xmrig | 4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053

Analysis

max time kernel
149s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
Size

1.9MB
MD5

135668230a6535bd3a0a2b1ac2d38400
SHA1

4f0c8486b36e3d6a86cdb1a27993b885cf3b4295
SHA256

4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053
SHA512

589ae34c1db38d2f526155ed37f9bc17ed6a47da796e0337936765a98565e299e9d63d9db68f62ff17284cc0ad2a3c78bee318c052f5cd643d1f0a1717a9cf3d
SSDEEP

49152:Lz071uv4BPMkHC0I6Gz3N1pHVfyH1C76fOyjAV2:NABx

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2868-51-0x00007FF73E120000-0x00007FF73E512000-memory.dmp	xmrig
behavioral2/memory/3284-136-0x00007FF6F19C0000-0x00007FF6F1DB2000-memory.dmp	xmrig
behavioral2/memory/4980-130-0x00007FF7901E0000-0x00007FF7905D2000-memory.dmp	xmrig
behavioral2/memory/4580-129-0x00007FF6D0C40000-0x00007FF6D1032000-memory.dmp	xmrig
behavioral2/memory/4220-123-0x00007FF619F30000-0x00007FF61A322000-memory.dmp	xmrig
behavioral2/memory/1436-117-0x00007FF697BE0000-0x00007FF697FD2000-memory.dmp	xmrig
behavioral2/memory/4188-116-0x00007FF79D070000-0x00007FF79D462000-memory.dmp	xmrig
behavioral2/memory/4056-113-0x00007FF7ABC80000-0x00007FF7AC072000-memory.dmp	xmrig
behavioral2/memory/3400-110-0x00007FF6694E0000-0x00007FF6698D2000-memory.dmp	xmrig
behavioral2/memory/4788-109-0x00007FF637040000-0x00007FF637432000-memory.dmp	xmrig
behavioral2/memory/908-103-0x00007FF766CF0000-0x00007FF7670E2000-memory.dmp	xmrig
behavioral2/memory/4564-99-0x00007FF7EF910000-0x00007FF7EFD02000-memory.dmp	xmrig
behavioral2/memory/4028-91-0x00007FF7513A0000-0x00007FF751792000-memory.dmp	xmrig
behavioral2/memory/4588-84-0x00007FF655120000-0x00007FF655512000-memory.dmp	xmrig
behavioral2/memory/1244-58-0x00007FF75AD50000-0x00007FF75B142000-memory.dmp	xmrig
behavioral2/memory/4604-2044-0x00007FF788000000-0x00007FF7883F2000-memory.dmp	xmrig
behavioral2/memory/3268-2045-0x00007FF68D480000-0x00007FF68D872000-memory.dmp	xmrig
behavioral2/memory/1132-2047-0x00007FF6A98B0000-0x00007FF6A9CA2000-memory.dmp	xmrig
behavioral2/memory/1160-2048-0x00007FF7BE370000-0x00007FF7BE762000-memory.dmp	xmrig
behavioral2/memory/1436-2062-0x00007FF697BE0000-0x00007FF697FD2000-memory.dmp	xmrig
behavioral2/memory/3040-2066-0x00007FF662790000-0x00007FF662B82000-memory.dmp	xmrig
behavioral2/memory/1144-2063-0x00007FF7B4450000-0x00007FF7B4842000-memory.dmp	xmrig
behavioral2/memory/2436-2083-0x00007FF71C7D0000-0x00007FF71CBC2000-memory.dmp	xmrig
behavioral2/memory/3476-2096-0x00007FF6762E0000-0x00007FF6766D2000-memory.dmp	xmrig
behavioral2/memory/5036-2098-0x00007FF6D50A0000-0x00007FF6D5492000-memory.dmp	xmrig
behavioral2/memory/4028-2113-0x00007FF7513A0000-0x00007FF751792000-memory.dmp	xmrig
behavioral2/memory/2868-2115-0x00007FF73E120000-0x00007FF73E512000-memory.dmp	xmrig
behavioral2/memory/1244-2117-0x00007FF75AD50000-0x00007FF75B142000-memory.dmp	xmrig
behavioral2/memory/4564-2119-0x00007FF7EF910000-0x00007FF7EFD02000-memory.dmp	xmrig
behavioral2/memory/1132-2121-0x00007FF6A98B0000-0x00007FF6A9CA2000-memory.dmp	xmrig
behavioral2/memory/4604-2125-0x00007FF788000000-0x00007FF7883F2000-memory.dmp	xmrig
behavioral2/memory/908-2124-0x00007FF766CF0000-0x00007FF7670E2000-memory.dmp	xmrig
behavioral2/memory/1160-2127-0x00007FF7BE370000-0x00007FF7BE762000-memory.dmp	xmrig
behavioral2/memory/3400-2131-0x00007FF6694E0000-0x00007FF6698D2000-memory.dmp	xmrig
behavioral2/memory/4788-2130-0x00007FF637040000-0x00007FF637432000-memory.dmp	xmrig
behavioral2/memory/3268-2138-0x00007FF68D480000-0x00007FF68D872000-memory.dmp	xmrig
behavioral2/memory/4580-2145-0x00007FF6D0C40000-0x00007FF6D1032000-memory.dmp	xmrig
behavioral2/memory/4980-2144-0x00007FF7901E0000-0x00007FF7905D2000-memory.dmp	xmrig
behavioral2/memory/4056-2141-0x00007FF7ABC80000-0x00007FF7AC072000-memory.dmp	xmrig
behavioral2/memory/4188-2136-0x00007FF79D070000-0x00007FF79D462000-memory.dmp	xmrig
behavioral2/memory/4220-2139-0x00007FF619F30000-0x00007FF61A322000-memory.dmp	xmrig
behavioral2/memory/4588-2133-0x00007FF655120000-0x00007FF655512000-memory.dmp	xmrig
behavioral2/memory/3284-2147-0x00007FF6F19C0000-0x00007FF6F1DB2000-memory.dmp	xmrig
behavioral2/memory/1144-2162-0x00007FF7B4450000-0x00007FF7B4842000-memory.dmp	xmrig
behavioral2/memory/3040-2157-0x00007FF662790000-0x00007FF662B82000-memory.dmp	xmrig
behavioral2/memory/2436-2155-0x00007FF71C7D0000-0x00007FF71CBC2000-memory.dmp	xmrig
behavioral2/memory/3476-2152-0x00007FF6762E0000-0x00007FF6766D2000-memory.dmp	xmrig
behavioral2/memory/5036-2150-0x00007FF6D50A0000-0x00007FF6D5492000-memory.dmp	xmrig
behavioral2/memory/1436-2366-0x00007FF697BE0000-0x00007FF697FD2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
7	3708	powershell.exe
9	3708	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3708	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4028	IrFcGmu.exe
2868	PvsLZjq.exe
4564	Dwicqzk.exe
1132	JVNenRO.exe
1244	OeKrhLm.exe
4604	NNmZHZV.exe
1160	RrCYQaQ.exe
908	wkhuVmW.exe
4788	STUOOZW.exe
3400	PemZVgS.exe
4588	yreXfNF.exe
4056	eLPHitx.exe
3268	XPLvtWd.exe
4188	KgjkVLR.exe
1436	EgGFRsB.exe
4220	IRfuzEb.exe
4580	tnBtaPf.exe
4980	SPZoQih.exe
3284	QQDPpqy.exe
1144	ATnXzjQ.exe
3040	ENFpCxS.exe
2436	cJuGUNY.exe
3476	XODqJMe.exe
5036	aKxWeET.exe
5044	vsqIFOC.exe
4196	xLDkWHH.exe
968	jWaoGkK.exe
2188	LDNcGRK.exe
3472	WtVXSQc.exe
4192	qNEIOPb.exe
2460	DgEslDe.exe
4920	jqGxmNO.exe
3100	JXSdYxd.exe
3420	lIgmGxQ.exe
2060	WzQCQVb.exe
4696	GvMaBqG.exe
3780	JWvFPYU.exe
1360	BUOsDgG.exe
4464	VVahATT.exe
2252	LzkuQKc.exe
1176	SLeidbB.exe
3724	JODYudl.exe
2708	JKjkOZb.exe
2504	DGzKQHs.exe
964	CwhxHFw.exe
3608	oYDYdKC.exe
4652	lTpTPxe.exe
4136	hlmvLuZ.exe
4936	kyryaCA.exe
1988	KgEQMvX.exe
2932	gnsWBsB.exe
4852	sAxYvdw.exe
3800	cfjmkeb.exe
3404	SWfiJRT.exe
4180	iYcizzk.exe
2272	GxvXZbI.exe
2156	zvDagpq.exe
1684	bTxIlER.exe
4420	zSgbUrW.exe
2604	opJNNbS.exe
212	rvdWsbs.exe
3896	fmpNwuO.exe
4064	GukXNZd.exe
2740	dBTpfcw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4124-0-0x00007FF624890000-0x00007FF624C82000-memory.dmp	upx
behavioral2/files/0x000a000000023559-6.dat	upx
behavioral2/files/0x0007000000023565-10.dat	upx
behavioral2/files/0x0007000000023569-31.dat	upx
behavioral2/memory/2868-51-0x00007FF73E120000-0x00007FF73E512000-memory.dmp	upx
behavioral2/files/0x000700000002356c-50.dat	upx
behavioral2/memory/1132-52-0x00007FF6A98B0000-0x00007FF6A9CA2000-memory.dmp	upx
behavioral2/files/0x000700000002356b-42.dat	upx
behavioral2/files/0x000700000002356a-41.dat	upx
behavioral2/files/0x0008000000023568-34.dat	upx
behavioral2/memory/1160-79-0x00007FF7BE370000-0x00007FF7BE762000-memory.dmp	upx
behavioral2/files/0x0007000000023570-85.dat	upx
behavioral2/files/0x000700000002356f-93.dat	upx
behavioral2/files/0x0007000000023573-100.dat	upx
behavioral2/files/0x0008000000023562-119.dat	upx
behavioral2/files/0x0007000000023576-126.dat	upx
behavioral2/files/0x0007000000023577-133.dat	upx
behavioral2/memory/1144-142-0x00007FF7B4450000-0x00007FF7B4842000-memory.dmp	upx
behavioral2/files/0x000700000002357e-174.dat	upx
behavioral2/files/0x0007000000023580-192.dat	upx
behavioral2/files/0x0007000000023583-199.dat	upx
behavioral2/files/0x0007000000023581-197.dat	upx
behavioral2/files/0x0007000000023582-194.dat	upx
behavioral2/files/0x000700000002357f-187.dat	upx
behavioral2/files/0x000700000002357d-177.dat	upx
behavioral2/files/0x000700000002357c-172.dat	upx
behavioral2/files/0x000700000002357b-167.dat	upx
behavioral2/files/0x000700000002357a-162.dat	upx
behavioral2/memory/5036-161-0x00007FF6D50A0000-0x00007FF6D5492000-memory.dmp	upx
behavioral2/files/0x0007000000023579-156.dat	upx
behavioral2/memory/3476-155-0x00007FF6762E0000-0x00007FF6766D2000-memory.dmp	upx
behavioral2/memory/2436-154-0x00007FF71C7D0000-0x00007FF71CBC2000-memory.dmp	upx
behavioral2/files/0x0007000000023578-149.dat	upx
behavioral2/memory/3040-148-0x00007FF662790000-0x00007FF662B82000-memory.dmp	upx
behavioral2/memory/3284-136-0x00007FF6F19C0000-0x00007FF6F1DB2000-memory.dmp	upx
behavioral2/files/0x0007000000023575-131.dat	upx
behavioral2/memory/4980-130-0x00007FF7901E0000-0x00007FF7905D2000-memory.dmp	upx
behavioral2/memory/4580-129-0x00007FF6D0C40000-0x00007FF6D1032000-memory.dmp	upx
behavioral2/files/0x0007000000023574-124.dat	upx
behavioral2/memory/4220-123-0x00007FF619F30000-0x00007FF61A322000-memory.dmp	upx
behavioral2/memory/1436-117-0x00007FF697BE0000-0x00007FF697FD2000-memory.dmp	upx
behavioral2/memory/4188-116-0x00007FF79D070000-0x00007FF79D462000-memory.dmp	upx
behavioral2/memory/4056-113-0x00007FF7ABC80000-0x00007FF7AC072000-memory.dmp	upx
behavioral2/memory/3400-110-0x00007FF6694E0000-0x00007FF6698D2000-memory.dmp	upx
behavioral2/memory/4788-109-0x00007FF637040000-0x00007FF637432000-memory.dmp	upx
behavioral2/files/0x0007000000023572-104.dat	upx
behavioral2/memory/908-103-0x00007FF766CF0000-0x00007FF7670E2000-memory.dmp	upx
behavioral2/memory/4564-99-0x00007FF7EF910000-0x00007FF7EFD02000-memory.dmp	upx
behavioral2/files/0x0007000000023571-95.dat	upx
behavioral2/memory/4028-91-0x00007FF7513A0000-0x00007FF751792000-memory.dmp	upx
behavioral2/memory/3268-90-0x00007FF68D480000-0x00007FF68D872000-memory.dmp	upx
behavioral2/memory/4588-84-0x00007FF655120000-0x00007FF655512000-memory.dmp	upx
behavioral2/files/0x0008000000023567-74.dat	upx
behavioral2/files/0x000700000002356e-72.dat	upx
behavioral2/files/0x000700000002356d-71.dat	upx
behavioral2/memory/4604-66-0x00007FF788000000-0x00007FF7883F2000-memory.dmp	upx
behavioral2/memory/1244-58-0x00007FF75AD50000-0x00007FF75B142000-memory.dmp	upx
behavioral2/files/0x0007000000023566-40.dat	upx
behavioral2/memory/4604-2044-0x00007FF788000000-0x00007FF7883F2000-memory.dmp	upx
behavioral2/memory/3268-2045-0x00007FF68D480000-0x00007FF68D872000-memory.dmp	upx
behavioral2/memory/1132-2047-0x00007FF6A98B0000-0x00007FF6A9CA2000-memory.dmp	upx
behavioral2/memory/1160-2048-0x00007FF7BE370000-0x00007FF7BE762000-memory.dmp	upx
behavioral2/memory/1436-2062-0x00007FF697BE0000-0x00007FF697FD2000-memory.dmp	upx
