xmrig | 3838c4f2bfc632299687219b2638998f4c85c1120dd4140eaf68b03387da7e66

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
Size

2.2MB
MD5

9a3fdc6062c892d72558e29bad072740
SHA1

d544f7721ccefdadb2cfe8f38cbdea733e24f954
SHA256

3838c4f2bfc632299687219b2638998f4c85c1120dd4140eaf68b03387da7e66
SHA512

44a91322e812b3fd98b198451bc80ced28514fd0e2c694c8e7dbce7e6e6a2770b91212702fdf23b32dd25706c493e11ce641b39eafb44d87a4f137e518a4caac
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AjES546c2dqOZX8:BemTLkNdfE0pZrn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3904-0-0x00007FF6CD4D0000-0x00007FF6CD824000-memory.dmp	xmrig
behavioral2/files/0x000700000002328e-5.dat	xmrig
behavioral2/files/0x00080000000233f9-9.dat	xmrig
behavioral2/memory/1940-6-0x00007FF772DF0000-0x00007FF773144000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fd-29.dat	xmrig
behavioral2/files/0x00070000000233fb-34.dat	xmrig
behavioral2/memory/1404-47-0x00007FF6EB310000-0x00007FF6EB664000-memory.dmp	xmrig
behavioral2/files/0x0007000000023403-72.dat	xmrig
behavioral2/files/0x000700000002340a-94.dat	xmrig
behavioral2/memory/4944-119-0x00007FF6FAAE0000-0x00007FF6FAE34000-memory.dmp	xmrig
behavioral2/memory/1876-122-0x00007FF78A710000-0x00007FF78AA64000-memory.dmp	xmrig
behavioral2/memory/2352-126-0x00007FF7F6900000-0x00007FF7F6C54000-memory.dmp	xmrig
behavioral2/memory/1960-128-0x00007FF7F3350000-0x00007FF7F36A4000-memory.dmp	xmrig
behavioral2/memory/2420-127-0x00007FF62EB20000-0x00007FF62EE74000-memory.dmp	xmrig
behavioral2/memory/2344-125-0x00007FF65DC00000-0x00007FF65DF54000-memory.dmp	xmrig
behavioral2/memory/804-124-0x00007FF6BF8E0000-0x00007FF6BFC34000-memory.dmp	xmrig
behavioral2/memory/1472-123-0x00007FF640DC0000-0x00007FF641114000-memory.dmp	xmrig
behavioral2/memory/4224-121-0x00007FF62C030000-0x00007FF62C384000-memory.dmp	xmrig
behavioral2/memory/3944-120-0x00007FF69E7B0000-0x00007FF69EB04000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-117.dat	xmrig
behavioral2/files/0x000700000002340b-115.dat	xmrig
behavioral2/memory/4984-114-0x00007FF66CF50000-0x00007FF66D2A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-110.dat	xmrig
behavioral2/files/0x0007000000023408-108.dat	xmrig
behavioral2/files/0x0007000000023407-106.dat	xmrig
behavioral2/files/0x0007000000023406-104.dat	xmrig
behavioral2/files/0x0007000000023405-102.dat	xmrig
behavioral2/memory/1208-101-0x00007FF6A2A80000-0x00007FF6A2DD4000-memory.dmp	xmrig
behavioral2/memory/3964-100-0x00007FF7032E0000-0x00007FF703634000-memory.dmp	xmrig
behavioral2/files/0x0007000000023404-98.dat	xmrig
behavioral2/memory/3132-95-0x00007FF6F07C0000-0x00007FF6F0B14000-memory.dmp	xmrig
behavioral2/memory/4312-77-0x00007FF631DC0000-0x00007FF632114000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-65.dat	xmrig
behavioral2/files/0x0007000000023400-63.dat	xmrig
behavioral2/files/0x00070000000233ff-61.dat	xmrig
behavioral2/files/0x0007000000023401-59.dat	xmrig
behavioral2/files/0x00070000000233fe-52.dat	xmrig
behavioral2/files/0x00070000000233fc-41.dat	xmrig
behavioral2/files/0x00070000000233fa-33.dat	xmrig
behavioral2/memory/4104-32-0x00007FF76F3F0000-0x00007FF76F744000-memory.dmp	xmrig
behavioral2/memory/3748-31-0x00007FF610A70000-0x00007FF610DC4000-memory.dmp	xmrig
behavioral2/memory/1964-26-0x00007FF6EF3F0000-0x00007FF6EF744000-memory.dmp	xmrig
behavioral2/memory/3208-23-0x00007FF748BF0000-0x00007FF748F44000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-131.dat	xmrig
behavioral2/memory/2916-134-0x00007FF792160000-0x00007FF7924B4000-memory.dmp	xmrig
behavioral2/files/0x00080000000233f7-137.dat	xmrig
behavioral2/files/0x0007000000023415-174.dat	xmrig
behavioral2/files/0x0007000000023412-182.dat	xmrig
behavioral2/memory/1936-202-0x00007FF6B2030000-0x00007FF6B2384000-memory.dmp	xmrig
behavioral2/memory/3208-193-0x00007FF748BF0000-0x00007FF748F44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-192.dat	xmrig
behavioral2/memory/1940-190-0x00007FF772DF0000-0x00007FF773144000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-189.dat	xmrig
behavioral2/files/0x0007000000023413-186.dat	xmrig
behavioral2/files/0x0007000000023411-184.dat	xmrig
behavioral2/memory/1772-181-0x00007FF6A9F50000-0x00007FF6AA2A4000-memory.dmp	xmrig
behavioral2/memory/1480-178-0x00007FF687A30000-0x00007FF687D84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-177.dat	xmrig
behavioral2/files/0x0007000000023410-175.dat	xmrig
behavioral2/memory/884-170-0x00007FF6D2830000-0x00007FF6D2B84000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-164.dat	xmrig
behavioral2/memory/3928-158-0x00007FF744380000-0x00007FF7446D4000-memory.dmp	xmrig
behavioral2/memory/2744-149-0x00007FF6B61B0000-0x00007FF6B6504000-memory.dmp	xmrig
behavioral2/memory/3904-152-0x00007FF6CD4D0000-0x00007FF6CD824000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1940	xVvIZpB.exe
3208	gXmmJak.exe
3748	ecDdwrE.exe
4104	bVBInWK.exe
1964	CDczDRI.exe
4312	qJxtHSA.exe
1404	lSMYArA.exe
2352	srcysNz.exe
3132	JLNdvYX.exe
3964	kYmHQZx.exe
1208	Rfuwjgj.exe
4984	EfhxyTk.exe
4944	UIyHvIB.exe
2420	sxFYUEt.exe
3944	BwUTWIa.exe
4224	BBjnjaN.exe
1876	kXwRJon.exe
1472	ydyXhxP.exe
804	fvbNPYx.exe
1960	yICmPcs.exe
2344	UwwUuZl.exe
2916	mLMzZEw.exe
3352	JdIOLqS.exe
2744	clLgnNi.exe
3928	YlfMxrD.exe
884	VHERrPP.exe
1936	UaAIExN.exe
1480	JbcyiFG.exe
1772	jirgaZA.exe
936	UtQlkWq.exe
2984	mFFwlyK.exe
2692	RHZbfiC.exe
2556	EVQOLOi.exe
1272	CHsCCug.exe
452	xVsHVyQ.exe
4776	ZDSwfFT.exe
4864	BzFxsFA.exe
3160	qDWdPge.exe
1864	PYixMJV.exe
2288	ucAJbFn.exe
4480	ZjWmgcs.exe
4612	KSBYJkD.exe
116	YGqJBkl.exe
752	HfbVHTB.exe
4812	lYrHuFN.exe
3276	SqwjfYJ.exe
2612	BMkRznW.exe
3340	GQgHNsw.exe
2348	nmHNEVm.exe
2856	fgqPqeZ.exe
3248	AJzhQEg.exe
620	UwqqZsh.exe
1504	efgQABF.exe
932	OejdSRN.exe
664	JxSRKMU.exe
8	ltFAyhA.exe
4716	zKPBwNH.exe
4792	VCuihdc.exe
4004	ibQvpZz.exe
4460	SXLwrra.exe
1652	mRvxdWN.exe
2340	otjeIFj.exe
3876	lHLkjcs.exe
4216	ZtDkvBB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3904-0-0x00007FF6CD4D0000-0x00007FF6CD824000-memory.dmp	upx
behavioral2/files/0x000700000002328e-5.dat	upx
behavioral2/files/0x00080000000233f9-9.dat	upx
behavioral2/memory/1940-6-0x00007FF772DF0000-0x00007FF773144000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-29.dat	upx
behavioral2/files/0x00070000000233fb-34.dat	upx
behavioral2/memory/1404-47-0x00007FF6EB310000-0x00007FF6EB664000-memory.dmp	upx
behavioral2/files/0x0007000000023403-72.dat	upx
behavioral2/files/0x000700000002340a-94.dat	upx
behavioral2/memory/4944-119-0x00007FF6FAAE0000-0x00007FF6FAE34000-memory.dmp	upx
behavioral2/memory/1876-122-0x00007FF78A710000-0x00007FF78AA64000-memory.dmp	upx
behavioral2/memory/2352-126-0x00007FF7F6900000-0x00007FF7F6C54000-memory.dmp	upx
behavioral2/memory/1960-128-0x00007FF7F3350000-0x00007FF7F36A4000-memory.dmp	upx
behavioral2/memory/2420-127-0x00007FF62EB20000-0x00007FF62EE74000-memory.dmp	upx
behavioral2/memory/2344-125-0x00007FF65DC00000-0x00007FF65DF54000-memory.dmp	upx
behavioral2/memory/804-124-0x00007FF6BF8E0000-0x00007FF6BFC34000-memory.dmp	upx
behavioral2/memory/1472-123-0x00007FF640DC0000-0x00007FF641114000-memory.dmp	upx
behavioral2/memory/4224-121-0x00007FF62C030000-0x00007FF62C384000-memory.dmp	upx
behavioral2/memory/3944-120-0x00007FF69E7B0000-0x00007FF69EB04000-memory.dmp	upx
behavioral2/files/0x000700000002340c-117.dat	upx
behavioral2/files/0x000700000002340b-115.dat	upx
behavioral2/memory/4984-114-0x00007FF66CF50000-0x00007FF66D2A4000-memory.dmp	upx
behavioral2/files/0x0007000000023409-110.dat	upx
behavioral2/files/0x0007000000023408-108.dat	upx
behavioral2/files/0x0007000000023407-106.dat	upx
behavioral2/files/0x0007000000023406-104.dat	upx
behavioral2/files/0x0007000000023405-102.dat	upx
behavioral2/memory/1208-101-0x00007FF6A2A80000-0x00007FF6A2DD4000-memory.dmp	upx
behavioral2/memory/3964-100-0x00007FF7032E0000-0x00007FF703634000-memory.dmp	upx
behavioral2/files/0x0007000000023404-98.dat	upx
behavioral2/memory/3132-95-0x00007FF6F07C0000-0x00007FF6F0B14000-memory.dmp	upx
behavioral2/memory/4312-77-0x00007FF631DC0000-0x00007FF632114000-memory.dmp	upx
behavioral2/files/0x0007000000023402-65.dat	upx
behavioral2/files/0x0007000000023400-63.dat	upx
behavioral2/files/0x00070000000233ff-61.dat	upx
behavioral2/files/0x0007000000023401-59.dat	upx
behavioral2/files/0x00070000000233fe-52.dat	upx
behavioral2/files/0x00070000000233fc-41.dat	upx
behavioral2/files/0x00070000000233fa-33.dat	upx
behavioral2/memory/4104-32-0x00007FF76F3F0000-0x00007FF76F744000-memory.dmp	upx
behavioral2/memory/3748-31-0x00007FF610A70000-0x00007FF610DC4000-memory.dmp	upx
behavioral2/memory/1964-26-0x00007FF6EF3F0000-0x00007FF6EF744000-memory.dmp	upx
behavioral2/memory/3208-23-0x00007FF748BF0000-0x00007FF748F44000-memory.dmp	upx
behavioral2/files/0x000700000002340d-131.dat	upx
behavioral2/memory/2916-134-0x00007FF792160000-0x00007FF7924B4000-memory.dmp	upx
behavioral2/files/0x00080000000233f7-137.dat	upx
behavioral2/files/0x0007000000023415-174.dat	upx
behavioral2/files/0x0007000000023412-182.dat	upx
behavioral2/memory/1936-202-0x00007FF6B2030000-0x00007FF6B2384000-memory.dmp	upx
behavioral2/memory/3208-193-0x00007FF748BF0000-0x00007FF748F44000-memory.dmp	upx
behavioral2/files/0x0007000000023414-192.dat	upx
behavioral2/memory/1940-190-0x00007FF772DF0000-0x00007FF773144000-memory.dmp	upx
behavioral2/files/0x0007000000023417-189.dat	upx
behavioral2/files/0x0007000000023413-186.dat	upx
behavioral2/files/0x0007000000023411-184.dat	upx
behavioral2/memory/1772-181-0x00007FF6A9F50000-0x00007FF6AA2A4000-memory.dmp	upx
behavioral2/memory/1480-178-0x00007FF687A30000-0x00007FF687D84000-memory.dmp	upx
behavioral2/files/0x0007000000023416-177.dat	upx
behavioral2/files/0x0007000000023410-175.dat	upx
behavioral2/memory/884-170-0x00007FF6D2830000-0x00007FF6D2B84000-memory.dmp	upx
behavioral2/files/0x000700000002340f-164.dat	upx
behavioral2/memory/3928-158-0x00007FF744380000-0x00007FF7446D4000-memory.dmp	upx
behavioral2/memory/2744-149-0x00007FF6B61B0000-0x00007FF6B6504000-memory.dmp	upx
behavioral2/memory/3904-152-0x00007FF6CD4D0000-0x00007FF6CD824000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LQgaidI.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\snAvFaa.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\YfrYLNV.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\kXwRJon.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\NiiibMw.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\rAOZusp.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\cQpPchC.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\RYBMehu.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\JsrUvYY.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\DgQKTCp.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\fvbNPYx.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\RhNBCcH.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\nkCgwAr.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\otjeIFj.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\aGAwcHb.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\hExlHnY.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\XwpyWws.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\bhdlUkw.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\AJCGFvz.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\kJhLzGr.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\ngftdmb.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\pBuzqBK.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\cMxQchP.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\uuheagC.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\IsQCxzi.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\QklWWdx.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\tzZtHXt.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\TwovJKo.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\khaGzpe.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\SotaVdP.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\HrUIkcW.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\tPROfIM.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\OGInacx.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\fFqXAfD.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\twiaTcr.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\ysnGmsF.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\hmPUKVZ.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\wNqHVJY.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\RvUrvZc.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\rfOAzoj.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\ecDdwrE.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\srcysNz.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\xnbFsOk.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\VNIvSyJ.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\LjEVxNt.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\pfRxPhi.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\jlrJTDG.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\mRvxdWN.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\SqyFZUW.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\tkvBXrI.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\QkuCvHg.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\xVvIZpB.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\fFqjuww.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\OjQfvup.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\GQgHNsw.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\INXulaQ.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\fxxwcBa.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\SjGPbXM.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\KtgsWOi.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\mKsiTkW.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\PVGpNgk.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\ZbHxedz.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\uUxWWUs.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
