xmrig | f6f33fd6df94272f6413b9ca2564b34d013c193ff52bec67241d093d416dba9f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
Size

1.9MB
MD5

53c72f90539994eb2a0649d83a1212e0
SHA1

54ee8d4c0c746426cccf313c6ad8dc50d0ab840c
SHA256

f6f33fd6df94272f6413b9ca2564b34d013c193ff52bec67241d093d416dba9f
SHA512

23388f5bae39e252128fc4332c2583a4315355c015224fe4ce7e2e7128c1ebe28fce905f424bcd663c033aae49efde8885336cbedbffaf7c4dbbfe28727c994a
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQW/zFdDEANW7FPy:BemTLkNdfE0pZrQu

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 13676 created 14032	13676	WerFaultSecure.exe	746

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3496-0-0x00007FF6A9530000-0x00007FF6A9884000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b89-7.dat	xmrig
behavioral2/memory/5016-35-0x00007FF688A60000-0x00007FF688DB4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8a-31.dat	xmrig
behavioral2/files/0x000a000000023b93-85.dat	xmrig
behavioral2/files/0x000a000000023b9b-104.dat	xmrig
behavioral2/files/0x000a000000023ba2-139.dat	xmrig
behavioral2/files/0x000a000000023b9d-161.dat	xmrig
behavioral2/files/0x000a000000023ba5-178.dat	xmrig
behavioral2/memory/2548-198-0x00007FF709160000-0x00007FF7094B4000-memory.dmp	xmrig
behavioral2/memory/1944-209-0x00007FF65A390000-0x00007FF65A6E4000-memory.dmp	xmrig
behavioral2/memory/1840-213-0x00007FF6A0180000-0x00007FF6A04D4000-memory.dmp	xmrig
behavioral2/memory/2996-219-0x00007FF6E7ED0000-0x00007FF6E8224000-memory.dmp	xmrig
behavioral2/memory/2024-224-0x00007FF67BA10000-0x00007FF67BD64000-memory.dmp	xmrig
behavioral2/memory/2032-223-0x00007FF6D9DF0000-0x00007FF6DA144000-memory.dmp	xmrig
behavioral2/memory/5036-222-0x00007FF7541E0000-0x00007FF754534000-memory.dmp	xmrig
behavioral2/memory/400-221-0x00007FF666CC0000-0x00007FF667014000-memory.dmp	xmrig
behavioral2/memory/4128-220-0x00007FF717860000-0x00007FF717BB4000-memory.dmp	xmrig
behavioral2/memory/4788-218-0x00007FF7BC5A0000-0x00007FF7BC8F4000-memory.dmp	xmrig
behavioral2/memory/4908-217-0x00007FF67C630000-0x00007FF67C984000-memory.dmp	xmrig
behavioral2/memory/2292-216-0x00007FF677D70000-0x00007FF6780C4000-memory.dmp	xmrig
behavioral2/memory/3864-215-0x00007FF61E970000-0x00007FF61ECC4000-memory.dmp	xmrig
behavioral2/memory/2096-214-0x00007FF7A9E40000-0x00007FF7AA194000-memory.dmp	xmrig
behavioral2/memory/4916-212-0x00007FF77DEF0000-0x00007FF77E244000-memory.dmp	xmrig
behavioral2/memory/3660-211-0x00007FF7BC450000-0x00007FF7BC7A4000-memory.dmp	xmrig
behavioral2/memory/4420-210-0x00007FF6E6B50000-0x00007FF6E6EA4000-memory.dmp	xmrig
behavioral2/memory/1340-208-0x00007FF764EC0000-0x00007FF765214000-memory.dmp	xmrig
behavioral2/memory/724-207-0x00007FF61CCE0000-0x00007FF61D034000-memory.dmp	xmrig
behavioral2/memory/4948-204-0x00007FF61C4F0000-0x00007FF61C844000-memory.dmp	xmrig
behavioral2/memory/1700-197-0x00007FF668E40000-0x00007FF669194000-memory.dmp	xmrig
behavioral2/memory/4448-186-0x00007FF721AA0000-0x00007FF721DF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba0-175.dat	xmrig
behavioral2/memory/912-165-0x00007FF62D7F0000-0x00007FF62DB44000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9c-159.dat	xmrig
behavioral2/files/0x000a000000023baa-158.dat	xmrig
behavioral2/files/0x000a000000023ba1-156.dat	xmrig
behavioral2/files/0x000a000000023b97-154.dat	xmrig
behavioral2/files/0x000a000000023b9f-150.dat	xmrig
behavioral2/files/0x000a000000023ba9-149.dat	xmrig
behavioral2/files/0x000a000000023b9a-166.dat	xmrig
behavioral2/memory/4308-148-0x00007FF7810E0000-0x00007FF781434000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba8-147.dat	xmrig
behavioral2/files/0x000a000000023ba7-146.dat	xmrig
behavioral2/files/0x000a000000023ba6-145.dat	xmrig
behavioral2/files/0x000a000000023b98-142.dat	xmrig
behavioral2/files/0x000a000000023ba4-141.dat	xmrig
behavioral2/files/0x000a000000023ba3-140.dat	xmrig
behavioral2/files/0x000a000000023b9e-163.dat	xmrig
behavioral2/files/0x000a000000023b96-132.dat	xmrig
behavioral2/files/0x000a000000023b99-125.dat	xmrig
behavioral2/memory/4256-124-0x00007FF677820000-0x00007FF677B74000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b94-107.dat	xmrig
behavioral2/files/0x000a000000023b95-97.dat	xmrig
behavioral2/files/0x000a000000023b91-90.dat	xmrig
behavioral2/memory/4488-83-0x00007FF62F8B0000-0x00007FF62FC04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8d-70.dat	xmrig
behavioral2/files/0x000a000000023b8f-68.dat	xmrig
behavioral2/memory/2656-65-0x00007FF640AC0000-0x00007FF640E14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b92-60.dat	xmrig
behavioral2/files/0x000a000000023b90-76.dat	xmrig
behavioral2/files/0x000a000000023b8e-44.dat	xmrig
behavioral2/files/0x000a000000023b8c-56.dat	xmrig
behavioral2/memory/3116-42-0x00007FF742630000-0x00007FF742984000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8b-50.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5016	bWUmMXc.exe
4788	iDNNaUf.exe
2996	JsinOkG.exe
3116	FPYSMDI.exe
2656	Jtbtozv.exe
4488	NzKKZkb.exe
4256	nLWmims.exe
4308	yubkZTd.exe
4128	BqZLHHP.exe
912	FPInGPV.exe
4448	fqbGfvj.exe
400	JqKPkAz.exe
1700	lvrGGCV.exe
5036	MmHrgim.exe
2548	BAViizm.exe
4948	yDdMFUl.exe
724	tQEoOLU.exe
2032	RFlkQWM.exe
1340	QrgRCbJ.exe
1944	RvJSqeW.exe
4420	wHNVxdX.exe
3660	oMYnjdd.exe
4916	aDWQiya.exe
2024	UVkAuVF.exe
1840	SGafrGm.exe
2096	qEaEaQP.exe
3864	XuiTgck.exe
2292	navMErH.exe
4908	zfaNVVM.exe
3180	ycHrmji.exe
4452	yfGDumI.exe
1316	XkMbgfO.exe
2052	eCTnTFm.exe
2704	VeKQskn.exe
3112	RvdLKQB.exe
2908	SPYuFFw.exe
3868	scFuxmL.exe
2276	NobslYK.exe
3532	CdYpSrs.exe
2848	UgInQIp.exe
780	CyPzWBG.exe
3452	lsEFZam.exe
3948	ofxvUGW.exe
3440	dAyHVkY.exe
4752	xRdUgxP.exe
2644	MOkOkJS.exe
3972	iDPybXi.exe
668	igxhECm.exe
2612	crrVjUB.exe
3860	fhPJpqB.exe
4980	gVwcYpg.exe
2912	GvaaDCX.exe
2068	ZZWIIZT.exe
5072	kFxpfGZ.exe
644	jjWpgmq.exe
3156	JfmxrlM.exe
3000	nNMIVsZ.exe
1176	iEkMbIb.exe
3092	uIbtsmU.exe
4824	qdUFpyW.exe
2404	npJaLFP.exe
1072	wDMkqpr.exe
4624	LwAIYVx.exe
1652	jfYIisG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3496-0-0x00007FF6A9530000-0x00007FF6A9884000-memory.dmp	upx
behavioral2/files/0x000a000000023b89-7.dat	upx
behavioral2/memory/5016-35-0x00007FF688A60000-0x00007FF688DB4000-memory.dmp	upx
behavioral2/files/0x000a000000023b8a-31.dat	upx
behavioral2/files/0x000a000000023b93-85.dat	upx
behavioral2/files/0x000a000000023b9b-104.dat	upx
behavioral2/files/0x000a000000023ba2-139.dat	upx
behavioral2/files/0x000a000000023b9d-161.dat	upx
behavioral2/files/0x000a000000023ba5-178.dat	upx
behavioral2/memory/2548-198-0x00007FF709160000-0x00007FF7094B4000-memory.dmp	upx
behavioral2/memory/1944-209-0x00007FF65A390000-0x00007FF65A6E4000-memory.dmp	upx
behavioral2/memory/1840-213-0x00007FF6A0180000-0x00007FF6A04D4000-memory.dmp	upx
behavioral2/memory/2996-219-0x00007FF6E7ED0000-0x00007FF6E8224000-memory.dmp	upx
behavioral2/memory/2024-224-0x00007FF67BA10000-0x00007FF67BD64000-memory.dmp	upx
behavioral2/memory/2032-223-0x00007FF6D9DF0000-0x00007FF6DA144000-memory.dmp	upx
behavioral2/memory/5036-222-0x00007FF7541E0000-0x00007FF754534000-memory.dmp	upx
behavioral2/memory/400-221-0x00007FF666CC0000-0x00007FF667014000-memory.dmp	upx
behavioral2/memory/4128-220-0x00007FF717860000-0x00007FF717BB4000-memory.dmp	upx
behavioral2/memory/4788-218-0x00007FF7BC5A0000-0x00007FF7BC8F4000-memory.dmp	upx
behavioral2/memory/4908-217-0x00007FF67C630000-0x00007FF67C984000-memory.dmp	upx
behavioral2/memory/2292-216-0x00007FF677D70000-0x00007FF6780C4000-memory.dmp	upx
behavioral2/memory/3864-215-0x00007FF61E970000-0x00007FF61ECC4000-memory.dmp	upx
behavioral2/memory/2096-214-0x00007FF7A9E40000-0x00007FF7AA194000-memory.dmp	upx
behavioral2/memory/4916-212-0x00007FF77DEF0000-0x00007FF77E244000-memory.dmp	upx
behavioral2/memory/3660-211-0x00007FF7BC450000-0x00007FF7BC7A4000-memory.dmp	upx
behavioral2/memory/4420-210-0x00007FF6E6B50000-0x00007FF6E6EA4000-memory.dmp	upx
behavioral2/memory/1340-208-0x00007FF764EC0000-0x00007FF765214000-memory.dmp	upx
behavioral2/memory/724-207-0x00007FF61CCE0000-0x00007FF61D034000-memory.dmp	upx
behavioral2/memory/4948-204-0x00007FF61C4F0000-0x00007FF61C844000-memory.dmp	upx
behavioral2/memory/1700-197-0x00007FF668E40000-0x00007FF669194000-memory.dmp	upx
behavioral2/memory/4448-186-0x00007FF721AA0000-0x00007FF721DF4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba0-175.dat	upx
behavioral2/memory/912-165-0x00007FF62D7F0000-0x00007FF62DB44000-memory.dmp	upx
behavioral2/files/0x000a000000023b9c-159.dat	upx
behavioral2/files/0x000a000000023baa-158.dat	upx
behavioral2/files/0x000a000000023ba1-156.dat	upx
behavioral2/files/0x000a000000023b97-154.dat	upx
behavioral2/files/0x000a000000023b9f-150.dat	upx
behavioral2/files/0x000a000000023ba9-149.dat	upx
behavioral2/files/0x000a000000023b9a-166.dat	upx
behavioral2/memory/4308-148-0x00007FF7810E0000-0x00007FF781434000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-147.dat	upx
behavioral2/files/0x000a000000023ba7-146.dat	upx
behavioral2/files/0x000a000000023ba6-145.dat	upx
behavioral2/files/0x000a000000023b98-142.dat	upx
behavioral2/files/0x000a000000023ba4-141.dat	upx
behavioral2/files/0x000a000000023ba3-140.dat	upx
behavioral2/files/0x000a000000023b9e-163.dat	upx
behavioral2/files/0x000a000000023b96-132.dat	upx
behavioral2/files/0x000a000000023b99-125.dat	upx
behavioral2/memory/4256-124-0x00007FF677820000-0x00007FF677B74000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-107.dat	upx
behavioral2/files/0x000a000000023b95-97.dat	upx
behavioral2/files/0x000a000000023b91-90.dat	upx
behavioral2/memory/4488-83-0x00007FF62F8B0000-0x00007FF62FC04000-memory.dmp	upx
behavioral2/files/0x000a000000023b8d-70.dat	upx
behavioral2/files/0x000a000000023b8f-68.dat	upx
behavioral2/memory/2656-65-0x00007FF640AC0000-0x00007FF640E14000-memory.dmp	upx
behavioral2/files/0x000a000000023b92-60.dat	upx
behavioral2/files/0x000a000000023b90-76.dat	upx
behavioral2/files/0x000a000000023b8e-44.dat	upx
behavioral2/files/0x000a000000023b8c-56.dat	upx
behavioral2/memory/3116-42-0x00007FF742630000-0x00007FF742984000-memory.dmp	upx
behavioral2/files/0x000a000000023b8b-50.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ipsUPZp.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\bLvbEKv.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\pySeTut.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\MYwpxfN.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\qAlLjom.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\uFtSvxs.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\gYZAlgX.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\yRVxUKT.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\VDOoLIE.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\IIzTvMW.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\zfgvFKE.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\CnIopsl.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\qCQYiDd.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\kUfWAQX.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\ANbsbIx.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\HvMqRYj.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\xNczIxb.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\PLGqZUx.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\GxSQYkt.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\SAsZMLZ.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\PoHxfrQ.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\NobslYK.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\HvgZssc.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\YGFQJJQ.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\TUqYiRF.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\XhMtfRk.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\EzGAELO.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\bbZWbCW.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\xlNlnGL.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\HPeKSwz.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\ZCAODYo.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\awLsWcP.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\XbDsBNU.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\oMYnjdd.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\zfaNVVM.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\NlRSoKn.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\ScqYkdh.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\zBVbWKb.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\SPYuFFw.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\hPSTSoe.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\gIidEkz.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\cfoibfp.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\KsFKEgF.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\FPYSMDI.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\JhLETQk.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\ZzhrgBZ.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\NpFJxKw.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\UiTLYJp.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\LpTrHJw.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\OucHCqF.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\clsRFGs.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\vcCgkwc.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\xmbWDZS.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\KMterfn.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\GpXODhY.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\KJuRkIT.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\DYsVYFL.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\uhoQEtu.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\sqakPpW.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\jVLFlza.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\VPWXrvX.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\mRhweeG.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\ycHrmji.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
File created	C:\Windows\System\BUoZTsh.exe	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
14320	WerFaultSecure.exe
14320	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 5016	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	85
PID 3496 wrote to memory of 5016	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	85
PID 3496 wrote to memory of 3116	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	86
PID 3496 wrote to memory of 3116	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	86
PID 3496 wrote to memory of 4788	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	87
PID 3496 wrote to memory of 4788	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	87
PID 3496 wrote to memory of 2996	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	88
PID 3496 wrote to memory of 2996	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	88
PID 3496 wrote to memory of 2656	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	89
PID 3496 wrote to memory of 2656	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	89
PID 3496 wrote to memory of 4488	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	90
PID 3496 wrote to memory of 4488	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	90
PID 3496 wrote to memory of 4256	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	91
PID 3496 wrote to memory of 4256	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	91
PID 3496 wrote to memory of 4308	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	92
PID 3496 wrote to memory of 4308	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	92
PID 3496 wrote to memory of 4128	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	93
PID 3496 wrote to memory of 4128	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	93
PID 3496 wrote to memory of 912	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	94
PID 3496 wrote to memory of 912	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	94
PID 3496 wrote to memory of 4448	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	95
PID 3496 wrote to memory of 4448	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	95
PID 3496 wrote to memory of 400	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	96
PID 3496 wrote to memory of 400	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	96
PID 3496 wrote to memory of 1700	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	97
PID 3496 wrote to memory of 1700	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	97
PID 3496 wrote to memory of 5036	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	98
PID 3496 wrote to memory of 5036	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	98
PID 3496 wrote to memory of 2548	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	99
PID 3496 wrote to memory of 2548	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	99
PID 3496 wrote to memory of 4948	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	100
PID 3496 wrote to memory of 4948	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	100
PID 3496 wrote to memory of 724	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	101
PID 3496 wrote to memory of 724	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	101
PID 3496 wrote to memory of 2032	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	102
PID 3496 wrote to memory of 2032	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	102
PID 3496 wrote to memory of 1340	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	103
PID 3496 wrote to memory of 1340	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	103
PID 3496 wrote to memory of 2024	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	104
PID 3496 wrote to memory of 2024	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	104
PID 3496 wrote to memory of 1944	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	105
PID 3496 wrote to memory of 1944	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	105
PID 3496 wrote to memory of 4420	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	106
PID 3496 wrote to memory of 4420	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	106
PID 3496 wrote to memory of 3660	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	107
PID 3496 wrote to memory of 3660	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	107
PID 3496 wrote to memory of 4916	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	108
PID 3496 wrote to memory of 4916	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	108
PID 3496 wrote to memory of 3112	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	109
PID 3496 wrote to memory of 3112	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	109
PID 3496 wrote to memory of 1840	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	110
PID 3496 wrote to memory of 1840	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	110
PID 3496 wrote to memory of 2096	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	111
PID 3496 wrote to memory of 2096	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	111
PID 3496 wrote to memory of 3864	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	112
PID 3496 wrote to memory of 3864	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	112
PID 3496 wrote to memory of 2292	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	113
PID 3496 wrote to memory of 2292	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	113
PID 3496 wrote to memory of 4908	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	114
PID 3496 wrote to memory of 4908	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	114
PID 3496 wrote to memory of 3180	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	115
PID 3496 wrote to memory of 3180	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	115
PID 3496 wrote to memory of 4452	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	116
PID 3496 wrote to memory of 4452	3496	53c72f90539994eb2a0649d83a1212e0_NEIKI.exe	116