behavioral2/memory/3040-2066-0x00007FF662790000-0x00007FF662B82000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KKUtwGY.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\UEaJchN.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\lNSHwIh.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\XBVNWxh.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\bGElNvt.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\akzSJZI.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\vsqIFOC.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\XoDGVNQ.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\YlENntc.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\vRKvhdT.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\ncYLNix.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\fkAaQVS.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\xLDkWHH.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\BNpoztj.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\hkYgTtg.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\pHSASui.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\wpTQBqR.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\PqXoayU.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\FOZLlxd.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\uOsORST.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\AbyRyrF.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\zZHEcJG.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\zSipajf.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\IYNAtoD.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\uIsfKSJ.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\WdYSVxj.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\wFrflbW.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\NHHtKDZ.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\hBMqOhD.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\SSbuYXi.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\nRSrcgT.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\QcTxWgu.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\xpoCVqs.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\qUEnPaj.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\NLHZZrJ.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\dehTXPA.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\joVsHua.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\EWCGRpm.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\WtVXSQc.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\PRbgStE.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\OQEAbpT.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\TRUzeav.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\BzKFcvk.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\XKhlUiV.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\BHOyDtG.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\sUwZYxF.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\CyVnXBk.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\RjdsXlF.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\eRyPyxe.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\JTtVdFb.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\RSaEOMN.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\pCgJqDA.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\XJLSkAu.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\KyhniYj.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\BiisRcg.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\IMonzlw.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\MJQgqEO.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\CVopVdA.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\vcMLwyX.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\LDNcGRK.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\dBTpfcw.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\pWEFgtz.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\NIVQVdR.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
File created	C:\Windows\System\fhnoeon.exe	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3708	powershell.exe
3708	powershell.exe
3708	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
Token: SeDebugPrivilege	3708	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 3708	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	83
PID 4124 wrote to memory of 3708	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	83
PID 4124 wrote to memory of 4028	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	84
PID 4124 wrote to memory of 4028	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	84
PID 4124 wrote to memory of 2868	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	85
PID 4124 wrote to memory of 2868	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	85
PID 4124 wrote to memory of 4564	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	86
PID 4124 wrote to memory of 4564	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	86
PID 4124 wrote to memory of 1132	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	87
PID 4124 wrote to memory of 1132	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	87
PID 4124 wrote to memory of 1244	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	88
PID 4124 wrote to memory of 1244	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	88
PID 4124 wrote to memory of 4604	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	89
PID 4124 wrote to memory of 4604	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	89
PID 4124 wrote to memory of 1160	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	90
PID 4124 wrote to memory of 1160	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	90
PID 4124 wrote to memory of 908	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	91
PID 4124 wrote to memory of 908	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	91
PID 4124 wrote to memory of 4788	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	92
PID 4124 wrote to memory of 4788	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	92
PID 4124 wrote to memory of 3400	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	93
PID 4124 wrote to memory of 3400	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	93
PID 4124 wrote to memory of 4588	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	94
PID 4124 wrote to memory of 4588	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	94
PID 4124 wrote to memory of 3268	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	95
PID 4124 wrote to memory of 3268	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	95
PID 4124 wrote to memory of 4056	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	96
PID 4124 wrote to memory of 4056	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	96
PID 4124 wrote to memory of 4188	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	97
PID 4124 wrote to memory of 4188	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	97
PID 4124 wrote to memory of 1436	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	98
PID 4124 wrote to memory of 1436	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	98
PID 4124 wrote to memory of 4220	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	99
PID 4124 wrote to memory of 4220	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	99
PID 4124 wrote to memory of 4580	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	100
PID 4124 wrote to memory of 4580	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	100
PID 4124 wrote to memory of 4980	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	101
PID 4124 wrote to memory of 4980	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	101
PID 4124 wrote to memory of 3284	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	102
PID 4124 wrote to memory of 3284	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	102
PID 4124 wrote to memory of 1144	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	103
PID 4124 wrote to memory of 1144	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	103
PID 4124 wrote to memory of 3040	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	104
PID 4124 wrote to memory of 3040	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	104
PID 4124 wrote to memory of 2436	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	105
PID 4124 wrote to memory of 2436	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	105
PID 4124 wrote to memory of 3476	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	106
PID 4124 wrote to memory of 3476	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	106
PID 4124 wrote to memory of 5036	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	107
PID 4124 wrote to memory of 5036	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	107
PID 4124 wrote to memory of 5044	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	108
PID 4124 wrote to memory of 5044	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	108
PID 4124 wrote to memory of 4196	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	109
PID 4124 wrote to memory of 4196	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	109
PID 4124 wrote to memory of 968	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	110
PID 4124 wrote to memory of 968	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	110
PID 4124 wrote to memory of 2188	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	111
PID 4124 wrote to memory of 2188	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	111
PID 4124 wrote to memory of 3472	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	112
PID 4124 wrote to memory of 3472	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	112
PID 4124 wrote to memory of 4192	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	113
PID 4124 wrote to memory of 4192	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	113
PID 4124 wrote to memory of 2460	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	114
PID 4124 wrote to memory of 2460	4124	4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f37113a57508c6b9cd5bf810ce6d3cde835644239f07f46a9fd88f806f05053_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3708
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3708" "2940" "2788" "2944" "0" "0" "2948" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:13504
- C:\Windows\System\IrFcGmu.exe
  C:\Windows\System\IrFcGmu.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\PvsLZjq.exe
  C:\Windows\System\PvsLZjq.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\Dwicqzk.exe
  C:\Windows\System\Dwicqzk.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\JVNenRO.exe
  C:\Windows\System\JVNenRO.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\OeKrhLm.exe
  C:\Windows\System\OeKrhLm.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\NNmZHZV.exe
  C:\Windows\System\NNmZHZV.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\RrCYQaQ.exe
  C:\Windows\System\RrCYQaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\wkhuVmW.exe
  C:\Windows\System\wkhuVmW.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\STUOOZW.exe
  C:\Windows\System\STUOOZW.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\PemZVgS.exe
  C:\Windows\System\PemZVgS.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\yreXfNF.exe
  C:\Windows\System\yreXfNF.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\XPLvtWd.exe
  C:\Windows\System\XPLvtWd.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\eLPHitx.exe
  C:\Windows\System\eLPHitx.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\KgjkVLR.exe
  C:\Windows\System\KgjkVLR.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\EgGFRsB.exe
  C:\Windows\System\EgGFRsB.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\IRfuzEb.exe
  C:\Windows\System\IRfuzEb.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\tnBtaPf.exe
  C:\Windows\System\tnBtaPf.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\SPZoQih.exe
  C:\Windows\System\SPZoQih.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\QQDPpqy.exe
  C:\Windows\System\QQDPpqy.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\ATnXzjQ.exe
  C:\Windows\System\ATnXzjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\ENFpCxS.exe
  C:\Windows\System\ENFpCxS.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\cJuGUNY.exe
  C:\Windows\System\cJuGUNY.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\XODqJMe.exe
  C:\Windows\System\XODqJMe.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\aKxWeET.exe