File created	C:\Windows\System\jfceMRF.exe	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15048	dwm.exe
Token: SeChangeNotifyPrivilege	15048	dwm.exe
Token: 33	15048	dwm.exe
Token: SeIncBasePriorityPrivilege	15048	dwm.exe
Token: SeCreateGlobalPrivilege	15352	dwm.exe
Token: SeChangeNotifyPrivilege	15352	dwm.exe
Token: 33	15352	dwm.exe
Token: SeIncBasePriorityPrivilege	15352	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
14476	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 1940	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	84
PID 3904 wrote to memory of 1940	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	84
PID 3904 wrote to memory of 3208	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	85
PID 3904 wrote to memory of 3208	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	85
PID 3904 wrote to memory of 3748	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	86
PID 3904 wrote to memory of 3748	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	86
PID 3904 wrote to memory of 4104	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	87
PID 3904 wrote to memory of 4104	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	87
PID 3904 wrote to memory of 1964	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	88
PID 3904 wrote to memory of 1964	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	88
PID 3904 wrote to memory of 4312	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	89
PID 3904 wrote to memory of 4312	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	89
PID 3904 wrote to memory of 1404	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	90
PID 3904 wrote to memory of 1404	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	90
PID 3904 wrote to memory of 2352	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	91
PID 3904 wrote to memory of 2352	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	91
PID 3904 wrote to memory of 3132	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	92
PID 3904 wrote to memory of 3132	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	92
PID 3904 wrote to memory of 3964	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	93
PID 3904 wrote to memory of 3964	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	93
PID 3904 wrote to memory of 1208	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	94
PID 3904 wrote to memory of 1208	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	94
PID 3904 wrote to memory of 4984	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	95
PID 3904 wrote to memory of 4984	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	95
PID 3904 wrote to memory of 4944	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	96
PID 3904 wrote to memory of 4944	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	96
PID 3904 wrote to memory of 2420	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	97
PID 3904 wrote to memory of 2420	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	97
PID 3904 wrote to memory of 3944	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	98
PID 3904 wrote to memory of 3944	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	98
PID 3904 wrote to memory of 4224	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	99
PID 3904 wrote to memory of 4224	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	99
PID 3904 wrote to memory of 1876	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	100
PID 3904 wrote to memory of 1876	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	100
PID 3904 wrote to memory of 1472	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	101
PID 3904 wrote to memory of 1472	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	101
PID 3904 wrote to memory of 804	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	102
PID 3904 wrote to memory of 804	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	102
PID 3904 wrote to memory of 1960	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	103
PID 3904 wrote to memory of 1960	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	103
PID 3904 wrote to memory of 2344	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	104
PID 3904 wrote to memory of 2344	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	104
PID 3904 wrote to memory of 2916	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	106
PID 3904 wrote to memory of 2916	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	106
PID 3904 wrote to memory of 3352	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	108
PID 3904 wrote to memory of 3352	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	108
PID 3904 wrote to memory of 2744	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	109
PID 3904 wrote to memory of 2744	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	109
PID 3904 wrote to memory of 3928	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	110
PID 3904 wrote to memory of 3928	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	110
PID 3904 wrote to memory of 884	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	111
PID 3904 wrote to memory of 884	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	111
PID 3904 wrote to memory of 1480	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	112
PID 3904 wrote to memory of 1480	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	112
PID 3904 wrote to memory of 1936	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	113
PID 3904 wrote to memory of 1936	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	113
PID 3904 wrote to memory of 1772	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	114
PID 3904 wrote to memory of 1772	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	114
PID 3904 wrote to memory of 936	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	115
PID 3904 wrote to memory of 936	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	115
PID 3904 wrote to memory of 2984	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	116
PID 3904 wrote to memory of 2984	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	116
PID 3904 wrote to memory of 2692	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	117
PID 3904 wrote to memory of 2692	3904	9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9a3fdc6062c892d72558e29bad072740_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\System\xVvIZpB.exe
  C:\Windows\System\xVvIZpB.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\gXmmJak.exe
  C:\Windows\System\gXmmJak.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\ecDdwrE.exe
  C:\Windows\System\ecDdwrE.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\bVBInWK.exe
  C:\Windows\System\bVBInWK.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\CDczDRI.exe
  C:\Windows\System\CDczDRI.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\qJxtHSA.exe
  C:\Windows\System\qJxtHSA.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\lSMYArA.exe
  C:\Windows\System\lSMYArA.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\srcysNz.exe
  C:\Windows\System\srcysNz.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\JLNdvYX.exe
  C:\Windows\System\JLNdvYX.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\kYmHQZx.exe
  C:\Windows\System\kYmHQZx.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\Rfuwjgj.exe
  C:\Windows\System\Rfuwjgj.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\EfhxyTk.exe
  C:\Windows\System\EfhxyTk.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\UIyHvIB.exe
  C:\Windows\System\UIyHvIB.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\sxFYUEt.exe
  C:\Windows\System\sxFYUEt.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\BwUTWIa.exe
  C:\Windows\System\BwUTWIa.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\BBjnjaN.exe
  C:\Windows\System\BBjnjaN.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\kXwRJon.exe
  C:\Windows\System\kXwRJon.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ydyXhxP.exe
  C:\Windows\System\ydyXhxP.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\fvbNPYx.exe
  C:\Windows\System\fvbNPYx.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\yICmPcs.exe
  C:\Windows\System\yICmPcs.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\UwwUuZl.exe
  C:\Windows\System\UwwUuZl.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\mLMzZEw.exe
  C:\Windows\System\mLMzZEw.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\JdIOLqS.exe
  C:\Windows\System\JdIOLqS.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\clLgnNi.exe
  C:\Windows\System\clLgnNi.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\YlfMxrD.exe
  C:\Windows\System\YlfMxrD.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\VHERrPP.exe
  C:\Windows\System\VHERrPP.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\JbcyiFG.exe
  C:\Windows\System\JbcyiFG.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\UaAIExN.exe
  C:\Windows\System\UaAIExN.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\jirgaZA.exe
  C:\Windows\System\jirgaZA.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\UtQlkWq.exe
  C:\Windows\System\UtQlkWq.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\mFFwlyK.exe
  C:\Windows\System\mFFwlyK.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\RHZbfiC.exe
  C:\Windows\System\RHZbfiC.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\EVQOLOi.exe
  C:\Windows\System\EVQOLOi.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\CHsCCug.exe
  C:\Windows\System\CHsCCug.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\xVsHVyQ.exe
  C:\Windows\System\xVsHVyQ.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\ZDSwfFT.exe
  C:\Windows\System\ZDSwfFT.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\BzFxsFA.exe
  C:\Windows\System\BzFxsFA.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\qDWdPge.exe
  C:\Windows\System\qDWdPge.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\PYixMJV.exe
  C:\Windows\System\PYixMJV.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\ucAJbFn.exe
  C:\Windows\System\ucAJbFn.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\ZjWmgcs.exe
  C:\Windows\System\ZjWmgcs.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\KSBYJkD.exe
  C:\Windows\System\KSBYJkD.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\YGqJBkl.exe
  C:\Windows\System\YGqJBkl.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\HfbVHTB.exe
  C:\Windows\System\HfbVHTB.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\lYrHuFN.exe
  C:\Windows\System\lYrHuFN.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\SqwjfYJ.exe
  C:\Windows\System\SqwjfYJ.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\BMkRznW.exe
  C:\Windows\System\BMkRznW.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\GQgHNsw.exe
  C:\Windows\System\GQgHNsw.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\nmHNEVm.exe
  C:\Windows\System\nmHNEVm.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\fgqPqeZ.exe
  C:\Windows\System\fgqPqeZ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\AJzhQEg.exe
  C:\Windows\System\AJzhQEg.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\UwqqZsh.exe
  C:\Windows\System\UwqqZsh.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\efgQABF.exe
  C:\Windows\System\efgQABF.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\OejdSRN.exe
  C:\Windows\System\OejdSRN.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\JxSRKMU.exe
  C:\Windows\System\JxSRKMU.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\ltFAyhA.exe
  C:\Windows\System\ltFAyhA.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\zKPBwNH.exe
  C:\Windows\System\zKPBwNH.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\VCuihdc.exe
  C:\Windows\System\VCuihdc.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\ibQvpZz.exe
  C:\Windows\System\ibQvpZz.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\SXLwrra.exe