C:\Users\Admin\AppData\Local\Temp\53c72f90539994eb2a0649d83a1212e0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\53c72f90539994eb2a0649d83a1212e0_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Windows\System\bWUmMXc.exe
  C:\Windows\System\bWUmMXc.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\FPYSMDI.exe
  C:\Windows\System\FPYSMDI.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\iDNNaUf.exe
  C:\Windows\System\iDNNaUf.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\JsinOkG.exe
  C:\Windows\System\JsinOkG.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\Jtbtozv.exe
  C:\Windows\System\Jtbtozv.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\NzKKZkb.exe
  C:\Windows\System\NzKKZkb.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\nLWmims.exe
  C:\Windows\System\nLWmims.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\yubkZTd.exe
  C:\Windows\System\yubkZTd.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\BqZLHHP.exe
  C:\Windows\System\BqZLHHP.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\FPInGPV.exe
  C:\Windows\System\FPInGPV.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\fqbGfvj.exe
  C:\Windows\System\fqbGfvj.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\JqKPkAz.exe
  C:\Windows\System\JqKPkAz.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\lvrGGCV.exe
  C:\Windows\System\lvrGGCV.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\MmHrgim.exe
  C:\Windows\System\MmHrgim.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\BAViizm.exe
  C:\Windows\System\BAViizm.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\yDdMFUl.exe
  C:\Windows\System\yDdMFUl.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\tQEoOLU.exe
  C:\Windows\System\tQEoOLU.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\RFlkQWM.exe
  C:\Windows\System\RFlkQWM.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\QrgRCbJ.exe
  C:\Windows\System\QrgRCbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\UVkAuVF.exe
  C:\Windows\System\UVkAuVF.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\RvJSqeW.exe
  C:\Windows\System\RvJSqeW.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\wHNVxdX.exe
  C:\Windows\System\wHNVxdX.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\oMYnjdd.exe
  C:\Windows\System\oMYnjdd.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\aDWQiya.exe
  C:\Windows\System\aDWQiya.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\RvdLKQB.exe
  C:\Windows\System\RvdLKQB.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\SGafrGm.exe
  C:\Windows\System\SGafrGm.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\qEaEaQP.exe
  C:\Windows\System\qEaEaQP.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\XuiTgck.exe
  C:\Windows\System\XuiTgck.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\navMErH.exe
  C:\Windows\System\navMErH.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\zfaNVVM.exe
  C:\Windows\System\zfaNVVM.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\ycHrmji.exe
  C:\Windows\System\ycHrmji.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\yfGDumI.exe
  C:\Windows\System\yfGDumI.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\XkMbgfO.exe
  C:\Windows\System\XkMbgfO.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\eCTnTFm.exe
  C:\Windows\System\eCTnTFm.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\VeKQskn.exe
  C:\Windows\System\VeKQskn.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\SPYuFFw.exe
  C:\Windows\System\SPYuFFw.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\scFuxmL.exe
  C:\Windows\System\scFuxmL.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\NobslYK.exe
  C:\Windows\System\NobslYK.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\CdYpSrs.exe
  C:\Windows\System\CdYpSrs.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\UgInQIp.exe
  C:\Windows\System\UgInQIp.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\CyPzWBG.exe
  C:\Windows\System\CyPzWBG.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\lsEFZam.exe
  C:\Windows\System\lsEFZam.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\ofxvUGW.exe
  C:\Windows\System\ofxvUGW.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\dAyHVkY.exe
  C:\Windows\System\dAyHVkY.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\xRdUgxP.exe
  C:\Windows\System\xRdUgxP.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\MOkOkJS.exe
  C:\Windows\System\MOkOkJS.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\iDPybXi.exe
  C:\Windows\System\iDPybXi.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\igxhECm.exe
  C:\Windows\System\igxhECm.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\crrVjUB.exe
  C:\Windows\System\crrVjUB.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\fhPJpqB.exe
  C:\Windows\System\fhPJpqB.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\gVwcYpg.exe
  C:\Windows\System\gVwcYpg.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\GvaaDCX.exe
  C:\Windows\System\GvaaDCX.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ZZWIIZT.exe
  C:\Windows\System\ZZWIIZT.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\kFxpfGZ.exe
  C:\Windows\System\kFxpfGZ.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\jjWpgmq.exe
  C:\Windows\System\jjWpgmq.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\JfmxrlM.exe
  C:\Windows\System\JfmxrlM.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\nNMIVsZ.exe
  C:\Windows\System\nNMIVsZ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\iEkMbIb.exe
  C:\Windows\System\iEkMbIb.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\uIbtsmU.exe
  C:\Windows\System\uIbtsmU.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\qdUFpyW.exe
  C:\Windows\System\qdUFpyW.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\npJaLFP.exe
  C:\Windows\System\npJaLFP.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\wDMkqpr.exe
  C:\Windows\System\wDMkqpr.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\LwAIYVx.exe
  C:\Windows\System\LwAIYVx.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\jfYIisG.exe
  C:\Windows\System\jfYIisG.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\uJbqPze.exe
  C:\Windows\System\uJbqPze.exe
  2⤵
  PID:4968
- C:\Windows\System\lIVcPpF.exe
  C:\Windows\System\lIVcPpF.exe
  2⤵
  PID:4476
- C:\Windows\System\midPYUQ.exe
  C:\Windows\System\midPYUQ.exe
  2⤵
  PID:1952
- C:\Windows\System\DWCFLct.exe
  C:\Windows\System\DWCFLct.exe
  2⤵
  PID:1876
- C:\Windows\System\xbttmUL.exe
  C:\Windows\System\xbttmUL.exe
  2⤵
  PID:1604
- C:\Windows\System\mwTWgnR.exe
  C:\Windows\System\mwTWgnR.exe
  2⤵
  PID:3932
- C:\Windows\System\UDaafez.exe
  C:\Windows\System\UDaafez.exe
  2⤵
  PID:3204
- C:\Windows\System\SNabmAY.exe
  C:\Windows\System\SNabmAY.exe
  2⤵
  PID:1844
- C:\Windows\System\jupWWER.exe
  C:\Windows\System\jupWWER.exe
  2⤵
  PID:1776
- C:\Windows\System\BWMzGzC.exe
  C:\Windows\System\BWMzGzC.exe
  2⤵
  PID:4900
- C:\Windows\System\aICGaqv.exe
  C:\Windows\System\aICGaqv.exe
  2⤵
  PID:4012
- C:\Windows\System\JYKKfrS.exe
  C:\Windows\System\JYKKfrS.exe
  2⤵
  PID:4796
- C:\Windows\System\MvzzjGi.exe
  C:\Windows\System\MvzzjGi.exe
  2⤵
  PID:3188
- C:\Windows\System\VHzJixm.exe
  C:\Windows\System\VHzJixm.exe
  2⤵
  PID:1532
- C:\Windows\System\agbPUXH.exe
  C:\Windows\System\agbPUXH.exe
  2⤵
  PID:3284
- C:\Windows\System\ejIrRPw.exe
  C:\Windows\System\ejIrRPw.exe
  2⤵
  PID:3624
- C:\Windows\System\ucJgxwC.exe
  C:\Windows\System\ucJgxwC.exe
  2⤵
  PID:3704
- C:\Windows\System\lfpbmKw.exe
  C:\Windows\System\lfpbmKw.exe
  2⤵
  PID:4940
- C:\Windows\System\NlRSoKn.exe
  C:\Windows\System\NlRSoKn.exe
  2⤵
  PID:2212
- C:\Windows\System\RbrRANG.exe
  C:\Windows\System\RbrRANG.exe
  2⤵
  PID:3224
- C:\Windows\System\gFuqJJX.exe
  C:\Windows\System\gFuqJJX.exe
  2⤵
  PID:4380
- C:\Windows\System\ldLlQpA.exe
  C:\Windows\System\ldLlQpA.exe
  2⤵
  PID:3372
- C:\Windows\System\HeZQccy.exe
  C:\Windows\System\HeZQccy.exe
  2⤵
  PID:1504
- C:\Windows\System\ZYwiZhj.exe
  C:\Windows\System\ZYwiZhj.exe
  2⤵
  PID:1044
- C:\Windows\System\hJrDlzn.exe
  C:\Windows\System\hJrDlzn.exe
  2⤵
  PID:352
- C:\Windows\System\rKHIHlp.exe
  C:\Windows\System\rKHIHlp.exe
  2⤵
  PID:2524
- C:\Windows\System\JZPfQyD.exe
  C:\Windows\System\JZPfQyD.exe
  2⤵
  PID:2300
- C:\Windows\System\xNczIxb.exe
  C:\Windows\System\xNczIxb.exe
  2⤵
  PID:5032
- C:\Windows\System\QDPSehu.exe
  C:\Windows\System\QDPSehu.exe
  2⤵
  PID:4744
- C:\Windows\System\bekkIIJ.exe
  C:\Windows\System\bekkIIJ.exe
  2⤵
  PID:1404
- C:\Windows\System\ohekEoH.exe
  C:\Windows\System\ohekEoH.exe
  2⤵
  PID:4288
- C:\Windows\System\SjYlaWh.exe
  C:\Windows\System\SjYlaWh.exe
  2⤵
  PID:4768
- C:\Windows\System\CqHFVPB.exe
  C:\Windows\System\CqHFVPB.exe
  2⤵
  PID:828
- C:\Windows\System\HDdlRNy.exe
  C:\Windows\System\HDdlRNy.exe
  2⤵
  PID:3244
- C:\Windows\System\eewudhb.exe
  C:\Windows\System\eewudhb.exe
  2⤵
  PID:548
- C:\Windows\System\cqkTPCB.exe
  C:\Windows\System\cqkTPCB.exe
  2⤵
  PID:3832
- C:\Windows\System\HJTbHXX.exe
  C:\Windows\System\HJTbHXX.exe
  2⤵
  PID:4912
- C:\Windows\System\KlcfeIy.exe
  C:\Windows\System\KlcfeIy.exe
  2⤵
  PID:1128
- C:\Windows\System\JQWBRec.exe
  C:\Windows\System\JQWBRec.exe
  2⤵
  PID:1096
- C:\Windows\System\UosQvXu.exe
  C:\Windows\System\UosQvXu.exe
  2⤵
  PID:3192
- C:\Windows\System\qklGZwz.exe
  C:\Windows\System\qklGZwz.exe
  2⤵
  PID:5168
- C:\Windows\System\sdkautT.exe
  C:\Windows\System\sdkautT.exe
  2⤵
  PID:5184
- C:\Windows\System\OQUljRD.exe
  C:\Windows\System\OQUljRD.exe
  2⤵
  PID:5212
- C:\Windows\System\bbZWbCW.exe
  C:\Windows\System\bbZWbCW.exe
  2⤵
  PID:5228
- C:\Windows\System\IeXlrjq.exe
  C:\Windows\System\IeXlrjq.exe
  2⤵
  PID:5252
- C:\Windows\System\Lpzpxva.exe
  C:\Windows\System\Lpzpxva.exe
  2⤵
  PID:5288
- C:\Windows\System\sKGxikd.exe
  C:\Windows\System\sKGxikd.exe
  2⤵
  PID:5324
- C:\Windows\System\qfwBUxd.exe
  C:\Windows\System\qfwBUxd.exe
  2⤵
  PID:5360
- C:\Windows\System\xPAEAmA.exe
  C:\Windows\System\xPAEAmA.exe
  2⤵
  PID:5392
- C:\Windows\System\gYZAlgX.exe
  C:\Windows\System\gYZAlgX.exe
  2⤵
  PID:5424
- C:\Windows\System\LIIUseZ.exe
  C:\Windows\System\LIIUseZ.exe
  2⤵
  PID:5448
- C:\Windows\System\rcWNaqO.exe
  C:\Windows\System\rcWNaqO.exe
  2⤵
  PID:5476
- C:\Windows\System\OjbcnnF.exe
  C:\Windows\System\OjbcnnF.exe
  2⤵
  PID:5496
- C:\Windows\System\BrHzfDE.exe
  C:\Windows\System\BrHzfDE.exe
  2⤵
  PID:5524
- C:\Windows\System\cDGTsjW.exe
  C:\Windows\System\cDGTsjW.exe
  2⤵
  PID:5552
- C:\Windows\System\NlmHlGH.exe
  C:\Windows\System\NlmHlGH.exe
  2⤵
  PID:5584
- C:\Windows\System\yRVxUKT.exe
  C:\Windows\System\yRVxUKT.exe
  2⤵
  PID:5612
- C:\Windows\System\hwNPrSk.exe