  C:\Windows\System\aKxWeET.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\vsqIFOC.exe
  C:\Windows\System\vsqIFOC.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\xLDkWHH.exe
  C:\Windows\System\xLDkWHH.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\jWaoGkK.exe
  C:\Windows\System\jWaoGkK.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\LDNcGRK.exe
  C:\Windows\System\LDNcGRK.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\WtVXSQc.exe
  C:\Windows\System\WtVXSQc.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\qNEIOPb.exe
  C:\Windows\System\qNEIOPb.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\DgEslDe.exe
  C:\Windows\System\DgEslDe.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\jqGxmNO.exe
  C:\Windows\System\jqGxmNO.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\JXSdYxd.exe
  C:\Windows\System\JXSdYxd.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\lIgmGxQ.exe
  C:\Windows\System\lIgmGxQ.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\WzQCQVb.exe
  C:\Windows\System\WzQCQVb.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\GvMaBqG.exe
  C:\Windows\System\GvMaBqG.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\JWvFPYU.exe
  C:\Windows\System\JWvFPYU.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\BUOsDgG.exe
  C:\Windows\System\BUOsDgG.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\VVahATT.exe
  C:\Windows\System\VVahATT.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\LzkuQKc.exe
  C:\Windows\System\LzkuQKc.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\SLeidbB.exe
  C:\Windows\System\SLeidbB.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\JODYudl.exe
  C:\Windows\System\JODYudl.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\JKjkOZb.exe
  C:\Windows\System\JKjkOZb.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\DGzKQHs.exe
  C:\Windows\System\DGzKQHs.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\CwhxHFw.exe
  C:\Windows\System\CwhxHFw.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\oYDYdKC.exe
  C:\Windows\System\oYDYdKC.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\lTpTPxe.exe
  C:\Windows\System\lTpTPxe.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\hlmvLuZ.exe
  C:\Windows\System\hlmvLuZ.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\kyryaCA.exe
  C:\Windows\System\kyryaCA.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\KgEQMvX.exe
  C:\Windows\System\KgEQMvX.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\gnsWBsB.exe
  C:\Windows\System\gnsWBsB.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\sAxYvdw.exe
  C:\Windows\System\sAxYvdw.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\cfjmkeb.exe
  C:\Windows\System\cfjmkeb.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\SWfiJRT.exe
  C:\Windows\System\SWfiJRT.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\iYcizzk.exe
  C:\Windows\System\iYcizzk.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\GxvXZbI.exe
  C:\Windows\System\GxvXZbI.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\zvDagpq.exe
  C:\Windows\System\zvDagpq.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\bTxIlER.exe
  C:\Windows\System\bTxIlER.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\zSgbUrW.exe
  C:\Windows\System\zSgbUrW.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\opJNNbS.exe
  C:\Windows\System\opJNNbS.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\rvdWsbs.exe
  C:\Windows\System\rvdWsbs.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\fmpNwuO.exe
  C:\Windows\System\fmpNwuO.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\GukXNZd.exe
  C:\Windows\System\GukXNZd.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\dBTpfcw.exe
  C:\Windows\System\dBTpfcw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\XiJAfup.exe
  C:\Windows\System\XiJAfup.exe
  2⤵
  PID:2988
- C:\Windows\System\iLWRAuD.exe
  C:\Windows\System\iLWRAuD.exe
  2⤵
  PID:4984
- C:\Windows\System\jjfSMFh.exe
  C:\Windows\System\jjfSMFh.exe
  2⤵
  PID:4712
- C:\Windows\System\XXLstcs.exe
  C:\Windows\System\XXLstcs.exe
  2⤵
  PID:5132
- C:\Windows\System\jQNpyfV.exe
  C:\Windows\System\jQNpyfV.exe
  2⤵
  PID:5160
- C:\Windows\System\uIsfKSJ.exe
  C:\Windows\System\uIsfKSJ.exe
  2⤵
  PID:5188
- C:\Windows\System\cvHcfVi.exe
  C:\Windows\System\cvHcfVi.exe
  2⤵
  PID:5216
- C:\Windows\System\grjQuqw.exe
  C:\Windows\System\grjQuqw.exe
  2⤵
  PID:5244
- C:\Windows\System\YKXGNPq.exe
  C:\Windows\System\YKXGNPq.exe
  2⤵
  PID:5272
- C:\Windows\System\wZWsJuW.exe
  C:\Windows\System\wZWsJuW.exe
  2⤵
  PID:5300
- C:\Windows\System\TRUzeav.exe
  C:\Windows\System\TRUzeav.exe
  2⤵
  PID:5328
- C:\Windows\System\LqpStdb.exe
  C:\Windows\System\LqpStdb.exe
  2⤵
  PID:5356
- C:\Windows\System\YERXOXs.exe
  C:\Windows\System\YERXOXs.exe
  2⤵
  PID:5392
- C:\Windows\System\snzBRdB.exe
  C:\Windows\System\snzBRdB.exe
  2⤵
  PID:5412
- C:\Windows\System\chVPXfa.exe
  C:\Windows\System\chVPXfa.exe
  2⤵
  PID:5440
- C:\Windows\System\PpcFHwc.exe
  C:\Windows\System\PpcFHwc.exe
  2⤵
  PID:5464
- C:\Windows\System\KRVNTug.exe
  C:\Windows\System\KRVNTug.exe
  2⤵
  PID:5492
- C:\Windows\System\iaemhUg.exe
  C:\Windows\System\iaemhUg.exe
  2⤵
  PID:5524
- C:\Windows\System\OjBzlSK.exe
  C:\Windows\System\OjBzlSK.exe
  2⤵
  PID:5552
- C:\Windows\System\rhTrIUf.exe
  C:\Windows\System\rhTrIUf.exe
  2⤵
  PID:5576
- C:\Windows\System\tFZXIoZ.exe
  C:\Windows\System\tFZXIoZ.exe
  2⤵
  PID:5604
- C:\Windows\System\Xbwzrpu.exe
  C:\Windows\System\Xbwzrpu.exe
  2⤵
  PID:5632
- C:\Windows\System\ytxWhqU.exe
  C:\Windows\System\ytxWhqU.exe
  2⤵
  PID:5660
- C:\Windows\System\OoGYicp.exe
  C:\Windows\System\OoGYicp.exe
  2⤵
  PID:5688
- C:\Windows\System\HbWFBAR.exe
  C:\Windows\System\HbWFBAR.exe
  2⤵
  PID:5716
- C:\Windows\System\wpTQBqR.exe
  C:\Windows\System\wpTQBqR.exe
  2⤵
  PID:5744
- C:\Windows\System\WdYSVxj.exe
  C:\Windows\System\WdYSVxj.exe
  2⤵
  PID:5772
- C:\Windows\System\iKcBLwg.exe
  C:\Windows\System\iKcBLwg.exe
  2⤵
  PID:5800
- C:\Windows\System\JxWPxqV.exe
  C:\Windows\System\JxWPxqV.exe
  2⤵
  PID:5828
- C:\Windows\System\TrFLDCW.exe
  C:\Windows\System\TrFLDCW.exe
  2⤵
  PID:5860
- C:\Windows\System\JNvmohN.exe
  C:\Windows\System\JNvmohN.exe
  2⤵
  PID:5888
- C:\Windows\System\xdJPIMA.exe
  C:\Windows\System\xdJPIMA.exe
  2⤵
  PID:5916
- C:\Windows\System\FKDOMZy.exe
  C:\Windows\System\FKDOMZy.exe
  2⤵
  PID:5944
- C:\Windows\System\CEaXgom.exe
  C:\Windows\System\CEaXgom.exe
  2⤵
  PID:5972
- C:\Windows\System\cFIGCQL.exe
  C:\Windows\System\cFIGCQL.exe
  2⤵
  PID:6000
- C:\Windows\System\CcxRtJn.exe
  C:\Windows\System\CcxRtJn.exe
  2⤵
  PID:6028
- C:\Windows\System\vvXEysV.exe
  C:\Windows\System\vvXEysV.exe
  2⤵
  PID:6056
- C:\Windows\System\YepUweh.exe
  C:\Windows\System\YepUweh.exe
  2⤵
  PID:6088
- C:\Windows\System\YKjAADS.exe
  C:\Windows\System\YKjAADS.exe
  2⤵
  PID:6112
- C:\Windows\System\JDGTdsu.exe
  C:\Windows\System\JDGTdsu.exe
  2⤵
  PID:6140
- C:\Windows\System\jDlGJbN.exe
  C:\Windows\System\jDlGJbN.exe
  2⤵
  PID:220
- C:\Windows\System\DrUXvTH.exe
  C:\Windows\System\DrUXvTH.exe
  2⤵
  PID:208
- C:\Windows\System\niuRrFn.exe
  C:\Windows\System\niuRrFn.exe
  2⤵
  PID:2800
- C:\Windows\System\bmxpkUH.exe
  C:\Windows\System\bmxpkUH.exe
  2⤵
  PID:2356
- C:\Windows\System\KmaQPMo.exe
  C:\Windows\System\KmaQPMo.exe
  2⤵
  PID:5172
- C:\Windows\System\KUzGBzn.exe
  C:\Windows\System\KUzGBzn.exe
  2⤵
  PID:5236
- C:\Windows\System\yUWPVIe.exe
  C:\Windows\System\yUWPVIe.exe
  2⤵
  PID:5312
- C:\Windows\System\xpoCVqs.exe
  C:\Windows\System\xpoCVqs.exe
  2⤵
  PID:5372
- C:\Windows\System\GTwAKBn.exe
  C:\Windows\System\GTwAKBn.exe
  2⤵
  PID:5428
- C:\Windows\System\PkgRVCa.exe
  C:\Windows\System\PkgRVCa.exe
  2⤵
  PID:5488
- C:\Windows\System\pThVEBx.exe
  C:\Windows\System\pThVEBx.exe
  2⤵
  PID:5564
- C:\Windows\System\MuHGeuR.exe
  C:\Windows\System\MuHGeuR.exe
  2⤵
  PID:5620
- C:\Windows\System\JytdIdw.exe
  C:\Windows\System\JytdIdw.exe
  2⤵
  PID:5656
- C:\Windows\System\CPihPNI.exe
  C:\Windows\System\CPihPNI.exe
  2⤵
  PID:5712
- C:\Windows\System\QlSScUC.exe
  C:\Windows\System\QlSScUC.exe
  2⤵
  PID:5768
- C:\Windows\System\EAvABYv.exe
  C:\Windows\System\EAvABYv.exe
  2⤵
  PID:4716
- C:\Windows\System\bzQTpZd.exe
  C:\Windows\System\bzQTpZd.exe
  2⤵
  PID:2632
- C:\Windows\System\GoRBWDc.exe
  C:\Windows\System\GoRBWDc.exe
  2⤵
  PID:5960
- C:\Windows\System\WnuCcrs.exe
  C:\Windows\System\WnuCcrs.exe
  2⤵
  PID:5996
- C:\Windows\System\vxchmIp.exe
  C:\Windows\System\vxchmIp.exe
  2⤵
  PID:6072
- C:\Windows\System\wjpyTRc.exe
  C:\Windows\System\wjpyTRc.exe
  2⤵
  PID:6108
- C:\Windows\System\wFrflbW.exe
  C:\Windows\System\wFrflbW.exe
  2⤵
  PID:3348
- C:\Windows\System\tulbqbP.exe
  C:\Windows\System\tulbqbP.exe
  2⤵
  PID:4796
- C:\Windows\System\obDHDeD.exe
  C:\Windows\System\obDHDeD.exe
  2⤵
  PID:5144
- C:\Windows\System\IDVAVuB.exe
  C:\Windows\System\IDVAVuB.exe
  2⤵
  PID:5232
- C:\Windows\System\iMrAeKh.exe
  C:\Windows\System\iMrAeKh.exe
  2⤵
  PID:5404
- C:\Windows\System\xyjOOWK.exe
  C:\Windows\System\xyjOOWK.exe
  2⤵
  PID:5004
- C:\Windows\System\tjqOxkQ.exe
  C:\Windows\System\tjqOxkQ.exe
  2⤵
  PID:832
- C:\Windows\System\SmhWaLw.exe
  C:\Windows\System\SmhWaLw.exe
  2⤵
  PID:5704
- C:\Windows\System\SylYZMX.exe
  C:\Windows\System\SylYZMX.exe
  2⤵
  PID:1488
- C:\Windows\System\jttvfnS.exe
  C:\Windows\System\jttvfnS.exe
  2⤵
  PID:5880
- C:\Windows\System\APUvrdq.exe
  C:\Windows\System\APUvrdq.exe
  2⤵
  PID:452
- C:\Windows\System\YEvClZH.exe
  C:\Windows\System\YEvClZH.exe
  2⤵
  PID:2620
- C:\Windows\System\OcwUEfl.exe
  C:\Windows\System\OcwUEfl.exe
  2⤵
  PID:3256
- C:\Windows\System\qccFBJK.exe
  C:\Windows\System\qccFBJK.exe
  2⤵
  PID:5228
- C:\Windows\System\XoDGVNQ.exe
  C:\Windows\System\XoDGVNQ.exe
  2⤵
  PID:3968
- C:\Windows\System\fVptyLw.exe
  C:\Windows\System\fVptyLw.exe
  2⤵
  PID:5648
- C:\Windows\System\KsDWSQL.exe
  C:\Windows\System\KsDWSQL.exe
  2⤵
  PID:5872
- C:\Windows\System\TWIkjmV.exe
  C:\Windows\System\TWIkjmV.exe
  2⤵
  PID:5992
- C:\Windows\System\XPTlaYG.exe
  C:\Windows\System\XPTlaYG.exe
  2⤵
  PID:6152
- C:\Windows\System\ZhdsaFL.exe
  C:\Windows\System\ZhdsaFL.exe
  2⤵
  PID:6176
- C:\Windows\System\eiqCFwm.exe
  C:\Windows\System\eiqCFwm.exe
  2⤵
  PID:6204
- C:\Windows\System\ifBRvhS.exe
  C:\Windows\System\ifBRvhS.exe
  2⤵
  PID:6232
- C:\Windows\System\gCAiJVn.exe
  C:\Windows\System\gCAiJVn.exe
  2⤵
  PID:6256
- C:\Windows\System\LifTKKQ.exe
  C:\Windows\System\LifTKKQ.exe
  2⤵
  PID:6292
- C:\Windows\System\hYVgbKO.exe
  C:\Windows\System\hYVgbKO.exe
  2⤵
  PID:6316
- C:\Windows\System\XPjquxz.exe
  C:\Windows\System\XPjquxz.exe
  2⤵
  PID:6340
- C:\Windows\System\XeaMJHk.exe
  C:\Windows\System\XeaMJHk.exe
  2⤵
  PID:6368
- C:\Windows\System\KcDjyDO.exe
  C:\Windows\System\KcDjyDO.exe
  2⤵
  PID:6396
- C:\Windows\System\XxUFYgH.exe
  C:\Windows\System\XxUFYgH.exe
  2⤵
  PID:6424
- C:\Windows\System\CQIZXNn.exe
  C:\Windows\System\CQIZXNn.exe
  2⤵
  PID:6452
- C:\Windows\System\FXDVpgk.exe
  C:\Windows\System\FXDVpgk.exe
  2⤵
  PID:6484
- C:\Windows\System\sxQJkCK.exe
