xmrig | ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165

Analysis

max time kernel
98s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
Size

1.7MB
MD5

d058f07a6400c72f211ebacc2cad1030
SHA1

bfd4bae46bddce19d839e432060f25e631dc190f
SHA256

ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165
SHA512

086b8bb90603bd6266fabd32210a62137637276f6968fcf5079a37c6985652bd5d61a0deb8c1c04ee3b73c3bd434841ad4e28300f253b1d61a5547696be06994
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkiptb8q33F1QeQthKJAc+StNfNuUv6asC22iJr+:Lz071uv4BPMkivwSbaMrf27C

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral2/memory/3284-13-0x00007FF729490000-0x00007FF729882000-memory.dmp	xmrig
behavioral2/memory/2036-68-0x00007FF6B4E40000-0x00007FF6B5232000-memory.dmp	xmrig
behavioral2/memory/4472-54-0x00007FF76BDC0000-0x00007FF76C1B2000-memory.dmp	xmrig
behavioral2/memory/1744-40-0x00007FF739680000-0x00007FF739A72000-memory.dmp	xmrig
behavioral2/memory/1712-35-0x00007FF618DB0000-0x00007FF6191A2000-memory.dmp	xmrig
behavioral2/memory/4444-32-0x00007FF63B610000-0x00007FF63BA02000-memory.dmp	xmrig
behavioral2/memory/4516-31-0x00007FF619990000-0x00007FF619D82000-memory.dmp	xmrig
behavioral2/memory/1620-395-0x00007FF610EE0000-0x00007FF6112D2000-memory.dmp	xmrig
behavioral2/memory/1648-396-0x00007FF724920000-0x00007FF724D12000-memory.dmp	xmrig
behavioral2/memory/3360-397-0x00007FF763170000-0x00007FF763562000-memory.dmp	xmrig
behavioral2/memory/4496-398-0x00007FF721A30000-0x00007FF721E22000-memory.dmp	xmrig
behavioral2/memory/1444-399-0x00007FF7FBAB0000-0x00007FF7FBEA2000-memory.dmp	xmrig
behavioral2/memory/4384-400-0x00007FF6391F0000-0x00007FF6395E2000-memory.dmp	xmrig
behavioral2/memory/3572-401-0x00007FF788350000-0x00007FF788742000-memory.dmp	xmrig
behavioral2/memory/3720-415-0x00007FF72C680000-0x00007FF72CA72000-memory.dmp	xmrig
behavioral2/memory/468-582-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp	xmrig
behavioral2/memory/2336-539-0x00007FF616D80000-0x00007FF617172000-memory.dmp	xmrig
behavioral2/memory/3308-490-0x00007FF63CE30000-0x00007FF63D222000-memory.dmp	xmrig
behavioral2/memory/2612-453-0x00007FF6F6D10000-0x00007FF6F7102000-memory.dmp	xmrig
behavioral2/memory/500-446-0x00007FF7DDA20000-0x00007FF7DDE12000-memory.dmp	xmrig
behavioral2/memory/2240-431-0x00007FF718250000-0x00007FF718642000-memory.dmp	xmrig
behavioral2/memory/1140-753-0x00007FF6A0E10000-0x00007FF6A1202000-memory.dmp	xmrig
behavioral2/memory/1948-653-0x00007FF68A960000-0x00007FF68AD52000-memory.dmp	xmrig
behavioral2/memory/3284-3032-0x00007FF729490000-0x00007FF729882000-memory.dmp	xmrig
behavioral2/memory/4108-3045-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	xmrig
behavioral2/memory/4472-3047-0x00007FF76BDC0000-0x00007FF76C1B2000-memory.dmp	xmrig
behavioral2/memory/3284-3079-0x00007FF729490000-0x00007FF729882000-memory.dmp	xmrig
behavioral2/memory/4516-3081-0x00007FF619990000-0x00007FF619D82000-memory.dmp	xmrig
behavioral2/memory/1744-3085-0x00007FF739680000-0x00007FF739A72000-memory.dmp	xmrig
behavioral2/memory/1712-3087-0x00007FF618DB0000-0x00007FF6191A2000-memory.dmp	xmrig
behavioral2/memory/4444-3084-0x00007FF63B610000-0x00007FF63BA02000-memory.dmp	xmrig
behavioral2/memory/2036-3090-0x00007FF6B4E40000-0x00007FF6B5232000-memory.dmp	xmrig
behavioral2/memory/4472-3091-0x00007FF76BDC0000-0x00007FF76C1B2000-memory.dmp	xmrig
behavioral2/memory/4108-3093-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	xmrig
behavioral2/memory/468-3101-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp	xmrig
behavioral2/memory/3720-3115-0x00007FF72C680000-0x00007FF72CA72000-memory.dmp	xmrig
behavioral2/memory/2240-3117-0x00007FF718250000-0x00007FF718642000-memory.dmp	xmrig
behavioral2/memory/500-3121-0x00007FF7DDA20000-0x00007FF7DDE12000-memory.dmp	xmrig
behavioral2/memory/2336-3125-0x00007FF616D80000-0x00007FF617172000-memory.dmp	xmrig
behavioral2/memory/3308-3123-0x00007FF63CE30000-0x00007FF63D222000-memory.dmp	xmrig
behavioral2/memory/2612-3119-0x00007FF6F6D10000-0x00007FF6F7102000-memory.dmp	xmrig
behavioral2/memory/3572-3114-0x00007FF788350000-0x00007FF788742000-memory.dmp	xmrig
behavioral2/memory/1948-3112-0x00007FF68A960000-0x00007FF68AD52000-memory.dmp	xmrig
behavioral2/memory/1648-3108-0x00007FF724920000-0x00007FF724D12000-memory.dmp	xmrig
behavioral2/memory/3360-3106-0x00007FF763170000-0x00007FF763562000-memory.dmp	xmrig
behavioral2/memory/1140-3104-0x00007FF6A0E10000-0x00007FF6A1202000-memory.dmp	xmrig
behavioral2/memory/4496-3100-0x00007FF721A30000-0x00007FF721E22000-memory.dmp	xmrig
behavioral2/memory/1620-3110-0x00007FF610EE0000-0x00007FF6112D2000-memory.dmp	xmrig
behavioral2/memory/1444-3098-0x00007FF7FBAB0000-0x00007FF7FBEA2000-memory.dmp	xmrig
behavioral2/memory/4384-3096-0x00007FF6391F0000-0x00007FF6395E2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
6	3972	powershell.exe
8	3972	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3972	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3284	gYcYOiU.exe
4516	tDYvuXX.exe
4444	XLNWDKq.exe
1712	WFKioxx.exe
1744	nqFgoFL.exe
4472	TIeAujD.exe
4108	LrIioAF.exe
2036	UjjRQmD.exe
468	PiJrrOP.exe
1948	IANSTcL.exe
1620	BQfitbV.exe
1648	GuREIQE.exe
1140	CWships.exe
3360	sKbFPxy.exe
4496	OyCMika.exe
1444	uAeXoug.exe
4384	SSpmZif.exe
3572	mlRPnKL.exe
3720	ThvMpaA.exe
2240	BTLpyAs.exe
500	okCFVUu.exe
2612	lXQoOgv.exe
3308	dCkKTgf.exe
2336	mxMxKye.exe
888	TiIlSyW.exe
4120	gQURxLG.exe
116	hBDRjOM.exe
764	JfeYoJE.exe
1016	ZWAKzaJ.exe
1984	OmRdqhi.exe
4664	JEqifAU.exe
4720	ixdUQhN.exe
3432	pHqbUhH.exe
2432	awZoHFo.exe
4324	sGUXgnq.exe
4536	rDgtwme.exe
1596	wVtHtZL.exe
3724	jEpFskd.exe
2820	SMZGDzA.exe
1436	NaqoJMk.exe
3172	lfTYCmt.exe
4948	dgeNyJb.exe
2424	gHuyWoq.exe
4240	xopnlwv.exe
1556	BmFUxaB.exe
3160	zdmaOoS.exe
2912	scWlIdN.exe
100	BYZuBZo.exe
4724	mKPhYvb.exe
3112	HnNXAoi.exe
3448	nEtvnaM.exe
5076	BrENlQm.exe
4476	RbXPIMx.exe
3516	vsUxRIp.exe
1792	YAwNLIX.exe
224	UmcCxTr.exe
1976	mmiyMoX.exe
4944	FDImcDl.exe
3760	CMefZxE.exe
3872	iICYEBi.exe
3192	wwifnaK.exe
2412	RmSBmdz.exe
3404	yEDbxjA.exe
4996	chgjLVp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2460-0-0x00007FF765D60000-0x00007FF766152000-memory.dmp	upx
behavioral2/files/0x0007000000023514-14.dat	upx
behavioral2/memory/3284-13-0x00007FF729490000-0x00007FF729882000-memory.dmp	upx
behavioral2/files/0x0007000000023516-23.dat	upx
behavioral2/files/0x0007000000023518-37.dat	upx
behavioral2/files/0x0007000000023519-41.dat	upx
behavioral2/files/0x0007000000023517-45.dat	upx
behavioral2/files/0x000700000002351e-73.dat	upx
behavioral2/files/0x0007000000023520-89.dat	upx
behavioral2/files/0x0007000000023523-96.dat	upx
behavioral2/files/0x0007000000023525-106.dat	upx
behavioral2/files/0x000700000002352a-136.dat	upx
behavioral2/files/0x000700000002352b-149.dat	upx
behavioral2/files/0x000700000002352f-161.dat	upx
behavioral2/files/0x0007000000023530-171.dat	upx
behavioral2/files/0x0007000000023532-181.dat	upx
behavioral2/files/0x0007000000023531-176.dat	upx
behavioral2/files/0x0008000000023528-174.dat	upx
behavioral2/files/0x000700000002352e-164.dat	upx
behavioral2/files/0x000700000002352d-159.dat	upx
behavioral2/files/0x000700000002352c-154.dat	upx
behavioral2/files/0x0008000000023529-139.dat	upx
behavioral2/files/0x0007000000023527-134.dat	upx
behavioral2/files/0x0007000000023526-129.dat	upx
behavioral2/files/0x0007000000023524-119.dat	upx
behavioral2/files/0x0007000000023522-99.dat	upx
behavioral2/files/0x0007000000023521-94.dat	upx
behavioral2/files/0x000700000002351f-84.dat	upx
behavioral2/files/0x000700000002351d-71.dat	upx
behavioral2/memory/2036-68-0x00007FF6B4E40000-0x00007FF6B5232000-memory.dmp	upx
behavioral2/files/0x000700000002351c-66.dat	upx
behavioral2/files/0x000700000002351b-61.dat	upx
behavioral2/memory/4472-54-0x00007FF76BDC0000-0x00007FF76C1B2000-memory.dmp	upx
behavioral2/files/0x000700000002351a-59.dat	upx
behavioral2/memory/4108-44-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	upx
behavioral2/memory/1744-40-0x00007FF739680000-0x00007FF739A72000-memory.dmp	upx
behavioral2/memory/1712-35-0x00007FF618DB0000-0x00007FF6191A2000-memory.dmp	upx
behavioral2/memory/4444-32-0x00007FF63B610000-0x00007FF63BA02000-memory.dmp	upx
behavioral2/memory/4516-31-0x00007FF619990000-0x00007FF619D82000-memory.dmp	upx
behavioral2/files/0x0008000000023510-25.dat	upx
behavioral2/files/0x0007000000023515-19.dat	upx
behavioral2/files/0x000800000002350d-6.dat	upx
behavioral2/memory/1620-395-0x00007FF610EE0000-0x00007FF6112D2000-memory.dmp	upx
behavioral2/memory/1648-396-0x00007FF724920000-0x00007FF724D12000-memory.dmp	upx
behavioral2/memory/3360-397-0x00007FF763170000-0x00007FF763562000-memory.dmp	upx
behavioral2/memory/4496-398-0x00007FF721A30000-0x00007FF721E22000-memory.dmp	upx
behavioral2/memory/1444-399-0x00007FF7FBAB0000-0x00007FF7FBEA2000-memory.dmp	upx
behavioral2/memory/4384-400-0x00007FF6391F0000-0x00007FF6395E2000-memory.dmp	upx
behavioral2/memory/3572-401-0x00007FF788350000-0x00007FF788742000-memory.dmp	upx
behavioral2/memory/3720-415-0x00007FF72C680000-0x00007FF72CA72000-memory.dmp	upx
behavioral2/memory/468-582-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp	upx
behavioral2/memory/2336-539-0x00007FF616D80000-0x00007FF617172000-memory.dmp	upx
behavioral2/memory/3308-490-0x00007FF63CE30000-0x00007FF63D222000-memory.dmp	upx
behavioral2/memory/2612-453-0x00007FF6F6D10000-0x00007FF6F7102000-memory.dmp	upx
behavioral2/memory/500-446-0x00007FF7DDA20000-0x00007FF7DDE12000-memory.dmp	upx
behavioral2/memory/2240-431-0x00007FF718250000-0x00007FF718642000-memory.dmp	upx
behavioral2/memory/1140-753-0x00007FF6A0E10000-0x00007FF6A1202000-memory.dmp	upx
behavioral2/memory/1948-653-0x00007FF68A960000-0x00007FF68AD52000-memory.dmp	upx
behavioral2/memory/3284-3032-0x00007FF729490000-0x00007FF729882000-memory.dmp	upx
behavioral2/memory/4108-3045-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	upx
behavioral2/memory/4472-3047-0x00007FF76BDC0000-0x00007FF76C1B2000-memory.dmp	upx
behavioral2/memory/3284-3079-0x00007FF729490000-0x00007FF729882000-memory.dmp	upx
behavioral2/memory/4516-3081-0x00007FF619990000-0x00007FF619D82000-memory.dmp	upx
behavioral2/memory/1744-3085-0x00007FF739680000-0x00007FF739A72000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