  C:\Windows\System\SXLwrra.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\mRvxdWN.exe
  C:\Windows\System\mRvxdWN.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\otjeIFj.exe
  C:\Windows\System\otjeIFj.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\lHLkjcs.exe
  C:\Windows\System\lHLkjcs.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\ZtDkvBB.exe
  C:\Windows\System\ZtDkvBB.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\TKaCIfY.exe
  C:\Windows\System\TKaCIfY.exe
  2⤵
  PID:4052
- C:\Windows\System\lmkdTdV.exe
  C:\Windows\System\lmkdTdV.exe
  2⤵
  PID:4508
- C:\Windows\System\naBMyut.exe
  C:\Windows\System\naBMyut.exe
  2⤵
  PID:1108
- C:\Windows\System\mKsiTkW.exe
  C:\Windows\System\mKsiTkW.exe
  2⤵
  PID:2584
- C:\Windows\System\gFWeMTJ.exe
  C:\Windows\System\gFWeMTJ.exe
  2⤵
  PID:4680
- C:\Windows\System\fVzOeSm.exe
  C:\Windows\System\fVzOeSm.exe
  2⤵
  PID:4420
- C:\Windows\System\ImcGauC.exe
  C:\Windows\System\ImcGauC.exe
  2⤵
  PID:3436
- C:\Windows\System\kKbuVIG.exe
  C:\Windows\System\kKbuVIG.exe
  2⤵
  PID:4380
- C:\Windows\System\BNVpmsM.exe
  C:\Windows\System\BNVpmsM.exe
  2⤵
  PID:4260
- C:\Windows\System\JtWrMHI.exe
  C:\Windows\System\JtWrMHI.exe
  2⤵
  PID:1904
- C:\Windows\System\vuHMIev.exe
  C:\Windows\System\vuHMIev.exe
  2⤵
  PID:3644
- C:\Windows\System\AUkxyKn.exe
  C:\Windows\System\AUkxyKn.exe
  2⤵
  PID:4200
- C:\Windows\System\KsODSAm.exe
  C:\Windows\System\KsODSAm.exe
  2⤵
  PID:5084
- C:\Windows\System\tgszgFA.exe
  C:\Windows\System\tgszgFA.exe
  2⤵
  PID:868
- C:\Windows\System\rrvyFnI.exe
  C:\Windows\System\rrvyFnI.exe
  2⤵
  PID:1916
- C:\Windows\System\AIAnJmJ.exe
  C:\Windows\System\AIAnJmJ.exe
  2⤵
  PID:4676
- C:\Windows\System\bDEkqjQ.exe
  C:\Windows\System\bDEkqjQ.exe
  2⤵
  PID:4504
- C:\Windows\System\BVmOhDe.exe
  C:\Windows\System\BVmOhDe.exe
  2⤵
  PID:4592
- C:\Windows\System\nQlDwcv.exe
  C:\Windows\System\nQlDwcv.exe
  2⤵
  PID:1152
- C:\Windows\System\HctclpZ.exe
  C:\Windows\System\HctclpZ.exe
  2⤵
  PID:3884
- C:\Windows\System\SGjfUYE.exe
  C:\Windows\System\SGjfUYE.exe
  2⤵
  PID:4088
- C:\Windows\System\kRoztcJ.exe
  C:\Windows\System\kRoztcJ.exe
  2⤵
  PID:3524
- C:\Windows\System\KYefnmH.exe
  C:\Windows\System\KYefnmH.exe
  2⤵
  PID:2068
- C:\Windows\System\mYhUuID.exe
  C:\Windows\System\mYhUuID.exe
  2⤵
  PID:1460
- C:\Windows\System\dLqLyln.exe
  C:\Windows\System\dLqLyln.exe
  2⤵
  PID:4648
- C:\Windows\System\olQHuZt.exe
  C:\Windows\System\olQHuZt.exe
  2⤵
  PID:1424
- C:\Windows\System\VIBUSXb.exe
  C:\Windows\System\VIBUSXb.exe
  2⤵
  PID:3752
- C:\Windows\System\CORbfCw.exe
  C:\Windows\System\CORbfCw.exe
  2⤵
  PID:4904
- C:\Windows\System\yWeUmLX.exe
  C:\Windows\System\yWeUmLX.exe
  2⤵
  PID:4328
- C:\Windows\System\DICrzYw.exe
  C:\Windows\System\DICrzYw.exe
  2⤵
  PID:1632
- C:\Windows\System\JBWJJuv.exe
  C:\Windows\System\JBWJJuv.exe
  2⤵
  PID:2520
- C:\Windows\System\IdszGNE.exe
  C:\Windows\System\IdszGNE.exe
  2⤵
  PID:348
- C:\Windows\System\uUxWWUs.exe
  C:\Windows\System\uUxWWUs.exe
  2⤵
  PID:1340
- C:\Windows\System\URFLqpc.exe
  C:\Windows\System\URFLqpc.exe
  2⤵
  PID:5136
- C:\Windows\System\yiQRcpo.exe
  C:\Windows\System\yiQRcpo.exe
  2⤵
  PID:5172
- C:\Windows\System\qefxGuu.exe
  C:\Windows\System\qefxGuu.exe
  2⤵
  PID:5212
- C:\Windows\System\xvcCUFH.exe
  C:\Windows\System\xvcCUFH.exe
  2⤵
  PID:5228
- C:\Windows\System\ngidyrP.exe
  C:\Windows\System\ngidyrP.exe
  2⤵
  PID:5272
- C:\Windows\System\LoerYRL.exe
  C:\Windows\System\LoerYRL.exe
  2⤵
  PID:5300
- C:\Windows\System\LmCRpgg.exe
  C:\Windows\System\LmCRpgg.exe
  2⤵
  PID:5328
- C:\Windows\System\pmOyRZK.exe
  C:\Windows\System\pmOyRZK.exe
  2⤵
  PID:5356
- C:\Windows\System\JIFWZcU.exe
  C:\Windows\System\JIFWZcU.exe
  2⤵
  PID:5392
- C:\Windows\System\BOgPOEr.exe
  C:\Windows\System\BOgPOEr.exe
  2⤵
  PID:5416
- C:\Windows\System\lxFylTu.exe
  C:\Windows\System\lxFylTu.exe
  2⤵
  PID:5444
- C:\Windows\System\DzSDKQF.exe
  C:\Windows\System\DzSDKQF.exe
  2⤵
  PID:5472
- C:\Windows\System\ZhuujyV.exe
  C:\Windows\System\ZhuujyV.exe
  2⤵
  PID:5504
- C:\Windows\System\ywlKKVa.exe
  C:\Windows\System\ywlKKVa.exe
  2⤵
  PID:5532
- C:\Windows\System\fIWAPHt.exe
  C:\Windows\System\fIWAPHt.exe
  2⤵
  PID:5556
- C:\Windows\System\JblDVLi.exe
  C:\Windows\System\JblDVLi.exe
  2⤵
  PID:5584
- C:\Windows\System\OCBuPgc.exe
  C:\Windows\System\OCBuPgc.exe
  2⤵
  PID:5616
- C:\Windows\System\xsUnHsC.exe
  C:\Windows\System\xsUnHsC.exe
  2⤵
  PID:5648
- C:\Windows\System\kTTiYTQ.exe
  C:\Windows\System\kTTiYTQ.exe
  2⤵
  PID:5672
- C:\Windows\System\fmEAtLX.exe
  C:\Windows\System\fmEAtLX.exe
  2⤵
  PID:5696
- C:\Windows\System\sWFHyFE.exe
  C:\Windows\System\sWFHyFE.exe
  2⤵
  PID:5732
- C:\Windows\System\XItTxBy.exe
  C:\Windows\System\XItTxBy.exe
  2⤵
  PID:5752
- C:\Windows\System\rAOZusp.exe
  C:\Windows\System\rAOZusp.exe
  2⤵
  PID:5780
- C:\Windows\System\RLKlrcw.exe
  C:\Windows\System\RLKlrcw.exe
  2⤵
  PID:5800
- C:\Windows\System\DOKyzuc.exe
  C:\Windows\System\DOKyzuc.exe
  2⤵
  PID:5844
- C:\Windows\System\kpNjYlO.exe
  C:\Windows\System\kpNjYlO.exe
  2⤵
  PID:5860
- C:\Windows\System\KHYFnlK.exe
  C:\Windows\System\KHYFnlK.exe
  2⤵
  PID:5900
- C:\Windows\System\xMMhzhc.exe
  C:\Windows\System\xMMhzhc.exe
  2⤵
  PID:5920
- C:\Windows\System\AHxxpRC.exe
  C:\Windows\System\AHxxpRC.exe
  2⤵
  PID:5952
- C:\Windows\System\fFqXAfD.exe
  C:\Windows\System\fFqXAfD.exe
  2⤵
  PID:5984
- C:\Windows\System\WMGtNys.exe
  C:\Windows\System\WMGtNys.exe
  2⤵
  PID:6012
- C:\Windows\System\oTsMAkN.exe
  C:\Windows\System\oTsMAkN.exe
  2⤵
  PID:6040
- C:\Windows\System\AHfyRYp.exe
  C:\Windows\System\AHfyRYp.exe
  2⤵
  PID:6080
- C:\Windows\System\RtlSKyq.exe
  C:\Windows\System\RtlSKyq.exe
  2⤵
  PID:6100
- C:\Windows\System\mPHxOoo.exe
  C:\Windows\System\mPHxOoo.exe
  2⤵
  PID:6136
- C:\Windows\System\yOdgwsL.exe
  C:\Windows\System\yOdgwsL.exe
  2⤵
  PID:5144
- C:\Windows\System\DJFApUG.exe
  C:\Windows\System\DJFApUG.exe
  2⤵
  PID:5224
- C:\Windows\System\JCncRPR.exe
  C:\Windows\System\JCncRPR.exe
  2⤵
  PID:5256
- C:\Windows\System\gnBJxEz.exe
  C:\Windows\System\gnBJxEz.exe
  2⤵
  PID:5348
- C:\Windows\System\XYBCJDn.exe
  C:\Windows\System\XYBCJDn.exe
  2⤵
  PID:5440
- C:\Windows\System\TLXGjVq.exe
  C:\Windows\System\TLXGjVq.exe
  2⤵
  PID:5484
- C:\Windows\System\BkqsPcM.exe
  C:\Windows\System\BkqsPcM.exe
  2⤵
  PID:5552
- C:\Windows\System\chOnzPZ.exe
  C:\Windows\System\chOnzPZ.exe
  2⤵
  PID:5604
- C:\Windows\System\wlUajDC.exe
  C:\Windows\System\wlUajDC.exe
  2⤵
  PID:5664
- C:\Windows\System\JEvXezY.exe
  C:\Windows\System\JEvXezY.exe
  2⤵
  PID:5740
- C:\Windows\System\PVGpNgk.exe
  C:\Windows\System\PVGpNgk.exe
  2⤵
  PID:5820
- C:\Windows\System\EwjWOXl.exe
  C:\Windows\System\EwjWOXl.exe
  2⤵
  PID:5908
- C:\Windows\System\puwFDkc.exe
  C:\Windows\System\puwFDkc.exe
  2⤵
  PID:5944
- C:\Windows\System\RysEgdC.exe
  C:\Windows\System\RysEgdC.exe
  2⤵
  PID:6028
- C:\Windows\System\AOxUQox.exe
  C:\Windows\System\AOxUQox.exe
  2⤵
  PID:6096
- C:\Windows\System\PxMscLP.exe
  C:\Windows\System\PxMscLP.exe
  2⤵
  PID:5156
- C:\Windows\System\gvsJIEs.exe
  C:\Windows\System\gvsJIEs.exe
  2⤵
  PID:5264
- C:\Windows\System\tnozxrH.exe
  C:\Windows\System\tnozxrH.exe
  2⤵
  PID:5404
- C:\Windows\System\RyJZodK.exe
  C:\Windows\System\RyJZodK.exe
  2⤵
  PID:5520
- C:\Windows\System\QapQgzo.exe
  C:\Windows\System\QapQgzo.exe
  2⤵
  PID:5656
- C:\Windows\System\cQpPchC.exe
  C:\Windows\System\cQpPchC.exe
  2⤵
  PID:5764
- C:\Windows\System\spMUAbs.exe
  C:\Windows\System\spMUAbs.exe
  2⤵
  PID:5916
- C:\Windows\System\dWPyURr.exe
  C:\Windows\System\dWPyURr.exe
  2⤵
  PID:4684
- C:\Windows\System\vGGQBxF.exe
  C:\Windows\System\vGGQBxF.exe
  2⤵
  PID:5460
- C:\Windows\System\uMGUSey.exe
  C:\Windows\System\uMGUSey.exe
  2⤵
  PID:5884
- C:\Windows\System\kXEHOUQ.exe
  C:\Windows\System\kXEHOUQ.exe
  2⤵
  PID:5320
- C:\Windows\System\eaTbCTU.exe
  C:\Windows\System\eaTbCTU.exe
  2⤵
  PID:6164
- C:\Windows\System\oWkZwMe.exe
  C:\Windows\System\oWkZwMe.exe
  2⤵
  PID:6196
- C:\Windows\System\qUkrjjw.exe
  C:\Windows\System\qUkrjjw.exe
  2⤵
  PID:6220
- C:\Windows\System\vUDQZAc.exe
  C:\Windows\System\vUDQZAc.exe
  2⤵
  PID:6256
- C:\Windows\System\QUHvJEN.exe
  C:\Windows\System\QUHvJEN.exe
  2⤵
  PID:6288
- C:\Windows\System\ihwnTxD.exe
  C:\Windows\System\ihwnTxD.exe
  2⤵
  PID:6312
- C:\Windows\System\ixwGTRX.exe
  C:\Windows\System\ixwGTRX.exe
  2⤵
  PID:6348
- C:\Windows\System\SqyFZUW.exe
  C:\Windows\System\SqyFZUW.exe
  2⤵
  PID:6380
- C:\Windows\System\GotWxDc.exe
  C:\Windows\System\GotWxDc.exe
  2⤵
  PID:6400
- C:\Windows\System\suToDsC.exe
  C:\Windows\System\suToDsC.exe
  2⤵
  PID:6424
- C:\Windows\System\RYBMehu.exe
  C:\Windows\System\RYBMehu.exe
  2⤵
  PID:6452
- C:\Windows\System\RvUrvZc.exe
  C:\Windows\System\RvUrvZc.exe
  2⤵
  PID:6496
- C:\Windows\System\dYccgoR.exe
  C:\Windows\System\dYccgoR.exe
  2⤵
  PID:6516
- C:\Windows\System\eWTcgaY.exe
  C:\Windows\System\eWTcgaY.exe
  2⤵
  PID:6540
- C:\Windows\System\lHDdxAJ.exe
  C:\Windows\System\lHDdxAJ.exe
  2⤵
  PID:6580
- C:\Windows\System\CphHeay.exe
  C:\Windows\System\CphHeay.exe
  2⤵
  PID:6608
- C:\Windows\System\SteomBI.exe
  C:\Windows\System\SteomBI.exe
  2⤵
  PID:6628
- C:\Windows\System\VeqsvCH.exe
  C:\Windows\System\VeqsvCH.exe
  2⤵
  PID:6656
- C:\Windows\System\uVDyuLQ.exe
  C:\Windows\System\uVDyuLQ.exe
  2⤵
  PID:6680
- C:\Windows\System\xjGwYKb.exe
  C:\Windows\System\xjGwYKb.exe
  2⤵
  PID:6708
- C:\Windows\System\qBinANT.exe
  C:\Windows\System\qBinANT.exe
  2⤵
  PID:6740
- C:\Windows\System\nGQlrFF.exe
  C:\Windows\System\nGQlrFF.exe
  2⤵
  PID:6768
- C:\Windows\System\YQmItVw.exe
  C:\Windows\System\YQmItVw.exe
  2⤵
  PID:6800
- C:\Windows\System\YyeaqyF.exe
  C:\Windows\System\YyeaqyF.exe
  2⤵
  PID:6828
- C:\Windows\System\MXfpYRl.exe
  C:\Windows\System\MXfpYRl.exe
  2⤵
  PID:6860
- C:\Windows\System\xhVIZLx.exe
  C:\Windows\System\xhVIZLx.exe
  2⤵
  PID:6892
- C:\Windows\System\WksOPBH.exe
  C:\Windows\System\WksOPBH.exe
  2⤵
  PID:6928
- C:\Windows\System\xnbFsOk.exe
  C:\Windows\System\xnbFsOk.exe
  2⤵
  PID:6960
- C:\Windows\System\LQgaidI.exe
  C:\Windows\System\LQgaidI.exe
  2⤵
  PID:7000
- C:\Windows\System\RnditBr.exe
  C:\Windows\System\RnditBr.exe
  2⤵
  PID:7036
- C:\Windows\System\cxDNTbr.exe
  C:\Windows\System\cxDNTbr.exe
  2⤵
  PID:7068
- C:\Windows\System\DaKJjGb.exe
  C:\Windows\System\DaKJjGb.exe
  2⤵
  PID:7104
- C:\Windows\System\ggpnlLz.exe
  C:\Windows\System\ggpnlLz.exe
  2⤵
  PID:7136
- C:\Windows\System\EaTFGDg.exe
  C:\Windows\System\EaTFGDg.exe
  2⤵
  PID:7164
- C:\Windows\System\ERyftCU.exe
  C:\Windows\System\ERyftCU.exe
  2⤵
  PID:6088
- C:\Windows\System\fBkTljl.exe
  C:\Windows\System\fBkTljl.exe
  2⤵
  PID:6204
- C:\Windows\System\rTujhpq.exe
  C:\Windows\System\rTujhpq.exe
  2⤵
  PID:6236
- C:\Windows\System\mgRlfeL.exe
  C:\Windows\System\mgRlfeL.exe
  2⤵
  PID:6340
- C:\Windows\System\lGmiayz.exe
  C:\Windows\System\lGmiayz.exe
  2⤵
  PID:6416
- C:\Windows\System\JBHshcL.exe
  C:\Windows\System\JBHshcL.exe
  2⤵
  PID:6448
- C:\Windows\System\GmmsAyH.exe
  C:\Windows\System\GmmsAyH.exe
  2⤵
  PID:6508
- C:\Windows\System\KnwwTwV.exe
  C:\Windows\System\KnwwTwV.exe
  2⤵
  PID:6652
- C:\Windows\System\bWocxDE.exe
  C:\Windows\System\bWocxDE.exe
  2⤵
  PID:6636
- C:\Windows\System\psiFtkU.exe
  C:\Windows\System\psiFtkU.exe
  2⤵
  PID:6696
- C:\Windows\System\AnaXpCs.exe
  C:\Windows\System\AnaXpCs.exe
  2⤵
  PID:6756
- C:\Windows\System\OaTGMrU.exe
  C:\Windows\System\OaTGMrU.exe
  2⤵
  PID:6836
- C:\Windows\System\TJbEczu.exe
  C:\Windows\System\TJbEczu.exe
  2⤵
  PID:6888
- C:\Windows\System\cMxQchP.exe
  C:\Windows\System\cMxQchP.exe
  2⤵
  PID:6984
- C:\Windows\System\nEVuSHp.exe
  C:\Windows\System\nEVuSHp.exe
  2⤵
  PID:7048
- C:\Windows\System\EvrwCgM.exe
  C:\Windows\System\EvrwCgM.exe
  2⤵
  PID:7120
- C:\Windows\System\lmwmonV.exe
  C:\Windows\System\lmwmonV.exe
  2⤵
  PID:7160
- C:\Windows\System\RVrhWTA.exe
  C:\Windows\System\RVrhWTA.exe
  2⤵
  PID:6324
- C:\Windows\System\xuTITdm.exe
  C:\Windows\System\xuTITdm.exe
  2⤵
  PID:6412
- C:\Windows\System\hSGwYYj.exe
  C:\Windows\System\hSGwYYj.exe
  2⤵
  PID:6568
- C:\Windows\System\kFyzbQv.exe
  C:\Windows\System\kFyzbQv.exe
  2⤵
  PID:6592
- C:\Windows\System\AtbFmbn.exe
  C:\Windows\System\AtbFmbn.exe
  2⤵
  PID:6788
- C:\Windows\System\XBqwltT.exe
  C:\Windows\System\XBqwltT.exe
  2⤵
  PID:6952
- C:\Windows\System\SCnAQKo.exe
  C:\Windows\System\SCnAQKo.exe
  2⤵
  PID:7096
- C:\Windows\System\TBTZOUh.exe
  C:\Windows\System\TBTZOUh.exe
  2⤵
  PID:6280
- C:\Windows\System\wfDIAqq.exe
  C:\Windows\System\wfDIAqq.exe
  2⤵
  PID:6776
- C:\Windows\System\CbLvpDP.exe
  C:\Windows\System\CbLvpDP.exe
  2⤵
  PID:6392
- C:\Windows\System\PXaudOI.exe
  C:\Windows\System\PXaudOI.exe
  2⤵
  PID:6868
- C:\Windows\System\uYknzJY.exe
  C:\Windows\System\uYknzJY.exe