  C:\Windows\System\sxQJkCK.exe
  2⤵
  PID:6508
- C:\Windows\System\cYaIppj.exe
  C:\Windows\System\cYaIppj.exe
  2⤵
  PID:6540
- C:\Windows\System\usuvcTC.exe
  C:\Windows\System\usuvcTC.exe
  2⤵
  PID:6564
- C:\Windows\System\QFdqGuV.exe
  C:\Windows\System\QFdqGuV.exe
  2⤵
  PID:6592
- C:\Windows\System\giBEZhh.exe
  C:\Windows\System\giBEZhh.exe
  2⤵
  PID:6620
- C:\Windows\System\VZatRej.exe
  C:\Windows\System\VZatRej.exe
  2⤵
  PID:6648
- C:\Windows\System\YwblQDc.exe
  C:\Windows\System\YwblQDc.exe
  2⤵
  PID:6676
- C:\Windows\System\BMKRHFL.exe
  C:\Windows\System\BMKRHFL.exe
  2⤵
  PID:6708
- C:\Windows\System\SXFxnTK.exe
  C:\Windows\System\SXFxnTK.exe
  2⤵
  PID:6732
- C:\Windows\System\tYoLqoi.exe
  C:\Windows\System\tYoLqoi.exe
  2⤵
  PID:6764
- C:\Windows\System\eaEvcpj.exe
  C:\Windows\System\eaEvcpj.exe
  2⤵
  PID:6788
- C:\Windows\System\FLadNoE.exe
  C:\Windows\System\FLadNoE.exe
  2⤵
  PID:6816
- C:\Windows\System\HmBmpTr.exe
  C:\Windows\System\HmBmpTr.exe
  2⤵
  PID:6844
- C:\Windows\System\aNSAjAZ.exe
  C:\Windows\System\aNSAjAZ.exe
  2⤵
  PID:6912
- C:\Windows\System\mjDYzwo.exe
  C:\Windows\System\mjDYzwo.exe
  2⤵
  PID:6944
- C:\Windows\System\XGXBhSB.exe
  C:\Windows\System\XGXBhSB.exe
  2⤵
  PID:6972
- C:\Windows\System\sTqZGto.exe
  C:\Windows\System\sTqZGto.exe
  2⤵
  PID:6988
- C:\Windows\System\jjXWSxe.exe
  C:\Windows\System\jjXWSxe.exe
  2⤵
  PID:7008
- C:\Windows\System\Hojyvcw.exe
  C:\Windows\System\Hojyvcw.exe
  2⤵
  PID:7048
- C:\Windows\System\NMgvyRQ.exe
  C:\Windows\System\NMgvyRQ.exe
  2⤵
  PID:7068
- C:\Windows\System\XOStbtF.exe
  C:\Windows\System\XOStbtF.exe
  2⤵
  PID:7096
- C:\Windows\System\qILkVfV.exe
  C:\Windows\System\qILkVfV.exe
  2⤵
  PID:7116
- C:\Windows\System\rjEeCSl.exe
  C:\Windows\System\rjEeCSl.exe
  2⤵
  PID:7156
- C:\Windows\System\buyrirJ.exe
  C:\Windows\System\buyrirJ.exe
  2⤵
  PID:5208
- C:\Windows\System\slYtvuR.exe
  C:\Windows\System\slYtvuR.exe
  2⤵
  PID:1984
- C:\Windows\System\WndgJbA.exe
  C:\Windows\System\WndgJbA.exe
  2⤵
  PID:2996
- C:\Windows\System\VoVmlBr.exe
  C:\Windows\System\VoVmlBr.exe
  2⤵
  PID:2964
- C:\Windows\System\YbxTcAJ.exe
  C:\Windows\System\YbxTcAJ.exe
  2⤵
  PID:916
- C:\Windows\System\SaUkiOj.exe
  C:\Windows\System\SaUkiOj.exe
  2⤵
  PID:2232
- C:\Windows\System\mWfQKAw.exe
  C:\Windows\System\mWfQKAw.exe
  2⤵
  PID:6188
- C:\Windows\System\CoruMeL.exe
  C:\Windows\System\CoruMeL.exe
  2⤵
  PID:6224
- C:\Windows\System\dAnuACa.exe
  C:\Windows\System\dAnuACa.exe
  2⤵
  PID:6328
- C:\Windows\System\pgzPYCt.exe
  C:\Windows\System\pgzPYCt.exe
  2⤵
  PID:6448
- C:\Windows\System\TsYgMoR.exe
  C:\Windows\System\TsYgMoR.exe
  2⤵
  PID:6496
- C:\Windows\System\kwWWtCQ.exe
  C:\Windows\System\kwWWtCQ.exe
  2⤵
  PID:6528
- C:\Windows\System\wRxshkr.exe
  C:\Windows\System\wRxshkr.exe
  2⤵
  PID:6612
- C:\Windows\System\NjEPAXz.exe
  C:\Windows\System\NjEPAXz.exe
  2⤵
  PID:6664
- C:\Windows\System\HxqVmtS.exe
  C:\Windows\System\HxqVmtS.exe
  2⤵
  PID:2376
- C:\Windows\System\jpZfbWf.exe
  C:\Windows\System\jpZfbWf.exe
  2⤵
  PID:6776
- C:\Windows\System\umBLJBC.exe
  C:\Windows\System\umBLJBC.exe
  2⤵
  PID:4848
- C:\Windows\System\lyQTlcP.exe
  C:\Windows\System\lyQTlcP.exe
  2⤵
  PID:6876
- C:\Windows\System\NjzReOz.exe
  C:\Windows\System\NjzReOz.exe
  2⤵
  PID:1708
- C:\Windows\System\BzKFcvk.exe
  C:\Windows\System\BzKFcvk.exe
  2⤵
  PID:4092
- C:\Windows\System\GbDhXjT.exe
  C:\Windows\System\GbDhXjT.exe
  2⤵
  PID:2432
- C:\Windows\System\jkqWGcW.exe
  C:\Windows\System\jkqWGcW.exe
  2⤵
  PID:6928
- C:\Windows\System\lgUKmTh.exe
  C:\Windows\System\lgUKmTh.exe
  2⤵
  PID:6940
- C:\Windows\System\NHHtKDZ.exe
  C:\Windows\System\NHHtKDZ.exe
  2⤵
  PID:7044
- C:\Windows\System\SAJZPFv.exe
  C:\Windows\System\SAJZPFv.exe
  2⤵
  PID:7136
- C:\Windows\System\MTsoUKs.exe
  C:\Windows\System\MTsoUKs.exe
  2⤵
  PID:3468
- C:\Windows\System\mQXenQj.exe
  C:\Windows\System\mQXenQj.exe
  2⤵
  PID:4004
- C:\Windows\System\CNbaMVW.exe
  C:\Windows\System\CNbaMVW.exe
  2⤵
  PID:2748
- C:\Windows\System\ghwSFmj.exe
  C:\Windows\System\ghwSFmj.exe
  2⤵
  PID:6392
- C:\Windows\System\AgYDlJz.exe
  C:\Windows\System\AgYDlJz.exe
  2⤵
  PID:6476
- C:\Windows\System\Avbzprt.exe
  C:\Windows\System\Avbzprt.exe
  2⤵
  PID:6640
- C:\Windows\System\KQTtZvu.exe
  C:\Windows\System\KQTtZvu.exe
  2⤵
  PID:6700
- C:\Windows\System\pONZEmq.exe
  C:\Windows\System\pONZEmq.exe
  2⤵
  PID:6808
- C:\Windows\System\ajIAPyr.exe
  C:\Windows\System\ajIAPyr.exe
  2⤵
  PID:6872
- C:\Windows\System\pDPdZYp.exe
  C:\Windows\System\pDPdZYp.exe
  2⤵
  PID:2308
- C:\Windows\System\oIuVFJt.exe
  C:\Windows\System\oIuVFJt.exe
  2⤵
  PID:6936
- C:\Windows\System\hqbiMZD.exe
  C:\Windows\System\hqbiMZD.exe
  2⤵
  PID:6984
- C:\Windows\System\MIzLRWF.exe
  C:\Windows\System\MIzLRWF.exe
  2⤵
  PID:3516
- C:\Windows\System\MVrZhJF.exe
  C:\Windows\System\MVrZhJF.exe
  2⤵
  PID:6472
- C:\Windows\System\rXtvkAw.exe
  C:\Windows\System\rXtvkAw.exe
  2⤵
  PID:6880
- C:\Windows\System\PbmSkED.exe
  C:\Windows\System\PbmSkED.exe
  2⤵
  PID:7028
- C:\Windows\System\AOxRVEj.exe
  C:\Windows\System\AOxRVEj.exe
  2⤵
  PID:4804
- C:\Windows\System\LoAyUtL.exe
  C:\Windows\System\LoAyUtL.exe
  2⤵
  PID:2704
- C:\Windows\System\vuBYluS.exe
  C:\Windows\System\vuBYluS.exe
  2⤵
  PID:6896
- C:\Windows\System\tFonWjP.exe
  C:\Windows\System\tFonWjP.exe
  2⤵
  PID:7180
- C:\Windows\System\nOzZTOD.exe
  C:\Windows\System\nOzZTOD.exe
  2⤵
  PID:7208
- C:\Windows\System\NbbkhjF.exe
  C:\Windows\System\NbbkhjF.exe
  2⤵
  PID:7240
- C:\Windows\System\FAkZMcp.exe
  C:\Windows\System\FAkZMcp.exe
  2⤵
  PID:7268
- C:\Windows\System\PqXoayU.exe
  C:\Windows\System\PqXoayU.exe
  2⤵
  PID:7292
- C:\Windows\System\fhMsTwb.exe
  C:\Windows\System\fhMsTwb.exe
  2⤵
  PID:7308
- C:\Windows\System\pEoVWXZ.exe
  C:\Windows\System\pEoVWXZ.exe
  2⤵
  PID:7336
- C:\Windows\System\DMeZyeW.exe
  C:\Windows\System\DMeZyeW.exe
  2⤵
  PID:7356
- C:\Windows\System\pvLpFXt.exe
  C:\Windows\System\pvLpFXt.exe
  2⤵
  PID:7424
- C:\Windows\System\SEgezhk.exe
  C:\Windows\System\SEgezhk.exe
  2⤵
  PID:7444
- C:\Windows\System\NHLrXfP.exe
  C:\Windows\System\NHLrXfP.exe
  2⤵
  PID:7460
- C:\Windows\System\PRbgStE.exe
  C:\Windows\System\PRbgStE.exe
  2⤵
  PID:7488
- C:\Windows\System\RjdsXlF.exe
  C:\Windows\System\RjdsXlF.exe
  2⤵
  PID:7504
- C:\Windows\System\nOXfMpQ.exe
  C:\Windows\System\nOXfMpQ.exe
  2⤵
  PID:7520
- C:\Windows\System\fUTTxTv.exe
  C:\Windows\System\fUTTxTv.exe
  2⤵
  PID:7540
- C:\Windows\System\DysluYA.exe
  C:\Windows\System\DysluYA.exe
  2⤵
  PID:7564
- C:\Windows\System\ntyWqib.exe
  C:\Windows\System\ntyWqib.exe
  2⤵
  PID:7616
- C:\Windows\System\jNUWBxt.exe
  C:\Windows\System\jNUWBxt.exe
  2⤵
  PID:7636
- C:\Windows\System\TRbocwD.exe
  C:\Windows\System\TRbocwD.exe
  2⤵
  PID:7652
- C:\Windows\System\zwiBcwt.exe
  C:\Windows\System\zwiBcwt.exe
  2⤵
  PID:7696
- C:\Windows\System\BNpoztj.exe
  C:\Windows\System\BNpoztj.exe
  2⤵
  PID:7732
- C:\Windows\System\UUiPhKa.exe
  C:\Windows\System\UUiPhKa.exe
  2⤵
  PID:7752
- C:\Windows\System\wKdzJpe.exe
  C:\Windows\System\wKdzJpe.exe
  2⤵
  PID:7808
- C:\Windows\System\xirZwXp.exe
  C:\Windows\System\xirZwXp.exe
  2⤵
  PID:7828
- C:\Windows\System\NvezOrs.exe
  C:\Windows\System\NvezOrs.exe
  2⤵
  PID:7852
- C:\Windows\System\vztcNvj.exe
  C:\Windows\System\vztcNvj.exe
  2⤵
  PID:7872
- C:\Windows\System\vIUAOkA.exe
  C:\Windows\System\vIUAOkA.exe
  2⤵
  PID:7896
- C:\Windows\System\sOiULYa.exe
  C:\Windows\System\sOiULYa.exe
  2⤵
  PID:7916
- C:\Windows\System\KqOOsFd.exe
  C:\Windows\System\KqOOsFd.exe
  2⤵
  PID:7972
- C:\Windows\System\cpTJJiu.exe
  C:\Windows\System\cpTJJiu.exe
  2⤵
  PID:7992
- C:\Windows\System\CUFBfXC.exe
  C:\Windows\System\CUFBfXC.exe
  2⤵
  PID:8048
- C:\Windows\System\aNHxlBa.exe
  C:\Windows\System\aNHxlBa.exe
  2⤵
  PID:8064
- C:\Windows\System\NDINnzu.exe
  C:\Windows\System\NDINnzu.exe
  2⤵
  PID:8092
- C:\Windows\System\pOYlEcU.exe
  C:\Windows\System\pOYlEcU.exe
  2⤵
  PID:8120
- C:\Windows\System\ioXXOPc.exe
  C:\Windows\System\ioXXOPc.exe
  2⤵
  PID:8148
- C:\Windows\System\WupurFc.exe
  C:\Windows\System\WupurFc.exe
  2⤵
  PID:8172
- C:\Windows\System\qUEnPaj.exe
  C:\Windows\System\qUEnPaj.exe
  2⤵
  PID:6440
- C:\Windows\System\uFhHjFa.exe
  C:\Windows\System\uFhHjFa.exe
  2⤵
  PID:7204
- C:\Windows\System\TiUhJpp.exe
  C:\Windows\System\TiUhJpp.exe
  2⤵
  PID:7236
- C:\Windows\System\Kajbqbc.exe
  C:\Windows\System\Kajbqbc.exe
  2⤵
  PID:7276
- C:\Windows\System\hksjKUF.exe
  C:\Windows\System\hksjKUF.exe
  2⤵
  PID:7344
- C:\Windows\System\KLmdEcU.exe
  C:\Windows\System\KLmdEcU.exe
  2⤵
  PID:7440
- C:\Windows\System\udeNzKu.exe
  C:\Windows\System\udeNzKu.exe
  2⤵
  PID:7420
- C:\Windows\System\GbLWrwf.exe
  C:\Windows\System\GbLWrwf.exe
  2⤵
  PID:7496
- C:\Windows\System\IPoQeKE.exe
  C:\Windows\System\IPoQeKE.exe
  2⤵
  PID:7560
- C:\Windows\System\pCgJqDA.exe
  C:\Windows\System\pCgJqDA.exe
  2⤵
  PID:7628
- C:\Windows\System\amYbmJd.exe
  C:\Windows\System\amYbmJd.exe
  2⤵
  PID:7764
- C:\Windows\System\wvnqyWi.exe
  C:\Windows\System\wvnqyWi.exe
  2⤵
  PID:7936
- C:\Windows\System\ekvOKKB.exe
  C:\Windows\System\ekvOKKB.exe
  2⤵
  PID:8008
- C:\Windows\System\hBMqOhD.exe
  C:\Windows\System\hBMqOhD.exe
  2⤵
  PID:8056
- C:\Windows\System\XUHqrRQ.exe
  C:\Windows\System\XUHqrRQ.exe
  2⤵
  PID:8128
- C:\Windows\System\cBMSevW.exe
  C:\Windows\System\cBMSevW.exe
  2⤵
  PID:8188
- C:\Windows\System\dYyEksD.exe
  C:\Windows\System\dYyEksD.exe
  2⤵
  PID:7300
- C:\Windows\System\eRyPyxe.exe
  C:\Windows\System\eRyPyxe.exe
  2⤵
  PID:7220
- C:\Windows\System\NJdlHii.exe
  C:\Windows\System\NJdlHii.exe
  2⤵
  PID:7284
- C:\Windows\System\TrEkARM.exe
  C:\Windows\System\TrEkARM.exe
  2⤵
  PID:7712
- C:\Windows\System\cSSNidm.exe
  C:\Windows\System\cSSNidm.exe
  2⤵
  PID:7988
- C:\Windows\System\WDQsgyG.exe
  C:\Windows\System\WDQsgyG.exe
  2⤵
  PID:7960
- C:\Windows\System\hxNaGMr.exe
  C:\Windows\System\hxNaGMr.exe
  2⤵
  PID:8144
- C:\Windows\System\pXxhldZ.exe
  C:\Windows\System\pXxhldZ.exe
  2⤵
  PID:7392
- C:\Windows\System\AOupopL.exe
  C:\Windows\System\AOupopL.exe
  2⤵
  PID:7836
- C:\Windows\System\GcgudNo.exe
  C:\Windows\System\GcgudNo.exe
  2⤵
  PID:8072
- C:\Windows\System\FOZLlxd.exe
  C:\Windows\System\FOZLlxd.exe
  2⤵
  PID:8204
- C:\Windows\System\KKUtwGY.exe
  C:\Windows\System\KKUtwGY.exe
  2⤵
  PID:8228
- C:\Windows\System\qypyBWp.exe
  C:\Windows\System\qypyBWp.exe
  2⤵
  PID:8300
- C:\Windows\System\oQhFuce.exe
  C:\Windows\System\oQhFuce.exe
  2⤵
  PID:8320
- C:\Windows\System\uOsORST.exe
  C:\Windows\System\uOsORST.exe
  2⤵
  PID:8344
- C:\Windows\System\XJLSkAu.exe
  C:\Windows\System\XJLSkAu.exe
  2⤵
  PID:8372
- C:\Windows\System\dfMKKLr.exe
  C:\Windows\System\dfMKKLr.exe
  2⤵
  PID:8388
- C:\Windows\System\ALPUPrQ.exe
  C:\Windows\System\ALPUPrQ.exe
  2⤵
  PID:8412
- C:\Windows\System\VqIYXeq.exe
  C:\Windows\System\VqIYXeq.exe
  2⤵
  PID:8444
- C:\Windows\System\spDbsRn.exe
  C:\Windows\System\spDbsRn.exe
  2⤵
  PID:8488
- C:\Windows\System\ucTbzBX.exe
  C:\Windows\System\ucTbzBX.exe
  2⤵
  PID:8512
- C:\Windows\System\wUopynS.exe
  C:\Windows\System\wUopynS.exe
  2⤵
  PID:8536
