kpot | f051394ca0b72749c7650514afd8d1a0cade15395e3edd0c608d23068f0885fa

Analysis

max time kernel
114s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
Size

2.2MB
MD5

d366a9d5a5c948c08621386a8e2921e0
SHA1

54a9a55a2b66aeb7d1cc28b466fdacf7bb680337
SHA256

f051394ca0b72749c7650514afd8d1a0cade15395e3edd0c608d23068f0885fa
SHA512

62dfb799b2b974a3e6a09b085edf505c667741a798ebd14d295f9bc90682b9b964fb2f713128f7b02235c3649eb080feaed413de02405b026e257457692d555f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6twjVD7:BemTLkNdfE0pZrws

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0008000000022f51-5.dat	family_kpot
behavioral2/files/0x00070000000233ee-21.dat	family_kpot
behavioral2/files/0x00080000000233ec-33.dat	family_kpot
behavioral2/files/0x00070000000233ed-41.dat	family_kpot
behavioral2/files/0x00070000000233fa-76.dat	family_kpot
behavioral2/files/0x00070000000233f8-93.dat	family_kpot
behavioral2/files/0x0007000000023401-123.dat	family_kpot
behavioral2/files/0x0007000000023407-159.dat	family_kpot
behavioral2/files/0x0007000000023406-157.dat	family_kpot
behavioral2/files/0x0007000000023405-154.dat	family_kpot
behavioral2/files/0x0007000000023404-152.dat	family_kpot
behavioral2/files/0x00070000000233fd-150.dat	family_kpot
behavioral2/files/0x0007000000023403-148.dat	family_kpot
behavioral2/files/0x0007000000023400-144.dat	family_kpot
behavioral2/files/0x00070000000233ff-142.dat	family_kpot
behavioral2/files/0x00070000000233fe-140.dat	family_kpot
behavioral2/files/0x0007000000023402-136.dat	family_kpot
behavioral2/files/0x00070000000233fc-134.dat	family_kpot
behavioral2/files/0x00070000000233f9-119.dat	family_kpot
behavioral2/files/0x00070000000233f3-114.dat	family_kpot
behavioral2/files/0x00070000000233fb-103.dat	family_kpot
behavioral2/files/0x00070000000233f4-90.dat	family_kpot
behavioral2/files/0x00070000000233f7-81.dat	family_kpot
behavioral2/files/0x00070000000233f1-86.dat	family_kpot
behavioral2/files/0x00070000000233f2-70.dat	family_kpot
behavioral2/files/0x00070000000233f6-64.dat	family_kpot
behavioral2/files/0x00070000000233f5-56.dat	family_kpot
behavioral2/files/0x00070000000233f0-49.dat	family_kpot
behavioral2/files/0x00070000000233ef-45.dat	family_kpot
behavioral2/files/0x0007000000023408-179.dat	family_kpot
behavioral2/files/0x00080000000233ea-182.dat	family_kpot
behavioral2/files/0x0007000000023409-188.dat	family_kpot
behavioral2/files/0x000700000002340a-194.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2208-0-0x00007FF6CB120000-0x00007FF6CB474000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig
behavioral2/files/0x00070000000233ee-21.dat	xmrig
behavioral2/files/0x00080000000233ec-33.dat	xmrig
behavioral2/files/0x00070000000233ed-41.dat	xmrig
behavioral2/files/0x00070000000233fa-76.dat	xmrig
behavioral2/files/0x00070000000233f8-93.dat	xmrig
behavioral2/files/0x0007000000023401-123.dat	xmrig
behavioral2/memory/928-139-0x00007FF6F2310000-0x00007FF6F2664000-memory.dmp	xmrig
behavioral2/memory/1488-161-0x00007FF6B5E90000-0x00007FF6B61E4000-memory.dmp	xmrig
behavioral2/memory/2348-166-0x00007FF6F8C50000-0x00007FF6F8FA4000-memory.dmp	xmrig
behavioral2/memory/4356-171-0x00007FF7FB6E0000-0x00007FF7FBA34000-memory.dmp	xmrig
behavioral2/memory/5012-176-0x00007FF790F00000-0x00007FF791254000-memory.dmp	xmrig
behavioral2/memory/2112-175-0x00007FF619250000-0x00007FF6195A4000-memory.dmp	xmrig
behavioral2/memory/4336-174-0x00007FF6081B0000-0x00007FF608504000-memory.dmp	xmrig
behavioral2/memory/2636-173-0x00007FF753E50000-0x00007FF7541A4000-memory.dmp	xmrig
behavioral2/memory/820-172-0x00007FF728C00000-0x00007FF728F54000-memory.dmp	xmrig
behavioral2/memory/528-170-0x00007FF77FA20000-0x00007FF77FD74000-memory.dmp	xmrig
behavioral2/memory/4612-169-0x00007FF654B60000-0x00007FF654EB4000-memory.dmp	xmrig
behavioral2/memory/5092-168-0x00007FF7B00C0000-0x00007FF7B0414000-memory.dmp	xmrig
behavioral2/memory/3636-167-0x00007FF72B950000-0x00007FF72BCA4000-memory.dmp	xmrig
behavioral2/memory/3300-165-0x00007FF7BF450000-0x00007FF7BF7A4000-memory.dmp	xmrig
behavioral2/memory/3720-164-0x00007FF7E8140000-0x00007FF7E8494000-memory.dmp	xmrig
behavioral2/memory/1148-163-0x00007FF7837C0000-0x00007FF783B14000-memory.dmp	xmrig
behavioral2/memory/664-162-0x00007FF6B16C0000-0x00007FF6B1A14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-159.dat	xmrig
behavioral2/files/0x0007000000023406-157.dat	xmrig