  C:\Windows\System\hwNPrSk.exe
  2⤵
  PID:5636
- C:\Windows\System\YPapmAc.exe
  C:\Windows\System\YPapmAc.exe
  2⤵
  PID:5676
- C:\Windows\System\SqdtMmp.exe
  C:\Windows\System\SqdtMmp.exe
  2⤵
  PID:5700
- C:\Windows\System\ScqYkdh.exe
  C:\Windows\System\ScqYkdh.exe
  2⤵
  PID:5728
- C:\Windows\System\dksHzis.exe
  C:\Windows\System\dksHzis.exe
  2⤵
  PID:5752
- C:\Windows\System\ZREvjrc.exe
  C:\Windows\System\ZREvjrc.exe
  2⤵
  PID:5800
- C:\Windows\System\FKikyQL.exe
  C:\Windows\System\FKikyQL.exe
  2⤵
  PID:5824
- C:\Windows\System\OosLVEz.exe
  C:\Windows\System\OosLVEz.exe
  2⤵
  PID:5844
- C:\Windows\System\fDhlnCU.exe
  C:\Windows\System\fDhlnCU.exe
  2⤵
  PID:5868
- C:\Windows\System\QelMCnj.exe
  C:\Windows\System\QelMCnj.exe
  2⤵
  PID:5884
- C:\Windows\System\JFLExFA.exe
  C:\Windows\System\JFLExFA.exe
  2⤵
  PID:5916
- C:\Windows\System\bLvbEKv.exe
  C:\Windows\System\bLvbEKv.exe
  2⤵
  PID:5952
- C:\Windows\System\iplbiMp.exe
  C:\Windows\System\iplbiMp.exe
  2⤵
  PID:5980
- C:\Windows\System\hPSTSoe.exe
  C:\Windows\System\hPSTSoe.exe
  2⤵
  PID:6000
- C:\Windows\System\LpTrHJw.exe
  C:\Windows\System\LpTrHJw.exe
  2⤵
  PID:6036
- C:\Windows\System\pySeTut.exe
  C:\Windows\System\pySeTut.exe
  2⤵
  PID:6068
- C:\Windows\System\uxwhvGj.exe
  C:\Windows\System\uxwhvGj.exe
  2⤵
  PID:6096
- C:\Windows\System\HvgZssc.exe
  C:\Windows\System\HvgZssc.exe
  2⤵
  PID:6124
- C:\Windows\System\RtrhpIH.exe
  C:\Windows\System\RtrhpIH.exe
  2⤵
  PID:5156
- C:\Windows\System\UVjLkhc.exe
  C:\Windows\System\UVjLkhc.exe
  2⤵
  PID:5208
- C:\Windows\System\fgUcOTV.exe
  C:\Windows\System\fgUcOTV.exe
  2⤵
  PID:5272
- C:\Windows\System\LrutkUA.exe
  C:\Windows\System\LrutkUA.exe
  2⤵
  PID:5356
- C:\Windows\System\hozEMRt.exe
  C:\Windows\System\hozEMRt.exe
  2⤵
  PID:5436
- C:\Windows\System\PvadCbO.exe
  C:\Windows\System\PvadCbO.exe
  2⤵
  PID:5484
- C:\Windows\System\fXNNgBB.exe
  C:\Windows\System\fXNNgBB.exe
  2⤵
  PID:5540
- C:\Windows\System\dlnZXJK.exe
  C:\Windows\System\dlnZXJK.exe
  2⤵
  PID:5596
- C:\Windows\System\fMXSsSS.exe
  C:\Windows\System\fMXSsSS.exe
  2⤵
  PID:5672
- C:\Windows\System\wRrXrfB.exe
  C:\Windows\System\wRrXrfB.exe
  2⤵
  PID:5720
- C:\Windows\System\PLGqZUx.exe
  C:\Windows\System\PLGqZUx.exe
  2⤵
  PID:5740
- C:\Windows\System\aoABskJ.exe
  C:\Windows\System\aoABskJ.exe
  2⤵
  PID:5820
- C:\Windows\System\OuWQhYB.exe
  C:\Windows\System\OuWQhYB.exe
  2⤵
  PID:5880
- C:\Windows\System\VDOoLIE.exe
  C:\Windows\System\VDOoLIE.exe
  2⤵
  PID:5996
- C:\Windows\System\FdAsrPi.exe
  C:\Windows\System\FdAsrPi.exe
  2⤵
  PID:6028
- C:\Windows\System\fyiYuPD.exe
  C:\Windows\System\fyiYuPD.exe
  2⤵
  PID:6112
- C:\Windows\System\IIzTvMW.exe
  C:\Windows\System\IIzTvMW.exe
  2⤵
  PID:5276
- C:\Windows\System\wGuXhfy.exe
  C:\Windows\System\wGuXhfy.exe
  2⤵
  PID:5444
- C:\Windows\System\KREQsjx.exe
  C:\Windows\System\KREQsjx.exe
  2⤵
  PID:5516
- C:\Windows\System\mxSdMXr.exe
  C:\Windows\System\mxSdMXr.exe
  2⤵
  PID:5688
- C:\Windows\System\vBtWPhu.exe
  C:\Windows\System\vBtWPhu.exe
  2⤵
  PID:5852
- C:\Windows\System\ilRggxv.exe
  C:\Windows\System\ilRggxv.exe
  2⤵
  PID:5204
- C:\Windows\System\qzXGbsP.exe
  C:\Windows\System\qzXGbsP.exe
  2⤵
  PID:6136
- C:\Windows\System\JbNOlSA.exe
  C:\Windows\System\JbNOlSA.exe
  2⤵
  PID:5568
- C:\Windows\System\TUqYiRF.exe
  C:\Windows\System\TUqYiRF.exe
  2⤵
  PID:6020
- C:\Windows\System\JcsmdQQ.exe
  C:\Windows\System\JcsmdQQ.exe
  2⤵
  PID:5512
- C:\Windows\System\KZmioNU.exe
  C:\Windows\System\KZmioNU.exe
  2⤵
  PID:6108
- C:\Windows\System\khyafaC.exe
  C:\Windows\System\khyafaC.exe
  2⤵
  PID:6172
- C:\Windows\System\LNbgDiJ.exe
  C:\Windows\System\LNbgDiJ.exe
  2⤵
  PID:6200
- C:\Windows\System\SGRSFKX.exe
  C:\Windows\System\SGRSFKX.exe
  2⤵
  PID:6228
- C:\Windows\System\BUoZTsh.exe
  C:\Windows\System\BUoZTsh.exe
  2⤵
  PID:6268
- C:\Windows\System\aieBODp.exe
  C:\Windows\System\aieBODp.exe
  2⤵
  PID:6284
- C:\Windows\System\yysKERL.exe
  C:\Windows\System\yysKERL.exe
  2⤵
  PID:6316
- C:\Windows\System\qsIsSNv.exe
  C:\Windows\System\qsIsSNv.exe
  2⤵
  PID:6340
- C:\Windows\System\nQiDccN.exe
  C:\Windows\System\nQiDccN.exe
  2⤵
  PID:6356
- C:\Windows\System\xlNlnGL.exe
  C:\Windows\System\xlNlnGL.exe
  2⤵
  PID:6392
- C:\Windows\System\ETyoHvu.exe
  C:\Windows\System\ETyoHvu.exe
  2⤵
  PID:6420
- C:\Windows\System\mGzPWRe.exe
  C:\Windows\System\mGzPWRe.exe
  2⤵
  PID:6448
- C:\Windows\System\GUKtNqi.exe
  C:\Windows\System\GUKtNqi.exe
  2⤵
  PID:6480
- C:\Windows\System\sJmvpjS.exe
  C:\Windows\System\sJmvpjS.exe
  2⤵
  PID:6500
- C:\Windows\System\JhLETQk.exe
  C:\Windows\System\JhLETQk.exe
  2⤵
  PID:6528
- C:\Windows\System\KGSfutv.exe
  C:\Windows\System\KGSfutv.exe
  2⤵
  PID:6572
- C:\Windows\System\qEnaRiK.exe
  C:\Windows\System\qEnaRiK.exe
  2⤵
  PID:6604
- C:\Windows\System\JCopzzR.exe
  C:\Windows\System\JCopzzR.exe
  2⤵
  PID:6628
- C:\Windows\System\ToBMyzc.exe
  C:\Windows\System\ToBMyzc.exe
  2⤵
  PID:6652
- C:\Windows\System\kIKOYaU.exe
  C:\Windows\System\kIKOYaU.exe
  2⤵
  PID:6692
- C:\Windows\System\uxtwDkx.exe
  C:\Windows\System\uxtwDkx.exe
  2⤵
  PID:6720
- C:\Windows\System\ZzhrgBZ.exe
  C:\Windows\System\ZzhrgBZ.exe
  2⤵
  PID:6748
- C:\Windows\System\afKudsX.exe
  C:\Windows\System\afKudsX.exe
  2⤵
  PID:6776
- C:\Windows\System\bkfLdYv.exe
  C:\Windows\System\bkfLdYv.exe
  2⤵
  PID:6804
- C:\Windows\System\fdKnvkc.exe
  C:\Windows\System\fdKnvkc.exe
  2⤵
  PID:6820
- C:\Windows\System\EotvUTx.exe
  C:\Windows\System\EotvUTx.exe
  2⤵
  PID:6836
- C:\Windows\System\WnvKPzZ.exe
  C:\Windows\System\WnvKPzZ.exe
  2⤵
  PID:6856
- C:\Windows\System\mCyFxbn.exe
  C:\Windows\System\mCyFxbn.exe
  2⤵
  PID:6872
- C:\Windows\System\UHMxDbw.exe
  C:\Windows\System\UHMxDbw.exe
  2⤵
  PID:6892
- C:\Windows\System\QsDrVWv.exe
  C:\Windows\System\QsDrVWv.exe
  2⤵
  PID:6920
- C:\Windows\System\EONnChB.exe
  C:\Windows\System\EONnChB.exe
  2⤵
  PID:6948
- C:\Windows\System\EgLwKXF.exe
  C:\Windows\System\EgLwKXF.exe
  2⤵
  PID:6980
- C:\Windows\System\mZfsBvl.exe
  C:\Windows\System\mZfsBvl.exe
  2⤵
  PID:7004
- C:\Windows\System\eHYEvIc.exe
  C:\Windows\System\eHYEvIc.exe
  2⤵
  PID:7040
- C:\Windows\System\rIEbRGB.exe
  C:\Windows\System\rIEbRGB.exe
  2⤵
  PID:7072
- C:\Windows\System\omgeqDF.exe
  C:\Windows\System\omgeqDF.exe
  2⤵
  PID:7096
- C:\Windows\System\OrDGIpe.exe
  C:\Windows\System\OrDGIpe.exe
  2⤵
  PID:7148
- C:\Windows\System\ykurbCe.exe
  C:\Windows\System\ykurbCe.exe
  2⤵
  PID:5772
- C:\Windows\System\NpFJxKw.exe
  C:\Windows\System\NpFJxKw.exe
  2⤵
  PID:6196
- C:\Windows\System\yQllFRr.exe
  C:\Windows\System\yQllFRr.exe
  2⤵
  PID:6224
- C:\Windows\System\QdKbRSk.exe
  C:\Windows\System\QdKbRSk.exe
  2⤵
  PID:6348
- C:\Windows\System\gKivzPn.exe
  C:\Windows\System\gKivzPn.exe
  2⤵
  PID:6432
- C:\Windows\System\WwhwArK.exe
  C:\Windows\System\WwhwArK.exe
  2⤵
  PID:6492
- C:\Windows\System\czBbqry.exe
  C:\Windows\System\czBbqry.exe
  2⤵
  PID:6564
- C:\Windows\System\PAIuyFX.exe
  C:\Windows\System\PAIuyFX.exe
  2⤵
  PID:6640
- C:\Windows\System\fPXbpMi.exe
  C:\Windows\System\fPXbpMi.exe
  2⤵
  PID:6672
- C:\Windows\System\MxIkSVW.exe
  C:\Windows\System\MxIkSVW.exe
  2⤵
  PID:6732
- C:\Windows\System\jHSkWRT.exe
  C:\Windows\System\jHSkWRT.exe
  2⤵
  PID:6812
- C:\Windows\System\UMKYFfc.exe
  C:\Windows\System\UMKYFfc.exe
  2⤵
  PID:6832
- C:\Windows\System\RtYcpGM.exe
  C:\Windows\System\RtYcpGM.exe
  2⤵
  PID:6944
- C:\Windows\System\mCmwtzE.exe
  C:\Windows\System\mCmwtzE.exe
  2⤵
  PID:7032
- C:\Windows\System\ioCeDbB.exe
  C:\Windows\System\ioCeDbB.exe
  2⤵
  PID:7124
- C:\Windows\System\tRjWPJs.exe
  C:\Windows\System\tRjWPJs.exe
  2⤵
  PID:5696
- C:\Windows\System\SuQroUM.exe
  C:\Windows\System\SuQroUM.exe
  2⤵
  PID:6168
- C:\Windows\System\SOPFTdz.exe
  C:\Windows\System\SOPFTdz.exe
  2⤵
  PID:6372
- C:\Windows\System\yjtepQX.exe
  C:\Windows\System\yjtepQX.exe
  2⤵
  PID:6584
- C:\Windows\System\iDYUrJk.exe
  C:\Windows\System\iDYUrJk.exe
  2⤵
  PID:6764
- C:\Windows\System\pMQTmTG.exe
  C:\Windows\System\pMQTmTG.exe
  2⤵
  PID:6852
- C:\Windows\System\CtCNYgN.exe
  C:\Windows\System\CtCNYgN.exe
  2⤵
  PID:6880
- C:\Windows\System\rbvUdBl.exe
  C:\Windows\System\rbvUdBl.exe
  2⤵
  PID:7048
- C:\Windows\System\MYwpxfN.exe
  C:\Windows\System\MYwpxfN.exe
  2⤵
  PID:6456
- C:\Windows\System\yGwImLn.exe
  C:\Windows\System\yGwImLn.exe
  2⤵
  PID:6796
- C:\Windows\System\JFkGQJo.exe
  C:\Windows\System\JFkGQJo.exe
  2⤵
  PID:7020
- C:\Windows\System\MwEQHhe.exe
  C:\Windows\System\MwEQHhe.exe
  2⤵
  PID:6512
- C:\Windows\System\vBxhBxq.exe
  C:\Windows\System\vBxhBxq.exe
  2⤵
  PID:7184
- C:\Windows\System\vDuYfRX.exe
  C:\Windows\System\vDuYfRX.exe
  2⤵
  PID:7220
- C:\Windows\System\AYlPCJM.exe
  C:\Windows\System\AYlPCJM.exe
  2⤵
  PID:7244
- C:\Windows\System\WDhbPBz.exe
  C:\Windows\System\WDhbPBz.exe
  2⤵
  PID:7276
- C:\Windows\System\AsOfonZ.exe
  C:\Windows\System\AsOfonZ.exe
  2⤵
  PID:7304
- C:\Windows\System\sWnwRNX.exe
  C:\Windows\System\sWnwRNX.exe
  2⤵
  PID:7344
- C:\Windows\System\sQQSLmD.exe
  C:\Windows\System\sQQSLmD.exe
  2⤵
  PID:7372
- C:\Windows\System\FZlKxSs.exe
  C:\Windows\System\FZlKxSs.exe
  2⤵
  PID:7392
- C:\Windows\System\nOHLFJj.exe
  C:\Windows\System\nOHLFJj.exe
  2⤵
  PID:7424
- C:\Windows\System\msuZfyQ.exe
  C:\Windows\System\msuZfyQ.exe
  2⤵
  PID:7444
- C:\Windows\System\XhMtfRk.exe
  C:\Windows\System\XhMtfRk.exe
  2⤵
  PID:7464
- C:\Windows\System\jZazmuz.exe
  C:\Windows\System\jZazmuz.exe
  2⤵
  PID:7496
- C:\Windows\System\gbTkhWv.exe
  C:\Windows\System\gbTkhWv.exe
  2⤵
  PID:7536
- C:\Windows\System\CnIopsl.exe
  C:\Windows\System\CnIopsl.exe
  2⤵
  PID:7564
- C:\Windows\System\qCQYiDd.exe
  C:\Windows\System\qCQYiDd.exe
  2⤵
  PID:7584
- C:\Windows\System\wSldpLq.exe
  C:\Windows\System\wSldpLq.exe
  2⤵
  PID:7604
- C:\Windows\System\QlPCFHT.exe
  C:\Windows\System\QlPCFHT.exe
  2⤵
  PID:7636
- C:\Windows\System\miCzbjH.exe
  C:\Windows\System\miCzbjH.exe
  2⤵
  PID:7668
- C:\Windows\System\fcXzEAS.exe
  C:\Windows\System\fcXzEAS.exe
  2⤵
  PID:7704
- C:\Windows\System\CrtYjDc.exe
  C:\Windows\System\CrtYjDc.exe
  2⤵
  PID:7740
- C:\Windows\System\aMQwnCc.exe
  C:\Windows\System\aMQwnCc.exe
  2⤵
  PID:7772
- C:\Windows\System\fCvAKeb.exe
  C:\Windows\System\fCvAKeb.exe
  2⤵
  PID:7796
- C:\Windows\System\HPVDYDY.exe
  C:\Windows\System\HPVDYDY.exe
  2⤵
  PID:7828
- C:\Windows\System\WBXavPf.exe
  C:\Windows\System\WBXavPf.exe
  2⤵
  PID:7856
- C:\Windows\System\opJXZQr.exe
  C:\Windows\System\opJXZQr.exe
  2⤵
  PID:7884
- C:\Windows\System\yMDHHoa.exe
  C:\Windows\System\yMDHHoa.exe
  2⤵
  PID:7912
- C:\Windows\System\ApPfgJt.exe
  C:\Windows\System\ApPfgJt.exe
  2⤵
  PID:7940
- C:\Windows\System\nMYLnXe.exe