- C:\Windows\System\yeGDhJN.exe
  C:\Windows\System\yeGDhJN.exe
  2⤵
  PID:8556
- C:\Windows\System\InkWkdt.exe
  C:\Windows\System\InkWkdt.exe
  2⤵
  PID:8584
- C:\Windows\System\Hwojjgf.exe
  C:\Windows\System\Hwojjgf.exe
  2⤵
  PID:8624
- C:\Windows\System\mJjmCYg.exe
  C:\Windows\System\mJjmCYg.exe
  2⤵
  PID:8652
- C:\Windows\System\PLUbQSi.exe
  C:\Windows\System\PLUbQSi.exe
  2⤵
  PID:8676
- C:\Windows\System\uLycbcv.exe
  C:\Windows\System\uLycbcv.exe
  2⤵
  PID:8696
- C:\Windows\System\qibyNan.exe
  C:\Windows\System\qibyNan.exe
  2⤵
  PID:8724
- C:\Windows\System\ideSMib.exe
  C:\Windows\System\ideSMib.exe
  2⤵
  PID:8740
- C:\Windows\System\oTWiGGK.exe
  C:\Windows\System\oTWiGGK.exe
  2⤵
  PID:8788
- C:\Windows\System\XKhlUiV.exe
  C:\Windows\System\XKhlUiV.exe
  2⤵
  PID:8804
- C:\Windows\System\DnoQWgj.exe
  C:\Windows\System\DnoQWgj.exe
  2⤵
  PID:8828
- C:\Windows\System\EhpvHAD.exe
  C:\Windows\System\EhpvHAD.exe
  2⤵
  PID:8848
- C:\Windows\System\xDtheTF.exe
  C:\Windows\System\xDtheTF.exe
  2⤵
  PID:8876
- C:\Windows\System\UzCsAeG.exe
  C:\Windows\System\UzCsAeG.exe
  2⤵
  PID:8916
- C:\Windows\System\SDsKrNf.exe
  C:\Windows\System\SDsKrNf.exe
  2⤵
  PID:8936
- C:\Windows\System\wHKVBZB.exe
  C:\Windows\System\wHKVBZB.exe
  2⤵
  PID:8988
- C:\Windows\System\VbWSEWd.exe
  C:\Windows\System\VbWSEWd.exe
  2⤵
  PID:9004
- C:\Windows\System\Lgvvpdh.exe
  C:\Windows\System\Lgvvpdh.exe
  2⤵
  PID:9032
- C:\Windows\System\nahZBcH.exe
  C:\Windows\System\nahZBcH.exe
  2⤵
  PID:9064
- C:\Windows\System\JTtVdFb.exe
  C:\Windows\System\JTtVdFb.exe
  2⤵
  PID:9096
- C:\Windows\System\ocjqwZQ.exe
  C:\Windows\System\ocjqwZQ.exe
  2⤵
  PID:9132
- C:\Windows\System\rtkcapL.exe
  C:\Windows\System\rtkcapL.exe
  2⤵
  PID:9160
- C:\Windows\System\nCmdMuq.exe
  C:\Windows\System\nCmdMuq.exe
  2⤵
  PID:9184
- C:\Windows\System\sEssaSW.exe
  C:\Windows\System\sEssaSW.exe
  2⤵
  PID:7956
- C:\Windows\System\FSyIhci.exe
  C:\Windows\System\FSyIhci.exe
  2⤵
  PID:8200
- C:\Windows\System\zmzGmOJ.exe
  C:\Windows\System\zmzGmOJ.exe
  2⤵
  PID:8256
- C:\Windows\System\pAbwJPF.exe
  C:\Windows\System\pAbwJPF.exe
  2⤵
  PID:8336
- C:\Windows\System\AmkIMIO.exe
  C:\Windows\System\AmkIMIO.exe
  2⤵
  PID:8364
- C:\Windows\System\UEaJchN.exe
  C:\Windows\System\UEaJchN.exe
  2⤵
  PID:8456
- C:\Windows\System\GNNtVoj.exe
  C:\Windows\System\GNNtVoj.exe
  2⤵
  PID:8520
- C:\Windows\System\ltDoAPX.exe
  C:\Windows\System\ltDoAPX.exe
  2⤵
  PID:8616
- C:\Windows\System\PweZgcz.exe
  C:\Windows\System\PweZgcz.exe
  2⤵
  PID:8660
- C:\Windows\System\vmOSLvW.exe
  C:\Windows\System\vmOSLvW.exe
  2⤵
  PID:8712
- C:\Windows\System\YUqlGbm.exe
  C:\Windows\System\YUqlGbm.exe
  2⤵
  PID:8784
- C:\Windows\System\yFabCDb.exe
  C:\Windows\System\yFabCDb.exe
  2⤵
  PID:8796
- C:\Windows\System\DRHnfgg.exe
  C:\Windows\System\DRHnfgg.exe
  2⤵
  PID:8896
- C:\Windows\System\ZTcCLWy.exe
  C:\Windows\System\ZTcCLWy.exe
  2⤵
  PID:8960
- C:\Windows\System\ELertvr.exe
  C:\Windows\System\ELertvr.exe
  2⤵
  PID:9024
- C:\Windows\System\CDdHLlP.exe
  C:\Windows\System\CDdHLlP.exe
  2⤵
  PID:9104
- C:\Windows\System\SNsEkjc.exe
  C:\Windows\System\SNsEkjc.exe
  2⤵
  PID:9148
- C:\Windows\System\KGwjphr.exe
  C:\Windows\System\KGwjphr.exe
  2⤵
  PID:8196
- C:\Windows\System\DrqBuCK.exe
  C:\Windows\System\DrqBuCK.exe
  2⤵
  PID:8356
- C:\Windows\System\IFnWdju.exe
  C:\Windows\System\IFnWdju.exe
  2⤵
  PID:8496
- C:\Windows\System\TzfYVjW.exe
  C:\Windows\System\TzfYVjW.exe
  2⤵
  PID:8668
- C:\Windows\System\IlKRGJg.exe
  C:\Windows\System\IlKRGJg.exe
  2⤵
  PID:8736
- C:\Windows\System\ehrPVqK.exe
  C:\Windows\System\ehrPVqK.exe
  2⤵
  PID:8904
- C:\Windows\System\QzAebnV.exe
  C:\Windows\System\QzAebnV.exe
  2⤵
  PID:9168
- C:\Windows\System\mMtTpyp.exe
  C:\Windows\System\mMtTpyp.exe
  2⤵
  PID:8260
- C:\Windows\System\sTxcyGh.exe
  C:\Windows\System\sTxcyGh.exe
  2⤵
  PID:8672
- C:\Windows\System\soHOUlS.exe
  C:\Windows\System\soHOUlS.exe
  2⤵
  PID:8864
- C:\Windows\System\kQxRKva.exe
  C:\Windows\System\kQxRKva.exe
  2⤵
  PID:9180
- C:\Windows\System\dvCllNN.exe
  C:\Windows\System\dvCllNN.exe
  2⤵
  PID:8352
- C:\Windows\System\vmXAWvV.exe
  C:\Windows\System\vmXAWvV.exe
  2⤵
  PID:9244
- C:\Windows\System\UFgVXKU.exe
  C:\Windows\System\UFgVXKU.exe
  2⤵
  PID:9268
- C:\Windows\System\pYYeIca.exe
  C:\Windows\System\pYYeIca.exe
  2⤵
  PID:9312
- C:\Windows\System\FFnFmCk.exe
  C:\Windows\System\FFnFmCk.exe
  2⤵
  PID:9332
- C:\Windows\System\klqxDoR.exe
  C:\Windows\System\klqxDoR.exe
  2⤵
  PID:9364
- C:\Windows\System\CqIueKw.exe
  C:\Windows\System\CqIueKw.exe
  2⤵
  PID:9404
- C:\Windows\System\mDtcXJZ.exe
  C:\Windows\System\mDtcXJZ.exe
  2⤵
  PID:9424
- C:\Windows\System\TqzKuGC.exe
  C:\Windows\System\TqzKuGC.exe
  2⤵
  PID:9448
- C:\Windows\System\QQEqYWu.exe
  C:\Windows\System\QQEqYWu.exe
  2⤵
  PID:9488
- C:\Windows\System\zxRJQgj.exe
  C:\Windows\System\zxRJQgj.exe
  2⤵
  PID:9508
- C:\Windows\System\VSJSZeO.exe
  C:\Windows\System\VSJSZeO.exe
  2⤵
  PID:9588
- C:\Windows\System\RXwEqtn.exe
  C:\Windows\System\RXwEqtn.exe
  2⤵
  PID:9632
- C:\Windows\System\YlENntc.exe
  C:\Windows\System\YlENntc.exe
  2⤵
  PID:9652
- C:\Windows\System\PeMWmnW.exe
  C:\Windows\System\PeMWmnW.exe
  2⤵
  PID:9716
- C:\Windows\System\wvyNXAT.exe
  C:\Windows\System\wvyNXAT.exe
  2⤵
  PID:9732
- C:\Windows\System\PsEISGE.exe
  C:\Windows\System\PsEISGE.exe
  2⤵
  PID:9748
- C:\Windows\System\ByJqhts.exe
  C:\Windows\System\ByJqhts.exe
  2⤵
  PID:9764
- C:\Windows\System\NrbOFmf.exe
  C:\Windows\System\NrbOFmf.exe
  2⤵
  PID:9780
- C:\Windows\System\eXaMolT.exe
  C:\Windows\System\eXaMolT.exe
  2⤵
  PID:9796
- C:\Windows\System\VtceUfw.exe
  C:\Windows\System\VtceUfw.exe
  2⤵
  PID:9884
- C:\Windows\System\mxmlEUh.exe
  C:\Windows\System\mxmlEUh.exe
  2⤵
  PID:9908
- C:\Windows\System\cUHOHah.exe
  C:\Windows\System\cUHOHah.exe
  2⤵
  PID:9932
- C:\Windows\System\nTHERzF.exe
  C:\Windows\System\nTHERzF.exe
  2⤵
  PID:10008
- C:\Windows\System\KeXMvdp.exe
  C:\Windows\System\KeXMvdp.exe
  2⤵
  PID:10028
- C:\Windows\System\KXhjQSv.exe
  C:\Windows\System\KXhjQSv.exe
  2⤵
  PID:10044
- C:\Windows\System\SeESxZZ.exe
  C:\Windows\System\SeESxZZ.exe
  2⤵
  PID:10072
- C:\Windows\System\xYltYlP.exe
  C:\Windows\System\xYltYlP.exe
  2⤵
  PID:10096
- C:\Windows\System\kFnUHsp.exe
  C:\Windows\System\kFnUHsp.exe
  2⤵
  PID:10112
- C:\Windows\System\NLHZZrJ.exe
  C:\Windows\System\NLHZZrJ.exe
  2⤵
  PID:10132
- C:\Windows\System\SLWYaoc.exe
  C:\Windows\System\SLWYaoc.exe
  2⤵
  PID:10156
- C:\Windows\System\akJgfUr.exe
  C:\Windows\System\akJgfUr.exe
  2⤵
  PID:10180
- C:\Windows\System\OSVjQqU.exe
  C:\Windows\System\OSVjQqU.exe
  2⤵
  PID:10204
- C:\Windows\System\WOQbyVB.exe
  C:\Windows\System\WOQbyVB.exe
  2⤵
  PID:9224
- C:\Windows\System\DjKaQBy.exe
  C:\Windows\System\DjKaQBy.exe
  2⤵
  PID:9296
- C:\Windows\System\SSbuYXi.exe
  C:\Windows\System\SSbuYXi.exe
  2⤵
  PID:9380
- C:\Windows\System\uwQONxj.exe
  C:\Windows\System\uwQONxj.exe
  2⤵
  PID:9444
- C:\Windows\System\aGLNTjo.exe
  C:\Windows\System\aGLNTjo.exe
  2⤵
  PID:9468
- C:\Windows\System\hwfUsGq.exe
  C:\Windows\System\hwfUsGq.exe
  2⤵
  PID:9500
- C:\Windows\System\HfWkNSa.exe
  C:\Windows\System\HfWkNSa.exe
  2⤵
  PID:9604
- C:\Windows\System\IverIOx.exe
  C:\Windows\System\IverIOx.exe
  2⤵
  PID:9524
- C:\Windows\System\klcVIyI.exe
  C:\Windows\System\klcVIyI.exe
  2⤵
  PID:9756
- C:\Windows\System\BJDKatj.exe
  C:\Windows\System\BJDKatj.exe
  2⤵
  PID:9676
- C:\Windows\System\ezcuBNW.exe
  C:\Windows\System\ezcuBNW.exe
  2⤵
  PID:9660
- C:\Windows\System\YhubsNJ.exe
  C:\Windows\System\YhubsNJ.exe
  2⤵
  PID:9860
- C:\Windows\System\KrQZCje.exe
  C:\Windows\System\KrQZCje.exe
  2⤵
  PID:9916
- C:\Windows\System\XxeeVBh.exe
  C:\Windows\System\XxeeVBh.exe
  2⤵
  PID:9956
- C:\Windows\System\ihsdfVk.exe
  C:\Windows\System\ihsdfVk.exe
  2⤵
  PID:10004
- C:\Windows\System\bFLQbyw.exe
  C:\Windows\System\bFLQbyw.exe
  2⤵
  PID:10068
- C:\Windows\System\PbFecbE.exe
  C:\Windows\System\PbFecbE.exe
  2⤵
  PID:10124
- C:\Windows\System\citDVJq.exe
  C:\Windows\System\citDVJq.exe
  2⤵
  PID:10140
- C:\Windows\System\mDVhXbx.exe
  C:\Windows\System\mDVhXbx.exe
  2⤵
  PID:9264
- C:\Windows\System\mAFeDMj.exe
  C:\Windows\System\mAFeDMj.exe
  2⤵
  PID:9356
- C:\Windows\System\fxwhuUS.exe
  C:\Windows\System\fxwhuUS.exe
  2⤵
  PID:9516
- C:\Windows\System\riDRZvu.exe
  C:\Windows\System\riDRZvu.exe
  2⤵
  PID:9772
- C:\Windows\System\iEIETXf.exe
  C:\Windows\System\iEIETXf.exe
  2⤵
  PID:9904
- C:\Windows\System\dfOCjvt.exe
  C:\Windows\System\dfOCjvt.exe
  2⤵
  PID:9896
- C:\Windows\System\ONsRrwt.exe
  C:\Windows\System\ONsRrwt.exe
  2⤵
  PID:10080
- C:\Windows\System\YaeJyHu.exe
  C:\Windows\System\YaeJyHu.exe
  2⤵
  PID:9252
- C:\Windows\System\hkYgTtg.exe
  C:\Windows\System\hkYgTtg.exe
  2⤵
  PID:9288
- C:\Windows\System\CAWrDLy.exe
  C:\Windows\System\CAWrDLy.exe
  2⤵
  PID:9624
- C:\Windows\System\AxSMFOg.exe
  C:\Windows\System\AxSMFOg.exe
  2⤵
  PID:9664
- C:\Windows\System\pecLLbX.exe
  C:\Windows\System\pecLLbX.exe
  2⤵
  PID:10104
- C:\Windows\System\rEwUQhW.exe
  C:\Windows\System\rEwUQhW.exe
  2⤵
  PID:9596
- C:\Windows\System\YWJWAPu.exe
  C:\Windows\System\YWJWAPu.exe
  2⤵
  PID:10064
- C:\Windows\System\oVkgtFD.exe
  C:\Windows\System\oVkgtFD.exe
  2⤵
  PID:10256
- C:\Windows\System\WHbdkva.exe
  C:\Windows\System\WHbdkva.exe
  2⤵
  PID:10308
- C:\Windows\System\JexwlQg.exe
  C:\Windows\System\JexwlQg.exe
  2⤵
  PID:10328
- C:\Windows\System\scttflg.exe
  C:\Windows\System\scttflg.exe
  2⤵
  PID:10348
- C:\Windows\System\nxeBNgH.exe
  C:\Windows\System\nxeBNgH.exe
  2⤵
  PID:10368
- C:\Windows\System\qYjrMLd.exe
  C:\Windows\System\qYjrMLd.exe
  2⤵
  PID:10396
- C:\Windows\System\mxmySol.exe
  C:\Windows\System\mxmySol.exe
  2⤵
  PID:10420
- C:\Windows\System\DxViXrP.exe
  C:\Windows\System\DxViXrP.exe
  2⤵
  PID:10472
- C:\Windows\System\OnkLzbr.exe
  C:\Windows\System\OnkLzbr.exe
  2⤵
  PID:10500
- C:\Windows\System\CvTetPw.exe
  C:\Windows\System\CvTetPw.exe
  2⤵
  PID:10528
- C:\Windows\System\hZebClI.exe
  C:\Windows\System\hZebClI.exe
  2⤵
  PID:10548
- C:\Windows\System\BBkKnxG.exe
  C:\Windows\System\BBkKnxG.exe
  2⤵
  PID:10572
- C:\Windows\System\jZjlkMu.exe
  C:\Windows\System\jZjlkMu.exe
  2⤵
  PID:10616
- C:\Windows\System\KyhniYj.exe
  C:\Windows\System\KyhniYj.exe
  2⤵
  PID:10640
- C:\Windows\System\gtJXJoh.exe
  C:\Windows\System\gtJXJoh.exe
  2⤵
  PID:10660
- C:\Windows\System\xswjVyo.exe
  C:\Windows\System\xswjVyo.exe
  2⤵
  PID:10688
- C:\Windows\System\fOxlDdz.exe
  C:\Windows\System\fOxlDdz.exe
  2⤵
  PID:10708
- C:\Windows\System\CtJoEQG.exe
  C:\Windows\System\CtJoEQG.exe
  2⤵
  PID:10732
- C:\Windows\System\HuOTJKn.exe
  C:\Windows\System\HuOTJKn.exe
  2⤵
  PID:10768
- C:\Windows\System\WDSWexS.exe
  C:\Windows\System\WDSWexS.exe
  2⤵
  PID:10808
- C:\Windows\System\mENOYUV.exe
  C:\Windows\System\mENOYUV.exe
  2⤵
  PID:10836
- C:\Windows\System\rfruWRJ.exe
  C:\Windows\System\rfruWRJ.exe
  2⤵
  PID:10856
- C:\Windows\System\zFWUejp.exe
  C:\Windows\System\zFWUejp.exe
  2⤵
  PID:10888
- C:\Windows\System\lDzznZG.exe
  C:\Windows\System\lDzznZG.exe
  2⤵