6	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YWMjUDW.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\HlUWBwd.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\uVsAPbt.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\LOBfXbN.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\RkyUwue.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\SGPSjUM.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\YeQZpQh.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\RLDsKVE.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\nFaZwYu.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\aCezaDA.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\gNxjcdM.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\YoPWAhY.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\FWNjvgK.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\sDwekir.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\phudRCB.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\yaUeNxb.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\ZEvGGAo.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\jZrVdrP.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\mLuSBCT.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\RaHPdso.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\cjvdowq.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\xJsjmsu.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\uomOGAh.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\DVCmKcQ.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\IOgDwPI.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\ZaCwysY.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\YQisOzn.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\RLZbbPy.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\PAqHSME.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\igVklRo.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\hfnHRhJ.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\OApezfZ.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\SVFcKbk.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\CxPfmuu.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\jmaMAVo.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\AfNgdTy.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\FiWVRLE.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\fJVaQeK.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\PEmOKch.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\txnVmJD.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\HQUjRfY.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\ZsIrFzP.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\BWTjkSA.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\OMvVGNZ.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\XvNEQRP.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\MNGkvGo.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\BlcPwBs.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\DRRihVH.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\IMCxfyJ.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\RQSEfJY.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\gNAuQvM.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\RISyYkf.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\zWkyxnf.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\PxBTqlF.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\fOzvQvQ.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\BkDoykf.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\HvCnsLm.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\XSRZDzm.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\cPWsuqP.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\QEYrlYx.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\QXrjFBH.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\cOwaeEX.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\vUOqhcU.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
File created	C:\Windows\System\TBjFzSH.exe	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3972	powershell.exe
3972	powershell.exe
3972	powershell.exe
3972	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
Token: SeDebugPrivilege	3972	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 3972	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	87
PID 2460 wrote to memory of 3972	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	87
PID 2460 wrote to memory of 3284	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	88
PID 2460 wrote to memory of 3284	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	88
PID 2460 wrote to memory of 1712	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	89
PID 2460 wrote to memory of 1712	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	89
PID 2460 wrote to memory of 4516	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	90
PID 2460 wrote to memory of 4516	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	90
PID 2460 wrote to memory of 4444	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	91
PID 2460 wrote to memory of 4444	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	91
PID 2460 wrote to memory of 1744	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	92
PID 2460 wrote to memory of 1744	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	92
PID 2460 wrote to memory of 4472	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	93
PID 2460 wrote to memory of 4472	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	93
PID 2460 wrote to memory of 4108	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	94
PID 2460 wrote to memory of 4108	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	94
PID 2460 wrote to memory of 2036	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	95
PID 2460 wrote to memory of 2036	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	95
PID 2460 wrote to memory of 468	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	96
PID 2460 wrote to memory of 468	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	96
PID 2460 wrote to memory of 1948	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	97
PID 2460 wrote to memory of 1948	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	97
PID 2460 wrote to memory of 1620	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	98
PID 2460 wrote to memory of 1620	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	98
PID 2460 wrote to memory of 1648	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	99
PID 2460 wrote to memory of 1648	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	99
PID 2460 wrote to memory of 1140	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	100
PID 2460 wrote to memory of 1140	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	100
PID 2460 wrote to memory of 3360	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	101
PID 2460 wrote to memory of 3360	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	101
PID 2460 wrote to memory of 4496	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	102
PID 2460 wrote to memory of 4496	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	102
PID 2460 wrote to memory of 1444	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	103
PID 2460 wrote to memory of 1444	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	103
PID 2460 wrote to memory of 4384	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	104
PID 2460 wrote to memory of 4384	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	104
PID 2460 wrote to memory of 3572	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	105
PID 2460 wrote to memory of 3572	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	105
PID 2460 wrote to memory of 3720	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	106
PID 2460 wrote to memory of 3720	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	106
PID 2460 wrote to memory of 2240	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	107
PID 2460 wrote to memory of 2240	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	107
PID 2460 wrote to memory of 500	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	108
PID 2460 wrote to memory of 500	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	108
PID 2460 wrote to memory of 2612	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	109
PID 2460 wrote to memory of 2612	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	109
PID 2460 wrote to memory of 3308	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	110
PID 2460 wrote to memory of 3308	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	110
PID 2460 wrote to memory of 2336	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	111
PID 2460 wrote to memory of 2336	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	111
PID 2460 wrote to memory of 888	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	112
PID 2460 wrote to memory of 888	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	112
PID 2460 wrote to memory of 4120	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	113
PID 2460 wrote to memory of 4120	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	113
PID 2460 wrote to memory of 116	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	114
PID 2460 wrote to memory of 116	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	114
PID 2460 wrote to memory of 764	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	115
PID 2460 wrote to memory of 764	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	115
PID 2460 wrote to memory of 1016	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	116
PID 2460 wrote to memory of 1016	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	116
PID 2460 wrote to memory of 1984	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	117
PID 2460 wrote to memory of 1984	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	117
PID 2460 wrote to memory of 4664	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	118
PID 2460 wrote to memory of 4664	2460	ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ac361f372077203e8d6fe6dfea0aea1ac07756a0adfa8e3e51c1b82d13b9b165_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3972
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3972" "2956" "2760" "2960" "0" "0" "2964" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:7060
- C:\Windows\System\gYcYOiU.exe
  C:\Windows\System\gYcYOiU.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\WFKioxx.exe
  C:\Windows\System\WFKioxx.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\tDYvuXX.exe
  C:\Windows\System\tDYvuXX.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\XLNWDKq.exe
  C:\Windows\System\XLNWDKq.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\nqFgoFL.exe
  C:\Windows\System\nqFgoFL.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\TIeAujD.exe
  C:\Windows\System\TIeAujD.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\LrIioAF.exe
  C:\Windows\System\LrIioAF.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\UjjRQmD.exe
  C:\Windows\System\UjjRQmD.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\PiJrrOP.exe
  C:\Windows\System\PiJrrOP.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\IANSTcL.exe
  C:\Windows\System\IANSTcL.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\BQfitbV.exe
  C:\Windows\System\BQfitbV.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\GuREIQE.exe
  C:\Windows\System\GuREIQE.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\CWships.exe
  C:\Windows\System\CWships.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\sKbFPxy.exe
  C:\Windows\System\sKbFPxy.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\OyCMika.exe
  C:\Windows\System\OyCMika.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\uAeXoug.exe
  C:\Windows\System\uAeXoug.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\SSpmZif.exe
  C:\Windows\System\SSpmZif.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\mlRPnKL.exe
  C:\Windows\System\mlRPnKL.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\ThvMpaA.exe
  C:\Windows\System\ThvMpaA.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\BTLpyAs.exe
  C:\Windows\System\BTLpyAs.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\okCFVUu.exe
  C:\Windows\System\okCFVUu.exe
  2⤵
  - Executes dropped EXE
  PID:500
- C:\Windows\System\lXQoOgv.exe
  C:\Windows\System\lXQoOgv.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\dCkKTgf.exe