  C:\Windows\System\nMYLnXe.exe
  2⤵
  PID:7968
- C:\Windows\System\GxSQYkt.exe
  C:\Windows\System\GxSQYkt.exe
  2⤵
  PID:8000
- C:\Windows\System\bcFFYMQ.exe
  C:\Windows\System\bcFFYMQ.exe
  2⤵
  PID:8024
- C:\Windows\System\nUwEpSS.exe
  C:\Windows\System\nUwEpSS.exe
  2⤵
  PID:8052
- C:\Windows\System\ODDvorP.exe
  C:\Windows\System\ODDvorP.exe
  2⤵
  PID:8080
- C:\Windows\System\DhveXrY.exe
  C:\Windows\System\DhveXrY.exe
  2⤵
  PID:8120
- C:\Windows\System\TqXKiFF.exe
  C:\Windows\System\TqXKiFF.exe
  2⤵
  PID:8140
- C:\Windows\System\FEAxPnf.exe
  C:\Windows\System\FEAxPnf.exe
  2⤵
  PID:8168
- C:\Windows\System\mNvTcdw.exe
  C:\Windows\System\mNvTcdw.exe
  2⤵
  PID:6912
- C:\Windows\System\ReNqBbK.exe
  C:\Windows\System\ReNqBbK.exe
  2⤵
  PID:7172
- C:\Windows\System\wvqwyQt.exe
  C:\Windows\System\wvqwyQt.exe
  2⤵
  PID:7256
- C:\Windows\System\KNIqTKw.exe
  C:\Windows\System\KNIqTKw.exe
  2⤵
  PID:6388
- C:\Windows\System\ztPGbHv.exe
  C:\Windows\System\ztPGbHv.exe
  2⤵
  PID:7388
- C:\Windows\System\aRVzBCi.exe
  C:\Windows\System\aRVzBCi.exe
  2⤵
  PID:7416
- C:\Windows\System\OgItkgm.exe
  C:\Windows\System\OgItkgm.exe
  2⤵
  PID:7440
- C:\Windows\System\hUSDYFc.exe
  C:\Windows\System\hUSDYFc.exe
  2⤵
  PID:7548
- C:\Windows\System\VxhdTVF.exe
  C:\Windows\System\VxhdTVF.exe
  2⤵
  PID:7620
- C:\Windows\System\xwOFwvC.exe
  C:\Windows\System\xwOFwvC.exe
  2⤵
  PID:7660
- C:\Windows\System\DiOgQuj.exe
  C:\Windows\System\DiOgQuj.exe
  2⤵
  PID:7692
- C:\Windows\System\GpXODhY.exe
  C:\Windows\System\GpXODhY.exe
  2⤵
  PID:7784
- C:\Windows\System\UCMjNrz.exe
  C:\Windows\System\UCMjNrz.exe
  2⤵
  PID:7872
- C:\Windows\System\uxjeGBz.exe
  C:\Windows\System\uxjeGBz.exe
  2⤵
  PID:7960
- C:\Windows\System\IryDdCK.exe
  C:\Windows\System\IryDdCK.exe
  2⤵
  PID:8008
- C:\Windows\System\PfmmoJl.exe
  C:\Windows\System\PfmmoJl.exe
  2⤵
  PID:8104
- C:\Windows\System\SFYUBTk.exe
  C:\Windows\System\SFYUBTk.exe
  2⤵
  PID:8136
- C:\Windows\System\YSmsDPX.exe
  C:\Windows\System\YSmsDPX.exe
  2⤵
  PID:1208
- C:\Windows\System\kPVtyVP.exe
  C:\Windows\System\kPVtyVP.exe
  2⤵
  PID:7300
- C:\Windows\System\cJYGdnI.exe
  C:\Windows\System\cJYGdnI.exe
  2⤵
  PID:7472
- C:\Windows\System\aBmwEVC.exe
  C:\Windows\System\aBmwEVC.exe
  2⤵
  PID:7596
- C:\Windows\System\KJuRkIT.exe
  C:\Windows\System\KJuRkIT.exe
  2⤵
  PID:7580
- C:\Windows\System\bAOiSxt.exe
  C:\Windows\System\bAOiSxt.exe
  2⤵
  PID:7716
- C:\Windows\System\HKOkZnp.exe
  C:\Windows\System\HKOkZnp.exe
  2⤵
  PID:7840
- C:\Windows\System\fdaREKa.exe
  C:\Windows\System\fdaREKa.exe
  2⤵
  PID:8064
- C:\Windows\System\nOAeDmF.exe
  C:\Windows\System\nOAeDmF.exe
  2⤵
  PID:8176
- C:\Windows\System\KyYpmbG.exe
  C:\Windows\System\KyYpmbG.exe
  2⤵
  PID:7788
- C:\Windows\System\gPQkwTD.exe
  C:\Windows\System\gPQkwTD.exe
  2⤵
  PID:8092
- C:\Windows\System\CZIxtJV.exe
  C:\Windows\System\CZIxtJV.exe
  2⤵
  PID:4872
- C:\Windows\System\rpSyAui.exe
  C:\Windows\System\rpSyAui.exe
  2⤵
  PID:7844
- C:\Windows\System\GcDuidQ.exe
  C:\Windows\System\GcDuidQ.exe
  2⤵
  PID:7412
- C:\Windows\System\ndPQuTR.exe
  C:\Windows\System\ndPQuTR.exe
  2⤵
  PID:8224
- C:\Windows\System\vQfwgKR.exe
  C:\Windows\System\vQfwgKR.exe
  2⤵
  PID:8252
- C:\Windows\System\ByEwNyJ.exe
  C:\Windows\System\ByEwNyJ.exe
  2⤵
  PID:8280
- C:\Windows\System\hnTWobP.exe
  C:\Windows\System\hnTWobP.exe
  2⤵
  PID:8308
- C:\Windows\System\GWirUxT.exe
  C:\Windows\System\GWirUxT.exe
  2⤵
  PID:8336
- C:\Windows\System\PWAGVWf.exe
  C:\Windows\System\PWAGVWf.exe
  2⤵
  PID:8376
- C:\Windows\System\ykZLYRA.exe
  C:\Windows\System\ykZLYRA.exe
  2⤵
  PID:8392
- C:\Windows\System\jqoyRnU.exe
  C:\Windows\System\jqoyRnU.exe
  2⤵
  PID:8420
- C:\Windows\System\pJIJLfv.exe
  C:\Windows\System\pJIJLfv.exe
  2⤵
  PID:8448
- C:\Windows\System\JMjkZpA.exe
  C:\Windows\System\JMjkZpA.exe
  2⤵
  PID:8472
- C:\Windows\System\jbPfGLF.exe
  C:\Windows\System\jbPfGLF.exe
  2⤵
  PID:8492
- C:\Windows\System\LTpEuUl.exe
  C:\Windows\System\LTpEuUl.exe
  2⤵
  PID:8508
- C:\Windows\System\oGvhYlx.exe
  C:\Windows\System\oGvhYlx.exe
  2⤵
  PID:8524
- C:\Windows\System\kUfWAQX.exe
  C:\Windows\System\kUfWAQX.exe
  2⤵
  PID:8544
- C:\Windows\System\OKJiXpA.exe
  C:\Windows\System\OKJiXpA.exe
  2⤵
  PID:8572
- C:\Windows\System\XAOammo.exe
  C:\Windows\System\XAOammo.exe
  2⤵
  PID:8592
- C:\Windows\System\COopqQF.exe
  C:\Windows\System\COopqQF.exe
  2⤵
  PID:8624
- C:\Windows\System\taZapHr.exe
  C:\Windows\System\taZapHr.exe
  2⤵
  PID:8644
- C:\Windows\System\AgCCvjD.exe
  C:\Windows\System\AgCCvjD.exe
  2⤵
  PID:8680
- C:\Windows\System\IxsIoCK.exe
  C:\Windows\System\IxsIoCK.exe
  2⤵
  PID:8696
- C:\Windows\System\fHNRWJQ.exe
  C:\Windows\System\fHNRWJQ.exe
  2⤵
  PID:8728
- C:\Windows\System\TEuDwFw.exe
  C:\Windows\System\TEuDwFw.exe
  2⤵
  PID:8756
- C:\Windows\System\qtRxxSZ.exe
  C:\Windows\System\qtRxxSZ.exe
  2⤵
  PID:8792
- C:\Windows\System\EzGAELO.exe
  C:\Windows\System\EzGAELO.exe
  2⤵
  PID:8824
- C:\Windows\System\MSiDZst.exe
  C:\Windows\System\MSiDZst.exe
  2⤵
  PID:8852
- C:\Windows\System\TxUafFg.exe
  C:\Windows\System\TxUafFg.exe
  2⤵
  PID:8884
- C:\Windows\System\DYsVYFL.exe
  C:\Windows\System\DYsVYFL.exe
  2⤵
  PID:8916
- C:\Windows\System\PxhiOrC.exe
  C:\Windows\System\PxhiOrC.exe
  2⤵
  PID:8944
- C:\Windows\System\FhQkeMi.exe
  C:\Windows\System\FhQkeMi.exe
  2⤵
  PID:8976
- C:\Windows\System\HPeKSwz.exe
  C:\Windows\System\HPeKSwz.exe
  2⤵
  PID:9000
- C:\Windows\System\LtUYzhn.exe
  C:\Windows\System\LtUYzhn.exe
  2⤵
  PID:9032
- C:\Windows\System\ANbsbIx.exe
  C:\Windows\System\ANbsbIx.exe
  2⤵
  PID:9068
- C:\Windows\System\FhfdQDe.exe
  C:\Windows\System\FhfdQDe.exe
  2⤵
  PID:9100
- C:\Windows\System\pYURMYa.exe
  C:\Windows\System\pYURMYa.exe
  2⤵
  PID:9128
- C:\Windows\System\ZzyoqOj.exe
  C:\Windows\System\ZzyoqOj.exe
  2⤵
  PID:9148
- C:\Windows\System\vjSvFBK.exe
  C:\Windows\System\vjSvFBK.exe
  2⤵
  PID:9172
- C:\Windows\System\WhsjHHb.exe
  C:\Windows\System\WhsjHHb.exe
  2⤵
  PID:9200
- C:\Windows\System\tQwGMuU.exe
  C:\Windows\System\tQwGMuU.exe
  2⤵
  PID:8208
- C:\Windows\System\YsaLHpG.exe
  C:\Windows\System\YsaLHpG.exe
  2⤵
  PID:8276
- C:\Windows\System\DaWQiqI.exe
  C:\Windows\System\DaWQiqI.exe
  2⤵
  PID:8328
- C:\Windows\System\OrOIQKs.exe
  C:\Windows\System\OrOIQKs.exe
  2⤵
  PID:8368
- C:\Windows\System\mAHcrsL.exe
  C:\Windows\System\mAHcrsL.exe
  2⤵
  PID:8440
- C:\Windows\System\pMonGaj.exe
  C:\Windows\System\pMonGaj.exe
  2⤵
  PID:8484
- C:\Windows\System\YOQLTgm.exe
  C:\Windows\System\YOQLTgm.exe
  2⤵
  PID:8568
- C:\Windows\System\sxWtVjO.exe
  C:\Windows\System\sxWtVjO.exe
  2⤵
  PID:8612
- C:\Windows\System\QjmVwAM.exe
  C:\Windows\System\QjmVwAM.exe
  2⤵
  PID:8716
- C:\Windows\System\zRtgxgB.exe
  C:\Windows\System\zRtgxgB.exe
  2⤵
  PID:1236
- C:\Windows\System\DjkezTP.exe
  C:\Windows\System\DjkezTP.exe
  2⤵
  PID:8848
- C:\Windows\System\buxMQTO.exe
  C:\Windows\System\buxMQTO.exe
  2⤵
  PID:4196
- C:\Windows\System\LuyvJBr.exe
  C:\Windows\System\LuyvJBr.exe
  2⤵
  PID:8964
- C:\Windows\System\ZhcbHYX.exe
  C:\Windows\System\ZhcbHYX.exe
  2⤵
  PID:9056
- C:\Windows\System\sBWWwNf.exe
  C:\Windows\System\sBWWwNf.exe
  2⤵
  PID:9076
- C:\Windows\System\vOSpWvk.exe
  C:\Windows\System\vOSpWvk.exe
  2⤵
  PID:9140
- C:\Windows\System\whTIPxR.exe
  C:\Windows\System\whTIPxR.exe
  2⤵
  PID:9164
- C:\Windows\System\SvwObYI.exe
  C:\Windows\System\SvwObYI.exe
  2⤵
  PID:8460
- C:\Windows\System\azuKddK.exe
  C:\Windows\System\azuKddK.exe
  2⤵
  PID:8636
- C:\Windows\System\fRNMOBi.exe
  C:\Windows\System\fRNMOBi.exe
  2⤵
  PID:8384
- C:\Windows\System\TmPiJlm.exe
  C:\Windows\System\TmPiJlm.exe
  2⤵
  PID:8776
- C:\Windows\System\pyvbSEy.exe
  C:\Windows\System\pyvbSEy.exe
  2⤵
  PID:8928
- C:\Windows\System\DYKVDLn.exe
  C:\Windows\System\DYKVDLn.exe
  2⤵
  PID:8956
- C:\Windows\System\DfNEOek.exe
  C:\Windows\System\DfNEOek.exe
  2⤵
  PID:9012
- C:\Windows\System\FJetblt.exe
  C:\Windows\System\FJetblt.exe
  2⤵
  PID:8164
- C:\Windows\System\UMbKZwe.exe
  C:\Windows\System\UMbKZwe.exe
  2⤵
  PID:8516
- C:\Windows\System\VoqdGeX.exe
  C:\Windows\System\VoqdGeX.exe
  2⤵
  PID:2392
- C:\Windows\System\QrzomFv.exe
  C:\Windows\System\QrzomFv.exe
  2⤵
  PID:8672
- C:\Windows\System\EImSvMa.exe
  C:\Windows\System\EImSvMa.exe
  2⤵
  PID:1092
- C:\Windows\System\opokmYe.exe
  C:\Windows\System\opokmYe.exe
  2⤵
  PID:9224
- C:\Windows\System\PGPHDoE.exe
  C:\Windows\System\PGPHDoE.exe
  2⤵
  PID:9240
- C:\Windows\System\JTxsftJ.exe
  C:\Windows\System\JTxsftJ.exe
  2⤵
  PID:9268
- C:\Windows\System\XqvNAHy.exe
  C:\Windows\System\XqvNAHy.exe
  2⤵
  PID:9300
- C:\Windows\System\OucHCqF.exe
  C:\Windows\System\OucHCqF.exe
  2⤵
  PID:9332
- C:\Windows\System\JczEYno.exe
  C:\Windows\System\JczEYno.exe
  2⤵
  PID:9364
- C:\Windows\System\qegEvAT.exe
  C:\Windows\System\qegEvAT.exe
  2⤵
  PID:9384
- C:\Windows\System\aWxFWBM.exe
  C:\Windows\System\aWxFWBM.exe
  2⤵
  PID:9420
- C:\Windows\System\MYqsifc.exe
  C:\Windows\System\MYqsifc.exe
  2⤵
  PID:9452
- C:\Windows\System\qAlLjom.exe
  C:\Windows\System\qAlLjom.exe
  2⤵
  PID:9480
- C:\Windows\System\WaXinrM.exe
  C:\Windows\System\WaXinrM.exe
  2⤵
  PID:9512
- C:\Windows\System\nkwlvZY.exe
  C:\Windows\System\nkwlvZY.exe
  2⤵
  PID:9536
- C:\Windows\System\jKsfotL.exe
  C:\Windows\System\jKsfotL.exe
  2⤵
  PID:9564
- C:\Windows\System\wrnynKx.exe
  C:\Windows\System\wrnynKx.exe
  2⤵
  PID:9592
- C:\Windows\System\OKcKoUN.exe
  C:\Windows\System\OKcKoUN.exe
  2⤵
  PID:9620
- C:\Windows\System\wBXZoXF.exe
  C:\Windows\System\wBXZoXF.exe
  2⤵
  PID:9652
- C:\Windows\System\EmEnbAs.exe
  C:\Windows\System\EmEnbAs.exe
  2⤵
  PID:9680
- C:\Windows\System\fLwGyme.exe
  C:\Windows\System\fLwGyme.exe
  2⤵
  PID:9704
- C:\Windows\System\YWSUprn.exe
  C:\Windows\System\YWSUprn.exe
  2⤵
  PID:9724
- C:\Windows\System\SldTVzC.exe
  C:\Windows\System\SldTVzC.exe
  2⤵
  PID:9756
- C:\Windows\System\MgaqHSu.exe
  C:\Windows\System\MgaqHSu.exe
  2⤵
  PID:9792
- C:\Windows\System\DaqScrh.exe
  C:\Windows\System\DaqScrh.exe
  2⤵
  PID:9820
- C:\Windows\System\TjxxeKy.exe
  C:\Windows\System\TjxxeKy.exe
  2⤵
  PID:9844
- C:\Windows\System\fDRhZVO.exe
  C:\Windows\System\fDRhZVO.exe
  2⤵
  PID:9876
- C:\Windows\System\uhoQEtu.exe
  C:\Windows\System\uhoQEtu.exe
  2⤵
  PID:9904
- C:\Windows\System\KsFZNAJ.exe
  C:\Windows\System\KsFZNAJ.exe
  2⤵
  PID:9932
- C:\Windows\System\Aauadsl.exe
  C:\Windows\System\Aauadsl.exe
  2⤵
  PID:9960
- C:\Windows\System\SGkasHc.exe
  C:\Windows\System\SGkasHc.exe
  2⤵
  PID:9988
- C:\Windows\System\EYScxwc.exe
  C:\Windows\System\EYScxwc.exe
  2⤵
  PID:10016
- C:\Windows\System\FDcXqkE.exe
  C:\Windows\System\FDcXqkE.exe
  2⤵
  PID:10044