  PID:10912
- C:\Windows\System\ZalIvuj.exe
  C:\Windows\System\ZalIvuj.exe
  2⤵
  PID:10932
- C:\Windows\System\MEPocpq.exe
  C:\Windows\System\MEPocpq.exe
  2⤵
  PID:10960
- C:\Windows\System\piMWYYW.exe
  C:\Windows\System\piMWYYW.exe
  2⤵
  PID:10984
- C:\Windows\System\nisodkY.exe
  C:\Windows\System\nisodkY.exe
  2⤵
  PID:11008
- C:\Windows\System\xfCSuDF.exe
  C:\Windows\System\xfCSuDF.exe
  2⤵
  PID:11044
- C:\Windows\System\PHrzeKf.exe
  C:\Windows\System\PHrzeKf.exe
  2⤵
  PID:11080
- C:\Windows\System\pSEHKZY.exe
  C:\Windows\System\pSEHKZY.exe
  2⤵
  PID:11116
- C:\Windows\System\UaoaTaO.exe
  C:\Windows\System\UaoaTaO.exe
  2⤵
  PID:11160
- C:\Windows\System\eiWbNBc.exe
  C:\Windows\System\eiWbNBc.exe
  2⤵
  PID:11180
- C:\Windows\System\SkTITDr.exe
  C:\Windows\System\SkTITDr.exe
  2⤵
  PID:11204
- C:\Windows\System\mmJtPrq.exe
  C:\Windows\System\mmJtPrq.exe
  2⤵
  PID:11220
- C:\Windows\System\rbtHsMC.exe
  C:\Windows\System\rbtHsMC.exe
  2⤵
  PID:11236
- C:\Windows\System\UOSRdhH.exe
  C:\Windows\System\UOSRdhH.exe
  2⤵
  PID:9584
- C:\Windows\System\nihsSIM.exe
  C:\Windows\System\nihsSIM.exe
  2⤵
  PID:10304
- C:\Windows\System\VAZjOUx.exe
  C:\Windows\System\VAZjOUx.exe
  2⤵
  PID:10428
- C:\Windows\System\IFBLYCF.exe
  C:\Windows\System\IFBLYCF.exe
  2⤵
  PID:10416
- C:\Windows\System\YUOoqPY.exe
  C:\Windows\System\YUOoqPY.exe
  2⤵
  PID:10520
- C:\Windows\System\vNoXrzW.exe
  C:\Windows\System\vNoXrzW.exe
  2⤵
  PID:10540
- C:\Windows\System\wuHSCpA.exe
  C:\Windows\System\wuHSCpA.exe
  2⤵
  PID:10668
- C:\Windows\System\AbyRyrF.exe
  C:\Windows\System\AbyRyrF.exe
  2⤵
  PID:10744
- C:\Windows\System\pWEFgtz.exe
  C:\Windows\System\pWEFgtz.exe
  2⤵
  PID:10752
- C:\Windows\System\fPRojBM.exe
  C:\Windows\System\fPRojBM.exe
  2⤵
  PID:10820
- C:\Windows\System\KgLPlcH.exe
  C:\Windows\System\KgLPlcH.exe
  2⤵
  PID:10848
- C:\Windows\System\XuWVyAA.exe
  C:\Windows\System\XuWVyAA.exe
  2⤵
  PID:10952
- C:\Windows\System\IxuhOmp.exe
  C:\Windows\System\IxuhOmp.exe
  2⤵
  PID:11088
- C:\Windows\System\XwBbTDI.exe
  C:\Windows\System\XwBbTDI.exe
  2⤵
  PID:11064
- C:\Windows\System\wMiFGUz.exe
  C:\Windows\System\wMiFGUz.exe
  2⤵
  PID:11140
- C:\Windows\System\dehTXPA.exe
  C:\Windows\System\dehTXPA.exe
  2⤵
  PID:11156
- C:\Windows\System\ucudOpV.exe
  C:\Windows\System\ucudOpV.exe
  2⤵
  PID:10248
- C:\Windows\System\QFqbrPD.exe
  C:\Windows\System\QFqbrPD.exe
  2⤵
  PID:11248
- C:\Windows\System\zSipajf.exe
  C:\Windows\System\zSipajf.exe
  2⤵
  PID:10320
- C:\Windows\System\hPiJZyR.exe
  C:\Windows\System\hPiJZyR.exe
  2⤵
  PID:10676
- C:\Windows\System\zSOgZQo.exe
  C:\Windows\System\zSOgZQo.exe
  2⤵
  PID:10924
- C:\Windows\System\VlITFdA.exe
  C:\Windows\System\VlITFdA.exe
  2⤵
  PID:11004
- C:\Windows\System\cClIqJM.exe
  C:\Windows\System\cClIqJM.exe
  2⤵
  PID:10968
- C:\Windows\System\AOjGSxe.exe
  C:\Windows\System\AOjGSxe.exe
  2⤵
  PID:11228
- C:\Windows\System\BHOyDtG.exe
  C:\Windows\System\BHOyDtG.exe
  2⤵
  PID:10728
- C:\Windows\System\WIiDtoY.exe
  C:\Windows\System\WIiDtoY.exe
  2⤵
  PID:10544
- C:\Windows\System\dyYXzEl.exe
  C:\Windows\System\dyYXzEl.exe
  2⤵
  PID:10364
- C:\Windows\System\pBeMptP.exe
  C:\Windows\System\pBeMptP.exe
  2⤵
  PID:11296
- C:\Windows\System\YfakoTr.exe
  C:\Windows\System\YfakoTr.exe
  2⤵
  PID:11344
- C:\Windows\System\bXThlEO.exe
  C:\Windows\System\bXThlEO.exe
  2⤵
  PID:11364
- C:\Windows\System\ykhMivX.exe
  C:\Windows\System\ykhMivX.exe
  2⤵
  PID:11384
- C:\Windows\System\XuQABpa.exe
  C:\Windows\System\XuQABpa.exe
  2⤵
  PID:11420
- C:\Windows\System\MJQgqEO.exe
  C:\Windows\System\MJQgqEO.exe
  2⤵
  PID:11444
- C:\Windows\System\wSgNZbq.exe
  C:\Windows\System\wSgNZbq.exe
  2⤵
  PID:11464
- C:\Windows\System\gpjXhvq.exe
  C:\Windows\System\gpjXhvq.exe
  2⤵
  PID:11512
- C:\Windows\System\TtRPMWd.exe
  C:\Windows\System\TtRPMWd.exe
  2⤵
  PID:11532
- C:\Windows\System\jiEkTgj.exe
  C:\Windows\System\jiEkTgj.exe
  2⤵
  PID:11564
- C:\Windows\System\IkUvTkQ.exe
  C:\Windows\System\IkUvTkQ.exe
  2⤵
  PID:11584
- C:\Windows\System\NgQemWO.exe
  C:\Windows\System\NgQemWO.exe
  2⤵
  PID:11604
- C:\Windows\System\BZMwdQv.exe
  C:\Windows\System\BZMwdQv.exe
  2⤵
  PID:11640
- C:\Windows\System\UuAKcGF.exe
  C:\Windows\System\UuAKcGF.exe
  2⤵
  PID:11660
- C:\Windows\System\fuhSyQd.exe
  C:\Windows\System\fuhSyQd.exe
  2⤵
  PID:11688
- C:\Windows\System\zZHEcJG.exe
  C:\Windows\System\zZHEcJG.exe
  2⤵
  PID:11716
- C:\Windows\System\lNSHwIh.exe
  C:\Windows\System\lNSHwIh.exe
  2⤵
  PID:11752
- C:\Windows\System\LiCkiWB.exe
  C:\Windows\System\LiCkiWB.exe
  2⤵
  PID:11776
- C:\Windows\System\jKCmbKC.exe
  C:\Windows\System\jKCmbKC.exe
  2⤵
  PID:11800
- C:\Windows\System\ZNxkGNr.exe
  C:\Windows\System\ZNxkGNr.exe
  2⤵
  PID:11820
- C:\Windows\System\XMBdtoK.exe
  C:\Windows\System\XMBdtoK.exe
  2⤵
  PID:11872
- C:\Windows\System\vYmtIzU.exe
  C:\Windows\System\vYmtIzU.exe
  2⤵
  PID:11892
- C:\Windows\System\iXUrciO.exe
  C:\Windows\System\iXUrciO.exe
  2⤵
  PID:11920
- C:\Windows\System\tHunbLM.exe
  C:\Windows\System\tHunbLM.exe
  2⤵
  PID:11944
- C:\Windows\System\tlhYlPU.exe
  C:\Windows\System\tlhYlPU.exe
  2⤵
  PID:11992
- C:\Windows\System\APJlwvp.exe
  C:\Windows\System\APJlwvp.exe
  2⤵
  PID:12012
- C:\Windows\System\NtCijlF.exe
  C:\Windows\System\NtCijlF.exe
  2⤵
  PID:12060
- C:\Windows\System\OsANmVV.exe
  C:\Windows\System\OsANmVV.exe
  2⤵
  PID:12080
- C:\Windows\System\pmdPJQw.exe
  C:\Windows\System\pmdPJQw.exe
  2⤵
  PID:12108
- C:\Windows\System\fwfgeNu.exe
  C:\Windows\System\fwfgeNu.exe
  2⤵
  PID:12124
- C:\Windows\System\tXfXSOS.exe
  C:\Windows\System\tXfXSOS.exe
  2⤵
  PID:12144
- C:\Windows\System\vaUmyWk.exe
  C:\Windows\System\vaUmyWk.exe
  2⤵
  PID:12172
- C:\Windows\System\QWcLEUP.exe
  C:\Windows\System\QWcLEUP.exe
  2⤵
  PID:12220
- C:\Windows\System\lNoLyaZ.exe
  C:\Windows\System\lNoLyaZ.exe
  2⤵
  PID:12244
- C:\Windows\System\QUNhLoy.exe
  C:\Windows\System\QUNhLoy.exe
  2⤵
  PID:12264
- C:\Windows\System\cbdtSlK.exe
  C:\Windows\System\cbdtSlK.exe
  2⤵
  PID:10760
- C:\Windows\System\IYNAtoD.exe
  C:\Windows\System\IYNAtoD.exe
  2⤵
  PID:11288
- C:\Windows\System\zCkGhBd.exe
  C:\Windows\System\zCkGhBd.exe
  2⤵
  PID:11352
- C:\Windows\System\XBVNWxh.exe
  C:\Windows\System\XBVNWxh.exe
  2⤵
  PID:11436
- C:\Windows\System\tsBaQsy.exe
  C:\Windows\System\tsBaQsy.exe
  2⤵
  PID:11500
- C:\Windows\System\prqZWpM.exe
  C:\Windows\System\prqZWpM.exe
  2⤵
  PID:11520
- C:\Windows\System\GuMPAgv.exe
  C:\Windows\System\GuMPAgv.exe
  2⤵
  PID:11628
- C:\Windows\System\pHSASui.exe
  C:\Windows\System\pHSASui.exe
  2⤵
  PID:11708
- C:\Windows\System\sysvtUK.exe
  C:\Windows\System\sysvtUK.exe
  2⤵
  PID:11740
- C:\Windows\System\vRKvhdT.exe
  C:\Windows\System\vRKvhdT.exe
  2⤵
  PID:11784
- C:\Windows\System\udvnaaz.exe
  C:\Windows\System\udvnaaz.exe
  2⤵
  PID:11928
- C:\Windows\System\BiisRcg.exe
  C:\Windows\System\BiisRcg.exe
  2⤵
  PID:11888
- C:\Windows\System\QmCoBwI.exe
  C:\Windows\System\QmCoBwI.exe
  2⤵
  PID:12000
- C:\Windows\System\BPfhMgh.exe
  C:\Windows\System\BPfhMgh.exe
  2⤵
  PID:12028
- C:\Windows\System\QiDoGBn.exe
  C:\Windows\System\QiDoGBn.exe
  2⤵
  PID:12100
- C:\Windows\System\FQNexmI.exe
  C:\Windows\System\FQNexmI.exe
  2⤵
  PID:12164
- C:\Windows\System\LZWPwPV.exe
  C:\Windows\System\LZWPwPV.exe
  2⤵
  PID:11268
- C:\Windows\System\XGxgEug.exe
  C:\Windows\System\XGxgEug.exe
  2⤵
  PID:11340
- C:\Windows\System\FoCCpZl.exe
  C:\Windows\System\FoCCpZl.exe
  2⤵
  PID:11496
- C:\Windows\System\KFvfoiH.exe
  C:\Windows\System\KFvfoiH.exe
  2⤵
  PID:11624
- C:\Windows\System\vfPmaTc.exe
  C:\Windows\System\vfPmaTc.exe
  2⤵
  PID:11676
- C:\Windows\System\GnlTBUI.exe
  C:\Windows\System\GnlTBUI.exe
  2⤵
  PID:11792
- C:\Windows\System\cXJrEhW.exe
  C:\Windows\System\cXJrEhW.exe
  2⤵
  PID:12096
- C:\Windows\System\yvHJFQZ.exe
  C:\Windows\System\yvHJFQZ.exe
  2⤵
  PID:3196
- C:\Windows\System\EYZqcMH.exe
  C:\Windows\System\EYZqcMH.exe
  2⤵
  PID:12216
- C:\Windows\System\SHEdebr.exe
  C:\Windows\System\SHEdebr.exe
  2⤵
  PID:11440
- C:\Windows\System\bGElNvt.exe
  C:\Windows\System\bGElNvt.exe
  2⤵
  PID:11908
- C:\Windows\System\RSaEOMN.exe
  C:\Windows\System\RSaEOMN.exe
  2⤵
  PID:4072
- C:\Windows\System\SUEtYvu.exe
  C:\Windows\System\SUEtYvu.exe
  2⤵
  PID:11428
- C:\Windows\System\rCyEygZ.exe
  C:\Windows\System\rCyEygZ.exe
  2⤵
  PID:3684
- C:\Windows\System\ncYLNix.exe
  C:\Windows\System\ncYLNix.exe
  2⤵
  PID:12232
- C:\Windows\System\TGnQcaA.exe
  C:\Windows\System\TGnQcaA.exe
  2⤵
  PID:12304
- C:\Windows\System\MgKdWlZ.exe
  C:\Windows\System\MgKdWlZ.exe
  2⤵
  PID:12352
- C:\Windows\System\NbWzdpW.exe
  C:\Windows\System\NbWzdpW.exe
  2⤵
  PID:12380
- C:\Windows\System\papcmZg.exe
  C:\Windows\System\papcmZg.exe
  2⤵
  PID:12404
- C:\Windows\System\CVopVdA.exe
  C:\Windows\System\CVopVdA.exe
  2⤵
  PID:12428
- C:\Windows\System\LJxoOXS.exe
  C:\Windows\System\LJxoOXS.exe
  2⤵
  PID:12448
- C:\Windows\System\VmcOMFz.exe
  C:\Windows\System\VmcOMFz.exe
  2⤵
  PID:12476
- C:\Windows\System\DDAdBeg.exe
  C:\Windows\System\DDAdBeg.exe
  2⤵
  PID:12516
- C:\Windows\System\JrCzGZi.exe
  C:\Windows\System\JrCzGZi.exe
  2⤵
  PID:12544
- C:\Windows\System\HHAaJPR.exe
  C:\Windows\System\HHAaJPR.exe
  2⤵
  PID:12564
- C:\Windows\System\fkAaQVS.exe
  C:\Windows\System\fkAaQVS.exe
  2⤵
  PID:12588
- C:\Windows\System\dTQtPCb.exe
  C:\Windows\System\dTQtPCb.exe
  2⤵
  PID:12616
- C:\Windows\System\pbvjgWm.exe
  C:\Windows\System\pbvjgWm.exe
  2⤵
  PID:12640
- C:\Windows\System\hEmqEDk.exe
  C:\Windows\System\hEmqEDk.exe
  2⤵
  PID:12672
- C:\Windows\System\xjOKyel.exe
  C:\Windows\System\xjOKyel.exe
  2⤵
  PID:12728
- C:\Windows\System\XQXvKvF.exe
  C:\Windows\System\XQXvKvF.exe
  2⤵
  PID:12756
- C:\Windows\System\ymkjtWB.exe
  C:\Windows\System\ymkjtWB.exe
  2⤵
  PID:12776
- C:\Windows\System\NMmHxYc.exe
  C:\Windows\System\NMmHxYc.exe
  2⤵
  PID:12796
- C:\Windows\System\qLfoIPh.exe
  C:\Windows\System\qLfoIPh.exe
  2⤵
  PID:12828
- C:\Windows\System\godZbAT.exe
  C:\Windows\System\godZbAT.exe
  2⤵
  PID:12860
- C:\Windows\System\LTspluP.exe
  C:\Windows\System\LTspluP.exe
  2⤵
  PID:12880
- C:\Windows\System\rTJGGEo.exe
  C:\Windows\System\rTJGGEo.exe
  2⤵
  PID:12908
- C:\Windows\System\ishOPkm.exe
  C:\Windows\System\ishOPkm.exe
  2⤵
  PID:12944
- C:\Windows\System\qaRyRUm.exe
  C:\Windows\System\qaRyRUm.exe
  2⤵
  PID:12984
- C:\Windows\System\cElXfWb.exe
  C:\Windows\System\cElXfWb.exe
  2⤵
  PID:13000
- C:\Windows\System\AbjiItZ.exe
  C:\Windows\System\AbjiItZ.exe
  2⤵
  PID:13024
- C:\Windows\System\bduxpgL.exe
  C:\Windows\System\bduxpgL.exe
  2⤵
  PID:13064
- C:\Windows\System\RWqFtWT.exe
  C:\Windows\System\RWqFtWT.exe
  2⤵
  PID:13084
- C:\Windows\System\sUwZYxF.exe
  C:\Windows\System\sUwZYxF.exe
  2⤵
  PID:13104
- C:\Windows\System\sQAojAu.exe
  C:\Windows\System\sQAojAu.exe
  2⤵
  PID:13140
- C:\Windows\System\MyLGFNF.exe
  C:\Windows\System\MyLGFNF.exe
  2⤵
  PID:13160
- C:\Windows\System\QmHOIuM.exe
  C:\Windows\System\QmHOIuM.exe
  2⤵
  PID:13244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fmgmws1i.aiu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ATnXzjQ.exe