  C:\Windows\System\dCkKTgf.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\mxMxKye.exe
  C:\Windows\System\mxMxKye.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\TiIlSyW.exe
  C:\Windows\System\TiIlSyW.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\gQURxLG.exe
  C:\Windows\System\gQURxLG.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\hBDRjOM.exe
  C:\Windows\System\hBDRjOM.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\JfeYoJE.exe
  C:\Windows\System\JfeYoJE.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\ZWAKzaJ.exe
  C:\Windows\System\ZWAKzaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\OmRdqhi.exe
  C:\Windows\System\OmRdqhi.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\JEqifAU.exe
  C:\Windows\System\JEqifAU.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\ixdUQhN.exe
  C:\Windows\System\ixdUQhN.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\pHqbUhH.exe
  C:\Windows\System\pHqbUhH.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\awZoHFo.exe
  C:\Windows\System\awZoHFo.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\sGUXgnq.exe
  C:\Windows\System\sGUXgnq.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\rDgtwme.exe
  C:\Windows\System\rDgtwme.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\wVtHtZL.exe
  C:\Windows\System\wVtHtZL.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\jEpFskd.exe
  C:\Windows\System\jEpFskd.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\SMZGDzA.exe
  C:\Windows\System\SMZGDzA.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\NaqoJMk.exe
  C:\Windows\System\NaqoJMk.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\lfTYCmt.exe
  C:\Windows\System\lfTYCmt.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\dgeNyJb.exe
  C:\Windows\System\dgeNyJb.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\gHuyWoq.exe
  C:\Windows\System\gHuyWoq.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\xopnlwv.exe
  C:\Windows\System\xopnlwv.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\BmFUxaB.exe
  C:\Windows\System\BmFUxaB.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\zdmaOoS.exe
  C:\Windows\System\zdmaOoS.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\scWlIdN.exe
  C:\Windows\System\scWlIdN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\BYZuBZo.exe
  C:\Windows\System\BYZuBZo.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\mKPhYvb.exe
  C:\Windows\System\mKPhYvb.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\HnNXAoi.exe
  C:\Windows\System\HnNXAoi.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\nEtvnaM.exe
  C:\Windows\System\nEtvnaM.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\BrENlQm.exe
  C:\Windows\System\BrENlQm.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\RbXPIMx.exe
  C:\Windows\System\RbXPIMx.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\vsUxRIp.exe
  C:\Windows\System\vsUxRIp.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\YAwNLIX.exe
  C:\Windows\System\YAwNLIX.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\UmcCxTr.exe
  C:\Windows\System\UmcCxTr.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\mmiyMoX.exe
  C:\Windows\System\mmiyMoX.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\FDImcDl.exe
  C:\Windows\System\FDImcDl.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\CMefZxE.exe
  C:\Windows\System\CMefZxE.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\iICYEBi.exe
  C:\Windows\System\iICYEBi.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\wwifnaK.exe
  C:\Windows\System\wwifnaK.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\RmSBmdz.exe
  C:\Windows\System\RmSBmdz.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\yEDbxjA.exe
  C:\Windows\System\yEDbxjA.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\chgjLVp.exe
  C:\Windows\System\chgjLVp.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\qKHmAyp.exe
  C:\Windows\System\qKHmAyp.exe
  2⤵
  PID:4052
- C:\Windows\System\lquuLPj.exe
  C:\Windows\System\lquuLPj.exe
  2⤵
  PID:4540
- C:\Windows\System\dHHFIBG.exe
  C:\Windows\System\dHHFIBG.exe
  2⤵
  PID:1852
- C:\Windows\System\KxzlToc.exe
  C:\Windows\System\KxzlToc.exe
  2⤵
  PID:2608
- C:\Windows\System\WJGiHCv.exe
  C:\Windows\System\WJGiHCv.exe
  2⤵
  PID:3844
- C:\Windows\System\FFAMdgl.exe
  C:\Windows\System\FFAMdgl.exe
  2⤵
  PID:4768
- C:\Windows\System\sWmynug.exe
  C:\Windows\System\sWmynug.exe
  2⤵
  PID:3976
- C:\Windows\System\mVWGhOM.exe
  C:\Windows\System\mVWGhOM.exe
  2⤵
  PID:4672
- C:\Windows\System\bSCnNUV.exe
  C:\Windows\System\bSCnNUV.exe
  2⤵
  PID:2888
- C:\Windows\System\iLPXSFl.exe
  C:\Windows\System\iLPXSFl.exe
  2⤵
  PID:3568
- C:\Windows\System\voeWrpo.exe
  C:\Windows\System\voeWrpo.exe
  2⤵
  PID:4848
- C:\Windows\System\CPNVGNL.exe
  C:\Windows\System\CPNVGNL.exe
  2⤵
  PID:4856
- C:\Windows\System\GztQcyv.exe
  C:\Windows\System\GztQcyv.exe
  2⤵
  PID:2984
- C:\Windows\System\mDiiQfU.exe
  C:\Windows\System\mDiiQfU.exe
  2⤵
  PID:5132
- C:\Windows\System\DRIQGWR.exe
  C:\Windows\System\DRIQGWR.exe
  2⤵
  PID:5160
- C:\Windows\System\ejEvzsT.exe
  C:\Windows\System\ejEvzsT.exe
  2⤵
  PID:5188
- C:\Windows\System\EKEaqxs.exe
  C:\Windows\System\EKEaqxs.exe
  2⤵
  PID:5216
- C:\Windows\System\YVZNzXj.exe
  C:\Windows\System\YVZNzXj.exe
  2⤵
  PID:5248
- C:\Windows\System\vKXCeub.exe
  C:\Windows\System\vKXCeub.exe
  2⤵
  PID:5280
- C:\Windows\System\GuYjfXD.exe
  C:\Windows\System\GuYjfXD.exe
  2⤵
  PID:5308
- C:\Windows\System\hUqEEUj.exe
  C:\Windows\System\hUqEEUj.exe
  2⤵
  PID:5340
- C:\Windows\System\nmHqcoM.exe
  C:\Windows\System\nmHqcoM.exe
  2⤵
  PID:5364
- C:\Windows\System\rxweimW.exe
  C:\Windows\System\rxweimW.exe
  2⤵
  PID:5396
- C:\Windows\System\HFCUpep.exe
  C:\Windows\System\HFCUpep.exe
  2⤵
  PID:5424
- C:\Windows\System\gtrnMAF.exe
  C:\Windows\System\gtrnMAF.exe
  2⤵
  PID:5452
- C:\Windows\System\uLuUzAY.exe
  C:\Windows\System\uLuUzAY.exe
  2⤵
  PID:5488
- C:\Windows\System\jJfEwga.exe
  C:\Windows\System\jJfEwga.exe
  2⤵
  PID:5516
- C:\Windows\System\jLAVLfg.exe
  C:\Windows\System\jLAVLfg.exe
  2⤵
  PID:5540
- C:\Windows\System\IBNPiam.exe
  C:\Windows\System\IBNPiam.exe
  2⤵
  PID:5568
- C:\Windows\System\OOhBPyB.exe
  C:\Windows\System\OOhBPyB.exe
  2⤵
  PID:5596
- C:\Windows\System\yihMmFW.exe
  C:\Windows\System\yihMmFW.exe
  2⤵
  PID:5628
- C:\Windows\System\fClWkWZ.exe
  C:\Windows\System\fClWkWZ.exe
  2⤵
  PID:5656
- C:\Windows\System\qfIeSht.exe
  C:\Windows\System\qfIeSht.exe
  2⤵
  PID:5680
- C:\Windows\System\hFuOrDT.exe
  C:\Windows\System\hFuOrDT.exe
  2⤵
  PID:5708
- C:\Windows\System\jyMYvtH.exe
  C:\Windows\System\jyMYvtH.exe
  2⤵
  PID:5744
- C:\Windows\System\BvaJInU.exe
  C:\Windows\System\BvaJInU.exe
  2⤵
  PID:5772
- C:\Windows\System\RRtRbJD.exe
  C:\Windows\System\RRtRbJD.exe
  2⤵
  PID:5796
- C:\Windows\System\zDbjfNM.exe
  C:\Windows\System\zDbjfNM.exe
  2⤵
  PID:5824
- C:\Windows\System\UZxmIru.exe
  C:\Windows\System\UZxmIru.exe
  2⤵
  PID:5852
- C:\Windows\System\YfGTgND.exe
  C:\Windows\System\YfGTgND.exe
  2⤵
  PID:5880
- C:\Windows\System\FnZTOJu.exe
  C:\Windows\System\FnZTOJu.exe
  2⤵
  PID:5908
- C:\Windows\System\KpDWwEx.exe
  C:\Windows\System\KpDWwEx.exe
  2⤵
  PID:6036
- C:\Windows\System\spoeTIR.exe
  C:\Windows\System\spoeTIR.exe
  2⤵
  PID:6056
- C:\Windows\System\eyvgdPE.exe
  C:\Windows\System\eyvgdPE.exe
  2⤵
  PID:6072
- C:\Windows\System\VLPQQcy.exe
  C:\Windows\System\VLPQQcy.exe
  2⤵
  PID:6092
- C:\Windows\System\CMvfZAj.exe
  C:\Windows\System\CMvfZAj.exe
  2⤵
  PID:6108
- C:\Windows\System\ACsWAPc.exe
  C:\Windows\System\ACsWAPc.exe
  2⤵
  PID:6124
- C:\Windows\System\WxumPXo.exe
  C:\Windows\System\WxumPXo.exe
  2⤵
  PID:1736
- C:\Windows\System\rpredyc.exe
  C:\Windows\System\rpredyc.exe
  2⤵
  PID:3268
- C:\Windows\System\ZetHhar.exe
  C:\Windows\System\ZetHhar.exe
  2⤵
  PID:2740
- C:\Windows\System\QFxwtCl.exe
  C:\Windows\System\QFxwtCl.exe
  2⤵
  PID:2304
- C:\Windows\System\ZMpMyiG.exe
  C:\Windows\System\ZMpMyiG.exe
  2⤵
  PID:2632
- C:\Windows\System\whVuaKq.exe
  C:\Windows\System\whVuaKq.exe
  2⤵
  PID:5156
- C:\Windows\System\MyGYnXz.exe
  C:\Windows\System\MyGYnXz.exe
  2⤵
  PID:3460
- C:\Windows\System\nAdQkPZ.exe
  C:\Windows\System\nAdQkPZ.exe
  2⤵
  PID:5236
- C:\Windows\System\RaHPdso.exe
  C:\Windows\System\RaHPdso.exe
  2⤵
  PID:5264
- C:\Windows\System\QeGgkoE.exe
  C:\Windows\System\QeGgkoE.exe
  2⤵
  PID:5304
- C:\Windows\System\pwxCZHm.exe
  C:\Windows\System\pwxCZHm.exe
  2⤵
  PID:5356
- C:\Windows\System\SWseECN.exe
  C:\Windows\System\SWseECN.exe
  2⤵
  PID:5384
- C:\Windows\System\IBmzxws.exe
  C:\Windows\System\IBmzxws.exe
  2⤵
  PID:1788
- C:\Windows\System\QTXBozV.exe
  C:\Windows\System\QTXBozV.exe
  2⤵
  PID:5448
- C:\Windows\System\awkohEA.exe
  C:\Windows\System\awkohEA.exe
  2⤵
  PID:3424
- C:\Windows\System\etaGVIq.exe
  C:\Windows\System\etaGVIq.exe
  2⤵
  PID:5532
- C:\Windows\System\MYzQSNN.exe
  C:\Windows\System\MYzQSNN.exe
  2⤵
  PID:5560
- C:\Windows\System\VqNHWqX.exe
  C:\Windows\System\VqNHWqX.exe
  2⤵
  PID:4380
- C:\Windows\System\YusvbGA.exe
  C:\Windows\System\YusvbGA.exe
  2⤵
  PID:4460
- C:\Windows\System\EPPwvUQ.exe
  C:\Windows\System\EPPwvUQ.exe
  2⤵
  PID:3928
- C:\Windows\System\zEYWPFL.exe
  C:\Windows\System\zEYWPFL.exe
  2⤵
  PID:5672
- C:\Windows\System\dLtMopr.exe
  C:\Windows\System\dLtMopr.exe
  2⤵
  PID:1920
- C:\Windows\System\xntnwsV.exe
  C:\Windows\System\xntnwsV.exe
  2⤵
  PID:4376
- C:\Windows\System\TrPKSIE.exe
  C:\Windows\System\TrPKSIE.exe
  2⤵
  PID:5732
- C:\Windows\System\hOWbBFh.exe
  C:\Windows\System\hOWbBFh.exe
  2⤵
  PID:5764
- C:\Windows\System\gnqRumZ.exe
  C:\Windows\System\gnqRumZ.exe
  2⤵
  PID:5792
- C:\Windows\System\omGbXPz.exe
  C:\Windows\System\omGbXPz.exe
  2⤵
  PID:5816
- C:\Windows\System\pQXOuRi.exe
  C:\Windows\System\pQXOuRi.exe
  2⤵
  PID:5840
- C:\Windows\System\puQmleP.exe
  C:\Windows\System\puQmleP.exe
  2⤵
  PID:220
- C:\Windows\System\TEwSckG.exe
  C:\Windows\System\TEwSckG.exe
  2⤵
  PID:4208
- C:\Windows\System\PjEFuww.exe
  C:\Windows\System\PjEFuww.exe
  2⤵
  PID:5904
- C:\Windows\System\eCFzWEY.exe
  C:\Windows\System\eCFzWEY.exe
  2⤵
  PID:5868
- C:\Windows\System\FuDMBlG.exe
  C:\Windows\System\FuDMBlG.exe
  2⤵
  PID:2880
- C:\Windows\System\ocXAMnN.exe
  C:\Windows\System\ocXAMnN.exe
  2⤵
  PID:4204
- C:\Windows\System\KUOBpuK.exe
  C:\Windows\System\KUOBpuK.exe
  2⤵
  PID:5984
- C:\Windows\System\YHkBKqV.exe
  C:\Windows\System\YHkBKqV.exe
  2⤵
  PID:1092
- C:\Windows\System\hVosEtg.exe
  C:\Windows\System\hVosEtg.exe
  2⤵
  PID:4088
- C:\Windows\System\SIHLmBL.exe
  C:\Windows\System\SIHLmBL.exe
  2⤵
  PID:1704
- C:\Windows\System\DqAqCLr.exe
  C:\Windows\System\DqAqCLr.exe
  2⤵
  PID:2440
- C:\Windows\System\wuvjRve.exe
  C:\Windows\System\wuvjRve.exe
  2⤵
  PID:4668
- C:\Windows\System\ldCjSoL.exe
  C:\Windows\System\ldCjSoL.exe
  2⤵
  PID:6028
- C:\Windows\System\DCUQdhJ.exe
  C:\Windows\System\DCUQdhJ.exe
  2⤵
  PID:6084
- C:\Windows\System\YuhkTSZ.exe
  C:\Windows\System\YuhkTSZ.exe
  2⤵
  PID:5352
- C:\Windows\System\RdkPqgX.exe
  C:\Windows\System\RdkPqgX.exe
  2⤵
  PID:6132
- C:\Windows\System\WRociIU.exe
  C:\Windows\System\WRociIU.exe
  2⤵
  PID:1940
- C:\Windows\System\AdOcAjH.exe
  C:\Windows\System\AdOcAjH.exe
  2⤵
  PID:4548
- C:\Windows\System\clFXtLJ.exe