  2⤵
  PID:7192
- C:\Windows\System\lpRrrDe.exe
  C:\Windows\System\lpRrrDe.exe
  2⤵
  PID:7220
- C:\Windows\System\mvgegjM.exe
  C:\Windows\System\mvgegjM.exe
  2⤵
  PID:7252
- C:\Windows\System\QkyjwWv.exe
  C:\Windows\System\QkyjwWv.exe
  2⤵
  PID:7272
- C:\Windows\System\BDURDtd.exe
  C:\Windows\System\BDURDtd.exe
  2⤵
  PID:7300
- C:\Windows\System\uurcqMw.exe
  C:\Windows\System\uurcqMw.exe
  2⤵
  PID:7336
- C:\Windows\System\CBfQGkx.exe
  C:\Windows\System\CBfQGkx.exe
  2⤵
  PID:7368
- C:\Windows\System\dEwljWB.exe
  C:\Windows\System\dEwljWB.exe
  2⤵
  PID:7396
- C:\Windows\System\cFiFdJB.exe
  C:\Windows\System\cFiFdJB.exe
  2⤵
  PID:7428
- C:\Windows\System\EwtHpfq.exe
  C:\Windows\System\EwtHpfq.exe
  2⤵
  PID:7452
- C:\Windows\System\sErOGwW.exe
  C:\Windows\System\sErOGwW.exe
  2⤵
  PID:7468
- C:\Windows\System\SJwBOQv.exe
  C:\Windows\System\SJwBOQv.exe
  2⤵
  PID:7500
- C:\Windows\System\HKpjpeX.exe
  C:\Windows\System\HKpjpeX.exe
  2⤵
  PID:7524
- C:\Windows\System\ytjsIJc.exe
  C:\Windows\System\ytjsIJc.exe
  2⤵
  PID:7548
- C:\Windows\System\TApoSRz.exe
  C:\Windows\System\TApoSRz.exe
  2⤵
  PID:7580
- C:\Windows\System\pfALQKU.exe
  C:\Windows\System\pfALQKU.exe
  2⤵
  PID:7616
- C:\Windows\System\JWNfrMk.exe
  C:\Windows\System\JWNfrMk.exe
  2⤵
  PID:7648
- C:\Windows\System\edDoXse.exe
  C:\Windows\System\edDoXse.exe
  2⤵
  PID:7688
- C:\Windows\System\RSqDPzs.exe
  C:\Windows\System\RSqDPzs.exe
  2⤵
  PID:7716
- C:\Windows\System\QiXMKpQ.exe
  C:\Windows\System\QiXMKpQ.exe
  2⤵
  PID:7744
- C:\Windows\System\CekSxJk.exe
  C:\Windows\System\CekSxJk.exe
  2⤵
  PID:7772
- C:\Windows\System\OpAtvIG.exe
  C:\Windows\System\OpAtvIG.exe
  2⤵
  PID:7800
- C:\Windows\System\LMbeolI.exe
  C:\Windows\System\LMbeolI.exe
  2⤵
  PID:7828
- C:\Windows\System\AhMEDIM.exe
  C:\Windows\System\AhMEDIM.exe
  2⤵
  PID:7856
- C:\Windows\System\lfFGzbk.exe
  C:\Windows\System\lfFGzbk.exe
  2⤵
  PID:7880
- C:\Windows\System\SaPaYys.exe
  C:\Windows\System\SaPaYys.exe
  2⤵
  PID:7900
- C:\Windows\System\nmcdbaT.exe
  C:\Windows\System\nmcdbaT.exe
  2⤵
  PID:7928
- C:\Windows\System\swhXDKh.exe
  C:\Windows\System\swhXDKh.exe
  2⤵
  PID:7960
- C:\Windows\System\KmqwgNQ.exe
  C:\Windows\System\KmqwgNQ.exe
  2⤵
  PID:7988
- C:\Windows\System\HGrDMPg.exe
  C:\Windows\System\HGrDMPg.exe
  2⤵
  PID:8012
- C:\Windows\System\LilUCZl.exe
  C:\Windows\System\LilUCZl.exe
  2⤵
  PID:8044
- C:\Windows\System\SEppyHv.exe
  C:\Windows\System\SEppyHv.exe
  2⤵
  PID:8068
- C:\Windows\System\VNIvSyJ.exe
  C:\Windows\System\VNIvSyJ.exe
  2⤵
  PID:8096
- C:\Windows\System\tlPKSOO.exe
  C:\Windows\System\tlPKSOO.exe
  2⤵
  PID:8124
- C:\Windows\System\HqzFHKO.exe
  C:\Windows\System\HqzFHKO.exe
  2⤵
  PID:8164
- C:\Windows\System\DZuMGTm.exe
  C:\Windows\System\DZuMGTm.exe
  2⤵
  PID:8180
- C:\Windows\System\SLTzSXo.exe
  C:\Windows\System\SLTzSXo.exe
  2⤵
  PID:6188
- C:\Windows\System\iOfiUWF.exe
  C:\Windows\System\iOfiUWF.exe
  2⤵
  PID:7180
- C:\Windows\System\azlUrBW.exe
  C:\Windows\System\azlUrBW.exe
  2⤵
  PID:7244
- C:\Windows\System\IhjbkSh.exe
  C:\Windows\System\IhjbkSh.exe
  2⤵
  PID:7264
- C:\Windows\System\tPROfIM.exe
  C:\Windows\System\tPROfIM.exe
  2⤵
  PID:7380
- C:\Windows\System\KtgsWOi.exe
  C:\Windows\System\KtgsWOi.exe
  2⤵
  PID:7440
- C:\Windows\System\ZGJxILh.exe
  C:\Windows\System\ZGJxILh.exe
  2⤵
  PID:7484
- C:\Windows\System\QwZxspG.exe
  C:\Windows\System\QwZxspG.exe
  2⤵
  PID:7540
- C:\Windows\System\jJXshOq.exe
  C:\Windows\System\jJXshOq.exe
  2⤵
  PID:7644
- C:\Windows\System\ULLjhSO.exe
  C:\Windows\System\ULLjhSO.exe
  2⤵
  PID:7712
- C:\Windows\System\AYNhCED.exe
  C:\Windows\System\AYNhCED.exe
  2⤵
  PID:7796
- C:\Windows\System\XwcdOcB.exe
  C:\Windows\System\XwcdOcB.exe
  2⤵
  PID:7888
- C:\Windows\System\jfUlbqF.exe
  C:\Windows\System\jfUlbqF.exe
  2⤵
  PID:7940
- C:\Windows\System\twiaTcr.exe
  C:\Windows\System\twiaTcr.exe
  2⤵
  PID:7976
- C:\Windows\System\FurMPNr.exe
  C:\Windows\System\FurMPNr.exe
  2⤵
  PID:8084
- C:\Windows\System\tRaZMVG.exe
  C:\Windows\System\tRaZMVG.exe
  2⤵
  PID:8116
- C:\Windows\System\UebtjQv.exe
  C:\Windows\System\UebtjQv.exe
  2⤵
  PID:6528
- C:\Windows\System\pLYGfeP.exe
  C:\Windows\System\pLYGfeP.exe
  2⤵
  PID:7240
- C:\Windows\System\bkarsuP.exe
  C:\Windows\System\bkarsuP.exe
  2⤵
  PID:7520
- C:\Windows\System\CkoigSt.exe
  C:\Windows\System\CkoigSt.exe
  2⤵
  PID:7576
- C:\Windows\System\sKmnZYp.exe
  C:\Windows\System\sKmnZYp.exe
  2⤵
  PID:7680
- C:\Windows\System\yHCHsKp.exe
  C:\Windows\System\yHCHsKp.exe
  2⤵
  PID:7844
- C:\Windows\System\kMAErAJ.exe
  C:\Windows\System\kMAErAJ.exe
  2⤵
  PID:8004
- C:\Windows\System\Jsmyadc.exe
  C:\Windows\System\Jsmyadc.exe
  2⤵
  PID:8176
- C:\Windows\System\oPpDtwT.exe
  C:\Windows\System\oPpDtwT.exe
  2⤵
  PID:7328
- C:\Windows\System\JsrUvYY.exe
  C:\Windows\System\JsrUvYY.exe
  2⤵
  PID:8024
- C:\Windows\System\wuxqUya.exe
  C:\Windows\System\wuxqUya.exe
  2⤵
  PID:7972
- C:\Windows\System\pLCRNBY.exe
  C:\Windows\System\pLCRNBY.exe
  2⤵
  PID:8120
- C:\Windows\System\KiHVEzD.exe
  C:\Windows\System\KiHVEzD.exe
  2⤵
  PID:8216
- C:\Windows\System\kcVFEsm.exe
  C:\Windows\System\kcVFEsm.exe
  2⤵
  PID:8244
- C:\Windows\System\grAGGZx.exe
  C:\Windows\System\grAGGZx.exe
  2⤵
  PID:8276
- C:\Windows\System\JFOojRf.exe
  C:\Windows\System\JFOojRf.exe
  2⤵
  PID:8308
- C:\Windows\System\rLzwdVM.exe
  C:\Windows\System\rLzwdVM.exe
  2⤵
  PID:8332
- C:\Windows\System\KqEEWDv.exe
  C:\Windows\System\KqEEWDv.exe
  2⤵
  PID:8348
- C:\Windows\System\lAMMxfs.exe
  C:\Windows\System\lAMMxfs.exe
  2⤵
  PID:8368
- C:\Windows\System\LjEVxNt.exe
  C:\Windows\System\LjEVxNt.exe
  2⤵
  PID:8396
- C:\Windows\System\ivpjFtc.exe
  C:\Windows\System\ivpjFtc.exe
  2⤵
  PID:8432
- C:\Windows\System\YLESKwQ.exe
  C:\Windows\System\YLESKwQ.exe
  2⤵
  PID:8452
- C:\Windows\System\AMGIoGF.exe
  C:\Windows\System\AMGIoGF.exe
  2⤵
  PID:8480
- C:\Windows\System\INMWVhA.exe
  C:\Windows\System\INMWVhA.exe
  2⤵
  PID:8512
- C:\Windows\System\vtIfPKG.exe
  C:\Windows\System\vtIfPKG.exe
  2⤵
  PID:8556
- C:\Windows\System\DlFzgCX.exe
  C:\Windows\System\DlFzgCX.exe
  2⤵
  PID:8584
- C:\Windows\System\RTksyJI.exe
  C:\Windows\System\RTksyJI.exe
  2⤵
  PID:8624
- C:\Windows\System\fxxwcBa.exe
  C:\Windows\System\fxxwcBa.exe
  2⤵
  PID:8640
- C:\Windows\System\VPtkDfT.exe
  C:\Windows\System\VPtkDfT.exe
  2⤵
  PID:8680
- C:\Windows\System\BxozwQv.exe
  C:\Windows\System\BxozwQv.exe
  2⤵
  PID:8708
- C:\Windows\System\muKcQYC.exe
  C:\Windows\System\muKcQYC.exe
  2⤵
  PID:8736
- C:\Windows\System\voynfYI.exe
  C:\Windows\System\voynfYI.exe
  2⤵
  PID:8752
- C:\Windows\System\EcVfzhB.exe
  C:\Windows\System\EcVfzhB.exe
  2⤵
  PID:8784
- C:\Windows\System\bCscVHc.exe
  C:\Windows\System\bCscVHc.exe
  2⤵
  PID:8820
- C:\Windows\System\OCdNriZ.exe
  C:\Windows\System\OCdNriZ.exe
  2⤵
  PID:8836
- C:\Windows\System\kZIYAiR.exe
  C:\Windows\System\kZIYAiR.exe
  2⤵
  PID:8864
- C:\Windows\System\rZCowxd.exe
  C:\Windows\System\rZCowxd.exe
  2⤵
  PID:8904
- C:\Windows\System\rzMzuoI.exe
  C:\Windows\System\rzMzuoI.exe
  2⤵
  PID:8932
- C:\Windows\System\BBxCkae.exe
  C:\Windows\System\BBxCkae.exe
  2⤵
  PID:8960
- C:\Windows\System\TlvJfeh.exe
  C:\Windows\System\TlvJfeh.exe
  2⤵
  PID:8988
- C:\Windows\System\snAvFaa.exe
  C:\Windows\System\snAvFaa.exe
  2⤵
  PID:9016
- C:\Windows\System\nAXMybE.exe
  C:\Windows\System\nAXMybE.exe
  2⤵
  PID:9032
- C:\Windows\System\raPlYGb.exe
  C:\Windows\System\raPlYGb.exe
  2⤵
  PID:9072
- C:\Windows\System\BYNYpLD.exe
  C:\Windows\System\BYNYpLD.exe
  2⤵
  PID:9100
- C:\Windows\System\mWGIwdj.exe
  C:\Windows\System\mWGIwdj.exe
  2⤵
  PID:9128
- C:\Windows\System\lwnwlge.exe
  C:\Windows\System\lwnwlge.exe
  2⤵
  PID:9160
- C:\Windows\System\ZxFclLS.exe
  C:\Windows\System\ZxFclLS.exe
  2⤵
  PID:9188
- C:\Windows\System\ineLoAB.exe
  C:\Windows\System\ineLoAB.exe
  2⤵
  PID:7852
- C:\Windows\System\fFkVEuS.exe
  C:\Windows\System\fFkVEuS.exe
  2⤵
  PID:8240
- C:\Windows\System\CKbtlGY.exe
  C:\Windows\System\CKbtlGY.exe
  2⤵
  PID:8316
- C:\Windows\System\lJFjnkF.exe
  C:\Windows\System\lJFjnkF.exe
  2⤵
  PID:8376
- C:\Windows\System\NPNdmUw.exe
  C:\Windows\System\NPNdmUw.exe
  2⤵
  PID:8440
- C:\Windows\System\NKteCOY.exe
  C:\Windows\System\NKteCOY.exe
  2⤵
  PID:8492
- C:\Windows\System\qdElrGT.exe
  C:\Windows\System\qdElrGT.exe
  2⤵
  PID:8572
- C:\Windows\System\GmXTIfq.exe
  C:\Windows\System\GmXTIfq.exe
  2⤵
  PID:8636
- C:\Windows\System\eMjKUdS.exe
  C:\Windows\System\eMjKUdS.exe
  2⤵
  PID:8724
- C:\Windows\System\tHSknbx.exe
  C:\Windows\System\tHSknbx.exe
  2⤵
  PID:8748
- C:\Windows\System\LUZIMND.exe
  C:\Windows\System\LUZIMND.exe
  2⤵
  PID:8816
- C:\Windows\System\IsQCxzi.exe
  C:\Windows\System\IsQCxzi.exe
  2⤵
  PID:8980
- C:\Windows\System\WdFeVIb.exe
  C:\Windows\System\WdFeVIb.exe
  2⤵
  PID:9024
- C:\Windows\System\TirmQKc.exe
  C:\Windows\System\TirmQKc.exe
  2⤵
  PID:9056
- C:\Windows\System\ZAoOKhx.exe
  C:\Windows\System\ZAoOKhx.exe
  2⤵
  PID:9124
- C:\Windows\System\JJpvEwU.exe
  C:\Windows\System\JJpvEwU.exe
  2⤵
  PID:9212
- C:\Windows\System\KEVFtGV.exe
  C:\Windows\System\KEVFtGV.exe
  2⤵
  PID:8340
- C:\Windows\System\yROJKIb.exe
  C:\Windows\System\yROJKIb.exe
  2⤵
  PID:8464
- C:\Windows\System\nyzJakF.exe
  C:\Windows\System\nyzJakF.exe
  2⤵
  PID:8632
- C:\Windows\System\StLNMuz.exe
  C:\Windows\System\StLNMuz.exe
  2⤵
  PID:8700
- C:\Windows\System\ZpGBRTI.exe
  C:\Windows\System\ZpGBRTI.exe
  2⤵
  PID:8808
- C:\Windows\System\IlQvdcj.exe
  C:\Windows\System\IlQvdcj.exe
  2⤵
  PID:836
- C:\Windows\System\alJPGvA.exe
  C:\Windows\System\alJPGvA.exe
  2⤵
  PID:9088
- C:\Windows\System\nQReVJJ.exe
  C:\Windows\System\nQReVJJ.exe
  2⤵
  PID:8232
- C:\Windows\System\hluzcMA.exe
  C:\Windows\System\hluzcMA.exe
  2⤵
  PID:1036
- C:\Windows\System\HojLsue.exe
  C:\Windows\System\HojLsue.exe
  2⤵
  PID:8720
- C:\Windows\System\nbkvdHd.exe
  C:\Windows\System\nbkvdHd.exe
  2⤵
  PID:1124
- C:\Windows\System\HPABmMW.exe
  C:\Windows\System\HPABmMW.exe
  2⤵
  PID:8388
- C:\Windows\System\ikqeKSB.exe
  C:\Windows\System\ikqeKSB.exe
  2⤵
  PID:8744
- C:\Windows\System\wvQCLaU.exe
  C:\Windows\System\wvQCLaU.exe
  2⤵
  PID:8620
- C:\Windows\System\JrqDFav.exe
  C:\Windows\System\JrqDFav.exe
  2⤵
  PID:9232
- C:\Windows\System\Wowjtho.exe
  C:\Windows\System\Wowjtho.exe
  2⤵
  PID:9252
- C:\Windows\System\yAzElhz.exe
  C:\Windows\System\yAzElhz.exe
  2⤵
  PID:9288
- C:\Windows\System\zDuIfLl.exe
  C:\Windows\System\zDuIfLl.exe
  2⤵
  PID:9316
- C:\Windows\System\qgXChza.exe
  C:\Windows\System\qgXChza.exe
  2⤵
  PID:9344
- C:\Windows\System\NhbuOrw.exe
  C:\Windows\System\NhbuOrw.exe
  2⤵
  PID:9376
- C:\Windows\System\njnvzOb.exe
  C:\Windows\System\njnvzOb.exe
  2⤵
  PID:9412
- C:\Windows\System\IgKwAJu.exe
  C:\Windows\System\IgKwAJu.exe
  2⤵
  PID:9444
- C:\Windows\System\AdyGPgX.exe
  C:\Windows\System\AdyGPgX.exe
  2⤵
  PID:9484
- C:\Windows\System\PgYbDiS.exe
  C:\Windows\System\PgYbDiS.exe
  2⤵
  PID:9504
- C:\Windows\System\XsZDmlB.exe
  C:\Windows\System\XsZDmlB.exe
  2⤵
  PID:9528
- C:\Windows\System\rfOAzoj.exe
  C:\Windows\System\rfOAzoj.exe
  2⤵
  PID:9552
- C:\Windows\System\hgABaLq.exe
  C:\Windows\System\hgABaLq.exe
  2⤵
  PID:9592
- C:\Windows\System\rgJjNiZ.exe
  C:\Windows\System\rgJjNiZ.exe
  2⤵
  PID:9628
- C:\Windows\System\USatlGt.exe
  C:\Windows\System\USatlGt.exe
  2⤵
  PID:9656
- C:\Windows\System\hCzYyvS.exe
  C:\Windows\System\hCzYyvS.exe
  2⤵
  PID:9684
- C:\Windows\System\uBVLGOR.exe
  C:\Windows\System\uBVLGOR.exe
  2⤵
  PID:9712
- C:\Windows\System\eXyNSWt.exe
  C:\Windows\System\eXyNSWt.exe
  2⤵
  PID:9736
- C:\Windows\System\XsXoTHo.exe
  C:\Windows\System\XsXoTHo.exe
  2⤵
  PID:9768
- C:\Windows\System\NiiibMw.exe
  C:\Windows\System\NiiibMw.exe
  2⤵
  PID:9796
- C:\Windows\System\IYdMFda.exe
  C:\Windows\System\IYdMFda.exe
  2⤵
  PID:9824
- C:\Windows\System\VuYXsHt.exe
  C:\Windows\System\VuYXsHt.exe
  2⤵
  PID:9852
- C:\Windows\System\ngftdmb.exe
  C:\Windows\System\ngftdmb.exe
  2⤵
  PID:9880
- C:\Windows\System\qxARnXc.exe
  C:\Windows\System\qxARnXc.exe
  2⤵
  PID:9908
- C:\Windows\System\zPVOIre.exe
  C:\Windows\System\zPVOIre.exe
  2⤵
  PID:9924
- C:\Windows\System\pASEkYe.exe
  C:\Windows\System\pASEkYe.exe
  2⤵
  PID:9952
- C:\Windows\System\LUrdSZk.exe
  C:\Windows\System\LUrdSZk.exe
  2⤵
  PID:9976
- C:\Windows\System\pBuzqBK.exe
  C:\Windows\System\pBuzqBK.exe
  2⤵
  PID:10000
- C:\Windows\System\roCMvgT.exe
  C:\Windows\System\roCMvgT.exe
  2⤵
  PID:10020
- C:\Windows\System\ElEWaiX.exe
  C:\Windows\System\ElEWaiX.exe
  2⤵
  PID:10072
- C:\Windows\System\YdldwKW.exe
  C:\Windows\System\YdldwKW.exe
  2⤵
  PID:10104
- C:\Windows\System\IZaJRQR.exe
  C:\Windows\System\IZaJRQR.exe
  2⤵
  PID:10124
- C:\Windows\System\MbADBkQ.exe
  C:\Windows\System\MbADBkQ.exe
  2⤵
  PID:10156
- C:\Windows\System\eEbnBab.exe