behavioral2/memory/4616-156-0x00007FF709760000-0x00007FF709AB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023405-154.dat	xmrig
behavioral2/files/0x0007000000023404-152.dat	xmrig
behavioral2/files/0x00070000000233fd-150.dat	xmrig
behavioral2/files/0x0007000000023403-148.dat	xmrig
behavioral2/files/0x0007000000023400-144.dat	xmrig
behavioral2/files/0x00070000000233ff-142.dat	xmrig
behavioral2/files/0x00070000000233fe-140.dat	xmrig
behavioral2/memory/2136-138-0x00007FF720740000-0x00007FF720A94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-136.dat	xmrig
behavioral2/files/0x00070000000233fc-134.dat	xmrig
behavioral2/memory/60-129-0x00007FF6473C0000-0x00007FF647714000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f9-119.dat	xmrig
behavioral2/files/0x00070000000233f3-114.dat	xmrig
behavioral2/memory/3772-108-0x00007FF7ACAA0000-0x00007FF7ACDF4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fb-103.dat	xmrig
behavioral2/files/0x00070000000233f4-90.dat	xmrig
behavioral2/files/0x00070000000233f7-81.dat	xmrig
behavioral2/memory/556-78-0x00007FF700AE0000-0x00007FF700E34000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f1-86.dat	xmrig
behavioral2/files/0x00070000000233f2-70.dat	xmrig
behavioral2/files/0x00070000000233f6-64.dat	xmrig
behavioral2/memory/1408-59-0x00007FF688DD0000-0x00007FF689124000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f5-56.dat	xmrig
behavioral2/files/0x00070000000233f0-49.dat	xmrig
behavioral2/memory/1176-38-0x00007FF6606B0000-0x00007FF660A04000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ef-45.dat	xmrig
behavioral2/memory/416-42-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp	xmrig
behavioral2/memory/4636-30-0x00007FF658D50000-0x00007FF6590A4000-memory.dmp	xmrig
behavioral2/memory/1340-27-0x00007FF6C4AA0000-0x00007FF6C4DF4000-memory.dmp	xmrig
behavioral2/memory/368-18-0x00007FF67C880000-0x00007FF67CBD4000-memory.dmp	xmrig
behavioral2/memory/212-8-0x00007FF795650000-0x00007FF7959A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-179.dat	xmrig
behavioral2/files/0x00080000000233ea-182.dat	xmrig
behavioral2/files/0x0007000000023409-188.dat	xmrig
behavioral2/files/0x000700000002340a-194.dat	xmrig
behavioral2/memory/212-2129-0x00007FF795650000-0x00007FF7959A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
212	kpGoJeh.exe
368	TQuspTX.exe
528	MnIWJvK.exe
1340	hVefsqZ.exe
4636	mDukIQm.exe
1176	HKXrpUh.exe
4356	KSNKBRl.exe
416	BYtOoNT.exe
1408	YLGSWcH.exe
820	aTFWxOa.exe
556	efRGxYn.exe
2636	zPCxrfh.exe
3772	tXnoxbR.exe
60	UgtcqeD.exe
2136	XdXJrkj.exe
928	XiAgkxz.exe
4336	DtjAlzW.exe
4616	rcIPmbA.exe
1488	rjmfExJ.exe
2112	DgecbVT.exe
664	RyVndPE.exe
1148	nfJTGuy.exe
3720	hpfkyXL.exe
3300	gVSBFkR.exe
2348	jHdxQpd.exe
3636	cUIjOEQ.exe
5092	NKNnejn.exe
5012	YfARqGj.exe
4612	tqkvPkI.exe
4672	PoyfkbO.exe
4496	tuPMQFT.exe
3608	DIKUfzh.exe
1828	itzyHNX.exe
3568	hfHBXVF.exe
3544	aWMvfVc.exe
1160	GXenxnT.exe
4116	XzIEATe.exe
4544	ZTFzMlf.exe
2228	LxzVyhp.exe
324	pDUgYkM.exe
1604	LHErUzx.exe
4628	EeKisXG.exe
232	lgIHbQU.exe
2148	RfiNOUL.exe
5032	brhCmQX.exe
440	gPLZYBF.exe
2692	HZgGeuu.exe
3240	buBQNCT.exe
1940	eGSQazQ.exe
2368	ntRGcDC.exe
3392	DPFmHWt.exe
3200	TyXufUF.exe
1664	LkfXsxn.exe
1740	qlNULpV.exe
4764	jXijWKM.exe
3084	ONlKpIZ.exe
512	KECcTyd.exe
3652	HwEiTCT.exe
4508	NZXPDhK.exe
760	ZCKTsSF.exe
464	KgMDCxU.exe
4388	sWFDtlN.exe
1296	GUcNKEt.exe
3788	ozmtyko.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2208-0-0x00007FF6CB120000-0x00007FF6CB474000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/files/0x00070000000233ee-21.dat	upx
behavioral2/files/0x00080000000233ec-33.dat	upx
behavioral2/files/0x00070000000233ed-41.dat	upx
behavioral2/files/0x00070000000233fa-76.dat	upx
behavioral2/files/0x00070000000233f8-93.dat	upx
behavioral2/files/0x0007000000023401-123.dat	upx
behavioral2/memory/928-139-0x00007FF6F2310000-0x00007FF6F2664000-memory.dmp	upx
behavioral2/memory/1488-161-0x00007FF6B5E90000-0x00007FF6B61E4000-memory.dmp	upx
behavioral2/memory/2348-166-0x00007FF6F8C50000-0x00007FF6F8FA4000-memory.dmp	upx
behavioral2/memory/4356-171-0x00007FF7FB6E0000-0x00007FF7FBA34000-memory.dmp	upx
behavioral2/memory/5012-176-0x00007FF790F00000-0x00007FF791254000-memory.dmp	upx
behavioral2/memory/2112-175-0x00007FF619250000-0x00007FF6195A4000-memory.dmp	upx
behavioral2/memory/4336-174-0x00007FF6081B0000-0x00007FF608504000-memory.dmp	upx