- C:\Windows\System\XcNUODq.exe
  C:\Windows\System\XcNUODq.exe
  2⤵
  PID:10080
- C:\Windows\System\LCBXBVP.exe
  C:\Windows\System\LCBXBVP.exe
  2⤵
  PID:10100
- C:\Windows\System\jVeMPbV.exe
  C:\Windows\System\jVeMPbV.exe
  2⤵
  PID:10128
- C:\Windows\System\xNNFsGz.exe
  C:\Windows\System\xNNFsGz.exe
  2⤵
  PID:10160
- C:\Windows\System\vdJUdnZ.exe
  C:\Windows\System\vdJUdnZ.exe
  2⤵
  PID:10184
- C:\Windows\System\SwEwtIi.exe
  C:\Windows\System\SwEwtIi.exe
  2⤵
  PID:10204
- C:\Windows\System\mUjYkUq.exe
  C:\Windows\System\mUjYkUq.exe
  2⤵
  PID:10236
- C:\Windows\System\RYeUHKU.exe
  C:\Windows\System\RYeUHKU.exe
  2⤵
  PID:9252
- C:\Windows\System\tHZAETl.exe
  C:\Windows\System\tHZAETl.exe
  2⤵
  PID:9352
- C:\Windows\System\YGFQJJQ.exe
  C:\Windows\System\YGFQJJQ.exe
  2⤵
  PID:9400
- C:\Windows\System\vPAjhwE.exe
  C:\Windows\System\vPAjhwE.exe
  2⤵
  PID:9472
- C:\Windows\System\ZNSRaaN.exe
  C:\Windows\System\ZNSRaaN.exe
  2⤵
  PID:9548
- C:\Windows\System\yhPZiab.exe
  C:\Windows\System\yhPZiab.exe
  2⤵
  PID:9580
- C:\Windows\System\ZKHNgFz.exe
  C:\Windows\System\ZKHNgFz.exe
  2⤵
  PID:9668
- C:\Windows\System\hFxcjpC.exe
  C:\Windows\System\hFxcjpC.exe
  2⤵
  PID:9712
- C:\Windows\System\aELLqmD.exe
  C:\Windows\System\aELLqmD.exe
  2⤵
  PID:9808
- C:\Windows\System\UiTLYJp.exe
  C:\Windows\System\UiTLYJp.exe
  2⤵
  PID:9868
- C:\Windows\System\TaOyktN.exe
  C:\Windows\System\TaOyktN.exe
  2⤵
  PID:9944
- C:\Windows\System\sWNGHgt.exe
  C:\Windows\System\sWNGHgt.exe
  2⤵
  PID:10004
- C:\Windows\System\iKWCOZw.exe
  C:\Windows\System\iKWCOZw.exe
  2⤵
  PID:10068
- C:\Windows\System\qwisoZu.exe
  C:\Windows\System\qwisoZu.exe
  2⤵
  PID:10152
- C:\Windows\System\JfjLTRK.exe
  C:\Windows\System\JfjLTRK.exe
  2⤵
  PID:10228
- C:\Windows\System\SAsZMLZ.exe
  C:\Windows\System\SAsZMLZ.exe
  2⤵
  PID:9328
- C:\Windows\System\MZvSlGf.exe
  C:\Windows\System\MZvSlGf.exe
  2⤵
  PID:9380
- C:\Windows\System\RdHQXDg.exe
  C:\Windows\System\RdHQXDg.exe
  2⤵
  PID:9552
- C:\Windows\System\grUEEBR.exe
  C:\Windows\System\grUEEBR.exe
  2⤵
  PID:9136
- C:\Windows\System\JslGAWj.exe
  C:\Windows\System\JslGAWj.exe
  2⤵
  PID:9768
- C:\Windows\System\nwLUAXZ.exe
  C:\Windows\System\nwLUAXZ.exe
  2⤵
  PID:9976
- C:\Windows\System\yIPLuLc.exe
  C:\Windows\System\yIPLuLc.exe
  2⤵
  PID:10124
- C:\Windows\System\XKjbFxr.exe
  C:\Windows\System\XKjbFxr.exe
  2⤵
  PID:3004
- C:\Windows\System\BrWgQgN.exe
  C:\Windows\System\BrWgQgN.exe
  2⤵
  PID:9520
- C:\Windows\System\thKAMiu.exe
  C:\Windows\System\thKAMiu.exe
  2⤵
  PID:9952
- C:\Windows\System\bDreejJ.exe
  C:\Windows\System\bDreejJ.exe
  2⤵
  PID:9464
- C:\Windows\System\gIidEkz.exe
  C:\Windows\System\gIidEkz.exe
  2⤵
  PID:444
- C:\Windows\System\ODAqzJZ.exe
  C:\Windows\System\ODAqzJZ.exe
  2⤵
  PID:10268
- C:\Windows\System\YLlSuJj.exe
  C:\Windows\System\YLlSuJj.exe
  2⤵
  PID:10300
- C:\Windows\System\wZofQrX.exe
  C:\Windows\System\wZofQrX.exe
  2⤵
  PID:10328
- C:\Windows\System\YbIHwiv.exe
  C:\Windows\System\YbIHwiv.exe
  2⤵
  PID:10360
- C:\Windows\System\DrQddpU.exe
  C:\Windows\System\DrQddpU.exe
  2⤵
  PID:10384
- C:\Windows\System\XhvaOzC.exe
  C:\Windows\System\XhvaOzC.exe
  2⤵
  PID:10416
- C:\Windows\System\IxDlsAl.exe
  C:\Windows\System\IxDlsAl.exe
  2⤵
  PID:10452
- C:\Windows\System\ocEbpnG.exe
  C:\Windows\System\ocEbpnG.exe
  2⤵
  PID:10480
- C:\Windows\System\zfHcPHo.exe
  C:\Windows\System\zfHcPHo.exe
  2⤵
  PID:10496
- C:\Windows\System\HAEEYHk.exe
  C:\Windows\System\HAEEYHk.exe
  2⤵
  PID:10512
- C:\Windows\System\YBxURAa.exe
  C:\Windows\System\YBxURAa.exe
  2⤵
  PID:10540
- C:\Windows\System\zBVbWKb.exe
  C:\Windows\System\zBVbWKb.exe
  2⤵
  PID:10572
- C:\Windows\System\pegpbTC.exe
  C:\Windows\System\pegpbTC.exe
  2⤵
  PID:10608
- C:\Windows\System\apNnWbA.exe
  C:\Windows\System\apNnWbA.exe
  2⤵
  PID:10636
- C:\Windows\System\VPURGzS.exe
  C:\Windows\System\VPURGzS.exe
  2⤵
  PID:10664
- C:\Windows\System\CHRZFKu.exe
  C:\Windows\System\CHRZFKu.exe
  2⤵
  PID:10680
- C:\Windows\System\tWQbLBy.exe
  C:\Windows\System\tWQbLBy.exe
  2⤵
  PID:10708
- C:\Windows\System\sCXecuI.exe
  C:\Windows\System\sCXecuI.exe
  2⤵
  PID:10736
- C:\Windows\System\puYDvIG.exe
  C:\Windows\System\puYDvIG.exe
  2⤵
  PID:10764
- C:\Windows\System\MLyNHhB.exe
  C:\Windows\System\MLyNHhB.exe
  2⤵
  PID:10796
- C:\Windows\System\bLlpnjC.exe
  C:\Windows\System\bLlpnjC.exe
  2⤵
  PID:10824
- C:\Windows\System\uMvEVxz.exe
  C:\Windows\System\uMvEVxz.exe
  2⤵
  PID:10848
- C:\Windows\System\QvqCYol.exe
  C:\Windows\System\QvqCYol.exe
  2⤵
  PID:10872
- C:\Windows\System\UvzJmSK.exe
  C:\Windows\System\UvzJmSK.exe
  2⤵
  PID:10904
- C:\Windows\System\fHgLZVS.exe
  C:\Windows\System\fHgLZVS.exe
  2⤵
  PID:10936
- C:\Windows\System\aFwvUqi.exe
  C:\Windows\System\aFwvUqi.exe
  2⤵
  PID:10964
- C:\Windows\System\TqMwiOD.exe
  C:\Windows\System\TqMwiOD.exe
  2⤵
  PID:10992
- C:\Windows\System\OtVSizG.exe
  C:\Windows\System\OtVSizG.exe
  2⤵
  PID:11028
- C:\Windows\System\lvCbRZY.exe
  C:\Windows\System\lvCbRZY.exe
  2⤵
  PID:11056
- C:\Windows\System\XJKPwyi.exe
  C:\Windows\System\XJKPwyi.exe
  2⤵
  PID:11084
- C:\Windows\System\DhGyISo.exe
  C:\Windows\System\DhGyISo.exe
  2⤵
  PID:11112
- C:\Windows\System\ikkChUH.exe
  C:\Windows\System\ikkChUH.exe
  2⤵
  PID:11140
- C:\Windows\System\AJaABZA.exe
  C:\Windows\System\AJaABZA.exe
  2⤵
  PID:11168
- C:\Windows\System\sgTpwjG.exe
  C:\Windows\System\sgTpwjG.exe
  2⤵
  PID:11192
- C:\Windows\System\oIbvdLC.exe
  C:\Windows\System\oIbvdLC.exe
  2⤵
  PID:11228
- C:\Windows\System\dmjBfau.exe
  C:\Windows\System\dmjBfau.exe
  2⤵
  PID:11256
- C:\Windows\System\UruKmmR.exe
  C:\Windows\System\UruKmmR.exe
  2⤵
  PID:10292
- C:\Windows\System\vVWJuXQ.exe
  C:\Windows\System\vVWJuXQ.exe
  2⤵
  PID:10312
- C:\Windows\System\ylImJIL.exe
  C:\Windows\System\ylImJIL.exe
  2⤵
  PID:10396
- C:\Windows\System\xUQQRMZ.exe
  C:\Windows\System\xUQQRMZ.exe
  2⤵
  PID:10468
- C:\Windows\System\AzoWstf.exe
  C:\Windows\System\AzoWstf.exe
  2⤵
  PID:10528
- C:\Windows\System\jVLFlza.exe
  C:\Windows\System\jVLFlza.exe
  2⤵
  PID:10592
- C:\Windows\System\wgJpFUi.exe
  C:\Windows\System\wgJpFUi.exe
  2⤵
  PID:10676
- C:\Windows\System\sqakPpW.exe
  C:\Windows\System\sqakPpW.exe
  2⤵
  PID:10720
- C:\Windows\System\rVZQzLO.exe
  C:\Windows\System\rVZQzLO.exe
  2⤵
  PID:10820
- C:\Windows\System\KosfsuS.exe
  C:\Windows\System\KosfsuS.exe
  2⤵
  PID:10864
- C:\Windows\System\gsoysik.exe
  C:\Windows\System\gsoysik.exe
  2⤵
  PID:10920
- C:\Windows\System\oeTuoai.exe
  C:\Windows\System\oeTuoai.exe
  2⤵
  PID:10980
- C:\Windows\System\plBDkJf.exe
  C:\Windows\System\plBDkJf.exe
  2⤵
  PID:11044
- C:\Windows\System\yYZcEtO.exe
  C:\Windows\System\yYZcEtO.exe
  2⤵
  PID:11100
- C:\Windows\System\dRDTNQU.exe
  C:\Windows\System\dRDTNQU.exe
  2⤵
  PID:9588
- C:\Windows\System\HOqtKcw.exe
  C:\Windows\System\HOqtKcw.exe
  2⤵
  PID:11184
- C:\Windows\System\KdtXHKh.exe
  C:\Windows\System\KdtXHKh.exe
  2⤵
  PID:10264
- C:\Windows\System\DrlWwtz.exe
  C:\Windows\System\DrlWwtz.exe
  2⤵
  PID:10432
- C:\Windows\System\czASIQr.exe
  C:\Windows\System\czASIQr.exe
  2⤵
  PID:10492
- C:\Windows\System\kkreyrf.exe
  C:\Windows\System\kkreyrf.exe
  2⤵
  PID:10808
- C:\Windows\System\DHWvfYa.exe
  C:\Windows\System\DHWvfYa.exe
  2⤵
  PID:10844
- C:\Windows\System\clsRFGs.exe
  C:\Windows\System\clsRFGs.exe
  2⤵
  PID:11072
- C:\Windows\System\NcuwNmg.exe
  C:\Windows\System\NcuwNmg.exe
  2⤵
  PID:11208
- C:\Windows\System\HwsLfUm.exe
  C:\Windows\System\HwsLfUm.exe
  2⤵
  PID:876
- C:\Windows\System\euGKJSv.exe
  C:\Windows\System\euGKJSv.exe
  2⤵
  PID:10704
- C:\Windows\System\QoHABHM.exe
  C:\Windows\System\QoHABHM.exe
  2⤵
  PID:10888
- C:\Windows\System\wROnGsB.exe
  C:\Windows\System\wROnGsB.exe
  2⤵
  PID:11240
- C:\Windows\System\dcXErKn.exe
  C:\Windows\System\dcXErKn.exe
  2⤵
  PID:11280
- C:\Windows\System\FqPKcyh.exe
  C:\Windows\System\FqPKcyh.exe
  2⤵
  PID:11296
- C:\Windows\System\aRXvxRm.exe
  C:\Windows\System\aRXvxRm.exe
  2⤵
  PID:11328
- C:\Windows\System\PmpJnbM.exe
  C:\Windows\System\PmpJnbM.exe
  2⤵
  PID:11360
- C:\Windows\System\YxRPXOF.exe
  C:\Windows\System\YxRPXOF.exe
  2⤵
  PID:11380
- C:\Windows\System\DLNTvpD.exe
  C:\Windows\System\DLNTvpD.exe
  2⤵
  PID:11408
- C:\Windows\System\wKMtmeQ.exe
  C:\Windows\System\wKMtmeQ.exe
  2⤵
  PID:11448
- C:\Windows\System\MylEoVP.exe
  C:\Windows\System\MylEoVP.exe
  2⤵
  PID:11472
- C:\Windows\System\xNkWuDQ.exe
  C:\Windows\System\xNkWuDQ.exe
  2⤵
  PID:11492
- C:\Windows\System\pkhqfHl.exe
  C:\Windows\System\pkhqfHl.exe
  2⤵
  PID:11508
- C:\Windows\System\Hsmoxiv.exe
  C:\Windows\System\Hsmoxiv.exe
  2⤵
  PID:11536
- C:\Windows\System\ywTztyk.exe
  C:\Windows\System\ywTztyk.exe
  2⤵
  PID:11572
- C:\Windows\System\hYYzyKr.exe
  C:\Windows\System\hYYzyKr.exe
  2⤵
  PID:11620
- C:\Windows\System\bKdHTKc.exe
  C:\Windows\System\bKdHTKc.exe
  2⤵
  PID:11668
- C:\Windows\System\TXIQrbX.exe
  C:\Windows\System\TXIQrbX.exe
  2⤵
  PID:11684
- C:\Windows\System\meaTQac.exe
  C:\Windows\System\meaTQac.exe
  2⤵
  PID:11712
- C:\Windows\System\lRMtJev.exe
  C:\Windows\System\lRMtJev.exe
  2⤵
  PID:11728
- C:\Windows\System\mzcxMFR.exe
  C:\Windows\System\mzcxMFR.exe
  2⤵
  PID:11752
- C:\Windows\System\IfqOuhW.exe
  C:\Windows\System\IfqOuhW.exe
  2⤵
  PID:11776
- C:\Windows\System\ysLjzez.exe
  C:\Windows\System\ysLjzez.exe
  2⤵
  PID:11800
- C:\Windows\System\zvHqtLd.exe
  C:\Windows\System\zvHqtLd.exe
  2⤵
  PID:11828
- C:\Windows\System\pKkAlep.exe
  C:\Windows\System\pKkAlep.exe
  2⤵
  PID:11864
- C:\Windows\System\YSyDhVp.exe
  C:\Windows\System\YSyDhVp.exe
  2⤵
  PID:11896
- C:\Windows\System\PnDpRNN.exe
  C:\Windows\System\PnDpRNN.exe
  2⤵
  PID:11920
- C:\Windows\System\dITWAZi.exe
  C:\Windows\System\dITWAZi.exe
  2⤵
  PID:11940
- C:\Windows\System\awLsWcP.exe
  C:\Windows\System\awLsWcP.exe
  2⤵
  PID:11976
- C:\Windows\System\VPWXrvX.exe
  C:\Windows\System\VPWXrvX.exe
  2⤵
  PID:12004
- C:\Windows\System\XisnuqI.exe
  C:\Windows\System\XisnuqI.exe
  2⤵
  PID:12032
- C:\Windows\System\ZXRUlSx.exe
  C:\Windows\System\ZXRUlSx.exe
  2⤵
  PID:12052
- C:\Windows\System\mRysUgI.exe
  C:\Windows\System\mRysUgI.exe
  2⤵
  PID:12076
- C:\Windows\System\lvyzDug.exe
  C:\Windows\System\lvyzDug.exe
  2⤵
  PID:12096
- C:\Windows\System\WLOvbVG.exe
  C:\Windows\System\WLOvbVG.exe
  2⤵
  PID:12124
- C:\Windows\System\xmbWDZS.exe
  C:\Windows\System\xmbWDZS.exe
  2⤵
  PID:12160
- C:\Windows\System\GTsyCio.exe
  C:\Windows\System\GTsyCio.exe
  2⤵
  PID:12192
- C:\Windows\System\GlwAHHa.exe
  C:\Windows\System\GlwAHHa.exe
  2⤵
  PID:12220
- C:\Windows\System\hyXmzez.exe
  C:\Windows\System\hyXmzez.exe
  2⤵
  PID:12248
- C:\Windows\System\ChllVPO.exe
  C:\Windows\System\ChllVPO.exe