  C:\Windows\System\eEbnBab.exe
  2⤵
  PID:10196
- C:\Windows\System\GrAcJmj.exe
  C:\Windows\System\GrAcJmj.exe
  2⤵
  PID:10232
- C:\Windows\System\bzNEHHp.exe
  C:\Windows\System\bzNEHHp.exe
  2⤵
  PID:9240
- C:\Windows\System\fTpbFdG.exe
  C:\Windows\System\fTpbFdG.exe
  2⤵
  PID:9260
- C:\Windows\System\NdfaacU.exe
  C:\Windows\System\NdfaacU.exe
  2⤵
  PID:9300
- C:\Windows\System\EcCNkEc.exe
  C:\Windows\System\EcCNkEc.exe
  2⤵
  PID:9396
- C:\Windows\System\SMDBMRA.exe
  C:\Windows\System\SMDBMRA.exe
  2⤵
  PID:9480
- C:\Windows\System\FyxIsZh.exe
  C:\Windows\System\FyxIsZh.exe
  2⤵
  PID:9560
- C:\Windows\System\WSxyZIk.exe
  C:\Windows\System\WSxyZIk.exe
  2⤵
  PID:9620
- C:\Windows\System\dyTJmBr.exe
  C:\Windows\System\dyTJmBr.exe
  2⤵
  PID:9696
- C:\Windows\System\NeQKIuf.exe
  C:\Windows\System\NeQKIuf.exe
  2⤵
  PID:9756
- C:\Windows\System\LXZECcA.exe
  C:\Windows\System\LXZECcA.exe
  2⤵
  PID:9820
- C:\Windows\System\ZCOCnZp.exe
  C:\Windows\System\ZCOCnZp.exe
  2⤵
  PID:9892
- C:\Windows\System\wDSloeL.exe
  C:\Windows\System\wDSloeL.exe
  2⤵
  PID:9920
- C:\Windows\System\cJItIei.exe
  C:\Windows\System\cJItIei.exe
  2⤵
  PID:9972
- C:\Windows\System\XwpyWws.exe
  C:\Windows\System\XwpyWws.exe
  2⤵
  PID:10080
- C:\Windows\System\wYujbui.exe
  C:\Windows\System\wYujbui.exe
  2⤵
  PID:10180
- C:\Windows\System\cVjdAPb.exe
  C:\Windows\System\cVjdAPb.exe
  2⤵
  PID:10204
- C:\Windows\System\GdFOyNt.exe
  C:\Windows\System\GdFOyNt.exe
  2⤵
  PID:9224
- C:\Windows\System\oMHQrff.exe
  C:\Windows\System\oMHQrff.exe
  2⤵
  PID:9248
- C:\Windows\System\JkdiyLz.exe
  C:\Windows\System\JkdiyLz.exe
  2⤵
  PID:9432
- C:\Windows\System\PGzdjuN.exe
  C:\Windows\System\PGzdjuN.exe
  2⤵
  PID:9600
- C:\Windows\System\dqHBEcV.exe
  C:\Windows\System\dqHBEcV.exe
  2⤵
  PID:9788
- C:\Windows\System\BIvAlOs.exe
  C:\Windows\System\BIvAlOs.exe
  2⤵
  PID:9988
- C:\Windows\System\pfyYdYm.exe
  C:\Windows\System\pfyYdYm.exe
  2⤵
  PID:6844
- C:\Windows\System\hvVQUcb.exe
  C:\Windows\System\hvVQUcb.exe
  2⤵
  PID:8956
- C:\Windows\System\aGAwcHb.exe
  C:\Windows\System\aGAwcHb.exe
  2⤵
  PID:10228
- C:\Windows\System\JvQMxea.exe
  C:\Windows\System\JvQMxea.exe
  2⤵
  PID:9584
- C:\Windows\System\eOVvjHQ.exe
  C:\Windows\System\eOVvjHQ.exe
  2⤵
  PID:9940
- C:\Windows\System\yUOLvyt.exe
  C:\Windows\System\yUOLvyt.exe
  2⤵
  PID:10052
- C:\Windows\System\SmrWVdK.exe
  C:\Windows\System\SmrWVdK.exe
  2⤵
  PID:2712
- C:\Windows\System\RXFbnnx.exe
  C:\Windows\System\RXFbnnx.exe
  2⤵
  PID:10036
- C:\Windows\System\xxvhovE.exe
  C:\Windows\System\xxvhovE.exe
  2⤵
  PID:10252
- C:\Windows\System\JxirpYL.exe
  C:\Windows\System\JxirpYL.exe
  2⤵
  PID:10272
- C:\Windows\System\uTAdmnT.exe
  C:\Windows\System\uTAdmnT.exe
  2⤵
  PID:10292
- C:\Windows\System\YNwbuuZ.exe
  C:\Windows\System\YNwbuuZ.exe
  2⤵
  PID:10312
- C:\Windows\System\mJMpfXH.exe
  C:\Windows\System\mJMpfXH.exe
  2⤵
  PID:10336
- C:\Windows\System\hiClOqy.exe
  C:\Windows\System\hiClOqy.exe
  2⤵
  PID:10376
- C:\Windows\System\YeBcJBP.exe
  C:\Windows\System\YeBcJBP.exe
  2⤵
  PID:10412
- C:\Windows\System\lXwfxVw.exe
  C:\Windows\System\lXwfxVw.exe
  2⤵
  PID:10440
- C:\Windows\System\QklWWdx.exe
  C:\Windows\System\QklWWdx.exe
  2⤵
  PID:10464
- C:\Windows\System\mpgKGap.exe
  C:\Windows\System\mpgKGap.exe
  2⤵
  PID:10492
- C:\Windows\System\BKcmzcp.exe
  C:\Windows\System\BKcmzcp.exe
  2⤵
  PID:10524
- C:\Windows\System\TAIPDIV.exe
  C:\Windows\System\TAIPDIV.exe
  2⤵
  PID:10552
- C:\Windows\System\bGDUeiK.exe
  C:\Windows\System\bGDUeiK.exe
  2⤵
  PID:10584
- C:\Windows\System\PIaUadV.exe
  C:\Windows\System\PIaUadV.exe
  2⤵
  PID:10624
- C:\Windows\System\SjGPbXM.exe
  C:\Windows\System\SjGPbXM.exe
  2⤵
  PID:10648
- C:\Windows\System\iNOMkjV.exe
  C:\Windows\System\iNOMkjV.exe
  2⤵
  PID:10680
- C:\Windows\System\MgBQVPy.exe
  C:\Windows\System\MgBQVPy.exe
  2⤵
  PID:10712
- C:\Windows\System\PrppCmk.exe
  C:\Windows\System\PrppCmk.exe
  2⤵
  PID:10744
- C:\Windows\System\ZwqtPtV.exe
  C:\Windows\System\ZwqtPtV.exe
  2⤵
  PID:10776
- C:\Windows\System\ThBSYsX.exe
  C:\Windows\System\ThBSYsX.exe
  2⤵
  PID:10804
- C:\Windows\System\MLVwMQx.exe
  C:\Windows\System\MLVwMQx.exe
  2⤵
  PID:10832
- C:\Windows\System\sQKkrAK.exe
  C:\Windows\System\sQKkrAK.exe
  2⤵
  PID:10860
- C:\Windows\System\SrpixxE.exe
  C:\Windows\System\SrpixxE.exe
  2⤵
  PID:10888
- C:\Windows\System\pfRxPhi.exe
  C:\Windows\System\pfRxPhi.exe
  2⤵
  PID:10916
- C:\Windows\System\gYzzGwo.exe
  C:\Windows\System\gYzzGwo.exe
  2⤵
  PID:10944
- C:\Windows\System\AiECvwj.exe
  C:\Windows\System\AiECvwj.exe
  2⤵
  PID:10960
- C:\Windows\System\RjzNJrM.exe
  C:\Windows\System\RjzNJrM.exe
  2⤵
  PID:10988
- C:\Windows\System\zpiTnZG.exe
  C:\Windows\System\zpiTnZG.exe
  2⤵
  PID:11012
- C:\Windows\System\pthRiTo.exe
  C:\Windows\System\pthRiTo.exe
  2⤵
  PID:11044
- C:\Windows\System\RWQvAmW.exe
  C:\Windows\System\RWQvAmW.exe
  2⤵
  PID:11072
- C:\Windows\System\ankBQvO.exe
  C:\Windows\System\ankBQvO.exe
  2⤵
  PID:11100
- C:\Windows\System\FejPByP.exe
  C:\Windows\System\FejPByP.exe
  2⤵
  PID:11132
- C:\Windows\System\VTgQgjy.exe
  C:\Windows\System\VTgQgjy.exe
  2⤵
  PID:11156
- C:\Windows\System\iNstgfV.exe
  C:\Windows\System\iNstgfV.exe
  2⤵
  PID:11184
- C:\Windows\System\dpNrCWa.exe
  C:\Windows\System\dpNrCWa.exe
  2⤵
  PID:11212
- C:\Windows\System\suIkwFp.exe
  C:\Windows\System\suIkwFp.exe
  2⤵
  PID:11244
- C:\Windows\System\KUzHgUX.exe
  C:\Windows\System\KUzHgUX.exe
  2⤵
  PID:9876
- C:\Windows\System\qKDiTPa.exe
  C:\Windows\System\qKDiTPa.exe
  2⤵
  PID:10328
- C:\Windows\System\ooTbxHH.exe
  C:\Windows\System\ooTbxHH.exe
  2⤵
  PID:10352
- C:\Windows\System\mqdgvpN.exe
  C:\Windows\System\mqdgvpN.exe
  2⤵
  PID:10424
- C:\Windows\System\FGuLLUn.exe
  C:\Windows\System\FGuLLUn.exe
  2⤵
  PID:1356
- C:\Windows\System\puQMbya.exe
  C:\Windows\System\puQMbya.exe
  2⤵
  PID:10480
- C:\Windows\System\RFGMfLS.exe
  C:\Windows\System\RFGMfLS.exe
  2⤵
  PID:10540
- C:\Windows\System\AFOTyHx.exe
  C:\Windows\System\AFOTyHx.exe
  2⤵
  PID:9312
- C:\Windows\System\bhdlUkw.exe
  C:\Windows\System\bhdlUkw.exe
  2⤵
  PID:6300
- C:\Windows\System\EFaoYSQ.exe
  C:\Windows\System\EFaoYSQ.exe
  2⤵
  PID:10644
- C:\Windows\System\JhOAbew.exe
  C:\Windows\System\JhOAbew.exe
  2⤵
  PID:10732
- C:\Windows\System\oIpgLGF.exe
  C:\Windows\System\oIpgLGF.exe
  2⤵
  PID:10772
- C:\Windows\System\mATEOBd.exe
  C:\Windows\System\mATEOBd.exe
  2⤵
  PID:10816
- C:\Windows\System\fFqjuww.exe
  C:\Windows\System\fFqjuww.exe
  2⤵
  PID:10880
- C:\Windows\System\hmPUKVZ.exe
  C:\Windows\System\hmPUKVZ.exe
  2⤵
  PID:10972
- C:\Windows\System\vUtFbls.exe
  C:\Windows\System\vUtFbls.exe
  2⤵
  PID:11028
- C:\Windows\System\JxNTcED.exe
  C:\Windows\System\JxNTcED.exe
  2⤵
  PID:11084
- C:\Windows\System\cMEytLT.exe
  C:\Windows\System\cMEytLT.exe
  2⤵
  PID:11140
- C:\Windows\System\DJQbZJm.exe
  C:\Windows\System\DJQbZJm.exe
  2⤵
  PID:11200
- C:\Windows\System\HuxKQzr.exe
  C:\Windows\System\HuxKQzr.exe
  2⤵
  PID:10280
- C:\Windows\System\BeKAwBF.exe
  C:\Windows\System\BeKAwBF.exe
  2⤵
  PID:10456
- C:\Windows\System\GMlDWXa.exe
  C:\Windows\System\GMlDWXa.exe
  2⤵
  PID:10568
- C:\Windows\System\yARuEGh.exe
  C:\Windows\System\yARuEGh.exe
  2⤵
  PID:10120
- C:\Windows\System\gygJQBW.exe
  C:\Windows\System\gygJQBW.exe
  2⤵
  PID:10796
- C:\Windows\System\RMUMOKz.exe
  C:\Windows\System\RMUMOKz.exe
  2⤵
  PID:10872
- C:\Windows\System\cNFRNzS.exe
  C:\Windows\System\cNFRNzS.exe
  2⤵
  PID:10980
- C:\Windows\System\sugyuIv.exe
  C:\Windows\System\sugyuIv.exe
  2⤵
  PID:11172
- C:\Windows\System\UGZUyOe.exe
  C:\Windows\System\UGZUyOe.exe
  2⤵
  PID:10408
- C:\Windows\System\cWKRknq.exe
  C:\Windows\System\cWKRknq.exe
  2⤵
  PID:10612
- C:\Windows\System\PQWlnLD.exe
  C:\Windows\System\PQWlnLD.exe
  2⤵
  PID:4520
- C:\Windows\System\DTarZpP.exe
  C:\Windows\System\DTarZpP.exe
  2⤵
  PID:11032
- C:\Windows\System\hfaQKSr.exe
  C:\Windows\System\hfaQKSr.exe
  2⤵
  PID:11272
- C:\Windows\System\LyjmBbF.exe
  C:\Windows\System\LyjmBbF.exe
  2⤵
  PID:11292
- C:\Windows\System\HeNgtjn.exe
  C:\Windows\System\HeNgtjn.exe
  2⤵
  PID:11308
- C:\Windows\System\fDlkpap.exe
  C:\Windows\System\fDlkpap.exe
  2⤵
  PID:11328
- C:\Windows\System\xGCWgpz.exe
  C:\Windows\System\xGCWgpz.exe
  2⤵
  PID:11348
- C:\Windows\System\IZSPmuy.exe
  C:\Windows\System\IZSPmuy.exe
  2⤵
  PID:11368
- C:\Windows\System\yIgYYWQ.exe
  C:\Windows\System\yIgYYWQ.exe
  2⤵
  PID:11384
- C:\Windows\System\VhWhwzB.exe
  C:\Windows\System\VhWhwzB.exe
  2⤵
  PID:11420
- C:\Windows\System\OizPTpo.exe
  C:\Windows\System\OizPTpo.exe
  2⤵
  PID:11444
- C:\Windows\System\GfHlefW.exe
  C:\Windows\System\GfHlefW.exe
  2⤵
  PID:11468
- C:\Windows\System\hGukhSA.exe
  C:\Windows\System\hGukhSA.exe
  2⤵
  PID:11484
- C:\Windows\System\cSHRsjy.exe
  C:\Windows\System\cSHRsjy.exe
  2⤵
  PID:11504
- C:\Windows\System\sajyPhL.exe
  C:\Windows\System\sajyPhL.exe
  2⤵
  PID:11532
- C:\Windows\System\lqIUkhA.exe
  C:\Windows\System\lqIUkhA.exe
  2⤵
  PID:11564
- C:\Windows\System\gXltodn.exe
  C:\Windows\System\gXltodn.exe
  2⤵
  PID:11588
- C:\Windows\System\fOOubHr.exe
  C:\Windows\System\fOOubHr.exe
  2⤵
  PID:11616
- C:\Windows\System\GEpviTM.exe
  C:\Windows\System\GEpviTM.exe
  2⤵
  PID:11652
- C:\Windows\System\orosKRE.exe
  C:\Windows\System\orosKRE.exe
  2⤵
  PID:11672
- C:\Windows\System\ITMgBYI.exe
  C:\Windows\System\ITMgBYI.exe
  2⤵
  PID:11708
- C:\Windows\System\ukOZCUr.exe
  C:\Windows\System\ukOZCUr.exe
  2⤵
  PID:11728
- C:\Windows\System\KIAOLVv.exe
  C:\Windows\System\KIAOLVv.exe
  2⤵
  PID:11756
- C:\Windows\System\OjDDErM.exe
  C:\Windows\System\OjDDErM.exe
  2⤵
  PID:11784
- C:\Windows\System\BtbhHMG.exe
  C:\Windows\System\BtbhHMG.exe
  2⤵
  PID:11808
- C:\Windows\System\XhTfjrj.exe
  C:\Windows\System\XhTfjrj.exe
  2⤵
  PID:11840
- C:\Windows\System\INXulaQ.exe
  C:\Windows\System\INXulaQ.exe
  2⤵
  PID:11876
- C:\Windows\System\rvcQYcE.exe
  C:\Windows\System\rvcQYcE.exe
  2⤵
  PID:11912
- C:\Windows\System\YbXCwhw.exe
  C:\Windows\System\YbXCwhw.exe
  2⤵
  PID:11948
- C:\Windows\System\JTrkmaj.exe
  C:\Windows\System\JTrkmaj.exe
  2⤵
  PID:11976
- C:\Windows\System\xGnFqmM.exe
  C:\Windows\System\xGnFqmM.exe
  2⤵
  PID:12008
- C:\Windows\System\vTpqpmj.exe
  C:\Windows\System\vTpqpmj.exe
  2⤵
  PID:12032
- C:\Windows\System\QFVVyMC.exe
  C:\Windows\System\QFVVyMC.exe
  2⤵
  PID:12068
- C:\Windows\System\ZDpEhUV.exe
  C:\Windows\System\ZDpEhUV.exe
  2⤵
  PID:12096
- C:\Windows\System\azhkNJX.exe
  C:\Windows\System\azhkNJX.exe
  2⤵
  PID:12112
- C:\Windows\System\XAYIQcR.exe
  C:\Windows\System\XAYIQcR.exe
  2⤵
  PID:12148
- C:\Windows\System\HnwkjLe.exe
  C:\Windows\System\HnwkjLe.exe
  2⤵
  PID:12176
- C:\Windows\System\ClUEQVH.exe
  C:\Windows\System\ClUEQVH.exe
  2⤵
  PID:12208
- C:\Windows\System\BXklqwT.exe
  C:\Windows\System\BXklqwT.exe
  2⤵
  PID:12232
- C:\Windows\System\CvbkRyx.exe
  C:\Windows\System\CvbkRyx.exe
  2⤵
  PID:12264
- C:\Windows\System\WQICXiC.exe
  C:\Windows\System\WQICXiC.exe
  2⤵
  PID:11268
- C:\Windows\System\yoUgera.exe
  C:\Windows\System\yoUgera.exe
  2⤵
  PID:11304
- C:\Windows\System\hYtRFqF.exe
  C:\Windows\System\hYtRFqF.exe
  2⤵
  PID:11300
- C:\Windows\System\FPGUnzm.exe
  C:\Windows\System\FPGUnzm.exe
  2⤵
  PID:11528
- C:\Windows\System\craYcoY.exe
  C:\Windows\System\craYcoY.exe
  2⤵
  PID:1264
- C:\Windows\System\HjFBNbW.exe
  C:\Windows\System\HjFBNbW.exe
  2⤵
  PID:11600
- C:\Windows\System\EFSjYyn.exe
  C:\Windows\System\EFSjYyn.exe
  2⤵
  PID:11552
- C:\Windows\System\bDkyxjT.exe
  C:\Windows\System\bDkyxjT.exe
  2⤵
  PID:11604
- C:\Windows\System\emSFLeu.exe
  C:\Windows\System\emSFLeu.exe
  2⤵
  PID:11580
- C:\Windows\System\OadPPPe.exe
  C:\Windows\System\OadPPPe.exe
  2⤵
  PID:11644
- C:\Windows\System\yWZGqkt.exe
  C:\Windows\System\yWZGqkt.exe
  2⤵
  PID:11872
- C:\Windows\System\icDivdS.exe
  C:\Windows\System\icDivdS.exe
  2⤵
  PID:11928
- C:\Windows\System\PeIgYWz.exe
  C:\Windows\System\PeIgYWz.exe
  2⤵
  PID:11824
- C:\Windows\System\BDvMBFn.exe
  C:\Windows\System\BDvMBFn.exe
  2⤵
  PID:11996
- C:\Windows\System\vFqFEWL.exe
  C:\Windows\System\vFqFEWL.exe
  2⤵
  PID:12044
- C:\Windows\System\IOCIhcS.exe
  C:\Windows\System\IOCIhcS.exe
  2⤵
  PID:12104
- C:\Windows\System\YyuaIPE.exe
  C:\Windows\System\YyuaIPE.exe
  2⤵
  PID:12248
- C:\Windows\System\uuNpmDp.exe
  C:\Windows\System\uuNpmDp.exe
  2⤵
  PID:12280
- C:\Windows\System\QfHtJAm.exe
  C:\Windows\System\QfHtJAm.exe
  2⤵
  PID:11380
- C:\Windows\System\mPgQMcU.exe
  C:\Windows\System\mPgQMcU.exe
  2⤵
  PID:11416
- C:\Windows\System\dybNcbg.exe
  C:\Windows\System\dybNcbg.exe
  2⤵
  PID:3252
- C:\Windows\System\jZeUVAH.exe
  C:\Windows\System\jZeUVAH.exe
  2⤵
  PID:11796
- C:\Windows\System\JtUKesg.exe
  C:\Windows\System\JtUKesg.exe
  2⤵
  PID:11896
- C:\Windows\System\VURtVlC.exe
  C:\Windows\System\VURtVlC.exe
  2⤵
  PID:11864