behavioral2/memory/2636-173-0x00007FF753E50000-0x00007FF7541A4000-memory.dmp	upx
behavioral2/memory/820-172-0x00007FF728C00000-0x00007FF728F54000-memory.dmp	upx
behavioral2/memory/528-170-0x00007FF77FA20000-0x00007FF77FD74000-memory.dmp	upx
behavioral2/memory/4612-169-0x00007FF654B60000-0x00007FF654EB4000-memory.dmp	upx
behavioral2/memory/5092-168-0x00007FF7B00C0000-0x00007FF7B0414000-memory.dmp	upx
behavioral2/memory/3636-167-0x00007FF72B950000-0x00007FF72BCA4000-memory.dmp	upx
behavioral2/memory/3300-165-0x00007FF7BF450000-0x00007FF7BF7A4000-memory.dmp	upx
behavioral2/memory/3720-164-0x00007FF7E8140000-0x00007FF7E8494000-memory.dmp	upx
behavioral2/memory/1148-163-0x00007FF7837C0000-0x00007FF783B14000-memory.dmp	upx
behavioral2/memory/664-162-0x00007FF6B16C0000-0x00007FF6B1A14000-memory.dmp	upx
behavioral2/files/0x0007000000023407-159.dat	upx
behavioral2/files/0x0007000000023406-157.dat	upx
behavioral2/memory/4616-156-0x00007FF709760000-0x00007FF709AB4000-memory.dmp	upx
behavioral2/files/0x0007000000023405-154.dat	upx
behavioral2/files/0x0007000000023404-152.dat	upx
behavioral2/files/0x00070000000233fd-150.dat	upx
behavioral2/files/0x0007000000023403-148.dat	upx
behavioral2/files/0x0007000000023400-144.dat	upx
behavioral2/files/0x00070000000233ff-142.dat	upx
behavioral2/files/0x00070000000233fe-140.dat	upx
behavioral2/memory/2136-138-0x00007FF720740000-0x00007FF720A94000-memory.dmp	upx
behavioral2/files/0x0007000000023402-136.dat	upx
behavioral2/files/0x00070000000233fc-134.dat	upx
behavioral2/memory/60-129-0x00007FF6473C0000-0x00007FF647714000-memory.dmp	upx
behavioral2/files/0x00070000000233f9-119.dat	upx
behavioral2/files/0x00070000000233f3-114.dat	upx
behavioral2/memory/3772-108-0x00007FF7ACAA0000-0x00007FF7ACDF4000-memory.dmp	upx
behavioral2/files/0x00070000000233fb-103.dat	upx
behavioral2/files/0x00070000000233f4-90.dat	upx
behavioral2/files/0x00070000000233f7-81.dat	upx
behavioral2/memory/556-78-0x00007FF700AE0000-0x00007FF700E34000-memory.dmp	upx
behavioral2/files/0x00070000000233f1-86.dat	upx
behavioral2/files/0x00070000000233f2-70.dat	upx
behavioral2/files/0x00070000000233f6-64.dat	upx
behavioral2/memory/1408-59-0x00007FF688DD0000-0x00007FF689124000-memory.dmp	upx
behavioral2/files/0x00070000000233f5-56.dat	upx
behavioral2/files/0x00070000000233f0-49.dat	upx
behavioral2/memory/1176-38-0x00007FF6606B0000-0x00007FF660A04000-memory.dmp	upx
behavioral2/files/0x00070000000233ef-45.dat	upx
behavioral2/memory/416-42-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp	upx
behavioral2/memory/4636-30-0x00007FF658D50000-0x00007FF6590A4000-memory.dmp	upx
behavioral2/memory/1340-27-0x00007FF6C4AA0000-0x00007FF6C4DF4000-memory.dmp	upx
behavioral2/memory/368-18-0x00007FF67C880000-0x00007FF67CBD4000-memory.dmp	upx
behavioral2/memory/212-8-0x00007FF795650000-0x00007FF7959A4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-179.dat	upx
behavioral2/files/0x00080000000233ea-182.dat	upx
behavioral2/files/0x0007000000023409-188.dat	upx
behavioral2/files/0x000700000002340a-194.dat	upx
behavioral2/memory/212-2129-0x00007FF795650000-0x00007FF7959A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kyQbXsn.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\TUkShju.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\QHWiKsj.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\hEyZxBw.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\UxkzwOr.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\gWorEgC.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\CfMZQKk.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\PsdciSd.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\BQoJYAM.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\XiAgkxz.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZTFzMlf.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\ugoEarl.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\GbLyKBz.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\FZURAwM.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\WRbKINz.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\SgIopYA.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\stvjrxs.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\eukjxhx.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\MQNrDsR.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\FeDQBnO.