  C:\Windows\System\clFXtLJ.exe
  2⤵
  PID:5184
- C:\Windows\System\ehrEpZY.exe
  C:\Windows\System\ehrEpZY.exe
  2⤵
  PID:6012
- C:\Windows\System\FjynrNk.exe
  C:\Windows\System\FjynrNk.exe
  2⤵
  PID:6156
- C:\Windows\System\AWRwZIH.exe
  C:\Windows\System\AWRwZIH.exe
  2⤵
  PID:6176
- C:\Windows\System\UqISIku.exe
  C:\Windows\System\UqISIku.exe
  2⤵
  PID:6196
- C:\Windows\System\zqcJMGy.exe
  C:\Windows\System\zqcJMGy.exe
  2⤵
  PID:6216
- C:\Windows\System\AOPkoJc.exe
  C:\Windows\System\AOPkoJc.exe
  2⤵
  PID:6236
- C:\Windows\System\upioQfy.exe
  C:\Windows\System\upioQfy.exe
  2⤵
  PID:6256
- C:\Windows\System\CcTHvFU.exe
  C:\Windows\System\CcTHvFU.exe
  2⤵
  PID:6280
- C:\Windows\System\wmHtxmc.exe
  C:\Windows\System\wmHtxmc.exe
  2⤵
  PID:6300
- C:\Windows\System\fgjSlsp.exe
  C:\Windows\System\fgjSlsp.exe
  2⤵
  PID:6324
- C:\Windows\System\olDduZs.exe
  C:\Windows\System\olDduZs.exe
  2⤵
  PID:6348
- C:\Windows\System\ueYXcRr.exe
  C:\Windows\System\ueYXcRr.exe
  2⤵
  PID:6368
- C:\Windows\System\knHrWyr.exe
  C:\Windows\System\knHrWyr.exe
  2⤵
  PID:6388
- C:\Windows\System\JizDuuX.exe
  C:\Windows\System\JizDuuX.exe
  2⤵
  PID:6408
- C:\Windows\System\yTaNtOK.exe
  C:\Windows\System\yTaNtOK.exe
  2⤵
  PID:6424
- C:\Windows\System\kQipNXF.exe
  C:\Windows\System\kQipNXF.exe
  2⤵
  PID:6448
- C:\Windows\System\yegCEMs.exe
  C:\Windows\System\yegCEMs.exe
  2⤵
  PID:6472
- C:\Windows\System\cGbvwWS.exe
  C:\Windows\System\cGbvwWS.exe
  2⤵
  PID:6492
- C:\Windows\System\HmZpaEu.exe
  C:\Windows\System\HmZpaEu.exe
  2⤵
  PID:6512
- C:\Windows\System\zGedImE.exe
  C:\Windows\System\zGedImE.exe
  2⤵
  PID:6532
- C:\Windows\System\gWDxBMc.exe
  C:\Windows\System\gWDxBMc.exe
  2⤵
  PID:6548
- C:\Windows\System\byteHMP.exe
  C:\Windows\System\byteHMP.exe
  2⤵
  PID:6568
- C:\Windows\System\bOJGDDi.exe
  C:\Windows\System\bOJGDDi.exe
  2⤵
  PID:6584
- C:\Windows\System\ouAihSO.exe
  C:\Windows\System\ouAihSO.exe
  2⤵
  PID:6608
- C:\Windows\System\tFiVBiX.exe
  C:\Windows\System\tFiVBiX.exe
  2⤵
  PID:6632
- C:\Windows\System\DqPxvCE.exe
  C:\Windows\System\DqPxvCE.exe
  2⤵
  PID:6652
- C:\Windows\System\MrmkIbn.exe
  C:\Windows\System\MrmkIbn.exe
  2⤵
  PID:6668
- C:\Windows\System\tMruUwL.exe
  C:\Windows\System\tMruUwL.exe
  2⤵
  PID:6688
- C:\Windows\System\rLcCFNa.exe
  C:\Windows\System\rLcCFNa.exe
  2⤵
  PID:6712
- C:\Windows\System\BMsyuDz.exe
  C:\Windows\System\BMsyuDz.exe
  2⤵
  PID:6728
- C:\Windows\System\MbWtTpX.exe
  C:\Windows\System\MbWtTpX.exe
  2⤵
  PID:6752
- C:\Windows\System\VLhxdjP.exe
  C:\Windows\System\VLhxdjP.exe
  2⤵
  PID:6768
- C:\Windows\System\VHLrAAV.exe
  C:\Windows\System\VHLrAAV.exe
  2⤵
  PID:6796
- C:\Windows\System\XXbizXU.exe
  C:\Windows\System\XXbizXU.exe
  2⤵
  PID:6820
- C:\Windows\System\rbuidhS.exe
  C:\Windows\System\rbuidhS.exe
  2⤵
  PID:6836
- C:\Windows\System\zvuRabN.exe
  C:\Windows\System\zvuRabN.exe
  2⤵
  PID:6864
- C:\Windows\System\cfUoBxu.exe
  C:\Windows\System\cfUoBxu.exe
  2⤵
  PID:6884
- C:\Windows\System\BVVanmj.exe
  C:\Windows\System\BVVanmj.exe
  2⤵
  PID:6900
- C:\Windows\System\AUhHTSB.exe
  C:\Windows\System\AUhHTSB.exe
  2⤵
  PID:6924
- C:\Windows\System\TvhAzXd.exe
  C:\Windows\System\TvhAzXd.exe
  2⤵
  PID:6944
- C:\Windows\System\AmfPdhh.exe
  C:\Windows\System\AmfPdhh.exe
  2⤵
  PID:6968
- C:\Windows\System\gCPxfVs.exe
  C:\Windows\System\gCPxfVs.exe
  2⤵
  PID:6988
- C:\Windows\System\gSRecrG.exe
  C:\Windows\System\gSRecrG.exe
  2⤵
  PID:7012
- C:\Windows\System\PAWlXms.exe
  C:\Windows\System\PAWlXms.exe
  2⤵
  PID:7028
- C:\Windows\System\sXxnseM.exe
  C:\Windows\System\sXxnseM.exe
  2⤵
  PID:7052
- C:\Windows\System\pieUAvQ.exe
  C:\Windows\System\pieUAvQ.exe
  2⤵
  PID:7076
- C:\Windows\System\LQzynHI.exe
  C:\Windows\System\LQzynHI.exe
  2⤵
  PID:7092
- C:\Windows\System\CTNfXtF.exe
  C:\Windows\System\CTNfXtF.exe
  2⤵
  PID:7112
- C:\Windows\System\kFdQudZ.exe
  C:\Windows\System\kFdQudZ.exe
  2⤵
  PID:7132
- C:\Windows\System\VRXZJHL.exe
  C:\Windows\System\VRXZJHL.exe
  2⤵
  PID:7152
- C:\Windows\System\LLphBlY.exe
  C:\Windows\System\LLphBlY.exe
  2⤵
  PID:1320
- C:\Windows\System\UXAMyic.exe
  C:\Windows\System\UXAMyic.exe
  2⤵
  PID:5300
- C:\Windows\System\sgalTJe.exe
  C:\Windows\System\sgalTJe.exe
  2⤵
  PID:60
- C:\Windows\System\zXjTCXW.exe
  C:\Windows\System\zXjTCXW.exe
  2⤵
  PID:3028
- C:\Windows\System\nYtwuAP.exe
  C:\Windows\System\nYtwuAP.exe
  2⤵
  PID:6184
- C:\Windows\System\aQdZwVq.exe
  C:\Windows\System\aQdZwVq.exe
  2⤵
  PID:6268
- C:\Windows\System\LAJsEkc.exe
  C:\Windows\System\LAJsEkc.exe
  2⤵
  PID:5616
- C:\Windows\System\bNSjhrN.exe
  C:\Windows\System\bNSjhrN.exe
  2⤵
  PID:1828
- C:\Windows\System\ARRUXGm.exe
  C:\Windows\System\ARRUXGm.exe
  2⤵
  PID:6344
- C:\Windows\System\noCRZew.exe
  C:\Windows\System\noCRZew.exe
  2⤵
  PID:5820
- C:\Windows\System\bJSbWlH.exe
  C:\Windows\System\bJSbWlH.exe
  2⤵
  PID:5756
- C:\Windows\System\ANgdJdO.exe
  C:\Windows\System\ANgdJdO.exe
  2⤵
  PID:6152
- C:\Windows\System\sYZVYOy.exe
  C:\Windows\System\sYZVYOy.exe
  2⤵
  PID:4636
- C:\Windows\System\RdQbKQi.exe
  C:\Windows\System\RdQbKQi.exe
  2⤵
  PID:5968
- C:\Windows\System\UuMXlxQ.exe
  C:\Windows\System\UuMXlxQ.exe
  2⤵
  PID:6556
- C:\Windows\System\vbxeLBz.exe
  C:\Windows\System\vbxeLBz.exe
  2⤵
  PID:5976
- C:\Windows\System\ZKGxvfH.exe
  C:\Windows\System\ZKGxvfH.exe
  2⤵
  PID:6264
- C:\Windows\System\XmvNUeI.exe
  C:\Windows\System\XmvNUeI.exe
  2⤵
  PID:6312
- C:\Windows\System\CSeHnMt.exe
  C:\Windows\System\CSeHnMt.exe
  2⤵
  PID:6052
- C:\Windows\System\WdPlJxt.exe
  C:\Windows\System\WdPlJxt.exe
  2⤵
  PID:1072
- C:\Windows\System\TgJrCKd.exe
  C:\Windows\System\TgJrCKd.exe
  2⤵
  PID:6700
- C:\Windows\System\PfvGCQw.exe
  C:\Windows\System\PfvGCQw.exe
  2⤵
  PID:3152
- C:\Windows\System\qCBuHRk.exe
  C:\Windows\System\qCBuHRk.exe
  2⤵
  PID:5128
- C:\Windows\System\ChobIZW.exe
  C:\Windows\System\ChobIZW.exe
  2⤵
  PID:6360
- C:\Windows\System\ttwldYn.exe
  C:\Windows\System\ttwldYn.exe
  2⤵
  PID:6848
- C:\Windows\System\GibJGPf.exe
  C:\Windows\System\GibJGPf.exe
  2⤵
  PID:6876
- C:\Windows\System\QVQACOE.exe
  C:\Windows\System\QVQACOE.exe
  2⤵
  PID:7180
- C:\Windows\System\jvbZzBn.exe
  C:\Windows\System\jvbZzBn.exe
  2⤵
  PID:7196
- C:\Windows\System\PHHTZPm.exe
  C:\Windows\System\PHHTZPm.exe
  2⤵
  PID:7220
- C:\Windows\System\cJtTcGU.exe
  C:\Windows\System\cJtTcGU.exe
  2⤵
  PID:7240
- C:\Windows\System\XTcdhZd.exe
  C:\Windows\System\XTcdhZd.exe
  2⤵
  PID:7268
- C:\Windows\System\BmyNLPH.exe
  C:\Windows\System\BmyNLPH.exe
  2⤵
  PID:7288
- C:\Windows\System\YUWYcaK.exe
  C:\Windows\System\YUWYcaK.exe
  2⤵
  PID:7312
- C:\Windows\System\llpbSPs.exe
  C:\Windows\System\llpbSPs.exe
  2⤵
  PID:7336
- C:\Windows\System\hSyTQHT.exe
  C:\Windows\System\hSyTQHT.exe
  2⤵
  PID:7356
- C:\Windows\System\MvEvQWZ.exe
  C:\Windows\System\MvEvQWZ.exe
  2⤵
  PID:7384
- C:\Windows\System\mIZPKxB.exe
  C:\Windows\System\mIZPKxB.exe
  2⤵
  PID:7400
- C:\Windows\System\BHAjLZO.exe
  C:\Windows\System\BHAjLZO.exe
  2⤵
  PID:7424
- C:\Windows\System\hgdFGlD.exe
  C:\Windows\System\hgdFGlD.exe
  2⤵
  PID:7448
- C:\Windows\System\ZeUDAin.exe
  C:\Windows\System\ZeUDAin.exe
  2⤵
  PID:7464
- C:\Windows\System\XfwjDyW.exe
  C:\Windows\System\XfwjDyW.exe
  2⤵
  PID:7488
- C:\Windows\System\CBWPVKS.exe
  C:\Windows\System\CBWPVKS.exe
  2⤵
  PID:7508
- C:\Windows\System\TdImBhS.exe
  C:\Windows\System\TdImBhS.exe
  2⤵
  PID:7528
- C:\Windows\System\EtGSjxr.exe
  C:\Windows\System\EtGSjxr.exe
  2⤵
  PID:7544
- C:\Windows\System\kaBdokM.exe
  C:\Windows\System\kaBdokM.exe
  2⤵
  PID:7560
- C:\Windows\System\DQWFtCu.exe
  C:\Windows\System\DQWFtCu.exe
  2⤵
  PID:7584
- C:\Windows\System\SHYUnMK.exe
  C:\Windows\System\SHYUnMK.exe
  2⤵
  PID:7600
- C:\Windows\System\DhgZraS.exe
  C:\Windows\System\DhgZraS.exe
  2⤵
  PID:7624
- C:\Windows\System\bOuosfL.exe
  C:\Windows\System\bOuosfL.exe
  2⤵
  PID:7644
- C:\Windows\System\mrOHbiM.exe
  C:\Windows\System\mrOHbiM.exe
  2⤵
  PID:7676
- C:\Windows\System\HLykNAC.exe
  C:\Windows\System\HLykNAC.exe
  2⤵
  PID:7692
- C:\Windows\System\SLBgYXR.exe
  C:\Windows\System\SLBgYXR.exe
  2⤵
  PID:7712
- C:\Windows\System\XiGLpYz.exe
  C:\Windows\System\XiGLpYz.exe
  2⤵
  PID:7740
- C:\Windows\System\DkcgTTy.exe
  C:\Windows\System\DkcgTTy.exe
  2⤵
  PID:7760
- C:\Windows\System\jyeEpuc.exe
  C:\Windows\System\jyeEpuc.exe
  2⤵
  PID:7776
- C:\Windows\System\LHKrjev.exe
  C:\Windows\System\LHKrjev.exe
  2⤵
  PID:7796
- C:\Windows\System\yXvheEM.exe
  C:\Windows\System\yXvheEM.exe
  2⤵
  PID:7816
- C:\Windows\System\FqHfAPU.exe
  C:\Windows\System\FqHfAPU.exe
  2⤵
  PID:7840
- C:\Windows\System\arcFcEs.exe
  C:\Windows\System\arcFcEs.exe
  2⤵
  PID:7856
- C:\Windows\System\fgzizLz.exe
  C:\Windows\System\fgzizLz.exe
  2⤵
  PID:7884
- C:\Windows\System\sokGbwJ.exe
  C:\Windows\System\sokGbwJ.exe
  2⤵
  PID:7904
- C:\Windows\System\DWJotuD.exe
  C:\Windows\System\DWJotuD.exe
  2⤵
  PID:7924
- C:\Windows\System\vZVgTam.exe
  C:\Windows\System\vZVgTam.exe
  2⤵
  PID:7940
- C:\Windows\System\FHEXPiQ.exe
  C:\Windows\System\FHEXPiQ.exe
  2⤵
  PID:7964
- C:\Windows\System\DACxXjg.exe
  C:\Windows\System\DACxXjg.exe
  2⤵
  PID:7988
- C:\Windows\System\auHpMZm.exe
  C:\Windows\System\auHpMZm.exe
  2⤵
  PID:8004
- C:\Windows\System\lNlpTVa.exe
  C:\Windows\System\lNlpTVa.exe
  2⤵
  PID:8028
- C:\Windows\System\ySexrtk.exe
  C:\Windows\System\ySexrtk.exe
  2⤵
  PID:8048
- C:\Windows\System\ULNEYhF.exe
  C:\Windows\System\ULNEYhF.exe
  2⤵
  PID:8068
- C:\Windows\System\GMJfLIb.exe
  C:\Windows\System\GMJfLIb.exe
  2⤵
  PID:8104
- C:\Windows\System\QYGzbFi.exe
  C:\Windows\System\QYGzbFi.exe
  2⤵
  PID:8124
- C:\Windows\System\hoEsTER.exe
  C:\Windows\System\hoEsTER.exe
  2⤵
  PID:8148
- C:\Windows\System\ABOmdvE.exe
  C:\Windows\System\ABOmdvE.exe
  2⤵
  PID:8172
- C:\Windows\System\VqLKtwj.exe
  C:\Windows\System\VqLKtwj.exe
  2⤵
  PID:6168
- C:\Windows\System\KgWYZte.exe
  C:\Windows\System\KgWYZte.exe
  2⤵
  PID:6564
- C:\Windows\System\ULYZwZw.exe
  C:\Windows\System\ULYZwZw.exe
  2⤵
  PID:1408
- C:\Windows\System\ULmvurt.exe
  C:\Windows\System\ULmvurt.exe
  2⤵
  PID:5556
- C:\Windows\System\TjKbctw.exe
  C:\Windows\System\TjKbctw.exe
  2⤵
  PID:6620
- C:\Windows\System\IVkBURZ.exe
  C:\Windows\System\IVkBURZ.exe
  2⤵
  PID:6420
- C:\Windows\System\YvQNWXs.exe
  C:\Windows\System\YvQNWXs.exe
  2⤵
  PID:5848
- C:\Windows\System\EbWImuk.exe
  C:\Windows\System\EbWImuk.exe
  2⤵
  PID:6724
- C:\Windows\System\TiPKuVt.exe
  C:\Windows\System\TiPKuVt.exe
  2⤵
  PID:6816
- C:\Windows\System\SJIGMLX.exe
  C:\Windows\System\SJIGMLX.exe
  2⤵
  PID:7836
- C:\Windows\System\abOcZqf.exe
  C:\Windows\System\abOcZqf.exe
  2⤵
  PID:7824
- C:\Windows\System\MzMHXnK.exe
  C:\Windows\System\MzMHXnK.exe
  2⤵
  PID:8200
- C:\Windows\System\GvNrdzr.exe
  C:\Windows\System\GvNrdzr.exe
  2⤵
  PID:8224
- C:\Windows\System\fnqFwTZ.exe
  C:\Windows\System\fnqFwTZ.exe
  2⤵
  PID:8252
- C:\Windows\System\RhjPlgj.exe
  C:\Windows\System\RhjPlgj.exe
  2⤵
  PID:8272
- C:\Windows\System\grMYtfr.exe
  C:\Windows\System\grMYtfr.exe
  2⤵
  PID:8676
- C:\Windows\System\farXXjX.exe
  C:\Windows\System\farXXjX.exe
  2⤵
  PID:8832
- C:\Windows\System\ZmNmtwE.exe
  C:\Windows\System\ZmNmtwE.exe
  2⤵
  PID:8864
- C:\Windows\System\CKmGMjo.exe