- C:\Windows\System\HRgrZvu.exe
  C:\Windows\System\HRgrZvu.exe
  2⤵
  PID:11988
- C:\Windows\System\TwovJKo.exe
  C:\Windows\System\TwovJKo.exe
  2⤵
  PID:11344
- C:\Windows\System\wcuDsCR.exe
  C:\Windows\System\wcuDsCR.exe
  2⤵
  PID:11612
- C:\Windows\System\INnODPL.exe
  C:\Windows\System\INnODPL.exe
  2⤵
  PID:11968
- C:\Windows\System\OmnllLi.exe
  C:\Windows\System\OmnllLi.exe
  2⤵
  PID:11884
- C:\Windows\System\wyDLAuJ.exe
  C:\Windows\System\wyDLAuJ.exe
  2⤵
  PID:12308
- C:\Windows\System\gxLJrGA.exe
  C:\Windows\System\gxLJrGA.exe
  2⤵
  PID:12344
- C:\Windows\System\PJTNXok.exe
  C:\Windows\System\PJTNXok.exe
  2⤵
  PID:12376
- C:\Windows\System\PRaCdrc.exe
  C:\Windows\System\PRaCdrc.exe
  2⤵
  PID:12400
- C:\Windows\System\wMLVtHy.exe
  C:\Windows\System\wMLVtHy.exe
  2⤵
  PID:12428
- C:\Windows\System\uznXRKS.exe
  C:\Windows\System\uznXRKS.exe
  2⤵
  PID:12460
- C:\Windows\System\XKEBQAO.exe
  C:\Windows\System\XKEBQAO.exe
  2⤵
  PID:12496
- C:\Windows\System\JUVprVA.exe
  C:\Windows\System\JUVprVA.exe
  2⤵
  PID:12524
- C:\Windows\System\unZqawg.exe
  C:\Windows\System\unZqawg.exe
  2⤵
  PID:12552
- C:\Windows\System\ZOnNHmG.exe
  C:\Windows\System\ZOnNHmG.exe
  2⤵
  PID:12576
- C:\Windows\System\FLHQMSA.exe
  C:\Windows\System\FLHQMSA.exe
  2⤵
  PID:12600
- C:\Windows\System\WaKJUdG.exe
  C:\Windows\System\WaKJUdG.exe
  2⤵
  PID:12632
- C:\Windows\System\nkCgwAr.exe
  C:\Windows\System\nkCgwAr.exe
  2⤵
  PID:12656
- C:\Windows\System\VxgPaqB.exe
  C:\Windows\System\VxgPaqB.exe
  2⤵
  PID:12692
- C:\Windows\System\hFdvzaP.exe
  C:\Windows\System\hFdvzaP.exe
  2⤵
  PID:12716
- C:\Windows\System\zfHIAWj.exe
  C:\Windows\System\zfHIAWj.exe
  2⤵
  PID:12740
- C:\Windows\System\mCCLVCG.exe
  C:\Windows\System\mCCLVCG.exe
  2⤵
  PID:12764
- C:\Windows\System\etjXPUO.exe
  C:\Windows\System\etjXPUO.exe
  2⤵
  PID:12784
- C:\Windows\System\GbbUzXK.exe
  C:\Windows\System\GbbUzXK.exe
  2⤵
  PID:12812
- C:\Windows\System\zXzndMI.exe
  C:\Windows\System\zXzndMI.exe
  2⤵
  PID:12852
- C:\Windows\System\EvcTbBI.exe
  C:\Windows\System\EvcTbBI.exe
  2⤵
  PID:12884
- C:\Windows\System\iPjrije.exe
  C:\Windows\System\iPjrije.exe
  2⤵
  PID:12904
- C:\Windows\System\ewFOBAY.exe
  C:\Windows\System\ewFOBAY.exe
  2⤵
  PID:12936
- C:\Windows\System\SotaVdP.exe
  C:\Windows\System\SotaVdP.exe
  2⤵
  PID:12964
- C:\Windows\System\wtUOGpo.exe
  C:\Windows\System\wtUOGpo.exe
  2⤵
  PID:12996
- C:\Windows\System\QxencMr.exe
  C:\Windows\System\QxencMr.exe
  2⤵
  PID:13020
- C:\Windows\System\XyFVqEa.exe
  C:\Windows\System\XyFVqEa.exe
  2⤵
  PID:13052
- C:\Windows\System\dnIoPyL.exe
  C:\Windows\System\dnIoPyL.exe
  2⤵
  PID:13084
- C:\Windows\System\dVAmGLR.exe
  C:\Windows\System\dVAmGLR.exe
  2⤵
  PID:13104
- C:\Windows\System\FTIvBtR.exe
  C:\Windows\System\FTIvBtR.exe
  2⤵
  PID:13132
- C:\Windows\System\hXjYjoL.exe
  C:\Windows\System\hXjYjoL.exe
  2⤵
  PID:13160
- C:\Windows\System\iBUPHOb.exe
  C:\Windows\System\iBUPHOb.exe
  2⤵
  PID:13180
- C:\Windows\System\FBLgust.exe
  C:\Windows\System\FBLgust.exe
  2⤵
  PID:13200
- C:\Windows\System\rkfThEO.exe
  C:\Windows\System\rkfThEO.exe
  2⤵
  PID:13224
- C:\Windows\System\qfgTEGb.exe
  C:\Windows\System\qfgTEGb.exe
  2⤵
  PID:13256
- C:\Windows\System\fcMntnl.exe
  C:\Windows\System\fcMntnl.exe
  2⤵
  PID:13288
- C:\Windows\System\ffxxWkB.exe
  C:\Windows\System\ffxxWkB.exe
  2⤵
  PID:12196
- C:\Windows\System\HuuqSFJ.exe
  C:\Windows\System\HuuqSFJ.exe
  2⤵
  PID:12296
- C:\Windows\System\wjUthKj.exe
  C:\Windows\System\wjUthKj.exe
  2⤵
  PID:12420
- C:\Windows\System\JphCmEw.exe
  C:\Windows\System\JphCmEw.exe
  2⤵
  PID:12512
- C:\Windows\System\aTKSlTr.exe
  C:\Windows\System\aTKSlTr.exe
  2⤵
  PID:12672
- C:\Windows\System\KxSnSDn.exe
  C:\Windows\System\KxSnSDn.exe
  2⤵
  PID:12664
- C:\Windows\System\SSgaxjx.exe
  C:\Windows\System\SSgaxjx.exe
  2⤵
  PID:12824
- C:\Windows\System\iyhJanm.exe
  C:\Windows\System\iyhJanm.exe
  2⤵
  PID:12772
- C:\Windows\System\GCOnwTY.exe
  C:\Windows\System\GCOnwTY.exe
  2⤵
  PID:12868
- C:\Windows\System\GimWgfd.exe
  C:\Windows\System\GimWgfd.exe
  2⤵
  PID:12988
- C:\Windows\System\DJShWaR.exe
  C:\Windows\System\DJShWaR.exe
  2⤵
  PID:13028
- C:\Windows\System\FTUwPrx.exe
  C:\Windows\System\FTUwPrx.exe
  2⤵
  PID:13040
- C:\Windows\System\UOfcXus.exe
  C:\Windows\System\UOfcXus.exe
  2⤵
  PID:13152
- C:\Windows\System\agvVNLI.exe
  C:\Windows\System\agvVNLI.exe
  2⤵
  PID:13240
- C:\Windows\System\VBZqCyc.exe
  C:\Windows\System\VBZqCyc.exe
  2⤵
  PID:12356
- C:\Windows\System\SPJgkne.exe
  C:\Windows\System\SPJgkne.exe
  2⤵
  PID:12316
- C:\Windows\System\QsyRkNL.exe
  C:\Windows\System\QsyRkNL.exe
  2⤵
  PID:12324
- C:\Windows\System\waTsxbW.exe
  C:\Windows\System\waTsxbW.exe
  2⤵
  PID:12724
- C:\Windows\System\bxBkRjK.exe
  C:\Windows\System\bxBkRjK.exe
  2⤵
  PID:12652
- C:\Windows\System\gztWbdt.exe
  C:\Windows\System\gztWbdt.exe
  2⤵
  PID:12804
- C:\Windows\System\HGViGnA.exe
  C:\Windows\System\HGViGnA.exe
  2⤵
  PID:13096
- C:\Windows\System\ppjpCXP.exe
  C:\Windows\System\ppjpCXP.exe
  2⤵
  PID:13192
- C:\Windows\System\lZvLfuj.exe
  C:\Windows\System\lZvLfuj.exe
  2⤵
  PID:12412
- C:\Windows\System\zwArVmN.exe
  C:\Windows\System\zwArVmN.exe
  2⤵
  PID:12728
- C:\Windows\System\OMBPqsr.exe
  C:\Windows\System\OMBPqsr.exe
  2⤵
  PID:13236
- C:\Windows\System\jmESmGS.exe
  C:\Windows\System\jmESmGS.exe
  2⤵
  PID:12960
- C:\Windows\System\bjAmTnF.exe
  C:\Windows\System\bjAmTnF.exe
  2⤵
  PID:12452
- C:\Windows\System\pBFmZZq.exe
  C:\Windows\System\pBFmZZq.exe
  2⤵
  PID:13316
- C:\Windows\System\FLXElrG.exe
  C:\Windows\System\FLXElrG.exe
  2⤵
  PID:13352
- C:\Windows\System\ewkWvaC.exe
  C:\Windows\System\ewkWvaC.exe
  2⤵
  PID:13372
- C:\Windows\System\gmoIwdn.exe
  C:\Windows\System\gmoIwdn.exe
  2⤵
  PID:13388
- C:\Windows\System\VleaMQD.exe
  C:\Windows\System\VleaMQD.exe
  2⤵
  PID:13416
- C:\Windows\System\OjQfvup.exe
  C:\Windows\System\OjQfvup.exe
  2⤵
  PID:13432
- C:\Windows\System\WZkmlvT.exe
  C:\Windows\System\WZkmlvT.exe
  2⤵
  PID:13468
- C:\Windows\System\oTUQNte.exe
  C:\Windows\System\oTUQNte.exe
  2⤵
  PID:13496
- C:\Windows\System\sOgXfWR.exe
  C:\Windows\System\sOgXfWR.exe
  2⤵
  PID:13536
- C:\Windows\System\lDhmcIt.exe
  C:\Windows\System\lDhmcIt.exe
  2⤵
  PID:13580
- C:\Windows\System\xviirJv.exe
  C:\Windows\System\xviirJv.exe
  2⤵
  PID:13600
- C:\Windows\System\MYNuxFy.exe
  C:\Windows\System\MYNuxFy.exe
  2⤵
  PID:13632
- C:\Windows\System\gfdfyIl.exe
  C:\Windows\System\gfdfyIl.exe
  2⤵
  PID:13664
- C:\Windows\System\HrNriXl.exe
  C:\Windows\System\HrNriXl.exe
  2⤵
  PID:13680
- C:\Windows\System\FAoHJpS.exe
  C:\Windows\System\FAoHJpS.exe
  2⤵
  PID:13700
- C:\Windows\System\jlrJTDG.exe
  C:\Windows\System\jlrJTDG.exe
  2⤵
  PID:13728
- C:\Windows\System\EjxOMeH.exe
  C:\Windows\System\EjxOMeH.exe
  2⤵
  PID:13756
- C:\Windows\System\YHvhTdc.exe
  C:\Windows\System\YHvhTdc.exe
  2⤵
  PID:13784
- C:\Windows\System\AuuSZkG.exe
  C:\Windows\System\AuuSZkG.exe
  2⤵
  PID:13804
- C:\Windows\System\RmOKqZd.exe
  C:\Windows\System\RmOKqZd.exe
  2⤵
  PID:13840
- C:\Windows\System\aPNkroe.exe
  C:\Windows\System\aPNkroe.exe
  2⤵
  PID:13868
- C:\Windows\System\PxXPzta.exe
  C:\Windows\System\PxXPzta.exe
  2⤵
  PID:13896
- C:\Windows\System\FkIUZBP.exe
  C:\Windows\System\FkIUZBP.exe
  2⤵
  PID:13932
- C:\Windows\System\lekKVlL.exe
  C:\Windows\System\lekKVlL.exe
  2⤵
  PID:13956
- C:\Windows\System\XBDsOsA.exe
  C:\Windows\System\XBDsOsA.exe
  2⤵
  PID:13984
- C:\Windows\System\wNqHVJY.exe
  C:\Windows\System\wNqHVJY.exe
  2⤵
  PID:14004
- C:\Windows\System\RBwTWcY.exe
  C:\Windows\System\RBwTWcY.exe
  2⤵
  PID:14036
- C:\Windows\System\qZiafXO.exe
  C:\Windows\System\qZiafXO.exe
  2⤵
  PID:14068
- C:\Windows\System\kAAmKTL.exe
  C:\Windows\System\kAAmKTL.exe
  2⤵
  PID:14092
- C:\Windows\System\HUXSDNz.exe
  C:\Windows\System\HUXSDNz.exe
  2⤵
  PID:14116
- C:\Windows\System\cJEdHVO.exe
  C:\Windows\System\cJEdHVO.exe
  2⤵
  PID:14132
- C:\Windows\System\UzjToBl.exe
  C:\Windows\System\UzjToBl.exe
  2⤵
  PID:14156
- C:\Windows\System\YLsLgjK.exe
  C:\Windows\System\YLsLgjK.exe
  2⤵
  PID:14188
- C:\Windows\System\NnLrPjU.exe
  C:\Windows\System\NnLrPjU.exe
  2⤵
  PID:14216
- C:\Windows\System\AJCGFvz.exe
  C:\Windows\System\AJCGFvz.exe
  2⤵
  PID:14248
- C:\Windows\System\BcUWzQQ.exe
  C:\Windows\System\BcUWzQQ.exe
  2⤵
  PID:14276
- C:\Windows\System\dfHfOUM.exe
  C:\Windows\System\dfHfOUM.exe
  2⤵
  PID:14304
- C:\Windows\System\mimjesE.exe
  C:\Windows\System\mimjesE.exe
  2⤵
  PID:14332
- C:\Windows\System\OGInacx.exe
  C:\Windows\System\OGInacx.exe
  2⤵
  PID:13380
- C:\Windows\System\LKAWhhR.exe
  C:\Windows\System\LKAWhhR.exe
  2⤵
  PID:13404
- C:\Windows\System\GzIAjnr.exe
  C:\Windows\System\GzIAjnr.exe
  2⤵
  PID:13444
- C:\Windows\System\lSVWTPk.exe
  C:\Windows\System\lSVWTPk.exe
  2⤵
  PID:13552
- C:\Windows\System\fulwRrR.exe
  C:\Windows\System\fulwRrR.exe
  2⤵
  PID:13588
- C:\Windows\System\bOYOWxy.exe
  C:\Windows\System\bOYOWxy.exe
  2⤵
  PID:1588
- C:\Windows\System\rcEdABT.exe
  C:\Windows\System\rcEdABT.exe
  2⤵
  PID:684
- C:\Windows\System\BfXVWJt.exe
  C:\Windows\System\BfXVWJt.exe
  2⤵
  PID:13724
- C:\Windows\System\CspJsyi.exe
  C:\Windows\System\CspJsyi.exe
  2⤵
  PID:13736
- C:\Windows\System\NcvvvMj.exe
  C:\Windows\System\NcvvvMj.exe
  2⤵
  PID:13828
- C:\Windows\System\FpYEzLh.exe
  C:\Windows\System\FpYEzLh.exe
  2⤵
  PID:13924
- C:\Windows\System\YEVHFvc.exe
  C:\Windows\System\YEVHFvc.exe
  2⤵
  PID:13952
- C:\Windows\System\HDozaLs.exe
  C:\Windows\System\HDozaLs.exe
  2⤵
  PID:14020
- C:\Windows\System\ShdVvlY.exe
  C:\Windows\System\ShdVvlY.exe
  2⤵
  PID:14076
- C:\Windows\System\FSWJWbo.exe
  C:\Windows\System\FSWJWbo.exe
  2⤵
  PID:14200
- C:\Windows\System\RCxCSza.exe
  C:\Windows\System\RCxCSza.exe
  2⤵
  PID:14288
- C:\Windows\System\tUZDADe.exe
  C:\Windows\System\tUZDADe.exe
  2⤵
  PID:14328
- C:\Windows\System\AoRWETv.exe
  C:\Windows\System\AoRWETv.exe
  2⤵
  PID:13428
- C:\Windows\System\ScPQzQO.exe
  C:\Windows\System\ScPQzQO.exe
  2⤵
  PID:13488
- C:\Windows\System\EtHCfzk.exe
  C:\Windows\System\EtHCfzk.exe
  2⤵
  PID:13596
- C:\Windows\System\wpRJCoY.exe
  C:\Windows\System\wpRJCoY.exe
  2⤵
  PID:13816
- C:\Windows\System\TjJWtkS.exe
  C:\Windows\System\TjJWtkS.exe
  2⤵
  PID:13712
- C:\Windows\System\kJhLzGr.exe
  C:\Windows\System\kJhLzGr.exe
  2⤵
  PID:13916
- C:\Windows\System\TIWxfRc.exe
  C:\Windows\System\TIWxfRc.exe
  2⤵
  PID:14128
- C:\Windows\System\GjPohKb.exe
  C:\Windows\System\GjPohKb.exe
  2⤵
  PID:14056
- C:\Windows\System\eLUMGMG.exe
  C:\Windows\System\eLUMGMG.exe
  2⤵
  PID:14296
- C:\Windows\System\qRPZLpE.exe
  C:\Windows\System\qRPZLpE.exe
  2⤵
  PID:13980
- C:\Windows\System\DuUVdoK.exe
  C:\Windows\System\DuUVdoK.exe
  2⤵
  PID:13884
- C:\Windows\System\mvFTEMB.exe
  C:\Windows\System\mvFTEMB.exe
  2⤵
  PID:13948
- C:\Windows\System\QrMoSAR.exe
  C:\Windows\System\QrMoSAR.exe
  2⤵
  PID:14360
- C:\Windows\System\DKfOetV.exe
  C:\Windows\System\DKfOetV.exe
  2⤵
  PID:14388
- C:\Windows\System\OXpeCGm.exe
  C:\Windows\System\OXpeCGm.exe
  2⤵
  PID:14412
- C:\Windows\System\XKzQRxB.exe
  C:\Windows\System\XKzQRxB.exe
  2⤵
  PID:14432
- C:\Windows\System\eDcmBiN.exe
  C:\Windows\System\eDcmBiN.exe
  2⤵
  PID:14468
- C:\Windows\System\SovyHKB.exe
  C:\Windows\System\SovyHKB.exe
  2⤵
  PID:14496
- C:\Windows\System\RhjCQdm.exe
  C:\Windows\System\RhjCQdm.exe
  2⤵
  PID:14540
- C:\Windows\System\DjGfQOi.exe
  C:\Windows\System\DjGfQOi.exe
  2⤵
  PID:14560
- C:\Windows\System\lWPWaSV.exe
  C:\Windows\System\lWPWaSV.exe
  2⤵
  PID:14592
- C:\Windows\System\nLtCkGP.exe
  C:\Windows\System\nLtCkGP.exe
  2⤵
  PID:14996
- C:\Windows\System\SoEPMFu.exe
  C:\Windows\System\SoEPMFu.exe
  2⤵
  PID:15020
- C:\Windows\System\HSKEpbe.exe
  C:\Windows\System\HSKEpbe.exe
  2⤵
  PID:15036
- C:\Windows\System\xseVEXY.exe
  C:\Windows\System\xseVEXY.exe
  2⤵
  PID:15072
- C:\Windows\System\bJJLvAI.exe
  C:\Windows\System\bJJLvAI.exe
  2⤵
  PID:15100
- C:\Windows\System\wUIuaph.exe
  C:\Windows\System\wUIuaph.exe
  2⤵
  PID:15116
- C:\Windows\System\EfuYgXb.exe
  C:\Windows\System\EfuYgXb.exe
  2⤵
  PID:15172
- C:\Windows\System\yLsiXjr.exe
  C:\Windows\System\yLsiXjr.exe
  2⤵
  PID:13516
- C:\Windows\System\TgtFRUY.exe
  C:\Windows\System\TgtFRUY.exe
  2⤵
  PID:13812
- C:\Windows\System\snXVvAS.exe
  C:\Windows\System\snXVvAS.exe
  2⤵
  PID:14828
- C:\Windows\System\ggvENRm.exe
  C:\Windows\System\ggvENRm.exe
  2⤵
  PID:14844
- C:\Windows\System\WsVquof.exe
  C:\Windows\System\WsVquof.exe
  2⤵
  PID:14872
- C:\Windows\System\oBdHzPx.exe
  C:\Windows\System\oBdHzPx.exe
  2⤵
  PID:14892
- C:\Windows\System\HrUIkcW.exe
  C:\Windows\System\HrUIkcW.exe
  2⤵
  PID:15060
- C:\Windows\System\epoPfhA.exe
  C:\Windows\System\epoPfhA.exe
  2⤵
  PID:15068
- C:\Windows\System\jnCpZZw.exe
  C:\Windows\System\jnCpZZw.exe
  2⤵
  PID:15236