  2⤵
  PID:12280
- C:\Windows\System\vxxIbpQ.exe
  C:\Windows\System\vxxIbpQ.exe
  2⤵
  PID:11268
- C:\Windows\System\Aysinmw.exe
  C:\Windows\System\Aysinmw.exe
  2⤵
  PID:11316
- C:\Windows\System\GUlvFcC.exe
  C:\Windows\System\GUlvFcC.exe
  2⤵
  PID:11320
- C:\Windows\System\zNxJzgU.exe
  C:\Windows\System\zNxJzgU.exe
  2⤵
  PID:11392
- C:\Windows\System\DYKLOXm.exe
  C:\Windows\System\DYKLOXm.exe
  2⤵
  PID:11504
- C:\Windows\System\rqeMQAk.exe
  C:\Windows\System\rqeMQAk.exe
  2⤵
  PID:11560
- C:\Windows\System\GfoGyud.exe
  C:\Windows\System\GfoGyud.exe
  2⤵
  PID:11680
- C:\Windows\System\aotuzNG.exe
  C:\Windows\System\aotuzNG.exe
  2⤵
  PID:11704
- C:\Windows\System\xYfssIu.exe
  C:\Windows\System\xYfssIu.exe
  2⤵
  PID:11744
- C:\Windows\System\SLudhgo.exe
  C:\Windows\System\SLudhgo.exe
  2⤵
  PID:11812
- C:\Windows\System\esAvYTJ.exe
  C:\Windows\System\esAvYTJ.exe
  2⤵
  PID:11856
- C:\Windows\System\lGxPXNO.exe
  C:\Windows\System\lGxPXNO.exe
  2⤵
  PID:12000
- C:\Windows\System\IdwiItP.exe
  C:\Windows\System\IdwiItP.exe
  2⤵
  PID:11996
- C:\Windows\System\VPmQDwJ.exe
  C:\Windows\System\VPmQDwJ.exe
  2⤵
  PID:12068
- C:\Windows\System\EdwvkpS.exe
  C:\Windows\System\EdwvkpS.exe
  2⤵
  PID:12204
- C:\Windows\System\QbMhGou.exe
  C:\Windows\System\QbMhGou.exe
  2⤵
  PID:12208
- C:\Windows\System\CSjXoMg.exe
  C:\Windows\System\CSjXoMg.exe
  2⤵
  PID:12236
- C:\Windows\System\yBkkYlW.exe
  C:\Windows\System\yBkkYlW.exe
  2⤵
  PID:11324
- C:\Windows\System\KzATutn.exe
  C:\Windows\System\KzATutn.exe
  2⤵
  PID:11352
- C:\Windows\System\pAXRdTA.exe
  C:\Windows\System\pAXRdTA.exe
  2⤵
  PID:11468
- C:\Windows\System\DAXIqRm.exe
  C:\Windows\System\DAXIqRm.exe
  2⤵
  PID:11748
- C:\Windows\System\osfRPxg.exe
  C:\Windows\System\osfRPxg.exe
  2⤵
  PID:11964
- C:\Windows\System\EoaxlWv.exe
  C:\Windows\System\EoaxlWv.exe
  2⤵
  PID:12028
- C:\Windows\System\tdUvKTN.exe
  C:\Windows\System\tdUvKTN.exe
  2⤵
  PID:12108
- C:\Windows\System\XUXJJac.exe
  C:\Windows\System\XUXJJac.exe
  2⤵
  PID:11288
- C:\Windows\System\YgAxIhV.exe
  C:\Windows\System\YgAxIhV.exe
  2⤵
  PID:11700
- C:\Windows\System\EIArudb.exe
  C:\Windows\System\EIArudb.exe
  2⤵
  PID:11960
- C:\Windows\System\Wolwwdi.exe
  C:\Windows\System\Wolwwdi.exe
  2⤵
  PID:4500
- C:\Windows\System\vWtaGne.exe
  C:\Windows\System\vWtaGne.exe
  2⤵
  PID:12300
- C:\Windows\System\jBYsFFu.exe
  C:\Windows\System\jBYsFFu.exe
  2⤵
  PID:12324
- C:\Windows\System\uCXxdsH.exe
  C:\Windows\System\uCXxdsH.exe
  2⤵
  PID:12352
- C:\Windows\System\uFtSvxs.exe
  C:\Windows\System\uFtSvxs.exe
  2⤵
  PID:12376
- C:\Windows\System\PoHxfrQ.exe
  C:\Windows\System\PoHxfrQ.exe
  2⤵
  PID:12400
- C:\Windows\System\SjWclWo.exe
  C:\Windows\System\SjWclWo.exe
  2⤵
  PID:12424
- C:\Windows\System\XguXkNv.exe
  C:\Windows\System\XguXkNv.exe
  2⤵
  PID:12556
- C:\Windows\System\PzpBpUx.exe
  C:\Windows\System\PzpBpUx.exe
  2⤵
  PID:12572
- C:\Windows\System\hHNHcyj.exe
  C:\Windows\System\hHNHcyj.exe
  2⤵
  PID:12588
- C:\Windows\System\sDgKKJn.exe
  C:\Windows\System\sDgKKJn.exe
  2⤵
  PID:12616
- C:\Windows\System\oPWurRk.exe
  C:\Windows\System\oPWurRk.exe
  2⤵
  PID:12640
- C:\Windows\System\KliyFus.exe
  C:\Windows\System\KliyFus.exe
  2⤵
  PID:12664
- C:\Windows\System\BdfOeTh.exe
  C:\Windows\System\BdfOeTh.exe
  2⤵
  PID:12688
- C:\Windows\System\hYIeegd.exe
  C:\Windows\System\hYIeegd.exe
  2⤵
  PID:12728
- C:\Windows\System\tzMjKZw.exe
  C:\Windows\System\tzMjKZw.exe
  2⤵
  PID:12748
- C:\Windows\System\IWxaejb.exe
  C:\Windows\System\IWxaejb.exe
  2⤵
  PID:12768
- C:\Windows\System\kqfugFx.exe
  C:\Windows\System\kqfugFx.exe
  2⤵
  PID:12792
- C:\Windows\System\JxvUlwq.exe
  C:\Windows\System\JxvUlwq.exe
  2⤵
  PID:12808
- C:\Windows\System\XbDsBNU.exe
  C:\Windows\System\XbDsBNU.exe
  2⤵
  PID:12840
- C:\Windows\System\JteZvIf.exe
  C:\Windows\System\JteZvIf.exe
  2⤵
  PID:12868
- C:\Windows\System\fUFkJWw.exe
  C:\Windows\System\fUFkJWw.exe
  2⤵
  PID:12892
- C:\Windows\System\vsiDKCJ.exe
  C:\Windows\System\vsiDKCJ.exe
  2⤵
  PID:12916
- C:\Windows\System\wyvXfGi.exe
  C:\Windows\System\wyvXfGi.exe
  2⤵
  PID:12936
- C:\Windows\System\eoXjhmB.exe
  C:\Windows\System\eoXjhmB.exe
  2⤵
  PID:12952
- C:\Windows\System\jipTjbG.exe
  C:\Windows\System\jipTjbG.exe
  2⤵
  PID:12972
- C:\Windows\System\GrrOLPy.exe
  C:\Windows\System\GrrOLPy.exe
  2⤵
  PID:13000
- C:\Windows\System\GiAurHU.exe
  C:\Windows\System\GiAurHU.exe
  2⤵
  PID:13028
- C:\Windows\System\LyYUnpC.exe
  C:\Windows\System\LyYUnpC.exe
  2⤵
  PID:13060
- C:\Windows\System\PfrFUQr.exe
  C:\Windows\System\PfrFUQr.exe
  2⤵
  PID:13088
- C:\Windows\System\OsWsVjA.exe
  C:\Windows\System\OsWsVjA.exe
  2⤵
  PID:13108
- C:\Windows\System\yDmSBnC.exe
  C:\Windows\System\yDmSBnC.exe
  2⤵
  PID:13132
- C:\Windows\System\cfoibfp.exe
  C:\Windows\System\cfoibfp.exe
  2⤵
  PID:13168
- C:\Windows\System\DOSmkDx.exe
  C:\Windows\System\DOSmkDx.exe
  2⤵
  PID:13188
- C:\Windows\System\KMterfn.exe
  C:\Windows\System\KMterfn.exe
  2⤵
  PID:13228
- C:\Windows\System\apfegyu.exe
  C:\Windows\System\apfegyu.exe
  2⤵
  PID:13252
- C:\Windows\System\pWHvXks.exe
  C:\Windows\System\pWHvXks.exe
  2⤵
  PID:13280
- C:\Windows\System\FLubmqp.exe
  C:\Windows\System\FLubmqp.exe
  2⤵
  PID:13308
- C:\Windows\System\qmHoXDy.exe
  C:\Windows\System\qmHoXDy.exe
  2⤵
  PID:11764
- C:\Windows\System\bJCXqIG.exe
  C:\Windows\System\bJCXqIG.exe
  2⤵
  PID:12148
- C:\Windows\System\pmXOXiP.exe
  C:\Windows\System\pmXOXiP.exe
  2⤵
  PID:12344
- C:\Windows\System\bbAYNIv.exe
  C:\Windows\System\bbAYNIv.exe
  2⤵
  PID:12364
- C:\Windows\System\pJpmENq.exe
  C:\Windows\System\pJpmENq.exe
  2⤵
  PID:12388
- C:\Windows\System\sVEDFLo.exe
  C:\Windows\System\sVEDFLo.exe
  2⤵
  PID:12456
- C:\Windows\System\KwHKapA.exe
  C:\Windows\System\KwHKapA.exe
  2⤵
  PID:12524
- C:\Windows\System\nHqdEpI.exe
  C:\Windows\System\nHqdEpI.exe
  2⤵
  PID:12580
- C:\Windows\System\VuwvbEh.exe
  C:\Windows\System\VuwvbEh.exe
  2⤵
  PID:12660
- C:\Windows\System\iajLZAT.exe
  C:\Windows\System\iajLZAT.exe
  2⤵
  PID:12684
- C:\Windows\System\ipsUPZp.exe
  C:\Windows\System\ipsUPZp.exe
  2⤵
  PID:12860
- C:\Windows\System\pifxpEg.exe
  C:\Windows\System\pifxpEg.exe
  2⤵
  PID:12948
- C:\Windows\System\tUYwBHN.exe
  C:\Windows\System\tUYwBHN.exe
  2⤵
  PID:12964
- C:\Windows\System\LhzQNTu.exe
  C:\Windows\System\LhzQNTu.exe
  2⤵
  PID:12944
- C:\Windows\System\mRhweeG.exe
  C:\Windows\System\mRhweeG.exe
  2⤵
  PID:13068
- C:\Windows\System\rqWrMjK.exe
  C:\Windows\System\rqWrMjK.exe
  2⤵
  PID:13120
- C:\Windows\System\ZCAODYo.exe
  C:\Windows\System\ZCAODYo.exe
  2⤵
  PID:13160
- C:\Windows\System\mMwOnWw.exe
  C:\Windows\System\mMwOnWw.exe
  2⤵
  PID:13140
- C:\Windows\System\yMEMnMc.exe
  C:\Windows\System\yMEMnMc.exe
  2⤵
  PID:1740
- C:\Windows\System\WjyKxmT.exe
  C:\Windows\System\WjyKxmT.exe
  2⤵
  PID:11188
- C:\Windows\System\iNuzkTp.exe
  C:\Windows\System\iNuzkTp.exe
  2⤵
  PID:1380
- C:\Windows\System\cnHSQcN.exe
  C:\Windows\System\cnHSQcN.exe
  2⤵
  PID:11588
- C:\Windows\System\lLThVSu.exe
  C:\Windows\System\lLThVSu.exe
  2⤵
  PID:12472
- C:\Windows\System\USNUGPw.exe
  C:\Windows\System\USNUGPw.exe
  2⤵
  PID:12740
- C:\Windows\System\ETIysVh.exe
  C:\Windows\System\ETIysVh.exe
  2⤵
  PID:13156
- C:\Windows\System\JVJWnJZ.exe
  C:\Windows\System\JVJWnJZ.exe
  2⤵
  PID:13012
- C:\Windows\System\LTMwvKk.exe
  C:\Windows\System\LTMwvKk.exe
  2⤵
  PID:12608
- C:\Windows\System\vcCgkwc.exe
  C:\Windows\System\vcCgkwc.exe
  2⤵
  PID:12716
- C:\Windows\System\OPHPEFQ.exe
  C:\Windows\System\OPHPEFQ.exe
  2⤵
  PID:12780
- C:\Windows\System\pKLxofr.exe
  C:\Windows\System\pKLxofr.exe
  2⤵
  PID:12564
- C:\Windows\System\THAQrsB.exe
  C:\Windows\System\THAQrsB.exe
  2⤵
  PID:12988
- C:\Windows\System\QQTgdGN.exe
  C:\Windows\System\QQTgdGN.exe
  2⤵
  PID:13340
- C:\Windows\System\wkysVHI.exe
  C:\Windows\System\wkysVHI.exe
  2⤵
  PID:13368
- C:\Windows\System\HwqUpMX.exe
  C:\Windows\System\HwqUpMX.exe
  2⤵
  PID:13396
- C:\Windows\System\RHrVinZ.exe
  C:\Windows\System\RHrVinZ.exe
  2⤵
  PID:13432
- C:\Windows\System\HvMqRYj.exe
  C:\Windows\System\HvMqRYj.exe
  2⤵
  PID:13460
- C:\Windows\System\zbIzMsR.exe
  C:\Windows\System\zbIzMsR.exe
  2⤵
  PID:13484
- C:\Windows\System\LxzCfrY.exe
  C:\Windows\System\LxzCfrY.exe
  2⤵
  PID:13524
- C:\Windows\System\lXIUppi.exe
  C:\Windows\System\lXIUppi.exe
  2⤵
  PID:13552
- C:\Windows\System\kDeOvCt.exe
  C:\Windows\System\kDeOvCt.exe
  2⤵
  PID:13580
- C:\Windows\System\PFGcbGW.exe
  C:\Windows\System\PFGcbGW.exe
  2⤵
  PID:13596
- C:\Windows\System\GNpmEvg.exe
  C:\Windows\System\GNpmEvg.exe
  2⤵
  PID:13632
- C:\Windows\System\Abmkerx.exe
  C:\Windows\System\Abmkerx.exe
  2⤵
  PID:13660
- C:\Windows\System\AClqNoa.exe
  C:\Windows\System\AClqNoa.exe
  2⤵
  PID:13688
- C:\Windows\System\FxoQAff.exe
  C:\Windows\System\FxoQAff.exe
  2⤵
  PID:13708
- C:\Windows\System\oJJhxWY.exe
  C:\Windows\System\oJJhxWY.exe
  2⤵
  PID:13732
- C:\Windows\System\ZQBIswp.exe
  C:\Windows\System\ZQBIswp.exe
  2⤵
  PID:13764
- C:\Windows\System\maXIkAK.exe
  C:\Windows\System\maXIkAK.exe
  2⤵
  PID:13792
- C:\Windows\System\ulOPadN.exe
  C:\Windows\System\ulOPadN.exe
  2⤵
  PID:13824
- C:\Windows\System\zSiLQGw.exe
  C:\Windows\System\zSiLQGw.exe
  2⤵
  PID:13844
- C:\Windows\System\GPpJAcb.exe
  C:\Windows\System\GPpJAcb.exe
  2⤵
  PID:13880
- C:\Windows\System\LZyxwmO.exe
  C:\Windows\System\LZyxwmO.exe
  2⤵
  PID:13916
- C:\Windows\System\VQvoWEx.exe
  C:\Windows\System\VQvoWEx.exe
  2⤵
  PID:13948
- C:\Windows\System\RhCuLZw.exe
  C:\Windows\System\RhCuLZw.exe
  2⤵
  PID:13972
- C:\Windows\System\anzAujP.exe
  C:\Windows\System\anzAujP.exe
  2⤵
  PID:14000
- C:\Windows\System\ptyijKA.exe
  C:\Windows\System\ptyijKA.exe
  2⤵
  PID:14024
- C:\Windows\System\QJsShyU.exe
  C:\Windows\System\QJsShyU.exe
  2⤵
  PID:14056
- C:\Windows\System\tFUzDyn.exe
  C:\Windows\System\tFUzDyn.exe
  2⤵
  PID:14092
- C:\Windows\System\QcOPuuG.exe
  C:\Windows\System\QcOPuuG.exe
  2⤵
  PID:14116
- C:\Windows\System\OrTyOvg.exe
  C:\Windows\System\OrTyOvg.exe
  2⤵
  PID:14136
- C:\Windows\System\YpISWSd.exe
  C:\Windows\System\YpISWSd.exe
  2⤵
  PID:14160
- C:\Windows\System\jvFWGPN.exe
  C:\Windows\System\jvFWGPN.exe
  2⤵
  PID:14192
- C:\Windows\System\DhnkVsL.exe
  C:\Windows\System\DhnkVsL.exe
  2⤵
  PID:14208
- C:\Windows\System\wdsKDgR.exe
  C:\Windows\System\wdsKDgR.exe
  2⤵
  PID:14244
- C:\Windows\System\ZDLKUpD.exe
  C:\Windows\System\ZDLKUpD.exe
  2⤵
  PID:14276
- C:\Windows\System\XcmhiXX.exe
  C:\Windows\System\XcmhiXX.exe
  2⤵
  PID:14308
- C:\Windows\System\bupIdCF.exe
  C:\Windows\System\bupIdCF.exe
  2⤵
  PID:12448
- C:\Windows\System\KsFKEgF.exe
  C:\Windows\System\KsFKEgF.exe
  2⤵
  PID:12332