  C:\Windows\System\CKmGMjo.exe
  2⤵
  PID:9048
- C:\Windows\System\cvguONY.exe
  C:\Windows\System\cvguONY.exe
  2⤵
  PID:9068
- C:\Windows\System\yxXmgUo.exe
  C:\Windows\System\yxXmgUo.exe
  2⤵
  PID:9176
- C:\Windows\System\RKjOxic.exe
  C:\Windows\System\RKjOxic.exe
  2⤵
  PID:9200
- C:\Windows\System\XCKHAtH.exe
  C:\Windows\System\XCKHAtH.exe
  2⤵
  PID:7916
- C:\Windows\System\LkTZaze.exe
  C:\Windows\System\LkTZaze.exe
  2⤵
  PID:7996
- C:\Windows\System\jrVVNyi.exe
  C:\Windows\System\jrVVNyi.exe
  2⤵
  PID:7072
- C:\Windows\System\KXqKMoh.exe
  C:\Windows\System\KXqKMoh.exe
  2⤵
  PID:7104
- C:\Windows\System\qEuqSEQ.exe
  C:\Windows\System\qEuqSEQ.exe
  2⤵
  PID:6208
- C:\Windows\System\ZVnwzIH.exe
  C:\Windows\System\ZVnwzIH.exe
  2⤵
  PID:6664
- C:\Windows\System\xpQuGHQ.exe
  C:\Windows\System\xpQuGHQ.exe
  2⤵
  PID:6760
- C:\Windows\System\fVQroMh.exe
  C:\Windows\System\fVQroMh.exe
  2⤵
  PID:6404
- C:\Windows\System\jJuWGEV.exe
  C:\Windows\System\jJuWGEV.exe
  2⤵
  PID:6116
- C:\Windows\System\fYKZjNb.exe
  C:\Windows\System\fYKZjNb.exe
  2⤵
  PID:8356
- C:\Windows\System\qkuFQbw.exe
  C:\Windows\System\qkuFQbw.exe
  2⤵
  PID:3212
- C:\Windows\System\wCyzWft.exe
  C:\Windows\System\wCyzWft.exe
  2⤵
  PID:7984
- C:\Windows\System\pvmCIzA.exe
  C:\Windows\System\pvmCIzA.exe
  2⤵
  PID:6120
- C:\Windows\System\McyZDKR.exe
  C:\Windows\System\McyZDKR.exe
  2⤵
  PID:6892
- C:\Windows\System\qDxcYsD.exe
  C:\Windows\System\qDxcYsD.exe
  2⤵
  PID:8196
- C:\Windows\System\lZIvvIT.exe
  C:\Windows\System\lZIvvIT.exe
  2⤵
  PID:8296
- C:\Windows\System\fHyEErb.exe
  C:\Windows\System\fHyEErb.exe
  2⤵
  PID:8352
- C:\Windows\System\BCxVyOs.exe
  C:\Windows\System\BCxVyOs.exe
  2⤵
  PID:8384
- C:\Windows\System\pCfaGWD.exe
  C:\Windows\System\pCfaGWD.exe
  2⤵
  PID:8536
- C:\Windows\System\fKxhjgG.exe
  C:\Windows\System\fKxhjgG.exe
  2⤵
  PID:8644
- C:\Windows\System\ewIZATr.exe
  C:\Windows\System\ewIZATr.exe
  2⤵
  PID:8724
- C:\Windows\System\WSIzkEY.exe
  C:\Windows\System\WSIzkEY.exe
  2⤵
  PID:8840
- C:\Windows\System\dXyniit.exe
  C:\Windows\System\dXyniit.exe
  2⤵
  PID:8944
- C:\Windows\System\dwpTwWH.exe
  C:\Windows\System\dwpTwWH.exe
  2⤵
  PID:9008
- C:\Windows\System\qbVLNhF.exe
  C:\Windows\System\qbVLNhF.exe
  2⤵
  PID:4620
- C:\Windows\System\SFFAogH.exe
  C:\Windows\System\SFFAogH.exe
  2⤵
  PID:9140
- C:\Windows\System\gIlNAGc.exe
  C:\Windows\System\gIlNAGc.exe
  2⤵
  PID:6560
- C:\Windows\System\lxYzaZY.exe
  C:\Windows\System\lxYzaZY.exe
  2⤵
  PID:7972
- C:\Windows\System\MsQCeEi.exe
  C:\Windows\System\MsQCeEi.exe
  2⤵
  PID:7320
- C:\Windows\System\dAmWqrd.exe
  C:\Windows\System\dAmWqrd.exe
  2⤵
  PID:8140
- C:\Windows\System\SupHTeO.exe
  C:\Windows\System\SupHTeO.exe
  2⤵
  PID:6960
- C:\Windows\System\tLErwqN.exe
  C:\Windows\System\tLErwqN.exe
  2⤵
  PID:6676
- C:\Windows\System\poeNbfo.exe
  C:\Windows\System\poeNbfo.exe
  2⤵
  PID:8044
- C:\Windows\System\qbqfEAA.exe
  C:\Windows\System\qbqfEAA.exe
  2⤵
  PID:8340
- C:\Windows\System\pZvKtIO.exe
  C:\Windows\System\pZvKtIO.exe
  2⤵
  PID:8552
- C:\Windows\System\qtyikvC.exe
  C:\Windows\System\qtyikvC.exe
  2⤵
  PID:8928
- C:\Windows\System\AuzGgKM.exe
  C:\Windows\System\AuzGgKM.exe
  2⤵
  PID:9060
- C:\Windows\System\xxFKsTz.exe
  C:\Windows\System\xxFKsTz.exe
  2⤵
  PID:6020
- C:\Windows\System\lCEbxlt.exe
  C:\Windows\System\lCEbxlt.exe
  2⤵
  PID:5896
- C:\Windows\System\DNuFzRC.exe
  C:\Windows\System\DNuFzRC.exe
  2⤵
  PID:1156
- C:\Windows\System\rrCxGXt.exe
  C:\Windows\System\rrCxGXt.exe
  2⤵
  PID:7704
- C:\Windows\System\RvJfjkz.exe
  C:\Windows\System\RvJfjkz.exe
  2⤵
  PID:8500
- C:\Windows\System\IQCwTjd.exe
  C:\Windows\System\IQCwTjd.exe
  2⤵
  PID:7100
- C:\Windows\System\AuaRpZp.exe
  C:\Windows\System\AuaRpZp.exe
  2⤵
  PID:7284
- C:\Windows\System\iWqYPtw.exe
  C:\Windows\System\iWqYPtw.exe
  2⤵
  PID:6212
- C:\Windows\System\YBLWOZP.exe
  C:\Windows\System\YBLWOZP.exe
  2⤵
  PID:8216
- C:\Windows\System\AeHMKJH.exe
  C:\Windows\System\AeHMKJH.exe
  2⤵
  PID:9224
- C:\Windows\System\uJsVUFT.exe
  C:\Windows\System\uJsVUFT.exe
  2⤵
  PID:9252
- C:\Windows\System\WPNsqDx.exe
  C:\Windows\System\WPNsqDx.exe
  2⤵
  PID:9276
- C:\Windows\System\dOtmpsC.exe
  C:\Windows\System\dOtmpsC.exe
  2⤵
  PID:9300
- C:\Windows\System\WNVPaah.exe
  C:\Windows\System\WNVPaah.exe
  2⤵
  PID:9320
- C:\Windows\System\qcYJvMI.exe
  C:\Windows\System\qcYJvMI.exe
  2⤵
  PID:9356
- C:\Windows\System\cadfxiO.exe
  C:\Windows\System\cadfxiO.exe
  2⤵
  PID:9404
- C:\Windows\System\VCRsBai.exe
  C:\Windows\System\VCRsBai.exe
  2⤵
  PID:9424
- C:\Windows\System\fVLfluW.exe
  C:\Windows\System\fVLfluW.exe
  2⤵
  PID:9448
- C:\Windows\System\JeCopJT.exe
  C:\Windows\System\JeCopJT.exe
  2⤵
  PID:9468
- C:\Windows\System\AJbNYIu.exe
  C:\Windows\System\AJbNYIu.exe
  2⤵
  PID:9492
- C:\Windows\System\BmjNZRx.exe
  C:\Windows\System\BmjNZRx.exe
  2⤵
  PID:9512
- C:\Windows\System\TJbqWce.exe
  C:\Windows\System\TJbqWce.exe
  2⤵
  PID:9552
- C:\Windows\System\GaMIrzb.exe
  C:\Windows\System\GaMIrzb.exe
  2⤵
  PID:9592
- C:\Windows\System\oCEGFpq.exe
  C:\Windows\System\oCEGFpq.exe
  2⤵
  PID:9624
- C:\Windows\System\BKnUWQq.exe
  C:\Windows\System\BKnUWQq.exe
  2⤵
  PID:9644
- C:\Windows\System\vhQdkqy.exe
  C:\Windows\System\vhQdkqy.exe
  2⤵
  PID:9676
- C:\Windows\System\GzmeuTD.exe
  C:\Windows\System\GzmeuTD.exe
  2⤵
  PID:9712
- C:\Windows\System\JuXKPhH.exe
  C:\Windows\System\JuXKPhH.exe
  2⤵
  PID:9748
- C:\Windows\System\NqyojUD.exe
  C:\Windows\System\NqyojUD.exe
  2⤵
  PID:9768
- C:\Windows\System\SuVxPPw.exe
  C:\Windows\System\SuVxPPw.exe
  2⤵
  PID:9792
- C:\Windows\System\GaHRLud.exe
  C:\Windows\System\GaHRLud.exe
  2⤵
  PID:9816
- C:\Windows\System\vQXMHRA.exe
  C:\Windows\System\vQXMHRA.exe
  2⤵
  PID:9836
- C:\Windows\System\EpGyaZV.exe
  C:\Windows\System\EpGyaZV.exe
  2⤵
  PID:9860
- C:\Windows\System\rqaPIoW.exe
  C:\Windows\System\rqaPIoW.exe
  2⤵
  PID:9892
- C:\Windows\System\bfCIZqn.exe
  C:\Windows\System\bfCIZqn.exe
  2⤵
  PID:9916
- C:\Windows\System\WzJtzYC.exe
  C:\Windows\System\WzJtzYC.exe
  2⤵
  PID:9948
- C:\Windows\System\aWjZQnd.exe
  C:\Windows\System\aWjZQnd.exe
  2⤵
  PID:9972
- C:\Windows\System\bAnjRpW.exe
  C:\Windows\System\bAnjRpW.exe
  2⤵
  PID:9988
- C:\Windows\System\YelFmnL.exe
  C:\Windows\System\YelFmnL.exe
  2⤵
  PID:10040
- C:\Windows\System\sDqoZRr.exe
  C:\Windows\System\sDqoZRr.exe
  2⤵
  PID:10060
- C:\Windows\System\UmcuAhs.exe
  C:\Windows\System\UmcuAhs.exe
  2⤵
  PID:10080
- C:\Windows\System\orEhUiZ.exe
  C:\Windows\System\orEhUiZ.exe
  2⤵
  PID:10100
- C:\Windows\System\KMHQDvi.exe
  C:\Windows\System\KMHQDvi.exe
  2⤵
  PID:10120
- C:\Windows\System\XwhAIdX.exe
  C:\Windows\System\XwhAIdX.exe
  2⤵
  PID:10164
- C:\Windows\System\JMggFMj.exe
  C:\Windows\System\JMggFMj.exe
  2⤵
  PID:10184
- C:\Windows\System\NNBVXsI.exe
  C:\Windows\System\NNBVXsI.exe
  2⤵
  PID:10236
- C:\Windows\System\vVpqLqE.exe
  C:\Windows\System\vVpqLqE.exe
  2⤵
  PID:9292
- C:\Windows\System\bWlNxLH.exe
  C:\Windows\System\bWlNxLH.exe
  2⤵
  PID:8312
- C:\Windows\System\RvzUiVQ.exe
  C:\Windows\System\RvzUiVQ.exe
  2⤵
  PID:9348
- C:\Windows\System\RIYAWEx.exe
  C:\Windows\System\RIYAWEx.exe
  2⤵
  PID:9436
- C:\Windows\System\IAmoQyA.exe
  C:\Windows\System\IAmoQyA.exe
  2⤵
  PID:9480
- C:\Windows\System\qKqWJWG.exe
  C:\Windows\System\qKqWJWG.exe
  2⤵
  PID:9588
- C:\Windows\System\EVlUSZX.exe
  C:\Windows\System\EVlUSZX.exe
  2⤵
  PID:9696
- C:\Windows\System\iiJJdeG.exe
  C:\Windows\System\iiJJdeG.exe
  2⤵
  PID:9692
- C:\Windows\System\TQpaKiL.exe
  C:\Windows\System\TQpaKiL.exe
  2⤵
  PID:9760
- C:\Windows\System\LhHtKTn.exe
  C:\Windows\System\LhHtKTn.exe
  2⤵
  PID:9832
- C:\Windows\System\SjtUaMY.exe
  C:\Windows\System\SjtUaMY.exe
  2⤵
  PID:9848
- C:\Windows\System\wjXRMWK.exe
  C:\Windows\System\wjXRMWK.exe
  2⤵
  PID:9912
- C:\Windows\System\kzJgsjZ.exe
  C:\Windows\System\kzJgsjZ.exe
  2⤵
  PID:9944
- C:\Windows\System\pCSAdeX.exe
  C:\Windows\System\pCSAdeX.exe
  2⤵
  PID:10032
- C:\Windows\System\yglEmJS.exe
  C:\Windows\System\yglEmJS.exe
  2⤵
  PID:10068
- C:\Windows\System\XnUzcqx.exe
  C:\Windows\System\XnUzcqx.exe
  2⤵
  PID:10216
- C:\Windows\System\DEUsUqc.exe
  C:\Windows\System\DEUsUqc.exe
  2⤵
  PID:9420
- C:\Windows\System\wVIZqnx.exe
  C:\Windows\System\wVIZqnx.exe
  2⤵
  PID:9548
- C:\Windows\System\zUSoGPA.exe
  C:\Windows\System\zUSoGPA.exe
  2⤵
  PID:9640
- C:\Windows\System\OdOKoPE.exe
  C:\Windows\System\OdOKoPE.exe
  2⤵
  PID:9856
- C:\Windows\System\IUyxipr.exe
  C:\Windows\System\IUyxipr.exe
  2⤵
  PID:9928
- C:\Windows\System\uGubAPA.exe
  C:\Windows\System\uGubAPA.exe
  2⤵
  PID:10056
- C:\Windows\System\xubSRsn.exe
  C:\Windows\System\xubSRsn.exe
  2⤵
  PID:9236
- C:\Windows\System\fBlyXwS.exe
  C:\Windows\System\fBlyXwS.exe
  2⤵
  PID:9476
- C:\Windows\System\TZETAUb.exe
  C:\Windows\System\TZETAUb.exe
  2⤵
  PID:7932
- C:\Windows\System\jDfNycZ.exe
  C:\Windows\System\jDfNycZ.exe
  2⤵
  PID:9980
- C:\Windows\System\YPRVoVk.exe
  C:\Windows\System\YPRVoVk.exe
  2⤵
  PID:10252
- C:\Windows\System\fkAJAlT.exe
  C:\Windows\System\fkAJAlT.exe
  2⤵
  PID:10272
- C:\Windows\System\qnWAUEz.exe
  C:\Windows\System\qnWAUEz.exe
  2⤵
  PID:10320
- C:\Windows\System\MmHdpQZ.exe
  C:\Windows\System\MmHdpQZ.exe
  2⤵
  PID:10340
- C:\Windows\System\hTDrIKC.exe
  C:\Windows\System\hTDrIKC.exe
  2⤵
  PID:10368
- C:\Windows\System\FsHNVFg.exe
  C:\Windows\System\FsHNVFg.exe
  2⤵
  PID:10408
- C:\Windows\System\SDFEIHd.exe
  C:\Windows\System\SDFEIHd.exe
  2⤵
  PID:10436
- C:\Windows\System\pzGwGay.exe
  C:\Windows\System\pzGwGay.exe
  2⤵
  PID:10452
- C:\Windows\System\vAzhSyC.exe
  C:\Windows\System\vAzhSyC.exe
  2⤵
  PID:10476
- C:\Windows\System\vBcyppW.exe
  C:\Windows\System\vBcyppW.exe
  2⤵
  PID:10540
- C:\Windows\System\eflBnLO.exe
  C:\Windows\System\eflBnLO.exe
  2⤵
  PID:10568
- C:\Windows\System\zkUfRhw.exe
  C:\Windows\System\zkUfRhw.exe
  2⤵
  PID:10588
- C:\Windows\System\sHpRSvQ.exe
  C:\Windows\System\sHpRSvQ.exe
  2⤵
  PID:10612
- C:\Windows\System\oBBxWYo.exe
  C:\Windows\System\oBBxWYo.exe
  2⤵
  PID:10656
- C:\Windows\System\mmknerK.exe
  C:\Windows\System\mmknerK.exe
  2⤵
  PID:10680
- C:\Windows\System\csJgbyJ.exe
  C:\Windows\System\csJgbyJ.exe
  2⤵
  PID:10696
- C:\Windows\System\WJqEgpj.exe
  C:\Windows\System\WJqEgpj.exe
  2⤵
  PID:10716
- C:\Windows\System\xwkGgwp.exe
  C:\Windows\System\xwkGgwp.exe
  2⤵
  PID:10748
- C:\Windows\System\YSbojDY.exe
  C:\Windows\System\YSbojDY.exe
  2⤵
  PID:10780
- C:\Windows\System\nFllhTi.exe
  C:\Windows\System\nFllhTi.exe
  2⤵
  PID:10824
- C:\Windows\System\RxhuxFi.exe
  C:\Windows\System\RxhuxFi.exe
  2⤵
  PID:10848
- C:\Windows\System\ssTRPlx.exe
  C:\Windows\System\ssTRPlx.exe
  2⤵
  PID:10888
- C:\Windows\System\vytZjCd.exe
  C:\Windows\System\vytZjCd.exe
  2⤵
  PID:10908
- C:\Windows\System\uNDtFFC.exe
  C:\Windows\System\uNDtFFC.exe
  2⤵
  PID:10932
- C:\Windows\System\sxGssAV.exe
  C:\Windows\System\sxGssAV.exe
  2⤵
  PID:10964
- C:\Windows\System\acsjXeK.exe
  C:\Windows\System\acsjXeK.exe
  2⤵
  PID:10988
- C:\Windows\System\FnTUjXS.exe
  C:\Windows\System\FnTUjXS.exe
  2⤵
  PID:11004
- C:\Windows\System\QuWqmNO.exe
  C:\Windows\System\QuWqmNO.exe
  2⤵
  PID:11024
- C:\Windows\System\jmaMAVo.exe