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\QLjjHRy.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\boUXMqS.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\HFbkzSU.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\NXnXJdQ.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\kBsDVWn.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\aLxWRUF.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\zcePCuX.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\ONlKpIZ.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\KgMDCxU.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\DQEWhFS.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\gTkKMDS.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\MeRzgXT.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\HwgcuBU.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\DIKUfzh.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\fwTAjTd.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\GUcNKEt.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\rrJXQzR.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\iHZHWLb.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\qpnOcfI.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\uFYrYaW.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\zHUEutm.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\lHyEjHC.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\AMHHBfM.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\pPPIIpn.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\eaodrfR.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\MloIjpu.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\EiDXghE.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\Bspsegq.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\BisQRoK.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\zjgelcM.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\cihARGX.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\GfRizZd.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\itzyHNX.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\ozmtyko.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\GqLSUie.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\DXxmMDR.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\nbkWFPt.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\vWjGauZ.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\TQuspTX.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\OBeFLrT.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\MOcrFXo.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\eVJECNp.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\YdVDngm.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
File created	C:\Windows\System\gcZinPp.exe	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1164	WerFaultSecure.exe
1164	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 212	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	82
PID 2208 wrote to memory of 212	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	82
PID 2208 wrote to memory of 368	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	83
PID 2208 wrote to memory of 368	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	83
PID 2208 wrote to memory of 1340	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	84
PID 2208 wrote to memory of 1340	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	84
PID 2208 wrote to memory of 528	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	85
PID 2208 wrote to memory of 528	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	85
PID 2208 wrote to memory of 4636	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	86
PID 2208 wrote to memory of 4636	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	86
PID 2208 wrote to memory of 1176	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	87
PID 2208 wrote to memory of 1176	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	87
PID 2208 wrote to memory of 4356	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	88
PID 2208 wrote to memory of 4356	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	88
PID 2208 wrote to memory of 416	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	89
PID 2208 wrote to memory of 416	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	89
PID 2208 wrote to memory of 1408	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	90