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15048

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:15352

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:14760

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:14476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BBjnjaN.exe

Filesize
2.2MB

MD5
c82ec718b0ea240854dc95f555bf2745

SHA1
e524c1de3be9817b786e9cc40a7d1f7e41e042f3

SHA256
13f112aa0d3e88d2850f26f51eea05b4de17d50e4927e2b720f219b464d11df4

SHA512
f4d556961908456c05d30932b9b94b5bb56cbca96da19e7b21ace34300d22382b0d06a1d4c3bdeeefdcc2bde4cf64f4d879b87e3d13d398bfd1e88be9e315363

Download Submit
C:\Windows\System\BwUTWIa.exe

Filesize
2.2MB

MD5
a25779a63647fff867404c728825c76f

SHA1
9bbbec8b1ee3aa29355297b6b1c25db5597fec3f

SHA256
c1b7515494df93779a4b180fbbb4425c4e69f224a134292ce504b58c13d51d20

SHA512
5c5f4561917b0c50084a3ffab6a1126ae70589aa96e21a47c6822eeae82488448809fbc1158b61df1bffceb7e05e20822062caaf3533a348e71cbc927f62368a

Download Submit
C:\Windows\System\CDczDRI.exe

Filesize
2.2MB

MD5
bf940176711fac9b2d949a4ef98c50dc

SHA1
1fb31ab026e90acbf41139f9fe9249e9893222ae

SHA256
026c60b343384b762f0a965bb48d164ad22c5b4fb2ba9bf4c170d7c4192701ec

SHA512
a5ec0de73c98ee8f948613052d81ff7369e9b011f67722dc35ec2524a4fb77102a5f220a35ac9bfb63155c88f8f6547871fb607389eb76311aaae50d8a179afe

Download Submit
C:\Windows\System\EVQOLOi.exe

Filesize
2.2MB

MD5
82c5730cade2c84e7208b37502282cef

SHA1
6d7f860fd1b408bcc7318a080f14b2716aa37251

SHA256
d9b0d59dd50761acac5604d4381ece64714c5622ba7d990863416c982f42a166

SHA512
3bcff679503a439f03fd42453ffacb4795ac9777b22ede2e28472d7f3c239e82481024264e52b2a59a159ca8f3654a0d7e9195c7d157589a751a06c0f8b9ea6c

Download Submit
C:\Windows\System\EfhxyTk.exe

Filesize
2.2MB

MD5
439986ed2b58c28420b1b09edf600d28

SHA1
667ef6ff8ac1379d3048fc8aa369d2ec768f0221

SHA256
05a12cff98744ae6f2340a71980d2dc1a368f3595cfb6e8d027c61a16d835608

SHA512
bad9889f0001257c032bf4fbc1f3a1cb52597099a9576ed5b21c48891b00e347b6a39fd534738a3df055f36e40789766ab152e497c9aef63c5605d81a3569c85

Download Submit
C:\Windows\System\JLNdvYX.exe

Filesize
2.2MB

MD5
871b36459935584543eb55b18739070c

SHA1
a1446b0d75caa611dea79eb3eaf08a2fcf8624ee

SHA256
058fab4ec4893b8feaaddb0687031ccd9745fff01f56954d639221d27ee6c102

SHA512
373f6411886da894ed2eeff26894cd09359c89d3970bda851df7a95a627f12c376e318b4cd7e529128411215ff981bbd9a9266e93279107e3703c66e55521924

Download Submit
C:\Windows\System\JbcyiFG.exe

Filesize
2.2MB

MD5
279f974e57f488b5f6dd7fe29a064083

SHA1
fd582149491bf03ac601af6eaf1b74c772bd67b2

SHA256
2899ac7ac4a81296f782153ee4b21c106ff975513217b616a0c00848a9057cf8

SHA512
cf21b3d3ff8f568017d8557815b475009e5c725dbe7aadb711d81527d9a409070108637e4282da696225068121834b2b20c984747f062363806106e673474e88

Download Submit
C:\Windows\System\JdIOLqS.exe

Filesize
2.2MB

MD5
4f4d5564b91073d282b6628b1e692f25

SHA1
07f69c6097393901ae1b7a700ecd79de4e177166

SHA256
5e44555e2611abd7b754c10f6304e62907df12bf8fa40420d5768702b2cac3a3

SHA512
c834ebe0f50431fdab191d27bdb4d32d79e08dc94ac3ac1a487061a3c4da570c676a8a6bd89c5075a8ffee67142b000f3ae3abdad521a5a0d003f137150a4b39

Download Submit
C:\Windows\System\RHZbfiC.exe

Filesize
2.2MB

MD5
50e6f9d352dc4daa73b5cb04e47dee50

SHA1
eb78ca51677c07340e0fa8f7cf645654088dd090

SHA256
1e547ececa2fb489bae5f21aa838723f74cbce58122f08b6aa6b4dbae95021a5

SHA512
ced0554aa8c62fd56031881641463675ee5309790f80968cc2cfe22e6fc83d8bcb80bc62d69d5d3bd11ccce37f8a264af7596596f6c9bee707c62feab5d386e3

Download Submit
C:\Windows\System\Rfuwjgj.exe

Filesize
2.2MB

MD5
0ce91f944eb9e7315fba960c4cab8d2b

SHA1
9825451901d6b667715d6e63cbbcc57813d044d9

SHA256
bb7f401fe20859143e559c29b87c29276da6b92ddb80480772c2ee483f323e34

SHA512
9b1ffbedaf28e71607a671701fffd98a6427512a2bc44cc6875afc66dcbd9ae266bf82aead283b78e34ed8c6906aebacc2d9b3b4c080f95244a04fe7c528f913

Download Submit
C:\Windows\System\UIyHvIB.exe

Filesize
2.2MB

MD5
dc4944869d2d06c7d666c31d002f5d31

SHA1
8456b3190a42180e38b39f4a184ed942ac733d05

SHA256
44c7114034512358f2bc901625ed1c353d233db93a288e6ce1ddf3bcf870a721

SHA512
3d5470cc1a40c7f8cdecb881b895dc00436c384bcd991a34cd5b48aea8e037ddc7dbd06e627513a6b9e7b0f4fb5e8c2efcf3c43f4b2048be71d6dc05e73305f1

Download Submit
C:\Windows\System\UaAIExN.exe

Filesize
2.2MB

MD5
b931ec6692bfe912be5a21f0700f94f9

SHA1
4cd45242caed08367b532bc5b17bed776f484aa5

SHA256
615d59d697ead84701474733e3d3fe7bbde89e985c069f6b8ed3fa4fd50796e8

SHA512
26527f98954aeca0b92483efec410694209da1ce02cba88849a41ee2856f735aedd8e464597f498c5d0c6699b6830980a1820935903a62b97cee65fe626a7c24

Download Submit
C:\Windows\System\UtQlkWq.exe

Filesize
2.2MB

MD5
79059abc89e958a936dbba07243246a9

SHA1
d03a6c13cbe9452342758f71901daae633d24854

SHA256
a201b0252262434c2d6776f24b315800aad4e6fed71b57039625c5b95746aa15

SHA512
ae4e50730c69dc56fc2ae5090626f8fd6f1b7eb49049f234cccc35ba8343897507cc92705d49ff9b158a7ccc4e1b1bbfa0a1d02565166d6d6ef2c2e24f5c6f98

Download Submit
C:\Windows\System\UwwUuZl.exe

Filesize
2.2MB

MD5
c7dac51f90039292ae63d95aa572863c

SHA1
c609668338f06a971ec78ddb6df21ac171bf4496

SHA256
24ffe0f7717fdbf8bff76e714c3d6ec3165ab87604800f0e49802d7b95de019c

SHA512
d39b81077e424b9f4ae0859cbc7c8d2f3a28bcf312abaffb18ef614b7a0a3a3c64b31e5bebd36450e9c9457b9cd1eb23ee73ad26f1788d87dfb850454c2b5c27

Download Submit
C:\Windows\System\VHERrPP.exe

Filesize
2.2MB

MD5
a86b018f19cc0f4b57277364e97c010d

SHA1
f64951565777abba3f89aefd9f46cefd08422c6b

SHA256
7deef6f2d6e6ab41a6a3dcc25b9a9d0f231e982f7bd6da0532bc7e085907aa3e

SHA512
663d4d7f5ea1e9f2cd461adef6545107cfd0fc45333e9be478171838d078dfcd3ca064bc966304b1d3bf266864fbab6bcb53409b5bba2e9d56ab5dbc72be1e32

Download Submit
C:\Windows\System\YlfMxrD.exe

Filesize
2.2MB

MD5
9baecc672d978d6f61eca9c29b72d5b9

SHA1
cec7a67499153d3790077ba9112de1a1f435bc8f

SHA256
9ceaeb3040408e6deace8af1b23544d56f9540ac079625e8977000dce173b92f

SHA512
e262f484875de18b2fd2ff5046d512f2624dacfc0a54e2a04161753305c0f3d29b550f8758e8ff7fd7be9a0c138ba9275d5fd22f713fa126ccc1af6dd9bea419

