FF7E5D16000-memory.dmp

memory/400-87-0x00007FF613140000-0x00007FF613536000-memory.dmp

memory/4396-78-0x00007FF640210000-0x00007FF640606000-memory.dmp

memory/4232-74-0x00007FF608550000-0x00007FF608946000-memory.dmp

C:\Windows\System\buKxklk.exe

MD5 7d23b4bdc1984cbea68e34e19dfb5ac9
SHA1 d38eff250488baad15c1d93bcb5839e9c98840bc
SHA256 82ddcb40d35021dae12ecf277e2e58270db1ec3101ccfba0c5459842053f8e54
SHA512 1e4dea3915d49f1811aff76a82e883c30ee42a51267bdfed27bc227174c3de01b830e6c52ce86258dc7cdc4b6631bb7239c6e9d5e107bbcecbed95c8a3ebf824

memory/868-68-0x00007FF65EA20000-0x00007FF65EE16000-memory.dmp

memory/748-65-0x00007FF76DC60000-0x00007FF76E056000-memory.dmp

memory/1664-63-0x00007FF74B880000-0x00007FF74BC76000-memory.dmp

memory/4452-62-0x00007FF72B1E0000-0x00007FF72B5D6000-memory.dmp

memory/2080-55-0x00007FF6B0CB0000-0x00007FF6B10A6000-memory.dmp

memory/4020-49-0x00007FF64AE50000-0x00007FF64B246000-memory.dmp

C:\Windows\System\ElCFDnq.exe

MD5 f88490bdb3163aad3280c3b38ce752b1
SHA1 3f31ece10c6db5fe782b23c80f3420e9e5d82f49
SHA256 db451eb59dd87e1a1abae5d3711af004bec6cd9ccc52993c2023ad6e23aedc77
SHA512 38394393c08b34a6d3c751019621c6acd5686c28f85d2770e25de1537214b77a3c86c437d5adbbf48c5c2a34801c7b7592e7826811a6b1b33e6e3f28bc839bc4

memory/3332-37-0x000001F84F400000-0x000001F84F422000-memory.dmp

memory/3332-31-0x00007FFDB2F20000-0x00007FFDB39E1000-memory.dmp

memory/4396-1834-0x00007FF640210000-0x00007FF640606000-memory.dmp

memory/400-1835-0x00007FF613140000-0x00007FF613536000-memory.dmp

memory/1860-2013-0x00007FF7E5920000-0x00007FF7E5D16000-memory.dmp

memory/2776-2015-0x00007FF72B390000-0x00007FF72B786000-memory.dmp

memory/2596-2014-0x00007FF675BC0000-0x00007FF675FB6000-memory.dmp

memory/628-2016-0x00007FF712D40000-0x00007FF713136000-memory.dmp

memory/2480-2017-0x00007FF7A09B0000-0x00007FF7A0DA6000-memory.dmp

memory/2472-2018-0x00007FF6F0E00000-0x00007FF6F11F6000-memory.dmp

memory/4452-2019-0x00007FF72B1E0000-0x00007FF72B5D6000-memory.dmp

memory/4020-2020-0x00007FF64AE50000-0x00007FF64B246000-memory.dmp

memory/2080-2021-0x00007FF6B0CB0000-0x00007FF6B10A6000-memory.dmp

memory/1664-2022-0x00007FF74B880000-0x00007FF74BC76000-memory.dmp

memory/748-2023-0x00007FF76DC60000-0x00007FF76E056000-memory.dmp

memory/1184-2025-0x00007FF7A8B70000-0x00007FF7A8F66000-memory.dmp

memory/868-2024-0x00007FF65EA20000-0x00007FF65EE16000-memory.dmp

memory/4232-2026-0x00007FF608550000-0x00007FF608946000-memory.dmp

memory/4396-2027-0x00007FF640210000-0x00007FF640606000-memory.dmp

memory/1860-2028-0x00007FF7E5920000-0x00007FF7E5D16000-memory.dmp

memory/400-2029-0x00007FF613140000-0x00007FF613536000-memory.dmp

memory/2596-2030-0x00007FF675BC0000-0x00007FF675FB6000-memory.dmp

memory/2776-2031-0x00007FF72B390000-0x00007FF72B786000-memory.dmp

memory/3372-2033-0x00007FF65A260000-0x00007FF65A656000-memory.dmp

memory/628-2032-0x00007FF712D40000-0x00007FF713136000-memory.dmp

memory/1596-2035-0x00007FF7165D0000-0x00007FF7169C6000-memory.dmp

memory/2912-2039-0x00007FF744480000-0x00007FF744876000-memory.dmp

memory/4420-2038-0x00007FF7D6B70000-0x00007FF7D6F66000-memory.dmp

memory/3440-2037-0x00007FF7144C0000-0x00007FF7148B6000-memory.dmp

memory/4800-2036-0x00007FF66AB40000-0x00007FF66AF36000-memory.dmp

memory/2480-2034-0x00007FF7A09B0000-0x00007FF7A0DA6000-memory.dmp

memory/1080-2040-0x00007FF6161C0000-0x00007FF6165B6000-memory.dmp

memory/220-2041-0x00007FF719560000-0x00007FF719956000-memory.dmp