PID 2208 wrote to memory of 1408	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	90
PID 2208 wrote to memory of 820	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	91
PID 2208 wrote to memory of 820	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	91
PID 2208 wrote to memory of 556	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	92
PID 2208 wrote to memory of 556	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	92
PID 2208 wrote to memory of 2636	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	93
PID 2208 wrote to memory of 2636	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	93
PID 2208 wrote to memory of 3772	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	94
PID 2208 wrote to memory of 3772	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	94
PID 2208 wrote to memory of 60	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	95
PID 2208 wrote to memory of 60	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	95
PID 2208 wrote to memory of 2136	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	96
PID 2208 wrote to memory of 2136	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	96
PID 2208 wrote to memory of 928	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	97
PID 2208 wrote to memory of 928	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	97
PID 2208 wrote to memory of 4336	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	98
PID 2208 wrote to memory of 4336	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	98
PID 2208 wrote to memory of 4616	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	99
PID 2208 wrote to memory of 4616	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	99
PID 2208 wrote to memory of 1488	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	100
PID 2208 wrote to memory of 1488	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	100
PID 2208 wrote to memory of 2112	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	101
PID 2208 wrote to memory of 2112	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	101
PID 2208 wrote to memory of 664	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	102
PID 2208 wrote to memory of 664	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	102
PID 2208 wrote to memory of 1148	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	103
PID 2208 wrote to memory of 1148	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	103
PID 2208 wrote to memory of 3720	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	104
PID 2208 wrote to memory of 3720	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	104
PID 2208 wrote to memory of 3300	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	105
PID 2208 wrote to memory of 3300	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	105
PID 2208 wrote to memory of 2348	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	106
PID 2208 wrote to memory of 2348	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	106
PID 2208 wrote to memory of 3636	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	107
PID 2208 wrote to memory of 3636	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	107
PID 2208 wrote to memory of 5092	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	108
PID 2208 wrote to memory of 5092	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	108
PID 2208 wrote to memory of 5012	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	109
PID 2208 wrote to memory of 5012	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	109
PID 2208 wrote to memory of 4612	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	110
PID 2208 wrote to memory of 4612	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	110
PID 2208 wrote to memory of 4672	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	111
PID 2208 wrote to memory of 4672	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	111
PID 2208 wrote to memory of 4496	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	112
PID 2208 wrote to memory of 4496	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	112
PID 2208 wrote to memory of 3608	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	113
PID 2208 wrote to memory of 3608	2208	d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d366a9d5a5c948c08621386a8e2921e0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\System\kpGoJeh.exe