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv oBMBiUkmuUOMJFqiRLy0ZQ.0.2
1⤵
PID:14032
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 14032 -s 1008
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:14320

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 14032 -i 14032 -h 448 -j 432 -s 468 -d 13248
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:13676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BAViizm.exe

Filesize
1.9MB

MD5
ecd44195a9e9d9907016042f2f1ad3fa

SHA1
4b3df70d7b70b105dceef9d17c252337403b044f

SHA256
3cb2c3417a17f1d8a4905187d5a0002a3765f41c74f402b02900d0bedd8b4a0c

SHA512
ee3e196fcfcbafd06598b017926a43d34518e78b42414f27074f3994ed05ee09d962347b55425a543a9ec13937f7639cff398e87804cfc8f2b295c4b905e8ef3

Download Submit
C:\Windows\System\BqZLHHP.exe

Filesize
1.9MB

MD5
7b578fefe9e49a092f9fdf1b9a4dfbcc

SHA1
86a18f2d9a9fac16bd1a15bb7ca093ab4399286b

SHA256
72c73bcb05fd42c554462f2d90e63bfdae9536ba676f4df6811468d6462ff922

SHA512
bde342778d34977e80c85a87a4239d677b5b8ed91202c03c04808ac9f9e41b02f40e00d2d7fcc3b1d59928a961cc1b04b570e408b5253c8d315966b5f0265453

Download Submit
C:\Windows\System\FPInGPV.exe

Filesize
1.9MB

MD5
e2220c5f92f8f262aae692de4ee125e2

SHA1
130de0e8285d81237906d24ebfb28588ca15bd5b

SHA256
a0bebd5b7d8db4aaa5f9df8c518c5afa0bbd1d45a009f7bf9626b6d8c3b8554c

SHA512
4e180eadf02aa4ea14d4e490d8697e7a14b1b0d834d54b0542f10d552c0e8cd880df0ae9d8a701b79ae6079457de5441b3605ec9ff732f4cbf8a71eb7666bb69

Download Submit
C:\Windows\System\FPYSMDI.exe

Filesize
1.9MB

MD5
23e843cf2c27a420c2eb6ac6a73b8ca1

SHA1
69c8b57a585c0775444f7e26ff5dfc57396580c9

SHA256
21733e713f655dfd670c395ec1ea6e7fe35a0a3749d82aa46a9debef035d8bab

SHA512
aafbe16d513429c9a29116ab4e1e40ec01e0d1b316e6c9898fcf26d9f6db74200035b90b7d8415559a57965a8a210951f3d18667411494a7ab619f38c95e2a1f

Download Submit
C:\Windows\System\JqKPkAz.exe

Filesize
1.9MB

MD5
b23847d38dfe231c3627780e48c6b6d5

SHA1
fc8d018da10e38fb7fe8b4df0aeb5a247ae8c9e5

SHA256
53c1f7220f38df7ba31542c9daec2d0fddc1bc3182a22599d825ed74a7d78c82

SHA512
ef8e4be809803af09fbf517e758b9cfd7e843dfa5a169ca64386f934307e5aef0c832a90b81211ab3d20ce34efe8a4abe16ae6d92e806a19fcea2c3dafc9498f

Download Submit
C:\Windows\System\JsinOkG.exe

Filesize
1.9MB

MD5
3b8e3df46eb599622f4d4fbd50c55714

SHA1
833f9b6d0cca295f2160d617222efd4b172e706c

SHA256
6a983b61654cacfa2e74a43b21020baca032cba5c95b0fc0695268eb8dd9a295

SHA512
d071febb137a54329128b9136dcf7f5d3a5ab252baadb168bf2d454b51971033a941a68cec4fe2eca24e61d5f0b4f4b356d6e051ae5d0ccad25787be70f0333d

Download Submit
C:\Windows\System\Jtbtozv.exe

Filesize
1.9MB

MD5
d81dde83802079bb60a9554023686f8b

SHA1
12eaa5eb6eef6545e8e76e761f0d759f75dc7036

SHA256
f109ed8aa010edc902b7cbd937b9c54259d6c901eae2c6f603f5fcbd78b69f86

SHA512
cb5fad89f08776a53e45125f23eda368d2c949c050ccc23818cf78255f9cbe4ab397f93fbc6eff3b015c0992cbbf497e0ebe14f1e9bf7cb21a0537afa1caf93d

Download Submit
C:\Windows\System\MmHrgim.exe

Filesize
1.9MB

MD5
ecd815809905cde24995fb50488efe45

SHA1
d4dbc29ca66876fc02050e45cecadcf82c947f81

SHA256
746c63885fa1e8973652a50ab98564d0941578825fd8f7c07a61d265ba9b9ff2

SHA512
971208741332b5b967a7c9ae2e18f8b76f1673a2951e52a3638a9abde79f3dc527d74b5468a3193db4ec055d990bfb5c654aaae17e8e87087963edc82195792c

Download Submit
C:\Windows\System\NzKKZkb.exe

Filesize
1.9MB

MD5
28a45057c37f8e9243bf23dfaeed05c4

SHA1
6b4a55e8b3a5f29fdc2eac2f0b75abfe71cc76b4

SHA256
e4dcfbee3863963cfc7493152b4eafcafac1803709b919844446f02a468a211e

SHA512
895be9d5bd94e602aa8d89c18a11fc46d947f6bee5ff8301ef4c3e24ae921429614a76bbc9cd4b8323d02566e8fdda43405202edb5ec9d3ef8fb7d7610752257

Download Submit
C:\Windows\System\QrgRCbJ.exe

Filesize
1.9MB

MD5
d79ba85dd66805db0ebbd6965fa16ae4

SHA1
a97d34d698e32b3189e6815f5349fbce6121c29f

SHA256
f3dcab72dc5405f8d4d0d9a7bdf97cc6889270d42b5da533250eff2d90e8908c

SHA512
4487a1f0aed017309fb2099b22463312ec1e96b08b11526f7950a29cc1b83799b2dbb5cf41ada7cb3d7140c9329850fc5acb4d6cf8f4a861e6d9cf0d7c8e2f94

Download Submit
C:\Windows\System\RFlkQWM.exe

Filesize
1.9MB

MD5
0a50e872041aa1c548bc9be5c6738fe8

SHA1
ece40858292530cdb7897a16cbb53cc2fc1346cc

SHA256
0a8b060c56bfaabd1af5f6e5cf1502192ed7949da5e1dd270cf0aeea7f0a7c3d

SHA512
d8f44d5bae1abc0bab929e95d1510907c7991514ed02fe9f77a7d5f5d205e38401b64dfb7a3cd31946cc12160717c92a7b7307c987b0d87dae3330b90de8eb43

Download Submit
C:\Windows\System\RvJSqeW.exe

Filesize
1.9MB

MD5
33491da9777f717108afcf4054808af2

SHA1
706b8d8b77f78d04f7bf5a50ea98642e6be65079

SHA256
d66abfc6182fc7b8d52a9e99ab34d6018b06e0da9b60a325a4db1a89d96d3571

SHA512
a59ad7c7243dd776267f2bfa6cc441272e75a27720de6a2557e9e3b9b04ddb357e5daba17633813c90aedb688ad8cde02033d9f3189a618712a8423ead4ae728

Download Submit
C:\Windows\System\RvdLKQB.exe

Filesize
1.9MB

MD5
cdb1e7e28cedbb2b7197b6622237ce02

SHA1
ebb1fe77cd3213f83ab259ed2be81395174b1301

SHA256
d0c32148109c586d1b62a51d903ed4d5e92cf810cf4778afb095b5830e5dba90

SHA512
6e0afe197204e69293e93e29877964b07d7e0fb7542ff0a6602ef230b7b237cd18f52b735ae1203ad25b36ad2dcf2bee6b244ca1029a184fc50f2000f12dac1b

Download Submit
C:\Windows\System\SGafrGm.exe

Filesize
1.9MB

MD5
53e7351471125214d9d1748d8be8251f

SHA1
1f4cb878e5ec5450233ec6292f4e2755ee6e6214

SHA256
411fe459d494c16548622b3dbdae39880bc7d09b6ebb4aa93d51bc354c001028

SHA512
ba593c4ad7d83f5c35f0952495fe719a118da2bbdc7264638f97d5aa1765ea747aa55036fb6299f7dfd0cc47f92c231ae4c03aaa1e8efa8035c7390126585e44

Download Submit
C:\Windows\System\SPYuFFw.exe

Filesize
1.9MB

MD5
dede1537d6aa9f17f5b7af7cf0f63e23

SHA1
2a0f7858a76c7c2de387dee408d216d4ed924a6e

SHA256
a92ae402aa0d2c37df3cb94e59e53d3e8914deb6d1f5e34c57184e309b8e9f73

SHA512
48cb82055f53adfa2ac0081968c923ee97c1236497a302a008c989ab3b22fdc0f7f091dd60b1a504bbfec515a2532c3edc1d471bb9a57d86691f1deff02c32bf

Download Submit
C:\Windows\System\UVkAuVF.exe

Filesize
1.9MB

MD5
33f984651cee07d855023f3ba9a12773

SHA1
69a2f02524b71485dbb798a6c8cd03663894956d

SHA256
7ed1787bafe1dd6401b7f4cc3c7429024c7ccb5450b4ef2445a6c7a9290495d4

SHA512
01d89c3c9dcd014690284e9f0541eec1470c93da360c65224121a84c66ab1ca5b76972a27297514aca72f07f0418a4e62849e87a7476b9d0d2e4e6a6987ab360

Download Submit
C:\Windows\System\VeKQskn.exe

Filesize
1.9MB

MD5
5a54ae30af898abb85de39218e054407

SHA1
a98b951b45f975baba61522493f09694ba2eeaf8

SHA256
4f1f40f5b837cc71c3b566b665a12b58d9e85a07989d44d1005f5b3b5f8261f8

SHA512
e51070e8f27e93099ffd8eee00b629b38e15189ec3ae4af61d9add338f1c5d7390db7d1a0abd5295f6720118ee7e0a8391f103076d0aae799816a60cf728725e

Download Submit
C:\Windows\System\XkMbgfO.exe

Filesize
1.9MB

MD5
0a9fcc7ee232678ace4993431a07960e

SHA1
0e3bbc8b1172caf4f2b8fd5d0069b12e7320dc70

SHA256
dfd35208bf41f3036c5c93e758d4cd892ebf3ad60a93ccc75fabfaf047fb0ba3

SHA512
b33f732f2a6a5450edac1ff9b99d33be4f1bf607c9645296f3c919986f9177d66e324a0dd1215135b8f74776c540011515fd366aca53a5d1558811a01e079597