  C:\Windows\System\jmaMAVo.exe
  2⤵
  PID:11048
- C:\Windows\System\gDhdsML.exe
  C:\Windows\System\gDhdsML.exe
  2⤵
  PID:11104
- C:\Windows\System\lKFDIgM.exe
  C:\Windows\System\lKFDIgM.exe
  2⤵
  PID:11124
- C:\Windows\System\ONVJSPe.exe
  C:\Windows\System\ONVJSPe.exe
  2⤵
  PID:11144
- C:\Windows\System\sgjwbeT.exe
  C:\Windows\System\sgjwbeT.exe
  2⤵
  PID:11160
- C:\Windows\System\EtSdQUI.exe
  C:\Windows\System\EtSdQUI.exe
  2⤵
  PID:11180
- C:\Windows\System\JtNhLSa.exe
  C:\Windows\System\JtNhLSa.exe
  2⤵
  PID:11224
- C:\Windows\System\rBBBWJT.exe
  C:\Windows\System\rBBBWJT.exe
  2⤵
  PID:11252
- C:\Windows\System\UoVyoxT.exe
  C:\Windows\System\UoVyoxT.exe
  2⤵
  PID:10128
- C:\Windows\System\EkolzUN.exe
  C:\Windows\System\EkolzUN.exe
  2⤵
  PID:9996
- C:\Windows\System\bfLkBiS.exe
  C:\Windows\System\bfLkBiS.exe
  2⤵
  PID:10292
- C:\Windows\System\qJHTVno.exe
  C:\Windows\System\qJHTVno.exe
  2⤵
  PID:10284
- C:\Windows\System\lfXeCgg.exe
  C:\Windows\System\lfXeCgg.exe
  2⤵
  PID:10404
- C:\Windows\System\UiIEuPt.exe
  C:\Windows\System\UiIEuPt.exe
  2⤵
  PID:10448
- C:\Windows\System\OdDlHVF.exe
  C:\Windows\System\OdDlHVF.exe
  2⤵
  PID:10600
- C:\Windows\System\VijHYly.exe
  C:\Windows\System\VijHYly.exe
  2⤵
  PID:10652
- C:\Windows\System\lLZEgsY.exe
  C:\Windows\System\lLZEgsY.exe
  2⤵
  PID:10692
- C:\Windows\System\NrNgJAj.exe
  C:\Windows\System\NrNgJAj.exe
  2⤵
  PID:10764
- C:\Windows\System\ayslFGh.exe
  C:\Windows\System\ayslFGh.exe
  2⤵
  PID:10844
- C:\Windows\System\UsyelOo.exe
  C:\Windows\System\UsyelOo.exe
  2⤵
  PID:10880
- C:\Windows\System\MFRqNqq.exe
  C:\Windows\System\MFRqNqq.exe
  2⤵
  PID:10948
- C:\Windows\System\bfVdblL.exe
  C:\Windows\System\bfVdblL.exe
  2⤵
  PID:10984
- C:\Windows\System\iYywJqK.exe
  C:\Windows\System\iYywJqK.exe
  2⤵
  PID:11032
- C:\Windows\System\VHyoyjm.exe
  C:\Windows\System\VHyoyjm.exe
  2⤵
  PID:11152
- C:\Windows\System\lSLIcRx.exe
  C:\Windows\System\lSLIcRx.exe
  2⤵
  PID:11156
- C:\Windows\System\aYXNMlE.exe
  C:\Windows\System\aYXNMlE.exe
  2⤵
  PID:11260
- C:\Windows\System\AXiWWTi.exe
  C:\Windows\System\AXiWWTi.exe
  2⤵
  PID:9808
- C:\Windows\System\RcAbcTP.exe
  C:\Windows\System\RcAbcTP.exe
  2⤵
  PID:10596
- C:\Windows\System\UaVnugQ.exe
  C:\Windows\System\UaVnugQ.exe
  2⤵
  PID:10884
- C:\Windows\System\tqvcjAc.exe
  C:\Windows\System\tqvcjAc.exe
  2⤵
  PID:11044
- C:\Windows\System\DVwUqBt.exe
  C:\Windows\System\DVwUqBt.exe
  2⤵
  PID:11176
- C:\Windows\System\cgfagJp.exe
  C:\Windows\System\cgfagJp.exe
  2⤵
  PID:10500
- C:\Windows\System\zrJsHrd.exe
  C:\Windows\System\zrJsHrd.exe
  2⤵
  PID:11216
- C:\Windows\System\SymplaD.exe
  C:\Windows\System\SymplaD.exe
  2⤵
  PID:10804
- C:\Windows\System\mnaidbT.exe
  C:\Windows\System\mnaidbT.exe
  2⤵
  PID:11136
- C:\Windows\System\Rpwymcz.exe
  C:\Windows\System\Rpwymcz.exe
  2⤵
  PID:10740
- C:\Windows\System\wdtSoaE.exe
  C:\Windows\System\wdtSoaE.exe
  2⤵
  PID:11296
- C:\Windows\System\EKnAaot.exe
  C:\Windows\System\EKnAaot.exe
  2⤵
  PID:11328
- C:\Windows\System\ArcmsHf.exe
  C:\Windows\System\ArcmsHf.exe
  2⤵
  PID:11348
- C:\Windows\System\vRxtObo.exe
  C:\Windows\System\vRxtObo.exe
  2⤵
  PID:11368
- C:\Windows\System\eeQSTjC.exe
  C:\Windows\System\eeQSTjC.exe
  2⤵
  PID:11388
- C:\Windows\System\RiTLZRb.exe
  C:\Windows\System\RiTLZRb.exe
  2⤵
  PID:11408
- C:\Windows\System\yhrpHDc.exe
  C:\Windows\System\yhrpHDc.exe
  2⤵
  PID:11424
- C:\Windows\System\LFPbLBE.exe
  C:\Windows\System\LFPbLBE.exe
  2⤵
  PID:11468
- C:\Windows\System\IihPpAp.exe
  C:\Windows\System\IihPpAp.exe
  2⤵
  PID:11508
- C:\Windows\System\sqgfgPP.exe
  C:\Windows\System\sqgfgPP.exe
  2⤵
  PID:11524
- C:\Windows\System\pBQYlpe.exe
  C:\Windows\System\pBQYlpe.exe
  2⤵
  PID:11564
- C:\Windows\System\bzriFhW.exe
  C:\Windows\System\bzriFhW.exe
  2⤵
  PID:11628
- C:\Windows\System\qhGEGdH.exe
  C:\Windows\System\qhGEGdH.exe
  2⤵
  PID:11644
- C:\Windows\System\xDMGRQB.exe
  C:\Windows\System\xDMGRQB.exe
  2⤵
  PID:11668
- C:\Windows\System\vCpTjWT.exe
  C:\Windows\System\vCpTjWT.exe
  2⤵
  PID:11696
- C:\Windows\System\GEhUoTJ.exe
  C:\Windows\System\GEhUoTJ.exe
  2⤵
  PID:11792
- C:\Windows\System\vAfQbYP.exe
  C:\Windows\System\vAfQbYP.exe
  2⤵
  PID:11816
- C:\Windows\System\hsXCMhc.exe
  C:\Windows\System\hsXCMhc.exe
  2⤵
  PID:11832
- C:\Windows\System\hCLGoCx.exe
  C:\Windows\System\hCLGoCx.exe
  2⤵
  PID:11848
- C:\Windows\System\GIoxsWP.exe
  C:\Windows\System\GIoxsWP.exe
  2⤵
  PID:11864
- C:\Windows\System\HCnrntJ.exe
  C:\Windows\System\HCnrntJ.exe
  2⤵
  PID:11884
- C:\Windows\System\nxSFdpe.exe
  C:\Windows\System\nxSFdpe.exe
  2⤵
  PID:11960
- C:\Windows\System\tZQeyIZ.exe
  C:\Windows\System\tZQeyIZ.exe
  2⤵
  PID:11976
- C:\Windows\System\DYnUquJ.exe
  C:\Windows\System\DYnUquJ.exe
  2⤵
  PID:11992
- C:\Windows\System\LdnPfUt.exe
  C:\Windows\System\LdnPfUt.exe
  2⤵
  PID:12008
- C:\Windows\System\ofluubG.exe
  C:\Windows\System\ofluubG.exe
  2⤵
  PID:12024
- C:\Windows\System\BlDWwhr.exe
  C:\Windows\System\BlDWwhr.exe
  2⤵
  PID:12044
- C:\Windows\System\GQrPvbR.exe
  C:\Windows\System\GQrPvbR.exe
  2⤵
  PID:12060
- C:\Windows\System\lAmtYac.exe
  C:\Windows\System\lAmtYac.exe
  2⤵
  PID:12076
- C:\Windows\System\BGtJuKK.exe
  C:\Windows\System\BGtJuKK.exe
  2⤵
  PID:12092
- C:\Windows\System\GyjCsTA.exe
  C:\Windows\System\GyjCsTA.exe
  2⤵
  PID:12108
- C:\Windows\System\dEXgonn.exe
  C:\Windows\System\dEXgonn.exe
  2⤵
  PID:12152
- C:\Windows\System\sSrmUAA.exe
  C:\Windows\System\sSrmUAA.exe
  2⤵
  PID:12224
- C:\Windows\System\GUbTIdU.exe
  C:\Windows\System\GUbTIdU.exe
  2⤵
  PID:11336
- C:\Windows\System\rHyvvRD.exe
  C:\Windows\System\rHyvvRD.exe
  2⤵
  PID:10356
- C:\Windows\System\zuvmqHp.exe
  C:\Windows\System\zuvmqHp.exe
  2⤵
  PID:11452
- C:\Windows\System\QpueriI.exe
  C:\Windows\System\QpueriI.exe
  2⤵
  PID:11488
- C:\Windows\System\IngOYtl.exe
  C:\Windows\System\IngOYtl.exe
  2⤵
  PID:11608
- C:\Windows\System\LZVvqrT.exe
  C:\Windows\System\LZVvqrT.exe
  2⤵
  PID:11664
- C:\Windows\System\smPEyWq.exe
  C:\Windows\System\smPEyWq.exe
  2⤵
  PID:11752
- C:\Windows\System\gnRELVm.exe
  C:\Windows\System\gnRELVm.exe
  2⤵
  PID:11660
- C:\Windows\System\MGsWhAP.exe
  C:\Windows\System\MGsWhAP.exe
  2⤵
  PID:11936
- C:\Windows\System\ScvYjRM.exe
  C:\Windows\System\ScvYjRM.exe
  2⤵
  PID:11824
- C:\Windows\System\VpWYgVJ.exe
  C:\Windows\System\VpWYgVJ.exe
  2⤵
  PID:11740
- C:\Windows\System\DKgujUK.exe
  C:\Windows\System\DKgujUK.exe
  2⤵
  PID:11944
- C:\Windows\System\sXvFDYs.exe
  C:\Windows\System\sXvFDYs.exe
  2⤵
  PID:11892
- C:\Windows\System\hEHtNni.exe
  C:\Windows\System\hEHtNni.exe
  2⤵
  PID:11984
- C:\Windows\System\rlMqcZj.exe
  C:\Windows\System\rlMqcZj.exe
  2⤵
  PID:12032
- C:\Windows\System\BoXoyVg.exe
  C:\Windows\System\BoXoyVg.exe
  2⤵
  PID:12180
- C:\Windows\System\oUiQVYl.exe
  C:\Windows\System\oUiQVYl.exe
  2⤵
  PID:12128
- C:\Windows\System\qDqGGeY.exe
  C:\Windows\System\qDqGGeY.exe
  2⤵
  PID:12236
- C:\Windows\System\hfkcUFX.exe
  C:\Windows\System\hfkcUFX.exe
  2⤵
  PID:12276
- C:\Windows\System\GRZmPtS.exe
  C:\Windows\System\GRZmPtS.exe
  2⤵
  PID:11444
- C:\Windows\System\ECCUXJC.exe
  C:\Windows\System\ECCUXJC.exe
  2⤵
  PID:11640
- C:\Windows\System\hGuhueK.exe
  C:\Windows\System\hGuhueK.exe
  2⤵
  PID:11688
- C:\Windows\System\FOnQVYu.exe
  C:\Windows\System\FOnQVYu.exe
  2⤵
  PID:11860
- C:\Windows\System\mvteNLb.exe
  C:\Windows\System\mvteNLb.exe
  2⤵
  PID:12120
- C:\Windows\System\eggAtBN.exe
  C:\Windows\System\eggAtBN.exe
  2⤵
  PID:12172
- C:\Windows\System\wHCtWww.exe
  C:\Windows\System\wHCtWww.exe
  2⤵
  PID:11400
- C:\Windows\System\PqZZuEy.exe
  C:\Windows\System\PqZZuEy.exe
  2⤵
  PID:11556
- C:\Windows\System\TGFVKjs.exe
  C:\Windows\System\TGFVKjs.exe
  2⤵
  PID:2500
- C:\Windows\System\ZmwtOKi.exe
  C:\Windows\System\ZmwtOKi.exe
  2⤵
  PID:12020
- C:\Windows\System\lICFkdD.exe
  C:\Windows\System\lICFkdD.exe
  2⤵
  PID:12264
- C:\Windows\System\CtjwVeS.exe
  C:\Windows\System\CtjwVeS.exe
  2⤵
  PID:11812
- C:\Windows\System\wWRWPCv.exe
  C:\Windows\System\wWRWPCv.exe
  2⤵
  PID:11920
- C:\Windows\System\nTCSAbI.exe
  C:\Windows\System\nTCSAbI.exe
  2⤵
  PID:12308
- C:\Windows\System\ZwtSEFI.exe
  C:\Windows\System\ZwtSEFI.exe
  2⤵
  PID:12336
- C:\Windows\System\doxvZwK.exe
  C:\Windows\System\doxvZwK.exe
  2⤵
  PID:12356
- C:\Windows\System\xmoUCgA.exe
  C:\Windows\System\xmoUCgA.exe
  2⤵
  PID:12396
- C:\Windows\System\RBgeTPw.exe
  C:\Windows\System\RBgeTPw.exe
  2⤵
  PID:12420
- C:\Windows\System\SXKelVX.exe
  C:\Windows\System\SXKelVX.exe
  2⤵
  PID:12456
- C:\Windows\System\gxnOYYS.exe
  C:\Windows\System\gxnOYYS.exe
  2⤵
  PID:12484
- C:\Windows\System\SAdFmvr.exe
  C:\Windows\System\SAdFmvr.exe
  2⤵
  PID:12504
- C:\Windows\System\ccHnQsS.exe
  C:\Windows\System\ccHnQsS.exe
  2⤵
  PID:12524
- C:\Windows\System\WEdHeCs.exe
  C:\Windows\System\WEdHeCs.exe
  2⤵
  PID:12552
- C:\Windows\System\aGuFSWD.exe
  C:\Windows\System\aGuFSWD.exe
  2⤵
  PID:12596
- C:\Windows\System\hdCJOOk.exe
  C:\Windows\System\hdCJOOk.exe
  2⤵
  PID:12620
- C:\Windows\System\iKZiObt.exe
  C:\Windows\System\iKZiObt.exe
  2⤵
  PID:12660
- C:\Windows\System\wGvzXqg.exe
  C:\Windows\System\wGvzXqg.exe
  2⤵
  PID:12680
- C:\Windows\System\eehUawy.exe
  C:\Windows\System\eehUawy.exe
  2⤵
  PID:12712
- C:\Windows\System\BehtttG.exe
  C:\Windows\System\BehtttG.exe
  2⤵
  PID:12736
- C:\Windows\System\MudAYSB.exe
  C:\Windows\System\MudAYSB.exe
  2⤵
  PID:12760
- C:\Windows\System\wLndBZo.exe
  C:\Windows\System\wLndBZo.exe
  2⤵
  PID:12792
- C:\Windows\System\gqQyKDY.exe
  C:\Windows\System\gqQyKDY.exe
  2⤵
  PID:12816
- C:\Windows\System\XccfSli.exe
  C:\Windows\System\XccfSli.exe
  2⤵
  PID:12856
- C:\Windows\System\yuaKliR.exe
  C:\Windows\System\yuaKliR.exe
  2⤵
  PID:12876
- C:\Windows\System\asBrrYP.exe
  C:\Windows\System\asBrrYP.exe
  2⤵
  PID:12900
- C:\Windows\System\KcZykRk.exe
  C:\Windows\System\KcZykRk.exe
  2⤵
  PID:12920
- C:\Windows\System\Dspbkan.exe
  C:\Windows\System\Dspbkan.exe
  2⤵
  PID:12948
- C:\Windows\System\FohcZnc.exe
  C:\Windows\System\FohcZnc.exe
  2⤵
  PID:12972
- C:\Windows\System\EIiXOSB.exe
  C:\Windows\System\EIiXOSB.exe
  2⤵
  PID:12988
- C:\Windows\System\BtGAKMk.exe
  C:\Windows\System\BtGAKMk.exe
  2⤵
  PID:13020
- C:\Windows\System\eMIdhgx.exe
  C:\Windows\System\eMIdhgx.exe
  2⤵
  PID:13056
- C:\Windows\System\GgFtdIl.exe
  C:\Windows\System\GgFtdIl.exe
  2⤵
  PID:13084
- C:\Windows\System\XdBCyLI.exe
  C:\Windows\System\XdBCyLI.exe
  2⤵
  PID:13108
- C:\Windows\System\fEkyycI.exe
  C:\Windows\System\fEkyycI.exe
  2⤵
  PID:13156
- C:\Windows\System\hDgFwEl.exe
  C:\Windows\System\hDgFwEl.exe
  2⤵
  PID:13176
- C:\Windows\System\GhvoMON.exe
  C:\Windows\System\GhvoMON.exe
  2⤵
  PID:13196
- C:\Windows\System\OLDtfbV.exe
  C:\Windows\System\OLDtfbV.exe
  2⤵
  PID:13216
- C:\Windows\System\AOhUMqT.exe
  C:\Windows\System\AOhUMqT.exe
  2⤵
  PID:13240
- C:\Windows\System\uAyhiXy.exe
  C:\Windows\System\uAyhiXy.exe
  2⤵
  PID:13284
- C:\Windows\System\MRmfIgI.exe
  C:\Windows\System\MRmfIgI.exe
  2⤵
  PID:7060
- C:\Windows\System\DSlKIyP.exe
  C:\Windows\System\DSlKIyP.exe
  2⤵
  PID:12332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_32rmb0pa.jo1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BQfitbV.exe