  C:\Windows\System\kpGoJeh.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\TQuspTX.exe
  C:\Windows\System\TQuspTX.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\hVefsqZ.exe
  C:\Windows\System\hVefsqZ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\MnIWJvK.exe
  C:\Windows\System\MnIWJvK.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\mDukIQm.exe
  C:\Windows\System\mDukIQm.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\HKXrpUh.exe
  C:\Windows\System\HKXrpUh.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\KSNKBRl.exe
  C:\Windows\System\KSNKBRl.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\BYtOoNT.exe
  C:\Windows\System\BYtOoNT.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System\YLGSWcH.exe
  C:\Windows\System\YLGSWcH.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\aTFWxOa.exe
  C:\Windows\System\aTFWxOa.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\efRGxYn.exe
  C:\Windows\System\efRGxYn.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\zPCxrfh.exe
  C:\Windows\System\zPCxrfh.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\tXnoxbR.exe
  C:\Windows\System\tXnoxbR.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\UgtcqeD.exe
  C:\Windows\System\UgtcqeD.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\XdXJrkj.exe
  C:\Windows\System\XdXJrkj.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\XiAgkxz.exe
  C:\Windows\System\XiAgkxz.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\DtjAlzW.exe
  C:\Windows\System\DtjAlzW.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\rcIPmbA.exe
  C:\Windows\System\rcIPmbA.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\rjmfExJ.exe
  C:\Windows\System\rjmfExJ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\DgecbVT.exe
  C:\Windows\System\DgecbVT.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\RyVndPE.exe
  C:\Windows\System\RyVndPE.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\nfJTGuy.exe
  C:\Windows\System\nfJTGuy.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\hpfkyXL.exe
  C:\Windows\System\hpfkyXL.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\gVSBFkR.exe
  C:\Windows\System\gVSBFkR.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\jHdxQpd.exe
  C:\Windows\System\jHdxQpd.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\cUIjOEQ.exe
  C:\Windows\System\cUIjOEQ.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\NKNnejn.exe
  C:\Windows\System\NKNnejn.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\YfARqGj.exe
  C:\Windows\System\YfARqGj.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\tqkvPkI.exe
  C:\Windows\System\tqkvPkI.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\PoyfkbO.exe
  C:\Windows\System\PoyfkbO.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\tuPMQFT.exe
  C:\Windows\System\tuPMQFT.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\DIKUfzh.exe
  C:\Windows\System\DIKUfzh.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\itzyHNX.exe
  C:\Windows\System\itzyHNX.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\hfHBXVF.exe
  C:\Windows\System\hfHBXVF.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\aWMvfVc.exe
  C:\Windows\System\aWMvfVc.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\GXenxnT.exe
  C:\Windows\System\GXenxnT.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\XzIEATe.exe
  C:\Windows\System\XzIEATe.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\ZTFzMlf.exe
  C:\Windows\System\ZTFzMlf.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\LxzVyhp.exe
  C:\Windows\System\LxzVyhp.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\pDUgYkM.exe
  C:\Windows\System\pDUgYkM.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\LHErUzx.exe
  C:\Windows\System\LHErUzx.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\EeKisXG.exe
  C:\Windows\System\EeKisXG.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\lgIHbQU.exe
  C:\Windows\System\lgIHbQU.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\RfiNOUL.exe
  C:\Windows\System\RfiNOUL.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\brhCmQX.exe
  C:\Windows\System\brhCmQX.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\gPLZYBF.exe
  C:\Windows\System\gPLZYBF.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\HZgGeuu.exe
  C:\Windows\System\HZgGeuu.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\buBQNCT.exe