Download Submit
C:\Windows\System\bVBInWK.exe

Filesize
2.2MB

MD5
35fd651d7be38fe3cde79424450816b7

SHA1
dd2f98aedd9f65ebb9acfb999abef9ec05cff17d

SHA256
ae621a06e2a364892995ea57b619c0194c7e944a5a9f840f87196b0f3f20546b

SHA512
6b9a0ab334ed0212eba07615e7da1fdff958ce1d379f902cbaeef1277bc4d295ba1016e7aa85fa3803012fc814c649070d58f3714d08708cc09473d538de00c8

Download Submit
C:\Windows\System\clLgnNi.exe

Filesize
2.2MB

MD5
12e84278fa68fb4d791b4479fb1e6af9

SHA1
8e7bc3eb9b245c56e8e58b9485e4d72e9d7b3bc8

SHA256
446db92b5e43b86d746adc6f4e62c151163aa0c3baab083ab10efbf5b1ab44f8

SHA512
84382203a671c9c241df10afc112a58454690cf148c6dadb886a6a236eafce95575f16fe796025f1432532cb49c60be038e5ea6b8915f70ea22c7e5b064fdf4a

Download Submit
C:\Windows\System\ecDdwrE.exe

Filesize
2.2MB

MD5
e5e065c0712429635d3739d2d7f16df2

SHA1
ebbff1ec49742f3b2da87e66f64bf0ed253b7873

SHA256
d619f017e1614a80b92e94afdc870d18b1cf7408e4a7d730df5d8a988d84eea3

SHA512
31344ebf057b913f136488717c443a9e45d39759cf3037b5cd7a0ee94456790c26c1e129260b033a4cabc57d92d47adc1ee2341ce444b71286d805d93540d022

Download Submit
C:\Windows\System\fvbNPYx.exe

Filesize
2.2MB

MD5
0f8e613fe19d8b4005ccdf50a0e2dfc3

SHA1
3a3cc67b8488de24911785671140d4acb40393ff

SHA256
a60a8b70b15cfedb860cc6c0f80890df78ca44d120113bc173a117d0d6331876

SHA512
5cde910bde60435d0e612dd2a7c78e0d64ec5bf145fab19cc6a648f578c702dc5e706c4ae9c5e7643617c760e0a420215127bb32b7cf8708b982cb7b7451ef58

Download Submit
C:\Windows\System\gXmmJak.exe

Filesize
2.2MB

MD5
320a79a8d23b92d33edda8b49daf996c

SHA1
c3468de4626ed5a9b6efc85122a1cea55ca77312

SHA256
33215c35022cea7ca7c22ec04b06c083ecded462c4acf8b408bb484bf2fcff1b

SHA512
34a02b49ba7c691356e573c41ad65f9a2ee643e9488a088cba52661ccb4248c6d5f1b574729c07f9da8b42d1b914b1733cf4362c94ad07d244eaac629964a542

Download Submit
C:\Windows\System\jirgaZA.exe

Filesize
2.2MB

MD5
dec39247091a5fa09da5fbc5c205bc30

SHA1
78b18d1875934889bd43cf59cff1677527dfc95e

SHA256
0f7918267215a34a7fb2fe3249cb1c11aba2c047a65463faba1568451239d1be

SHA512
cd85337690395da642aab460f05bdef5a39be3a6eddf69d191b05925be9f66fcf8bb4bd98144d9c6d331ef2e54f3b63d6bed3f1f4af036c7245e6f6f29e48ef8

Download Submit
C:\Windows\System\kXwRJon.exe

Filesize
2.2MB

MD5
d2c558ca58eafb13d1337b452f4c47c4

SHA1
e9b02477675121ec9605af728ff4e61bb1bc5e85

SHA256
b52484cc0c69e5c4e00d47585ef941aaca11dab9d2e19620d2344fdae0f9bdd8

SHA512
86deab87431f103fdd4805055e5af5048eb43f17201ca19d3f2d6f048e875921a9e1e73865c7c6ccb15f0d1495eeefebb285f964d177ba1fd1f5fd186e3f13e5

Download Submit
C:\Windows\System\kYmHQZx.exe

Filesize
2.2MB

MD5
9dddc40e903ff4cda900f4b7f36767f1

SHA1
c51aff6133a9dcd9b17b1c75f2287c24ebfddf4c

SHA256
2743ea4f40b273b650c04200ef34ac3b031074c3f1f36732922c32d1540f7560

SHA512
1cc1fd8f454cc3eb7b8a42e7aacc34bf33dd9cf13490a1df70308f3053473a8f1cd5fad9b850cdc73e4269a39fe9a94eaf715b774e38a09b5fd7e336e03df5dd

Download Submit
C:\Windows\System\lSMYArA.exe

Filesize
2.2MB

MD5
1e8ce5c0deb29cd37e6db3ab9b93a3d8

SHA1
110ae45a4d71821cda8a008caab9ac4c25ab6b38

SHA256
dc62e23b3142be50a9f5eaf5fcc755556204a17d23e97fc750f9a69ae91e626d

SHA512
71189e1bdf55de28bcea7d0f1bbc2e2bdbddf1ecb5e2294cca33d3f0a50558b48ef59c30488f8d6f3e7671b361de4097d6b89212b41f3e23b131c5d679195c4a

Download Submit
C:\Windows\System\mFFwlyK.exe

Filesize
2.2MB

MD5
324687fa8aa611283cd6825722bf8077

SHA1
68a407c0e6989f77d0c7018beecf1dfcb47fb157

SHA256
88483e838c59609e947842a7cdb4453d797b8549a68f487c34a6e20fad61bc68

SHA512
69de816976865c2dcb31e8ef3b14fdcca9593f8c9ca06e2d46f53a85855249672c9856e6ee450daf0c7fe765b5dd78789d9341c923672c84b5ad686178850800

Download Submit
C:\Windows\System\mLMzZEw.exe

Filesize
2.2MB

MD5
cd3ff9b96e84c76efac45672bc9c65fb

SHA1
69f6201e8071c3ac6c2888b834e8aa3524acf042

SHA256
1343c310929d8fe660b995c2fc3f135d43b04271ed13899858bce3b9cfce8aed

SHA512
9c7afdd9830e91f9baa52939d61c992fa1cb11899acd79ffa8ce8dde6126639fc6de95f81f8a53cfb75d9f16658ffc9c086966b011d7a6fb16ae036f25fb9505

Download Submit
C:\Windows\System\qJxtHSA.exe

Filesize
2.2MB

MD5
14eb36f6148d0ae052a4951a25d5e626

SHA1
f20f3b45c67056b348a8fed116c2b3474f5d05af

SHA256
17274c251e489b84897f1c3e7ee21c6aaf97a5b8cc7a848f0b7372dc5b1c36bf

SHA512
3334e95d92ea22c61d4ced20f491cf207e4054a6e84fd801ef391da2f448ecda32b51b39ca06dfcbc4366f95eecf61cd6e6a15e60c392138ce52de41c9c73e9a

Download Submit
C:\Windows\System\srcysNz.exe

Filesize
2.2MB

MD5
048c64bfb037007939224aa4581caab3

SHA1
f887c4d546a7de498fe1ea7e6a7c1868add23f31

SHA256
5b39afc5f37ad79f577cfaf135a339c2be47b4a46b6a790b141f4c2fd849dffe

SHA512
540e79513910cde968978155038f82030df7a45a5df96f705e71fe36d0ecf877854a8c064b5223e09491d383b6c5b40f69c5148ea178263cb7075b029710cdbb

Download Submit
C:\Windows\System\sxFYUEt.exe

Filesize
2.2MB

MD5
858fdaef774a008ed7f1c66c3cdbfad9

SHA1
77204b0debeffacdf2df4e1496ae62df22380752

SHA256
2b0b64b477312492220006fefc5f2c6db948c53bb99c443101d23758b18a92e4

SHA512
76febdad9d400c5c3b5c5a6ef1d082b153f2e8e6ab358338f102b9fd31d9f4efc55a6322e8919fcdd6ced14869d8c67744c0547b10a3d1235c2da50368b6a759

Download Submit
C:\Windows\System\xVvIZpB.exe

Filesize
2.2MB

MD5
2ba2442f6343cb72caf808c2981d868c

SHA1
50f27208e80e0bcc98da09becf5d6b5dc04d0a1d

SHA256
034d4abb2b1fbf5d6bb420ad3e6a5ee27ab850dc351f13696d3ce152a61975de

SHA512
70acd505859a8636c7f20e761aba969cc2cbb58a6417cbc4562153bf669a5945c66f74b8f1433449c8de9f64bb9ffcd899fa2cb37ac2ab857de78791ec89ce27

Download Submit
C:\Windows\System\yICmPcs.exe

Filesize
2.2MB

MD5
b01cac1500a3d5a00e5d3a2030e57fd0

SHA1
2da42c9c23d1221422a3b56cf3b19e076c0e0ca8

SHA256
566942afab3c9c86d00edf2f9ce7e1a5c8cd6e23edaa4071cfdc53eb0492b496

SHA512
4565ba3363c0e1c5084f3fea08bbc9d5c713e0694a85fc2d0fba9adb385ebed1146df79885176104c76cbfb11f735e22b12b7601a1042e051687ba0c125dacff

Download Submit
C:\Windows\System\ydyXhxP.exe

Filesize
2.2MB

MD5
323a9bf7ddfb0f698fa7d347e504af52

SHA1
a1b3a2703a7500ecd65aeb197aa58f8b67420649

SHA256
6942df487785ba82a7d92b2dc593aaae561d8892c4a2fd393e27917cc3755e49

SHA512
72454a492a29061d2e728076d93124b69af0daed688c1c835abc8c898256cc622cffe673e4d7fac0ea40121f624f6a8b79965808a07abd897017fff12ca0cdc3

Download Submit
memory/804-124-0x00007FF6BF8E0000-0x00007FF6BFC34000-memory.dmp

Filesize
3.3MB

Download
memory/804-2414-0x00007FF6BF8E0000-0x00007FF6BFC34000-memory.dmp

Filesize
3.3MB

Download
memory/884-2394-0x00007FF6D2830000-0x00007FF6D2B84000-memory.dmp

Filesize
3.3MB

Download
memory/884-170-0x00007FF6D2830000-0x00007FF6D2B84000-memory.dmp

Filesize
3.3MB

Download
memory/884-2421-0x00007FF6D2830000-0x00007FF6D2B84000-memory.dmp

Filesize
3.3MB

Download
memory/1208-101-0x00007FF6A2A80000-0x00007FF6A2DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1208-2407-0x00007FF6A2A80000-0x00007FF6A2DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-1088-0x00007FF6EB310000-0x00007FF6EB664000-memory.dmp

Filesize
3.3MB

Download
memory/1404-47-0x00007FF6EB310000-0x00007FF6EB664000-memory.dmp

Filesize
3.3MB

Download
memory/1404-2404-0x00007FF6EB310000-0x00007FF6EB664000-memory.dmp

Filesize
3.3MB

Download
memory/1472-123-0x00007FF640DC0000-0x00007FF641114000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2415-0x00007FF640DC0000-0x00007FF641114000-memory.dmp

Filesize
3.3MB

Download
memory/1480-178-0x00007FF687A30000-0x00007FF687D84000-memory.dmp

Filesize
3.3MB

Download
memory/1480-2424-0x00007FF687A30000-0x00007FF687D84000-memory.dmp

Filesize
3.3MB

Download
memory/1480-2395-0x00007FF687A30000-0x00007FF687D84000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2396-0x00007FF6A9F50000-0x00007FF6AA2A4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2425-0x00007FF6A9F50000-0x00007FF6AA2A4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-181-0x00007FF6A9F50000-0x00007FF6AA2A4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-122-0x00007FF78A710000-0x00007FF78AA64000-memory.dmp

Filesize
3.3MB

Download
memory/1876-2411-0x00007FF78A710000-0x00007FF78AA64000-memory.dmp

Filesize
3.3MB

Download
memory/1936-202-0x00007FF6B2030000-0x00007FF6B2384000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2423-0x00007FF6B2030000-0x00007FF6B2384000-memory.dmp

Filesize
3.3MB

Download
memory/1940-6-0x00007FF772DF0000-0x00007FF773144000-memory.dmp

Filesize
3.3MB

Download
memory/1940-190-0x00007FF772DF0000-0x00007FF773144000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2397-0x00007FF772DF0000-0x00007FF773144000-memory.dmp

Filesize
3.3MB

Download
memory/1960-128-0x00007FF7F3350000-0x00007FF7F36A4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2416-0x00007FF7F3350000-0x00007FF7F36A4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2402-0x00007FF6EF3F0000-0x00007FF6EF744000-memory.dmp

Filesize
3.3MB

Download
memory/1964-26-0x00007FF6EF3F0000-0x00007FF6EF744000-memory.dmp

Filesize
3.3MB

Download
memory/1964-543-0x00007FF6EF3F0000-0x00007FF6EF744000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2417-0x00007FF65DC00000-0x00007FF65DF54000-memory.dmp

Filesize
3.3MB

Download
memory/2344-125-0x00007FF65DC00000-0x00007FF65DF54000-memory.dmp

Filesize
3.3MB

Download
memory/2352-126-0x00007FF7F6900000-0x00007FF7F6C54000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2403-0x00007FF7F6900000-0x00007FF7F6C54000-memory.dmp

Filesize
3.3MB

Download
memory/2420-127-0x00007FF62EB20000-0x00007FF62EE74000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2410-0x00007FF62EB20000-0x00007FF62EE74000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2420-0x00007FF6B61B0000-0x00007FF6B6504000-memory.dmp

Filesize
3.3MB

Download
memory/2744-149-0x00007FF6B61B0000-0x00007FF6B6504000-memory.dmp

Filesize
3.3MB

Download
memory/2916-134-0x00007FF792160000-0x00007FF7924B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2418-0x00007FF792160000-0x00007FF7924B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2392-0x00007FF792160000-0x00007FF7924B4000-memory.dmp

Filesize
3.3MB

Download
memory/3132-95-0x00007FF6F07C0000-0x00007FF6F0B14000-memory.dmp

Filesize
3.3MB

Download
memory/3132-2409-0x00007FF6F07C0000-0x00007FF6F0B14000-memory.dmp

Filesize
3.3MB

Download
memory/3208-193-0x00007FF748BF0000-0x00007FF748F44000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2398-0x00007FF748BF0000-0x00007FF748F44000-memory.dmp

Filesize
3.3MB

Download
memory/3208-23-0x00007FF748BF0000-0x00007FF748F44000-memory.dmp

Filesize
3.3MB

Download
memory/3352-147-0x00007FF639EE0000-0x00007FF63A234000-memory.dmp

Filesize
3.3MB

Download
memory/3352-2419-0x00007FF639EE0000-0x00007FF63A234000-memory.dmp

Filesize
3.3MB

Download
memory/3748-2401-0x00007FF610A70000-0x00007FF610DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3748-31-0x00007FF610A70000-0x00007FF610DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3748-545-0x00007FF610A70000-0x00007FF610DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-0-0x00007FF6CD4D0000-0x00007FF6CD824000-memory.dmp

Filesize
3.3MB

Download
memory/3904-1-0x000001A0502D0000-0x000001A0502E0000-memory.dmp

Filesize
64KB

Download
memory/3904-152-0x00007FF6CD4D0000-0x00007FF6CD824000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2422-0x00007FF744380000-0x00007FF7446D4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-158-0x00007FF744380000-0x00007FF7446D4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2393-0x00007FF744380000-0x00007FF7446D4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-120-0x00007FF69E7B0000-0x00007FF69EB04000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2413-0x00007FF69E7B0000-0x00007FF69EB04000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2405-0x00007FF7032E0000-0x00007FF703634000-memory.dmp

Filesize
3.3MB

Download
memory/3964-100-0x00007FF7032E0000-0x00007FF703634000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2399-0x00007FF76F3F0000-0x00007FF76F744000-memory.dmp

Filesize
3.3MB

Download
memory/4104-32-0x00007FF76F3F0000-0x00007FF76F744000-memory.dmp

Filesize
3.3MB

Download
memory/4104-1086-0x00007FF76F3F0000-0x00007FF76F744000-memory.dmp

Filesize
3.3MB

Download
memory/4224-2412-0x00007FF62C030000-0x00007FF62C384000-memory.dmp

Filesize
3.3MB

Download
memory/4224-121-0x00007FF62C030000-0x00007FF62C384000-memory.dmp

Filesize
3.3MB

Download
memory/4312-2400-0x00007FF631DC0000-0x00007FF632114000-memory.dmp

Filesize
3.3MB

Download
memory/4312-77-0x00007FF631DC0000-0x00007FF632114000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2406-0x00007FF6FAAE0000-0x00007FF6FAE34000-memory.dmp

Filesize
3.3MB

Download
memory/4944-119-0x00007FF6FAAE0000-0x00007FF6FAE34000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2408-0x00007FF66CF50000-0x00007FF66D2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-114-0x00007FF66CF50000-0x00007FF66D2A4000-memory.dmp

Filesize
3.3MB

Download