Filesize
1.7MB

MD5
ebb52028688d5a2454ce64e64f9c13b1

SHA1
f2c2fc8da0a7a1515980eaa62d417f206337fac3

SHA256
5b8b6900933121a86e59cf14552bb4aa6aba388e994e41cd724b8ca96cc77287

SHA512
13dc92a5ac00e20a0f25e4ae111dcf4e6f8a5698db48f524e815f59321d569e9cb73693145d578edf8b414ddbfdc5fc1c3b924da34d3c5558cf4256d2ff237d0

Download Submit
C:\Windows\System\BTLpyAs.exe

Filesize
1.7MB

MD5
b4d2ea148e49a8513506c29682d06b4c

SHA1
a77f15fb4cb1d45d2d8918b76bef881660eb735d

SHA256
ee91df34eb8b14ac67eeb4ac91f63ebade85d9b7d166c9e8efbed0a435fca27a

SHA512
857f89745e7fe30e609eb081a6341a9e12d7ca03ee1da94b6afbfc1152af6350903c190db3f38a52278453257429c72f8ec0646aa52e5f37850a6091fbebde69

Download Submit
C:\Windows\System\CWships.exe

Filesize
1.7MB

MD5
86f39ee60e133b309a549880506cedb0

SHA1
fbcd38579e960c21b2ac50d9aa0b5db11fa2bc77

SHA256
49e61e73fd5dcf25398a1cf585d982bd38eca8345724a02ed73a1c2545f15ab3

SHA512
5f6e38a3e028642c8c5da5e9b92694ad563ff86b76a475f2fd131b7a7ff0b8a0f7716de4af974ea9c2f82526b00c83e89dd91917158bfc9068cbf829fae49a62

Download Submit
C:\Windows\System\GuREIQE.exe

Filesize
1.7MB

MD5
ed4af7d6d53ad31ec7ca26c32eaac19b

SHA1
334c2995e70c7c011d3ad42275cfb59fc0f2df76

SHA256
c5a4664aeffd8c8193f64ba221c9b4f7f0a14d800977ab55cc1a54631f8f1586

SHA512
4574bacaec4c221fb5bf03979f3419b78dd58ea3a748bf2f8ef9364876e815ac1fd47b0f0d6cb302b5440dc719b4eca46d2833dd49d5005e0ecf263110c7440e

Download Submit
C:\Windows\System\IANSTcL.exe

Filesize
1.7MB

MD5
f579dea0f2b0d13cb12cbec14013d46c

SHA1
0a6ae57f72705ee3dc723730b8a8556edc720c26

SHA256
5716cab89bbd4a647048280b778304a637f05cad229192e9c42b4e6bb2114a61

SHA512
8252d1acef2ef83d9eb1aad2a91416876655340c118a500f5a1bc1b3883c63c08e6f6ec4ca9e97b1c3d5faab4c93815c6c65dae5e5ef8135769faf4e8e7a035f

Download Submit
C:\Windows\System\JEqifAU.exe

Filesize
1.7MB

MD5
648524527d3128b04869335bec33308e

SHA1
5876cfc88b69d6a74916e024186e9ad29ef88200

SHA256
d4cb92b9c1ef2cf45cf2c20c0b43215813177b3fb2182702a5cd1ecbd53e1902

SHA512
6ddefc0f0e2346f93570d7530c1b67b10cc7aa58bc58d65a450af9a8465a0c63a72c2b415e2fc39413cf95a591cd82e95fc2576b9507971130ddb7e5c28193a4

Download Submit
C:\Windows\System\JfeYoJE.exe

Filesize
1.7MB

MD5
f72ced4b79baa6f1004b4f6f72cb244e

SHA1
9196f9df744a9b52c697ea115b1b9ffcc51bfa4c

SHA256
4b72516de20f21e37ff822ba94ed28caf2849d2a7831744c709ee4cd240675ea

SHA512
d0a2413c909a8b20cf40cf1c6b7ee196f089afa76eba0eb674d5c5908860c8fd023983437d85a5071d5a20e4327bd4a7fa5defbb5f930cd3b860bd994fb7cb9f

Download Submit
C:\Windows\System\LrIioAF.exe

Filesize
1.7MB

MD5
07a5a5ead4a7e2cfa85a471e7a3196c6

SHA1
1ac8effb721c7a0e2ab2237c924066e136edf4e7

SHA256
4e9a7ea337f83e01a5b7bd4d61c69f943d3fe16624f088c15f39d015c1a0c930

SHA512
4c2d053b9949c6f1e836c5acab8531b8357e97d1b3728ab2514d5a518c13ad461e02ff0b1b1b87e1aa93b022b0d8d4ee215668cd66a42f4a7659418c6d9591ba

Download Submit
C:\Windows\System\OmRdqhi.exe

Filesize
1.7MB

MD5
8e4fa82e267eb5fe34323a1c8073d342

SHA1
6bb0f770073737e9a87aae07df8dd145f38a30d2

SHA256
65fa754a5033d52eb9f24e378e898b6f9ba52b4d03d4fc3b251ee80cc5019413

SHA512
93eed0baf28ed4b6b807762946a9d58473a27e7d31be8ff7fb86e73462b7f194e4ebdb25744dd0f8a891b11a6d43ac0e8c0b2176129c95f10c72f485784cc6f2

Download Submit
C:\Windows\System\OyCMika.exe

Filesize
1.7MB

MD5
1ceec8d9841ac7da2c1812b1f6dd5e38

SHA1
090faf795fdef0ef2ebecd6550afc5151a7afe1e

SHA256
541dd278e946f9326d60d9227af1c9f6d94ac5a4e3af44930486a950549135ab

SHA512
7e38ca1276539a3c05e6059c82e6585a0b4a298b19e77ccd09f8283f8456f62185fb98c33b4cbf71eac6f30677ec728d84e5c1a4639405c2df011b3ed2b2d4cb

Download Submit
C:\Windows\System\PiJrrOP.exe

Filesize
1.7MB

MD5
953d7990b94abd614581980c0a9fc2ba

SHA1
8f4a632282eea60265e6edbe6a8983d8e53b1dd3

SHA256
6c6b279a0bed8f19acba97c5bf4365965ec84ba88bb490c101b5d2839cceaf07

SHA512
6d0812afb2423f5fbbad603f7378e12e6bea1d65cdf365a8e821f8447a60aeea15cf44534314665d0b209ab6c13eda9964257b993dcc01cc357a55e3f158c43a

Download Submit
C:\Windows\System\SSpmZif.exe

Filesize
1.7MB

MD5
4157df210a41a7e66b2c9e1a50a11158

SHA1
b868a1dfe78213659469ccc60294a08f39af8599

SHA256
0f45ac6163cbcce38de2233d0c3faff82abd2e97f186c8f240223f7848be374e

SHA512
e07ca78024192192eccb9518fd1f1dac75fb95a9d96a9884eeb1c528773e3c7f5fd4cc6c127a418277c1e9e9b28084e7e61810464ad8ea2dd2b15a892ad718d3

Download Submit
C:\Windows\System\TIeAujD.exe

Filesize
1.7MB

MD5
c5a8b31cad192d2993314e3af84f0415

SHA1
0859989b953bb9d97678e4cee0aa437bed20c1cf

SHA256
9c089f4b5cce61f1caecb0f365cb5fe19754a868d96f579f1d043b6d9b16d02c

SHA512
2baa894a7eef815cfee017ee00e00eae974235226c109802a0e03b7b52214ca1c8ed823e2075ddade76253a3a3e852af1490202d4f697a043290770ffa2f52f5

Download Submit
C:\Windows\System\ThvMpaA.exe

Filesize
1.7MB

MD5
33c239809784943144b04ebb82bf0a71

SHA1
43be808b522fb1d7b2c9125caf085129b7f50165

SHA256
6ce36bb356fe19a5cb9fb51b07fd6276c4f598515f0dce7c020d6cade7be3370

SHA512
89a4205c4cafb03d1d3031802bc738dc7e64ef05353fb253d4efd4d999ab77d24b5962f010c227c40967305720cac8bd6e21d11fc9ec999cbb55466443d728c9

Download Submit
C:\Windows\System\TiIlSyW.exe

Filesize
1.7MB

MD5
7862148c69bd7dde4d57fc9803355a88

SHA1
e841564c857f72fe9e0cb97edd70b31e232c1c9b

SHA256
5787e11f0f8373185045a854074650d869304cad4c3b5f090b03cd904d9cedf0

SHA512
de49129a75c441e5794615da606acaaf59110a8b8bfbc788d2b7ab57497af7d4d0ae3aa3db21159b56d9cac041f19e2452ff965d99395bec4a5b9c66f439c6ab

Download Submit
C:\Windows\System\TukHPpI.exe

Filesize
8B

MD5
ad3f333d986a4e838544e6a1ffd8d747

SHA1
41f79a093377aaa01c7cb700a8045d731af8f64f

SHA256
f423ca9458a2e0acee675d670905f0bc53b8bab42947eb6fce4040123bd48cd3

SHA512
18bcd51b7d9603269cab8557803e7c8fd468cf3ac805e5326eb9555d26b04c7c3db72445d50e2aff54efe581f95fede65228fbceb7f22f856b7607e8b8cd7ac8

Download Submit
C:\Windows\System\UjjRQmD.exe

Filesize
1.7MB

MD5
76efb8622c4f046afb279466b634bc5d

SHA1
24373eda1561e66b38a86956d2cafc3f643a83e1

SHA256
f7742b3904245f648e65b9e81bcbd04a7e0313339eefc081b8dedefbc697065c

SHA512
04b55e371fbf89b3b4618846eb20fb7ca3c8eef8844f0618cbbb92fe983cd50bca4fb7f6fd7f87b7ac7698837108c169351c3f97301103ab7138a25d573635da

Download Submit
C:\Windows\System\WFKioxx.exe

Filesize
1.7MB

MD5
0c1485c9aa47a140e7e2da076437c21c

SHA1
eea300505fac8723bc5f844b625662fbe18fd2e7

SHA256
f3c9699c9abac2171632a6408aa0c63095b57592db7100f297854c702bb5cee0

SHA512
6c0c4c6c30b3a0fbd347bc76e412559e2c1a7703c2b3104dc26c8f63d241bd85d8a43623c8458a46d5a4325480ec88ad0db76a91fcddc4a8b5a9e9275b9a8c53

Download Submit
C:\Windows\System\XLNWDKq.exe

Filesize
1.7MB

MD5
12b82416e652c7804e60ba456c5b389c

SHA1
731bc48d8d6afa5b0df6bca2c11acc0f2718dad0

SHA256
6b94185c5a65b04491c5dab9b4ab582cf9bd5b64332ba1b531bdc7b16de4c64f

SHA512
73b7c84a453c673801002d122e1442ecadc4a856cea5dff81521100e324cae782fd88cb8926d85cf04491f9a5a84fcbf11b8dfe447af94b1650fed8cbfd364e2

Download Submit
C:\Windows\System\ZWAKzaJ.exe

Filesize
1.7MB

MD5
bdca9e07fb667d111800fa9ca6c0a607

SHA1
5beb4d32797601cc221b1d2da4996a8207475cc1

SHA256
9d80ea2f430a79588db3e6613eb6b20b5d873fddf708d6066107a2e65e9fa12b

SHA512
6b86231d6dcb10d98cfac8e8b115a17bc78a2a3f1d8054cf3e1c1dce18b1cddf7bcbd16ffbb9e565a78e53c1b325846f4604bb08c0dde99eb8d99a6d9d28f621