  C:\Windows\System\buBQNCT.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\eGSQazQ.exe
  C:\Windows\System\eGSQazQ.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\ntRGcDC.exe
  C:\Windows\System\ntRGcDC.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\DPFmHWt.exe
  C:\Windows\System\DPFmHWt.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\TyXufUF.exe
  C:\Windows\System\TyXufUF.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\LkfXsxn.exe
  C:\Windows\System\LkfXsxn.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\qlNULpV.exe
  C:\Windows\System\qlNULpV.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\jXijWKM.exe
  C:\Windows\System\jXijWKM.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\ONlKpIZ.exe
  C:\Windows\System\ONlKpIZ.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\KECcTyd.exe
  C:\Windows\System\KECcTyd.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\HwEiTCT.exe
  C:\Windows\System\HwEiTCT.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\NZXPDhK.exe
  C:\Windows\System\NZXPDhK.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\KgMDCxU.exe
  C:\Windows\System\KgMDCxU.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\ZCKTsSF.exe
  C:\Windows\System\ZCKTsSF.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\sWFDtlN.exe
  C:\Windows\System\sWFDtlN.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\GUcNKEt.exe
  C:\Windows\System\GUcNKEt.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\ozmtyko.exe
  C:\Windows\System\ozmtyko.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\zjAziou.exe
  C:\Windows\System\zjAziou.exe
  2⤵
  PID:4796
- C:\Windows\System\UBdApUQ.exe
  C:\Windows\System\UBdApUQ.exe
  2⤵
  PID:2680
- C:\Windows\System\krYgazX.exe
  C:\Windows\System\krYgazX.exe
  2⤵
  PID:2592
- C:\Windows\System\zbEdjoe.exe
  C:\Windows\System\zbEdjoe.exe
  2⤵
  PID:4920
- C:\Windows\System\cozpWdG.exe
  C:\Windows\System\cozpWdG.exe
  2⤵
  PID:1308
- C:\Windows\System\TTiWcaj.exe
  C:\Windows\System\TTiWcaj.exe
  2⤵
  PID:4820
- C:\Windows\System\VqTKUTC.exe
  C:\Windows\System\VqTKUTC.exe
  2⤵
  PID:468
- C:\Windows\System\QHWiKsj.exe
  C:\Windows\System\QHWiKsj.exe
  2⤵
  PID:2180
- C:\Windows\System\LKzMdzi.exe
  C:\Windows\System\LKzMdzi.exe
  2⤵
  PID:1544
- C:\Windows\System\pRCqckD.exe
  C:\Windows\System\pRCqckD.exe
  2⤵
  PID:4980
- C:\Windows\System\ZPTdcjN.exe
  C:\Windows\System\ZPTdcjN.exe
  2⤵
  PID:2888
- C:\Windows\System\FlcvaTB.exe
  C:\Windows\System\FlcvaTB.exe
  2⤵
  PID:2908
- C:\Windows\System\alxWIlM.exe
  C:\Windows\System\alxWIlM.exe
  2⤵
  PID:4328
- C:\Windows\System\vJSBlEh.exe
  C:\Windows\System\vJSBlEh.exe
  2⤵
  PID:912
- C:\Windows\System\vzxaJEf.exe
  C:\Windows\System\vzxaJEf.exe
  2⤵
  PID:264
- C:\Windows\System\BSboKoZ.exe
  C:\Windows\System\BSboKoZ.exe
  2⤵
  PID:3520
- C:\Windows\System\WHGPBVS.exe
  C:\Windows\System\WHGPBVS.exe
  2⤵
  PID:1548
- C:\Windows\System\fiyqLtX.exe
  C:\Windows\System\fiyqLtX.exe
  2⤵
  PID:5068
- C:\Windows\System\DQEWhFS.exe
  C:\Windows\System\DQEWhFS.exe
  2⤵
  PID:1112
- C:\Windows\System\VaSxahc.exe
  C:\Windows\System\VaSxahc.exe
  2⤵
  PID:3228
- C:\Windows\System\gTEKnXE.exe
  C:\Windows\System\gTEKnXE.exe
  2⤵
  PID:4768
- C:\Windows\System\Tgplwxz.exe
  C:\Windows\System\Tgplwxz.exe
  2⤵
  PID:1880
- C:\Windows\System\lRuBJik.exe
  C:\Windows\System\lRuBJik.exe
  2⤵
  PID:1696
- C:\Windows\System\NxtdNDC.exe
  C:\Windows\System\NxtdNDC.exe
  2⤵
  PID:4248
- C:\Windows\System\DvqDeZH.exe
  C:\Windows\System\DvqDeZH.exe
  2⤵
  PID:4988
- C:\Windows\System\eXssTfM.exe
  C:\Windows\System\eXssTfM.exe
  2⤵
  PID:448
- C:\Windows\System\MQcfsoL.exe
  C:\Windows\System\MQcfsoL.exe
  2⤵
  PID:4648
- C:\Windows\System\PFgkNsT.exe
  C:\Windows\System\PFgkNsT.exe
  2⤵
  PID:4836
- C:\Windows\System\dMkUDzA.exe
  C:\Windows\System\dMkUDzA.exe
  2⤵
  PID:2568
- C:\Windows\System\PiDLeio.exe
  C:\Windows\System\PiDLeio.exe
  2⤵
  PID:5028
- C:\Windows\System\lxBchma.exe
  C:\Windows\System\lxBchma.exe
  2⤵
  PID:4568
- C:\Windows\System\WsDLZHP.exe
  C:\Windows\System\WsDLZHP.exe
  2⤵
  PID:4224
- C:\Windows\System\fsQWnic.exe
  C:\Windows\System\fsQWnic.exe
  2⤵
  PID:2088
- C:\Windows\System\ZPBqHWj.exe
  C:\Windows\System\ZPBqHWj.exe
  2⤵
  PID:2092
- C:\Windows\System\jXahUdy.exe
  C:\Windows\System\jXahUdy.exe
  2⤵
  PID:1352