Download Submit
C:\Windows\System\XuiTgck.exe

Filesize
1.9MB

MD5
816c60ae73494e044fee63f0e83c80fe

SHA1
54205c65ee181fccdb0e98c21d6321ada2f15a03

SHA256
dceb7f7a913bd40e956a7777e72a5b6f517b257245cf69e43b4883408246bf01

SHA512
63a5ef751c58014c53e5f819eef614ed9d011d0cf551ea0030866190a2703a2448e542a20edc72277fb6d4a6af931ca9cde529f01da82a8559c7556f74038ac8

Download Submit
C:\Windows\System\aDWQiya.exe

Filesize
1.9MB

MD5
d7c533b60208e50ab91575a73f905fde

SHA1
a08628e00f3430823ff4bd03d10c0d66e2b5fea4

SHA256
905da7dd9ac7e9b6b7510e5158107b06ee6f3c71bc7e9c1173bcc9032006286c

SHA512
2feb807bf6f56c33372dfeef8b9939777e9f65fa298ee47b5ddde834c5c6f20f690e2f270e513a377c0363ed9c4184235afb75b6329355ff0cb7510083dc225d

Download Submit
C:\Windows\System\bWUmMXc.exe

Filesize
1.9MB

MD5
73f5c65dcbf450b966ce0e5aa538840a

SHA1
16bc5e16dc2b22599e0050eec603e8cce78a28b7

SHA256
564be6c792a0d41d27ae9f084192366d5593ac010972d210c40bd4fc3f9e6636

SHA512
62d80f26dd91a73b030ed1a300d21b6aa5377f7a63a15669619517be05cef346b5cd02064a1fafae8b12a523765d8ef0b296c613c7e0f0eee47805e70f59d4a8

Download Submit
C:\Windows\System\eCTnTFm.exe

Filesize
1.9MB

MD5
c24e2e9de008ac1a9c7c5b0286875727

SHA1
319e6c01c9fabb1539660da84fb8d6940fcd5311

SHA256
287fd3a8d7c8998bbd195126426d822c6d81da39b4a37dba16868c3889068560

SHA512
850d9e273b392ecb00455e5ca93644d4bda568b8328e6007d46a0a0dfb7ab320b49585e68d62ba50dad14ecae03d2a94f48aba87f1db8bd4807391d058c67d11

Download Submit
C:\Windows\System\fqbGfvj.exe

Filesize
1.9MB

MD5
a756518d136cfdedc04f8d48aba06e04

SHA1
2204e21a7abcb8ff9986d10682988161770254b6

SHA256
104d4d6f71ea6045e62c1291d95c15ea96c0c8fbfc81f078af0fb0c99272f1a8

SHA512
06d9dfe77b47348fe8d9f7a4d7925e6138c05c143bf104f42ca12f2c7eba2354ce35d18df61d0555a5ece7f33a7d13c4adedd35c1a7419f79b7da4d8a30f4831

Download Submit
C:\Windows\System\iDNNaUf.exe

Filesize
1.9MB

MD5
5073a2729942c08fb132b3f44a60738e

SHA1
fbf10a67335d31989583bea59431a0e5263afe19

SHA256
b184e56c67df13531fc413709d0ed35ceacceff4365d6b8e65a9e03fc4af1264

SHA512
8534bef80a1ff130591c0ac3ec6c22eca062bad3839ecfe9a24164a614eddeca65689e8bf22ef13f722d19dd9b1acb6188a9f183202aa6eef08a7dd98df8b807

Download Submit
C:\Windows\System\lvrGGCV.exe

Filesize
1.9MB

MD5
0ea423aede7189ac904ef19df6b3a04d

SHA1
4e6886058fe2803f5c4a6f09ff986b44aed25e1d

SHA256
878ece5ed2fb06707a5c557858068096b362217923880b5032dedb2ce736929b

SHA512
4d851a32aea4f32d1b7dfb844c2744b8390b9a0ed26c0ba0f7258c72c6988aaef3eab4c36d7fdf4640cc7859e21520beb3c15f12e624b578c9ea281a2012cec0

Download Submit
C:\Windows\System\nLWmims.exe

Filesize
1.9MB

MD5
63d4e2e8bad9c0d1e810e4b26ae2b4b5

SHA1
5edb7e215b8ff50d8c66d6050f5b27cbcfe7063f

SHA256
d455a7576bb269b466ebc8c45a569e4ef1503e1fb90cbf54bd65fa56c3ffb361

SHA512
733359a23a010249044497e713d85939bc2a7d8f10e0e274c2b4f2db255453824bb2cbd5ae18864506577f5c2fc1a803858c4bf49cbfdb25d4bc32ff90681704

Download Submit
C:\Windows\System\navMErH.exe

Filesize
1.9MB

MD5
b03d1dd6efe4f910e2fc80ce1ec7b022

SHA1
c48b05bac68a1b509e96f1b0eb8cdb335a83b1af

SHA256
123f48ebe009eb1d062b7d17e528bc471b9c9930169d0c4773128e85d4708f03

SHA512
9f747cea4b995c380fba4a48e5b58c22b21418a67fa26d3f7be1344f8a343a17d45ab56f5d55d6bc026e1c06db49cfa666ccc1932e240b4e5d11f537e1d8024c

Download Submit
C:\Windows\System\oMYnjdd.exe

Filesize
1.9MB

MD5
25f65ffd2b8196b87c12d09e6abd72c8

SHA1
d68d0bef29826d3aac5f34f2de9d7c5ec1ee75a2

SHA256
db37d487c3a3690778393d35e216acd216c56e4cd5c06409a4832558530f4e2b

SHA512
424cd6a5709273410a1d54ac0e31afe8cc46128e4a1c3d8bcfabd3f3b60010d08ef95521c509103b3592f64144aa08c59f6fb697d2b1e8afe2903c537d952936

Download Submit
C:\Windows\System\qEaEaQP.exe

Filesize
1.9MB

MD5
81f06ac5cc277b6c9935907c7a34627f

SHA1
4987d2d4d66237dab11c8c66cf648ea2482f5799

SHA256
1d71a5a6b1d7b3dbc9472ced319e7622bf8415f89cd8fbc0c06601f4bc4201f9

SHA512
f8f68a91fbce9f2e6266d8ad63c79c83a5fd341cfcb9a30b7e7450824a9e4e5718f085224c2e6b89e1d87786e49e0960c222af930ec61441397685c777992771

Download Submit
C:\Windows\System\tQEoOLU.exe

Filesize
1.9MB

MD5
d2018a9e074b3da19c1728915f5aee0a

SHA1
b31b1dd22afd736d86edb027c57653cfbabbb260

SHA256
e320341b00e62791b064a3b036f90a3b52823e73045fe16a01e8917febf796bb

SHA512
b5f0ce0ab9e3c20af9488c7c1a11bc0ac1308ebe150533067d602d688cc6198da551b04d61d311752c8765bb9e4e32cbc34eeb7469d86e58b0da4de42ef60b36

Download Submit
C:\Windows\System\wHNVxdX.exe

Filesize
1.9MB

MD5
bf2393d45a91b6da6cc6b555ba413763

SHA1
81cff66b9720ffe9d57b0e0999a6f75f30a6a506

SHA256
74ae31ac391336a1a5c9cf1a1f1ae888d6880b1c367726e28fa0ed1f10a54b58

SHA512
52763b9e1cb116919ed2c56eae1d1afe45aaad3c7e1dbef6a3812520a0fcec0725c1ffff4205af3bdea255f3151543afd0ef039608d52d51282fb23f995be148

Download Submit
C:\Windows\System\yDdMFUl.exe

Filesize
1.9MB

MD5
f2a25ff3b53d52f219d2110d443f492c

SHA1
f1914cabe3012242e998cd9f519f149d71230ca4

SHA256
11065bce69d4fafd826d7fb427fba082d2ce55b22f1c1b0ff0525df3e1a09862

SHA512
ffb6fb38910b97e1185618b0f56be312e2207de4ecdaa093a462e8a4935fe1c09eaca9b0dfe4a7d18b19c9da207153c942f9478579f2ced9a64f6781d28d88b1

Download Submit
C:\Windows\System\ycHrmji.exe

Filesize
1.9MB

MD5
e296674dcece856748aeb3c1ec9c771a

SHA1
202a5c2cfe99230df179e47324e036b888109ef1

SHA256
d8f72b2268874e9d591da08786d059c05ba514a0e92ea1734525234c153d9e9d

SHA512
2351e31268c4e0a94617171407ed2f6e8afe385068be3007a577a470a01dd33e0dcc7e8bc4b8ef3a31b6265d364780f5da6fd09ab358a8df563d8ed6a0f75e08

Download Submit
C:\Windows\System\yfGDumI.exe

Filesize
1.9MB

MD5
d0091ca8d9b0fa80e74517e47dbec210

SHA1
5c1816f76ea88b8253d1d78320f2f401b931ef55

SHA256
17de25bb5345d074d5add978694b0e2bec1061e5512be994ccf99c7a928d5a40

SHA512
900a6c4cb5f4d812f5705c89061e3a12144900722ea3bd0c90c125b5afaa3061b9a13db7efa54f686c2c9171cee4e3a11363c5f5eed1644879a73436d755e5d0

Download Submit
C:\Windows\System\yubkZTd.exe

Filesize
1.9MB

MD5
48c6e023d99b23ca1181cc67f27edf60

SHA1
a884c2325503523c729e5a41d86a270b076a6229

SHA256
0047db242fac1290f59efcedfc0deca74e8183bf4f5f7778a1234c144796afda

SHA512
75ca25aec0ab05866868d3497f418a534edc0f8e9eb78a9b7f02167a252635ed80ac850533b99745a6e6bdeaf4c1d3279c1a6c10bcc5ed92425e2cc187bf2916

Download Submit
C:\Windows\System\zfaNVVM.exe

Filesize
1.9MB

MD5
8a2442ac75709c0a0d33fe9cd0f9d953

SHA1
d8ae6e4369a5abcf86f71658c674add63661bf1f

SHA256
80cf8a3d8d1b81d948d09f308ea62dbd8708ebe3233cd22137e44260a928ddd1

SHA512
c2e9dbe4719881563bea7597eb56bca422a1505956f4224df997a55cb8164c3dccb67ef22d825a6c7a0f586abbcb6f4ebd39c4834e4e6bdd125ca623e1cd4561

Download Submit
memory/400-221-0x00007FF666CC0000-0x00007FF667014000-memory.dmp

Filesize
3.3MB

Download
memory/400-2148-0x00007FF666CC0000-0x00007FF667014000-memory.dmp

Filesize
3.3MB

Download
memory/724-2167-0x00007FF61CCE0000-0x00007FF61D034000-memory.dmp

Filesize
3.3MB

Download
memory/724-207-0x00007FF61CCE0000-0x00007FF61D034000-memory.dmp

Filesize
3.3MB

Download
memory/912-2149-0x00007FF62D7F0000-0x00007FF62DB44000-memory.dmp

Filesize
3.3MB

Download
memory/912-165-0x00007FF62D7F0000-0x00007FF62DB44000-memory.dmp

Filesize
3.3MB

Download
memory/1340-2158-0x00007FF764EC0000-0x00007FF765214000-memory.dmp

Filesize
3.3MB

Download
memory/1340-208-0x00007FF764EC0000-0x00007FF765214000-memory.dmp

Filesize
3.3MB

Download
memory/1700-2157-0x00007FF668E40000-0x00007FF669194000-memory.dmp

Filesize
3.3MB

Download
memory/1700-197-0x00007FF668E40000-0x00007FF669194000-memory.dmp

Filesize
3.3MB

Download
memory/1840-213-0x00007FF6A0180000-0x00007FF6A04D4000-memory.dmp

Filesize
3.3MB

Download
memory/1840-2168-0x00007FF6A0180000-0x00007FF6A04D4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-209-0x00007FF65A390000-0x00007FF65A6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2160-0x00007FF65A390000-0x00007FF65A6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2166-0x00007FF67BA10000-0x00007FF67BD64000-memory.dmp

Filesize
3.3MB

Download
memory/2024-224-0x00007FF67BA10000-0x00007FF67BD64000-memory.dmp

Filesize
3.3MB

Download
memory/2032-2159-0x00007FF6D9DF0000-0x00007FF6DA144000-memory.dmp

Filesize
3.3MB

Download
memory/2032-223-0x00007FF6D9DF0000-0x00007FF6DA144000-memory.dmp

Filesize
3.3MB

Download
memory/2096-214-0x00007FF7A9E40000-0x00007FF7AA194000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2165-0x00007FF7A9E40000-0x00007FF7AA194000-memory.dmp

Filesize
3.3MB

Download
memory/2292-216-0x00007FF677D70000-0x00007FF6780C4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2170-0x00007FF677D70000-0x00007FF6780C4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-198-0x00007FF709160000-0x00007FF7094B4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2156-0x00007FF709160000-0x00007FF7094B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-65-0x00007FF640AC0000-0x00007FF640E14000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2150-0x00007FF640AC0000-0x00007FF640E14000-memory.dmp

Filesize
3.3MB

Download
memory/2996-219-0x00007FF6E7ED0000-0x00007FF6E8224000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2145-0x00007FF6E7ED0000-0x00007FF6E8224000-memory.dmp

Filesize
3.3MB

Download
memory/3116-2144-0x00007FF742630000-0x00007FF742984000-memory.dmp

Filesize
3.3MB

Download
memory/3116-42-0x00007FF742630000-0x00007FF742984000-memory.dmp

Filesize
3.3MB

Download
memory/3496-0-0x00007FF6A9530000-0x00007FF6A9884000-memory.dmp

Filesize
3.3MB

Download
memory/3496-1-0x0000018B7EF70000-0x0000018B7EF80000-memory.dmp

Filesize
64KB

Download
memory/3660-211-0x00007FF7BC450000-0x00007FF7BC7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2163-0x00007FF7BC450000-0x00007FF7BC7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-215-0x00007FF61E970000-0x00007FF61ECC4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2171-0x00007FF61E970000-0x00007FF61ECC4000-memory.dmp

Filesize
3.3MB

Download
memory/4128-220-0x00007FF717860000-0x00007FF717BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2153-0x00007FF717860000-0x00007FF717BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2151-0x00007FF677820000-0x00007FF677B74000-memory.dmp

Filesize
3.3MB

Download
memory/4256-124-0x00007FF677820000-0x00007FF677B74000-memory.dmp

Filesize
3.3MB

Download
memory/4308-2146-0x00007FF7810E0000-0x00007FF781434000-memory.dmp

Filesize
3.3MB

Download
memory/4308-148-0x00007FF7810E0000-0x00007FF781434000-memory.dmp

Filesize
3.3MB

Download
memory/4420-210-0x00007FF6E6B50000-0x00007FF6E6EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2164-0x00007FF6E6B50000-0x00007FF6E6EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4448-2152-0x00007FF721AA0000-0x00007FF721DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4448-186-0x00007FF721AA0000-0x00007FF721DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2154-0x00007FF62F8B0000-0x00007FF62FC04000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2142-0x00007FF62F8B0000-0x00007FF62FC04000-memory.dmp

Filesize
3.3MB

Download
memory/4488-83-0x00007FF62F8B0000-0x00007FF62FC04000-memory.dmp

Filesize
3.3MB

Download
memory/4788-218-0x00007FF7BC5A0000-0x00007FF7BC8F4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2147-0x00007FF7BC5A0000-0x00007FF7BC8F4000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2169-0x00007FF67C630000-0x00007FF67C984000-memory.dmp

Filesize
3.3MB

Download
memory/4908-217-0x00007FF67C630000-0x00007FF67C984000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2162-0x00007FF77DEF0000-0x00007FF77E244000-memory.dmp

Filesize
3.3MB

Download
memory/4916-212-0x00007FF77DEF0000-0x00007FF77E244000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2161-0x00007FF61C4F0000-0x00007FF61C844000-memory.dmp

Filesize
3.3MB

Download
memory/4948-204-0x00007FF61C4F0000-0x00007FF61C844000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2143-0x00007FF688A60000-0x00007FF688DB4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-35-0x00007FF688A60000-0x00007FF688DB4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-222-0x00007FF7541E0000-0x00007FF754534000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2155-0x00007FF7541E0000-0x00007FF754534000-memory.dmp

Filesize
3.3MB

Download