Download Submit
C:\Windows\System\dCkKTgf.exe

Filesize
1.7MB

MD5
282c5afc865972c4cd4a55a4af22c92f

SHA1
ed4fa3740aec824a65a2e8857e6a2d6989ad491f

SHA256
6aa53f569c1b9835041a81b1350b0ab746c9db67068a358a6dc38d54271e32eb

SHA512
4719a4271c3bd58990ee0c68dab21d5ec994d8ffab3e505181ef0bafd4ea10bfe786c2c196d0cbf5bd0c2e78128bcc547fccc3fd5683247d5f32c11434ee1993

Download Submit
C:\Windows\System\gQURxLG.exe

Filesize
1.7MB

MD5
633ca1f84d36f72b6e692445a90ab117

SHA1
e4f6f6a022d440472c2be3c1592acdc767018099

SHA256
c69fab441645a87dbb5860101ef4c321e0895e58777024ac755bcda2e88005fb

SHA512
313df0ed47b3ace5c27798780e518c4ad1849541085c53d29c247361f8be2a50b40c828f65b68277bc361a7ab74f2b0cd8a465b2dae1907f7709151cfb196929

Download Submit
C:\Windows\System\gYcYOiU.exe

Filesize
1.7MB

MD5
8e719e9a1f75228e7e7bbe56f5c409a5

SHA1
d58aa3203804b38b22939dbff7fe6758eea9b530

SHA256
b5d5d334676d843b0eaa6525deae757c01550439b7e9e42a736e86e5ffcfad9f

SHA512
c4da8e250e96bf3906535604306e821921aabeb8918c3f626fd7f3873e7f3c34f743aa113af62f63b5c6a3418710775b1fdf427912e250d014d29e5c4d823590

Download Submit
C:\Windows\System\hBDRjOM.exe

Filesize
1.7MB

MD5
4e0952dd982d834c59e719c1aef121cf

SHA1
ec12a78ad258227e0f9ab5adb3225d0561e2b9f5

SHA256
f5dce1c04abb50bb7bd222f3abb49c6475d0034ae58539bad2dbfd8b8e4c4da7

SHA512
ad8bda5b5f1f73ee010fb3966e8d88e702021b2905c7abafb8ef0529414eb7d99b058faaea602b72c22c21507d9a71c510ab91c8e7b2763091ebff3f77d1f6a1

Download Submit
C:\Windows\System\ixdUQhN.exe

Filesize
1.7MB

MD5
5bea89d0db366b9405140ec5f5a18be6

SHA1
3ed3f6a51900b35cb2e76e3e8e3de288966a3b67

SHA256
9ed81b14995ed5bfe25f06b0dd6eb593e645532a31f7c0405f688565600a8e10

SHA512
29d45adbdf53952fffac75b4716d7b06b7a53a5d464dade8f69a8074672746dffdc1d6bdd220debd303875320656f6ddae1ea8bdc96e0739af09c1572da17a03

Download Submit
C:\Windows\System\lXQoOgv.exe

Filesize
1.7MB

MD5
15afd257c56c131daf139b5d4d868693

SHA1
6a5fce7cdbe43c1738cc58a87c3debd668f08c5d

SHA256
4ac22a1457f4b7b67a04437c08903586808160bcabc75bad62c59f7c87d913a0

SHA512
1be9979fdb22c8a65f4deba19c7209f87d49ee25e5b8f6dfcc49e6b41a7675053f2e96b96fb74f1f55f51481d4ae33c71bf66de9a4c099a19d5e36730cab4fec

Download Submit
C:\Windows\System\mlRPnKL.exe

Filesize
1.7MB

MD5
2506dc76f2cfc9bda0b3cc8fbb050090

SHA1
a4afcf72fc83a2b1628fc5aebc4792c15f99c20b

SHA256
701472de63d9308398edf1e4534e9ff3405a153710ce4f5b5728ca223d05323f

SHA512
9a07410748a13a6d81e34c26e46ea4eb31e916426e3477d73c48a299f2f3fbc501b9a29adc28c1de8873a2770c17863a1f27679f52d13d9a7975d71bdcd07c68

Download Submit
C:\Windows\System\mxMxKye.exe

Filesize
1.7MB

MD5
5fd49d9b5b46b5fd9729b57787aa2b6f

SHA1
1ee9d8c20611bad9c2c9864f7ed9cd3f4b990636

SHA256
efc11f77abededc1336c9ef3350da9e76887500290dedf9b054835afe9d9dc6a

SHA512
968c9d47ac8ddbb1513c07f2ccae71d0497c53a00f99ccc8e3438de449c8a5ccc3de84e26e1e5df21c401fd12e75f07980ca9e3019d680b9e1faef22083a2567

Download Submit
C:\Windows\System\nqFgoFL.exe

Filesize
1.7MB

MD5
a6d797d904f1fdd54f1de201d57a355e

SHA1
a4ec82561f2d78b305a0c0ae9e4b1bf681b5636e

SHA256
ce72f4e5abd8f5e411c26226a331158726607a72297272839755dc5d92e32bcc

SHA512
c838575b1595b6ec781f31c0a661d55d602241614abd71bb165ad369ddf6705c3dfa48354ef8b74190deac939381e1d811d16a6a93fdead0d5c3bbc0cdbb6df5

Download Submit
C:\Windows\System\okCFVUu.exe

Filesize
1.7MB

MD5
84034407221160a048fc7a77ec19d0b8

SHA1
7ebcc26e4c280181d37fd348a7b05bf173420904

SHA256
909fe662ba2754c1d390d86bf5f477b445394461384a174df3b25bec64bdb822

SHA512
75b6f5d2398fe5b592224472f182d8fea1e781bb09d9b880ef457929cc6815ce4c380e1ac8750d359d9c980c5d5817aa9232605bd1d9940284e9e82393025d41

Download Submit
C:\Windows\System\pHqbUhH.exe

Filesize
1.7MB

MD5
cc224dec7b74cf56f29abebc6f8e9f92

SHA1
921c9dca7372d5f24fd5b94e806627fe235f4236

SHA256
a3b03e4bc1d310b0f6cbd101ff8450a0ce5ad4aaa3db3cdbec73cabc015329c2

SHA512
82e5d3ddaf6a2e3d8419e18bb3a34a4477c751b764f24860eae3f99ef4ee935a9c84b777417b96eea4ec9a7702cd01f99dae61062e1ca971f0345a45aa03dd4a

Download Submit
C:\Windows\System\sKbFPxy.exe

Filesize
1.7MB

MD5
cbd02707715f49adf339286f2d4dfcee

SHA1
d085c3cb3cd7e2bfd194ab54cecf0fdce75476a7

SHA256
92595a3a1a55da1732aef616f81f04ef996184a400acb633316163d2582e7e2d

SHA512
f9fefc5ce4ed390170e9bd994330ca1a8bca34fb8f2c094219b61ab4858d0ebd83c703b139b238bb2889703ab999c362127bc81a9ff78e63bb5d077010225051

Download Submit
C:\Windows\System\tDYvuXX.exe

Filesize
1.7MB

MD5
d83414935ea81857fd9b72f7b41849ea

SHA1
48708b4bffa3f4b7f5b63fc85fdc2f6dc4626d73

SHA256
3c908638f191b182622c01249bc5c77fc88e3f7637268dac84cedde935103d98

SHA512
35d6ee894f4fc00a22c35911756bf699afb699540a6a85ef9b535358ee220d42fc8134a4cdf3cb90ccd55a605ce730cfdc247c7a793e99b14f8f137e96743739

Download Submit
C:\Windows\System\uAeXoug.exe

Filesize
1.7MB

MD5
a8e52f66ee5168900981bc23766f2eba

SHA1
3741e3f92fe1ec06c4f00f3280ba2263c5afa617

SHA256
8f6c02373ecfc285580e7ca171faa62cdd2955c2710825c268104ff621c437e7

SHA512
f8b78d1059b2834dc9a8dddb5389c7f1bd9e735ecc723f31ff6eca2dbe2df651426436e9ec1cb5ad09ee39984c37c780c25f5bcfa15dc08df4a7d0ac7cde7bf0

Download Submit
memory/468-582-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp

Filesize
3.9MB

Download
memory/468-3101-0x00007FF7D0F60000-0x00007FF7D1352000-memory.dmp

Filesize
3.9MB

Download
memory/500-446-0x00007FF7DDA20000-0x00007FF7DDE12000-memory.dmp

Filesize
3.9MB

Download
memory/500-3121-0x00007FF7DDA20000-0x00007FF7DDE12000-memory.dmp

Filesize
3.9MB

Download
memory/1140-3104-0x00007FF6A0E10000-0x00007FF6A1202000-memory.dmp

Filesize
3.9MB

Download
memory/1140-753-0x00007FF6A0E10000-0x00007FF6A1202000-memory.dmp

Filesize
3.9MB

Download
memory/1444-399-0x00007FF7FBAB0000-0x00007FF7FBEA2000-memory.dmp

Filesize
3.9MB

Download
memory/1444-3098-0x00007FF7FBAB0000-0x00007FF7FBEA2000-memory.dmp

Filesize
3.9MB

Download
memory/1620-3110-0x00007FF610EE0000-0x00007FF6112D2000-memory.dmp

Filesize
3.9MB

Download
memory/1620-395-0x00007FF610EE0000-0x00007FF6112D2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-396-0x00007FF724920000-0x00007FF724D12000-memory.dmp

Filesize
3.9MB

Download
memory/1648-3108-0x00007FF724920000-0x00007FF724D12000-memory.dmp

Filesize
3.9MB

Download
memory/1712-35-0x00007FF618DB0000-0x00007FF6191A2000-memory.dmp

Filesize
3.9MB

Download
memory/1712-3087-0x00007FF618DB0000-0x00007FF6191A2000-memory.dmp

Filesize
3.9MB

Download
memory/1744-40-0x00007FF739680000-0x00007FF739A72000-memory.dmp

Filesize
3.9MB

Download
memory/1744-3085-0x00007FF739680000-0x00007FF739A72000-memory.dmp

Filesize
3.9MB

Download
memory/1948-3112-0x00007FF68A960000-0x00007FF68AD52000-memory.dmp

Filesize
3.9MB

Download
memory/1948-653-0x00007FF68A960000-0x00007FF68AD52000-memory.dmp

Filesize
3.9MB

Download
memory/2036-3090-0x00007FF6B4E40000-0x00007FF6B5232000-memory.dmp

Filesize
3.9MB

Download
memory/2036-68-0x00007FF6B4E40000-0x00007FF6B5232000-memory.dmp

Filesize
3.9MB

Download
memory/2240-3117-0x00007FF718250000-0x00007FF718642000-memory.dmp

Filesize
3.9MB

Download
memory/2240-431-0x00007FF718250000-0x00007FF718642000-memory.dmp

Filesize
3.9MB

Download
memory/2336-539-0x00007FF616D80000-0x00007FF617172000-memory.dmp

Filesize
3.9MB

Download
memory/2336-3125-0x00007FF616D80000-0x00007FF617172000-memory.dmp

Filesize
3.9MB

Download
memory/2460-0-0x00007FF765D60000-0x00007FF766152000-memory.dmp

Filesize
3.9MB

Download
memory/2460-1-0x0000025A06130000-0x0000025A06140000-memory.dmp

Filesize
64KB

Download
memory/2612-453-0x00007FF6F6D10000-0x00007FF6F7102000-memory.dmp

Filesize
3.9MB

Download
memory/2612-3119-0x00007FF6F6D10000-0x00007FF6F7102000-memory.dmp

Filesize
3.9MB

Download
memory/3284-3032-0x00007FF729490000-0x00007FF729882000-memory.dmp

Filesize
3.9MB

Download
memory/3284-3079-0x00007FF729490000-0x00007FF729882000-memory.dmp

Filesize
3.9MB

Download
memory/3284-13-0x00007FF729490000-0x00007FF729882000-memory.dmp

Filesize
3.9MB

Download
memory/3308-490-0x00007FF63CE30000-0x00007FF63D222000-memory.dmp

Filesize
3.9MB

Download
memory/3308-3123-0x00007FF63CE30000-0x00007FF63D222000-memory.dmp

Filesize
3.9MB

Download
memory/3360-397-0x00007FF763170000-0x00007FF763562000-memory.dmp

Filesize
3.9MB

Download
memory/3360-3106-0x00007FF763170000-0x00007FF763562000-memory.dmp

Filesize
3.9MB

Download
memory/3572-401-0x00007FF788350000-0x00007FF788742000-memory.dmp

Filesize
3.9MB

Download
memory/3572-3114-0x00007FF788350000-0x00007FF788742000-memory.dmp

Filesize
3.9MB

Download
memory/3720-3115-0x00007FF72C680000-0x00007FF72CA72000-memory.dmp

Filesize
3.9MB

Download
memory/3720-415-0x00007FF72C680000-0x00007FF72CA72000-memory.dmp

Filesize
3.9MB

Download
memory/3972-394-0x0000021ABDEF0000-0x0000021ABE696000-memory.dmp

Filesize
7.6MB

Download
memory/3972-118-0x0000021AA4300000-0x0000021AA4322000-memory.dmp

Filesize
136KB

Download
memory/4108-44-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp

Filesize
3.9MB

Download
memory/4108-3093-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp

Filesize
3.9MB

Download
memory/4108-3045-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp

Filesize
3.9MB

Download
memory/4384-3096-0x00007FF6391F0000-0x00007FF6395E2000-memory.dmp

Filesize
3.9MB

Download
memory/4384-400-0x00007FF6391F0000-0x00007FF6395E2000-memory.dmp

Filesize
3.9MB

Download
memory/4444-3084-0x00007FF63B610000-0x00007FF63BA02000-memory.dmp

Filesize
3.9MB

Download
memory/4444-32-0x00007FF63B610000-0x00007FF63BA02000-memory.dmp

Filesize
3.9MB

Download
memory/4472-3091-0x00007FF76BDC0000-0x00007FF76C1B2000-memory.dmp

Filesize
3.9MB

Download
memory/4472-54-0x00007FF76BDC0000-0x00007FF76C1B2000-memory.dmp

Filesize
3.9MB

Download
memory/4472-3047-0x00007FF76BDC0000-0x00007FF76C1B2000-memory.dmp

Filesize
3.9MB

Download
memory/4496-3100-0x00007FF721A30000-0x00007FF721E22000-memory.dmp

Filesize
3.9MB

Download
memory/4496-398-0x00007FF721A30000-0x00007FF721E22000-memory.dmp

Filesize
3.9MB

Download
memory/4516-31-0x00007FF619990000-0x00007FF619D82000-memory.dmp

Filesize
3.9MB

Download
memory/4516-3081-0x00007FF619990000-0x00007FF619D82000-memory.dmp

Filesize
3.9MB

Download