Filesize
1.9MB

MD5
69a234bb7e511da19953308b9f46b861

SHA1
e3bb7aba8d3d65af0fdc64cb14da6181aa619f29

SHA256
f1a00cb226b89cccf39ae02f299ef4ce649fc79733ce96e51e63cfc6baa7bb57

SHA512
238aadd8c1d54692625206998c49d0a95f1670db7ece775453b5720f931ea7a5ac00a02a671d17bf193d0aa9e94e4aa10aa9e2df1040dc8d9e2809ebced33139

Download Submit
C:\Windows\System\DgEslDe.exe

Filesize
1.9MB

MD5
e6dc25128deadefbdcd986ca0d2c6c94

SHA1
08504d9a15e0a0d7438947f1c0160121f4019cac

SHA256
e2a2a10f58341020bfd4fe2be6fd6276fc3cbe396e68465209d630916934bb2f

SHA512
4a98aefba04cb24eefc13e827f8442f528fca86ab0373c9c0c866003616366694e7f1c8ec8dda4575e5810eb2212203d138a9618d3e282cc79074f5aa7dc664a

Download Submit
C:\Windows\System\Dwicqzk.exe

Filesize
1.9MB

MD5
9d701d18b542b043c53a9a621dbef7d5

SHA1
95edf0aa372f114401ddd897f5d6eeca439bf916

SHA256
90efa2cf3053cc3bd10725e97f14d0a8463d83662d3b18d485bbf463963bd170

SHA512
81eddfc43fa77194b8d7cce5eafa2ee02f8134d0c130e8180d90434d2c5b2651526d10f68b86c82bea3331f0adf8cd1a0b00cb17c4c668aa87ccc05655b8b0d2

Download Submit
C:\Windows\System\ENFpCxS.exe

Filesize
1.9MB

MD5
bed2a31ef1b982c688bcd704de76b429

SHA1
9bdb4d09b5d4f8d63223cd4a2aa038e6bd5d6805

SHA256
639fbafb2158e105643700c4f634aea5677e6a0a139d2f6eb8f3405a1f6d3141

SHA512
64901d25170abdfbbaa17b0d4d55a08cc1444043111cfb784eb6d3213c6c021ddb8496f99cafc24cc9abe6678007b5a588f4c2b11be8e9b5cfa7242fa6aaa302

Download Submit
C:\Windows\System\EgGFRsB.exe

Filesize
1.9MB

MD5
ab8c1176164751195e38ad8f3d892403

SHA1
632ccac93c9d3c49827621f4d9f3035c74fa4108

SHA256
8568681425241d3ce90563a087891755515fb8c6cf7dbc9f634916887d232eca

SHA512
1bdde9b55db15d5f64d5dbbe85551e44df71367f1237ba31bd57c1f09f9fa209bdea6a37db7cb64ff862a46aa4fdb86ddbe6f868e81b2b4d2416d537e263d772

Download Submit
C:\Windows\System\IRfuzEb.exe

Filesize
1.9MB

MD5
ea569a56aa97ddbea2fdeb61a9916b92

SHA1
2973269407e15d87f310d6b8b7f6856edce9efeb

SHA256
6d09cea0d2b0722518ff314914ec360eac2d4edaca5d43051b8f78d1f75348a0

SHA512
a7dad9d04a511b7adbc50c9317dedc1d5edda1e55cdd9470a14d3884d6ac119b24e2de78a25972f5c9e1012c870ca864acc2c2b1c39e867279dcf79c2396110a

Download Submit
C:\Windows\System\IrFcGmu.exe

Filesize
1.9MB

MD5
a47f17288deb996ec19544d9e4b7dc38

SHA1
817382e937eb4c661270f397b679b8a14db3f7eb

SHA256
d210ab62f145cb43b5f0283a04eef7b520de58bce01054c08298733d3ff50936

SHA512
abc900c747b65903ef84def3268b0f449fc44194abe69ae76ff89f184c966fd52b4a649fbae41973e2529875fe4c0dc780c0dfb7a418ff6d107d11298702e402

Download Submit
C:\Windows\System\JVNenRO.exe

Filesize
1.9MB

MD5
38d10e05372e543a70b2e14263ac148f

SHA1
0672dc31d29dd4f9dc78a33f92d2000d29177588

SHA256
bc6a7c3fabb527bb2bdb35df9312e1de0b79a674b5f5b6c48126b6ac6c60b63a

SHA512
e03f792f9e392f009ee00aa34ff1f99dbe9f32af1833351442928ddc9e1a0efbae74cfa687e2ef07966acb7b061b302b6a2050ca92bbfd409d619cd5470cb52b

Download Submit
C:\Windows\System\JXSdYxd.exe

Filesize
1.9MB

MD5
cd314c332eaf8fb8f62e10483546ce46

SHA1
32caf0f13ab2eee873a18cce17a4fa438d9d9499

SHA256
087a030778c3839eb632ab0e1843c3d87bccf18da0092729c772646de5f903b5

SHA512
6da54c2dc1c06cf184cdf41ad57e7f44dbe66a032bc90c1799dee45926360bc988b617e3cd94249cf88c6c52b3789d0df8a559cae2c680554ada7832f12a8d3d

Download Submit
C:\Windows\System\KgjkVLR.exe

Filesize
1.9MB

MD5
629cde09e3fdccfa0d467c06523725b3

SHA1
b000837a2b816447c19d6a0ac0c13ca8af8ba1f5

SHA256
e2da43e7863a1850b682ebbd2647b971ebe2d606a4f2547fe9ea26a72d574025

SHA512
2283f8b0b961b1ab5f86316ecb14db4f6319aa35140bddf20dd44b8046216919f56e8e5253238a56ed7a1199766ba0e83068fd051955af1bd771e2781026ec2b

Download Submit
C:\Windows\System\LDNcGRK.exe

Filesize
1.9MB

MD5
c7588af6dfc401ba683f98e7f8939ee4

SHA1
4aaecb9b18825b725e4e0fbb7d70117c53a300d4

SHA256
2585e4c1968a3952565e01a8bc44c058429ff2396dbaf9ab456da1546f50bea8

SHA512
b5fdb6cc3066ee7dc2df31669a9dd64e180940e54f42ab43b9653c065137e504476aed15bf102aab53587b5ae60e9d8f7f73fd72c13228e96c6f20863e6ac5af

Download Submit
C:\Windows\System\NNmZHZV.exe

Filesize
1.9MB

MD5
9434d1343323feb7c6b38888d02f4e34

SHA1
db41cd91707838f8f9e7cd805e515c919f507f40

SHA256
9fcb1455b625b6b9fc962f47119eea087a3c39060b32add450f7e63645398909

SHA512
372a73adb9ca11d5a00a819ff029c0bc0acdad1c2127c5d49ac1c2fea7a7046ee458d5095ff06c8287d32a1329f1dec9617a241bcc874a626d9d44100330cd94

Download Submit
C:\Windows\System\OeKrhLm.exe

Filesize
1.9MB

MD5
fb6985523e4bd14880b2bd2f7a8be8ca

SHA1
5891e41748a52ca1911ea34aaf71face581ad7f6

SHA256
3eb831db50b6237c3b62205fdf9ace82469294107504e74aa93306362bde339f

SHA512
fb25192726d82d8e14b67adc0bac2970f42c3aaf901e675d12258723ba5c0ca3dabf4138916bb960bb826a8b24a7adac3f0b83850b9d567b14ba1c0687a33eab

Download Submit
C:\Windows\System\PemZVgS.exe

Filesize
1.9MB

MD5
465fc1c943a70d35368a1ffec68af9b4

SHA1
6e8e4b5c2c3d1f5c03c63974d08f7e575eece97c

SHA256
1e0d257f8e68e8a5530fce1f575dc7210b923cead9b068320718aa169027092f

SHA512
fd1bd3a76e4d63de010b3edaedf7ad9080d7e12b87ba082cf6abea9c61d9379908ade1b6c8e5704b728aaacd0d610308a1b84cfbbfb5a14c6da2c1c5ba6e826d

Download Submit
C:\Windows\System\PvsLZjq.exe

Filesize
1.9MB

MD5
f81a47df3887d6fb9796fa9e0d1c1e2c

SHA1
aee2baf249993624be9afb384561cb20804d0fc2

SHA256
0fee3236538a83449cbf0e8c0c7a555c87b139adcf8814d6a8841d1aec779f3e

SHA512
37b3d4bc4abe7564a9274543629e6c3463e7fcfbfdcb919d2f9821faac63c4009aebf325d754fc39455a4af61353d709695e79c0646ab940a7741f4bdd452799

Download Submit
C:\Windows\System\QQDPpqy.exe

Filesize
1.9MB

MD5
9f41a9620bd9e8c689d16269814769f4

SHA1
c5d18df4349d0175a69ddd7d08c867d81e508e1f

SHA256
f9726ee016a110c09da89459d3b68871470b47aec606c3ec8b55264968c9c98d

SHA512
c9cd276321dd858000139b517f68d8bf383b6ef91a7928d0f04aa30933c315be2dde60bca89269f16e6b27a5c638d6537777fb39a947c086181ef27a5fb483c5

Download Submit
C:\Windows\System\RrCYQaQ.exe

Filesize
1.9MB

MD5
243a52aed8fdc1157e067335dbbb9cad

SHA1
37633dc7926e70e226d5c8f29fe25460f3244b33

SHA256
655239669d88e2d444ab8de35a37d24e644359c5dd9dd27a01f2bab7d95c2dc2

SHA512
ce7f260fca63eeeab496b314f4aa84461537f56197e7df3b9f428b3135f5782fd78749e69ed111c9ba30d2bf6b6fb17af93cbdf7614ac7b5b21594cf48c98bc9

Download Submit
C:\Windows\System\SPZoQih.exe

Filesize
1.9MB

MD5
4f33c74fb8d49d6c8997feb3091b0afd

SHA1
1b5fae96d5faab237d5ee9e91d710ecc805cc073

SHA256
7eeb3f2773c4c2bff40bf8cbd8ec95dacbbf8655ef7a084985facd6c64952193

SHA512
ca5b105cdbbb8f53ec60a3023b02848abe8e3c01d386375e788d3a4b5824ef9ada7e9847fda28a673393316ab0b8aef9f1faefbf8493a0c93121910c274cdab7

Download Submit
C:\Windows\System\STUOOZW.exe

Filesize
1.9MB

MD5
7f6897eecac3930ed8c1d675f43dac53

SHA1
a98cbaa7d1a6d07c133de3b021ffd287081652dc

SHA256
f4da83feb0b6ba603f90807f9fd7090c6511261c74587e75793d6bfcb26a0e28

SHA512
03a40a97dc090feee2f83399d0bfe4f878444b6abf72c1b0bebac235e6ffafa1e014bec5697d20751dbc53d7d8ddaea3b798746d628fc1c85f13bd803c9e8fc4

Download Submit
C:\Windows\System\WtVXSQc.exe

Filesize
1.9MB

MD5
4a6c73fcfb28532f1d2724877d09abd7

SHA1
4c0e78e56e106d68c623c30457d3ba7a65e1b9e6

SHA256
c7dd4a84041553bcfacbf2575385679c710457cbe17413f609c4e7edd7917f73

SHA512
3326676f8f78ce7c7bb44a4359e92396f7028543101e3f11bfb5167a45129637f1e12f24218ad52053475c6d110e221091f6d4c33b07f75b2f0a783722c5f7d1

Download Submit
C:\Windows\System\XODqJMe.exe

Filesize
1.9MB

MD5
10c8205113de9ee2b831fee0ad78f767

SHA1
2332a62e422e72e5adecd72e23747ac90faab18d

SHA256
94ed0cc5ccc029965a3878d11e220a33b147fe803bd06d878a60ccb9d607d144

SHA512
f50b99f0c41e75cc15e7ac519f65f218ae2e2c98ae35968ae0b701e256eed0defc4637497547fa2dd75d32df3d34606a7bf2ddaf11f4e725ac82d5cbc931640c

Download Submit
C:\Windows\System\XPLvtWd.exe

Filesize
1.9MB

MD5
b4d4976f17bc77186306976cd876632b

SHA1
37a3fd6cb928ecb159303440dd4ebc11519f40e4

SHA256
3b36d1afdad6cbcb480f9fa5daf405afda2061c2adab9e07bbcde053d6077882

SHA512
4b7fbf6738d0a602bcd311718a98ee5bae187bb5e73e08eb9da9dbfc0b29f9f126b8d04b6c5bf7c9a3d66fc469dd437acb8aac9f02549b6303cfb2fa03724c53

Download Submit
C:\Windows\System\aKxWeET.exe

Filesize
1.9MB

MD5
1310b150915b0363ac2bda25e81909ce

SHA1
298a72130b08818f3b8668593163d3d26ae1c7e6

SHA256
12ac46786b5f067a38f1de5804aaed10919f54428d213a7adecb486821c84039

SHA512
4134a4b23be09f191df9b5be5c15dff6b7c610bda4f17e668a83f65760083f80fe8b67a492543149e3f315ee63382ff3b1d5a069252cef7b6d4297bd581c9555

Download Submit
C:\Windows\System\aaLBjOR.exe

Filesize
8B

MD5
ca1847b29f977ccdd57b65636f9ba22c

SHA1
f6fca203ae4512974040ae125e2f6272395d679a

SHA256
411d0516017965065c0cf36862c00d7177a2bedec89ec2295cd23ee0ad1e1a85

SHA512
e71e6bc533b5d199f5aca1ee2d3ba2ba77ae5a621d5a9332f165488bdd85d17032c9369f4117c7f5e8253b40f3185d686a2a355a98044f5802431fcd9e5a62f6

Download Submit
C:\Windows\System\cJuGUNY.exe

Filesize
1.9MB

MD5
1612c62af4bca6e83ed7f98187ba6d54

SHA1
69d168e9e6f6e3acecf53dd9979aa96bd05d6a6c

SHA256
efcf9e7aa35b58100eef3cdb09db4dedc6c636e7073d90e9aee8720c819d1c65

SHA512
214ad644427c2dd050372144b71e291d0bcb848590290e028a09c0d96bc06f806f85986bad7fd2f35d0de0f641377b5b2287d22ea80bdd7acea298b261a6175b

Download Submit
C:\Windows\System\eLPHitx.exe

Filesize
1.9MB

MD5
abe2b8b24ba03efdee642a184d961e70

SHA1
437312166f0668195379a15d83ef907dd61ce35e

SHA256
2590487d453bc222d8c85b6828b63f74f853c093c07b9bc6807569593ab8d0e9

SHA512
f509e9dbd8e3fddf82ac9a2fae254714d9ea6cd648c1de5f8633c42f231e09ce362f239b6388fd40434e80b43970a6054342f4d2f8b1ec645abd2b4189a2b552

Download Submit
C:\Windows\System\jWaoGkK.exe

Filesize
1.9MB

MD5
d4d36a46b550476dbc1fbccd25c80e12

SHA1
ea1c32d8363166e48a1a1cfbd2626b57160f0ceb

SHA256
dc4f3736b848ad2d4cb2b2b4185ceebe677d0ac8338f454f00364019e5ec3f92

SHA512
5514876363bb7f03189867625d96f93a8db98f2ebf4e85f9904a02856c08efb1f4464f74e60f5a172da54ce8677c3ce6c44e5d25a7878e745c1a4147c3285b0f

Download Submit
C:\Windows\System\jqGxmNO.exe

Filesize
1.9MB

MD5
088901d01fcb0cc8acea8f14ba385987

SHA1
d4148ad94f59664ea332f5e60229cc8d87ae4a9e

SHA256
415397503a852cc9328ef27e0ee31b208ed89488ebfa3754b0458b137763aacf

SHA512
39df13a839192211b2528154630763d4cbe0df317f44d842f0ae8685f6236e0c90f1cd7c6697d8757155e5cda330cd938519a301d4078d7ecaa67b868dcc08d7

Download Submit
C:\Windows\System\qNEIOPb.exe

Filesize
1.9MB

MD5
3f707de55ff1c861cc288974a6b362cf

SHA1
518ee58f0739e4bb51b9ec324b53f180658605cb

SHA256
7079aa30543cc7d6659411734644c31829c09ff2ee4bee7b45a682e85d0e3c4a

SHA512
0d5e778b283f3923c74e1d7ec7241f702696be2b2f54323e97786a18f6cb7f75a7294a8600038476f6f80727421bc0a706ac82a6f05aa8b08e3520c1da94dd3b

Download Submit
C:\Windows\System\tnBtaPf.exe

Filesize
1.9MB

MD5
b2114d9eaecc256dc42a0969f4fffb2c

SHA1
0fcf29b788e286a9843523cf15c0877df34c84d7

SHA256
626bbd2408a700f5c1c5e992092ed75558d1b3165acccaee35fecdac3312cfe3

SHA512
28a9d051cb2197fa2f27ec111b0df999be6d35efcf5f6446971579e580cc104320b275f97636d1295655ffc9a04a4e11e6a1cdf4a5fe04176d2fc73f9faf7aab

Download Submit
C:\Windows\System\vsqIFOC.exe

Filesize
1.9MB

MD5
8d0b37fe62a8ea2ec84f10066fe2cfba

SHA1
275fa2736557dc7992ef5b3b4c5a5bfbcaab9401

SHA256
f4c4eb5ecb0ade546b785c2111bc108242f6908b3e56e92ad675e1c2cc49bb42

SHA512
c54e30d5e5dfd2b18c089ee3e6fc62976cd98dad6f6621d8cb3d46274aa2f6bccdbebb7716d4d3ab33d2c78c991d128db371283652ea1158f087e39f2e47bb06

Download Submit
C:\Windows\System\wkhuVmW.exe

Filesize
1.9MB

MD5
471209c5642a72d585fefa2853fe4eb6

SHA1
fc54b29f40e67780506a810ad3bab3cf8b6ddd43

SHA256
c7bd4f18236c1b2412fbb3129611c67c46b81a49452fc558822ae2224a45b01f

SHA512
5ce4a272f830cb0e514ceff4ac3e7641d55640fd85ec88b1681497885bbd8cc852efeeadf61ecb2db8373dead6f9eac6bd98cef2356378b716edc9b87576dfae

Download Submit
C:\Windows\System\xLDkWHH.exe

Filesize
1.9MB

MD5
c22636975fd8adc742f2e5fdc054ca3c

SHA1
2e4d6a64c3ac617e13774c12c17dc6f0cf4f3c71

SHA256
fe7d4a84f45ea576db3c3e8e56f36f3975bfdebaf0961793424b68266240cb4a

SHA512
a28fb0dca6f06ddc6bfb70016746d34c8f18ee0c0dd295c3769d57b3ead614db4d532df2667d727fb1cfed85a7b6321ae741420d4ddb8328f635c5e3068dca10

Download Submit
C:\Windows\System\yreXfNF.exe

Filesize
1.9MB

MD5
e5ba5e5c864355048c0291bb66a1ca18

SHA1
c0f15173fa693eb4a7041625b9427697c09d4a73

SHA256
df3352965d65bf2a03f036155eb352ca7236bf5c715acea30f5cd36664c30724

SHA512
4f5be7ea532a72584035fd1fe28dd3844d79dfae256d267f74494ef7ed96757c9d9fc09c2232964bf42635d8424ed5e9b71407cd7469084e99820d69245ed6ec

Download Submit
memory/908-103-0x00007FF766CF0000-0x00007FF7670E2000-memory.dmp

Filesize
3.9MB

Download
memory/908-2124-0x00007FF766CF0000-0x00007FF7670E2000-memory.dmp

Filesize
3.9MB

Download
memory/1132-52-0x00007FF6A98B0000-0x00007FF6A9CA2000-memory.dmp

Filesize
3.9MB

Download
memory/1132-2047-0x00007FF6A98B0000-0x00007FF6A9CA2000-memory.dmp

Filesize
3.9MB

Download
memory/1132-2121-0x00007FF6A98B0000-0x00007FF6A9CA2000-memory.dmp

Filesize
3.9MB

Download
memory/1144-2063-0x00007FF7B4450000-0x00007FF7B4842000-memory.dmp

Filesize
3.9MB

Download
memory/1144-2162-0x00007FF7B4450000-0x00007FF7B4842000-memory.dmp

Filesize
3.9MB

Download
memory/1144-142-0x00007FF7B4450000-0x00007FF7B4842000-memory.dmp

Filesize
3.9MB

Download
memory/1160-2048-0x00007FF7BE370000-0x00007FF7BE762000-memory.dmp

Filesize
3.9MB

Download
memory/1160-79-0x00007FF7BE370000-0x00007FF7BE762000-memory.dmp

Filesize
3.9MB

Download
memory/1160-2127-0x00007FF7BE370000-0x00007FF7BE762000-memory.dmp

Filesize
3.9MB

Download
memory/1244-2117-0x00007FF75AD50000-0x00007FF75B142000-memory.dmp

Filesize
3.9MB

Download
memory/1244-58-0x00007FF75AD50000-0x00007FF75B142000-memory.dmp

Filesize
3.9MB

Download
memory/1436-117-0x00007FF697BE0000-0x00007FF697FD2000-memory.dmp

Filesize
3.9MB

Download
memory/1436-2062-0x00007FF697BE0000-0x00007FF697FD2000-memory.dmp

Filesize
3.9MB

Download
memory/1436-2366-0x00007FF697BE0000-0x00007FF697FD2000-memory.dmp

Filesize
3.9MB

Download
memory/2436-2083-0x00007FF71C7D0000-0x00007FF71CBC2000-memory.dmp

Filesize
3.9MB

Download
memory/2436-2155-0x00007FF71C7D0000-0x00007FF71CBC2000-memory.dmp

Filesize
3.9MB

Download
memory/2436-154-0x00007FF71C7D0000-0x00007FF71CBC2000-memory.dmp

Filesize
3.9MB

Download
memory/2868-2115-0x00007FF73E120000-0x00007FF73E512000-memory.dmp

Filesize
3.9MB

Download
memory/2868-51-0x00007FF73E120000-0x00007FF73E512000-memory.dmp

Filesize
3.9MB

Download
memory/3040-2066-0x00007FF662790000-0x00007FF662B82000-memory.dmp

Filesize
3.9MB

Download
memory/3040-2157-0x00007FF662790000-0x00007FF662B82000-memory.dmp

Filesize
3.9MB

Download
memory/3040-148-0x00007FF662790000-0x00007FF662B82000-memory.dmp

Filesize
3.9MB

Download
memory/3268-2045-0x00007FF68D480000-0x00007FF68D872000-memory.dmp

Filesize
3.9MB

Download
memory/3268-90-0x00007FF68D480000-0x00007FF68D872000-memory.dmp

Filesize
3.9MB

Download
memory/3268-2138-0x00007FF68D480000-0x00007FF68D872000-memory.dmp

Filesize
3.9MB

Download
memory/3284-2147-0x00007FF6F19C0000-0x00007FF6F1DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3284-136-0x00007FF6F19C0000-0x00007FF6F1DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3400-110-0x00007FF6694E0000-0x00007FF6698D2000-memory.dmp

Filesize
3.9MB

Download
memory/3400-2131-0x00007FF6694E0000-0x00007FF6698D2000-memory.dmp

Filesize
3.9MB

Download
memory/3476-2096-0x00007FF6762E0000-0x00007FF6766D2000-memory.dmp

Filesize
3.9MB

Download
memory/3476-155-0x00007FF6762E0000-0x00007FF6766D2000-memory.dmp

Filesize
3.9MB

Download
memory/3476-2152-0x00007FF6762E0000-0x00007FF6766D2000-memory.dmp

Filesize
3.9MB

Download
memory/3708-4-0x00007FFDE86B3000-0x00007FFDE86B5000-memory.dmp

Filesize
8KB

Download
memory/3708-418-0x0000016470800000-0x0000016470FA6000-memory.dmp

Filesize
7.6MB

Download
memory/3708-2046-0x00007FFDE86B3000-0x00007FFDE86B5000-memory.dmp

Filesize
8KB

Download
memory/3708-29-0x000001646F990000-0x000001646F9B2000-memory.dmp

Filesize
136KB

Download
memory/3708-19-0x00007FFDE86B0000-0x00007FFDE9171000-memory.dmp

Filesize
10.8MB

Download
memory/3708-43-0x00007FFDE86B0000-0x00007FFDE9171000-memory.dmp

Filesize
10.8MB

Download
memory/3708-2093-0x00007FFDE86B0000-0x00007FFDE9171000-memory.dmp

Filesize
10.8MB

Download
memory/4028-91-0x00007FF7513A0000-0x00007FF751792000-memory.dmp

Filesize
3.9MB

Download
memory/4028-2113-0x00007FF7513A0000-0x00007FF751792000-memory.dmp

Filesize
3.9MB

Download
memory/4056-2141-0x00007FF7ABC80000-0x00007FF7AC072000-memory.dmp

Filesize
3.9MB

Download
memory/4056-113-0x00007FF7ABC80000-0x00007FF7AC072000-memory.dmp

Filesize
3.9MB

Download
memory/4124-0-0x00007FF624890000-0x00007FF624C82000-memory.dmp

Filesize
3.9MB

Download
memory/4124-1-0x000002E8C23D0000-0x000002E8C23E0000-memory.dmp

Filesize
64KB

Download
memory/4188-116-0x00007FF79D070000-0x00007FF79D462000-memory.dmp

Filesize
3.9MB

Download
memory/4188-2136-0x00007FF79D070000-0x00007FF79D462000-memory.dmp

Filesize
3.9MB

Download
memory/4220-123-0x00007FF619F30000-0x00007FF61A322000-memory.dmp

Filesize
3.9MB

Download
memory/4220-2139-0x00007FF619F30000-0x00007FF61A322000-memory.dmp

Filesize
3.9MB

Download
memory/4564-2119-0x00007FF7EF910000-0x00007FF7EFD02000-memory.dmp

Filesize
3.9MB

Download
memory/4564-99-0x00007FF7EF910000-0x00007FF7EFD02000-memory.dmp

Filesize
3.9MB

Download
memory/4580-129-0x00007FF6D0C40000-0x00007FF6D1032000-memory.dmp

Filesize
3.9MB

Download
memory/4580-2145-0x00007FF6D0C40000-0x00007FF6D1032000-memory.dmp

Filesize
3.9MB

Download
memory/4588-84-0x00007FF655120000-0x00007FF655512000-memory.dmp

Filesize
3.9MB

Download
memory/4588-2133-0x00007FF655120000-0x00007FF655512000-memory.dmp

Filesize
3.9MB

Download
memory/4604-2125-0x00007FF788000000-0x00007FF7883F2000-memory.dmp

Filesize
3.9MB

Download
memory/4604-2044-0x00007FF788000000-0x00007FF7883F2000-memory.dmp

Filesize
3.9MB

Download
memory/4604-66-0x00007FF788000000-0x00007FF7883F2000-memory.dmp

Filesize
3.9MB

Download
memory/4788-109-0x00007FF637040000-0x00007FF637432000-memory.dmp

Filesize
3.9MB

Download
memory/4788-2130-0x00007FF637040000-0x00007FF637432000-memory.dmp

Filesize
3.9MB

Download
memory/4980-130-0x00007FF7901E0000-0x00007FF7905D2000-memory.dmp

Filesize
3.9MB

Download
memory/4980-2144-0x00007FF7901E0000-0x00007FF7905D2000-memory.dmp

Filesize
3.9MB

Download
memory/5036-161-0x00007FF6D50A0000-0x00007FF6D5492000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2098-0x00007FF6D50A0000-0x00007FF6D5492000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2150-0x00007FF6D50A0000-0x00007FF6D5492000-memory.dmp

Filesize
3.9MB

Download