- C:\Windows\System\Hdqircu.exe
  C:\Windows\System\Hdqircu.exe
  2⤵
  PID:2600
- C:\Windows\System\ywggMlo.exe
  C:\Windows\System\ywggMlo.exe
  2⤵
  PID:2892
- C:\Windows\System\QKXmhKY.exe
  C:\Windows\System\QKXmhKY.exe
  2⤵
  PID:5124
- C:\Windows\System\NUBMODs.exe
  C:\Windows\System\NUBMODs.exe
  2⤵
  PID:5164
- C:\Windows\System\TdUtiOM.exe
  C:\Windows\System\TdUtiOM.exe
  2⤵
  PID:5188
- C:\Windows\System\KtFQoTF.exe
  C:\Windows\System\KtFQoTF.exe
  2⤵
  PID:5228
- C:\Windows\System\UtseFPC.exe
  C:\Windows\System\UtseFPC.exe
  2⤵
  PID:5260
- C:\Windows\System\hxsVVJx.exe
  C:\Windows\System\hxsVVJx.exe
  2⤵
  PID:5292
- C:\Windows\System\MQNrDsR.exe
  C:\Windows\System\MQNrDsR.exe
  2⤵
  PID:5328
- C:\Windows\System\PkKFRVq.exe
  C:\Windows\System\PkKFRVq.exe
  2⤵
  PID:5344
- C:\Windows\System\fQovosU.exe
  C:\Windows\System\fQovosU.exe
  2⤵
  PID:5360
- C:\Windows\System\NRQbDxV.exe
  C:\Windows\System\NRQbDxV.exe
  2⤵
  PID:5376
- C:\Windows\System\mLRMdPL.exe
  C:\Windows\System\mLRMdPL.exe
  2⤵
  PID:5392
- C:\Windows\System\LtDnVlA.exe
  C:\Windows\System\LtDnVlA.exe
  2⤵
  PID:5416
- C:\Windows\System\mdjPtVd.exe
  C:\Windows\System\mdjPtVd.exe
  2⤵
  PID:5444
- C:\Windows\System\GqLSUie.exe
  C:\Windows\System\GqLSUie.exe
  2⤵
  PID:5484
- C:\Windows\System\XCFfhGZ.exe
  C:\Windows\System\XCFfhGZ.exe
  2⤵
  PID:5512
- C:\Windows\System\gtYqsjS.exe
  C:\Windows\System\gtYqsjS.exe
  2⤵
  PID:5540
- C:\Windows\System\kYjivmt.exe
  C:\Windows\System\kYjivmt.exe
  2⤵
  PID:5576
- C:\Windows\System\fPiOqWa.exe
  C:\Windows\System\fPiOqWa.exe
  2⤵
  PID:5648
- C:\Windows\System\zonzYbH.exe
  C:\Windows\System\zonzYbH.exe
  2⤵
  PID:5664
- C:\Windows\System\ZkQIGTl.exe
  C:\Windows\System\ZkQIGTl.exe
  2⤵
  PID:5684
- C:\Windows\System\OtBjWQV.exe
  C:\Windows\System\OtBjWQV.exe
  2⤵
  PID:5720
- C:\Windows\System\JQfqqEF.exe
  C:\Windows\System\JQfqqEF.exe
  2⤵
  PID:5752
- C:\Windows\System\tPcwqDm.exe
  C:\Windows\System\tPcwqDm.exe
  2⤵
  PID:5776
- C:\Windows\System\UkSOItF.exe
  C:\Windows\System\UkSOItF.exe
  2⤵
  PID:5804
- C:\Windows\System\cUbRclg.exe
  C:\Windows\System\cUbRclg.exe
  2⤵
  PID:5832
- C:\Windows\System\kEJCOTw.exe
  C:\Windows\System\kEJCOTw.exe
  2⤵
  PID:5852
- C:\Windows\System\dHkXjdM.exe
  C:\Windows\System\dHkXjdM.exe
  2⤵
  PID:5888
- C:\Windows\System\CpQgSIT.exe
  C:\Windows\System\CpQgSIT.exe
  2⤵
  PID:5904
- C:\Windows\System\EEbPpoS.exe
  C:\Windows\System\EEbPpoS.exe
  2⤵
  PID:5944
- C:\Windows\System\dPRIYoe.exe
  C:\Windows\System\dPRIYoe.exe
  2⤵
  PID:5972
- C:\Windows\System\yGmBwLB.exe
  C:\Windows\System\yGmBwLB.exe
  2⤵
  PID:6000
- C:\Windows\System\QTBwhJm.exe
  C:\Windows\System\QTBwhJm.exe
  2⤵
  PID:6028
- C:\Windows\System\TkfFIhI.exe
  C:\Windows\System\TkfFIhI.exe
  2⤵
  PID:6056
- C:\Windows\System\vtyfJZa.exe
  C:\Windows\System\vtyfJZa.exe
  2⤵
  PID:6076
- C:\Windows\System\mpVVQOk.exe
  C:\Windows\System\mpVVQOk.exe
  2⤵
  PID:6112
- C:\Windows\System\FVQHJkM.exe
  C:\Windows\System\FVQHJkM.exe
  2⤵
  PID:5016
- C:\Windows\System\NdFRveu.exe
  C:\Windows\System\NdFRveu.exe
  2⤵
  PID:5252
- C:\Windows\System\SGNzUOM.exe
  C:\Windows\System\SGNzUOM.exe
  2⤵
  PID:5324
- C:\Windows\System\wCUTosF.exe
  C:\Windows\System\wCUTosF.exe
  2⤵
  PID:5388
- C:\Windows\System\lpBvrWM.exe
  C:\Windows\System\lpBvrWM.exe
  2⤵
  PID:5424
- C:\Windows\System\umjumUK.exe
  C:\Windows\System\umjumUK.exe
  2⤵
  PID:5504
- C:\Windows\System\XNIcJab.exe
  C:\Windows\System\XNIcJab.exe
  2⤵
  PID:5588
- C:\Windows\System\lwGTQLz.exe
  C:\Windows\System\lwGTQLz.exe
  2⤵
  PID:5644
- C:\Windows\System\FtiPTed.exe
  C:\Windows\System\FtiPTed.exe
  2⤵
  PID:5680
- C:\Windows\System\FeDQBnO.exe
  C:\Windows\System\FeDQBnO.exe
  2⤵
  PID:5716
- C:\Windows\System\MiKXKcF.exe
  C:\Windows\System\MiKXKcF.exe
  2⤵
  PID:5800
- C:\Windows\System\WryRYur.exe
  C:\Windows\System\WryRYur.exe
  2⤵
  PID:5896
- C:\Windows\System\OJvsNDJ.exe
  C:\Windows\System\OJvsNDJ.exe
  2⤵
  PID:5996
- C:\Windows\System\XViofxT.exe
  C:\Windows\System\XViofxT.exe
  2⤵
  PID:6064
- C:\Windows\System\oJLCVqY.exe
  C:\Windows\System\oJLCVqY.exe
  2⤵
  PID:6132
- C:\Windows\System\tLHQYnA.exe
  C:\Windows\System\tLHQYnA.exe
  2⤵
  PID:5272
- C:\Windows\System\yyVOycg.exe
  C:\Windows\System\yyVOycg.exe
  2⤵
  PID:5524
- C:\Windows\System\qhfLMXd.exe
  C:\Windows\System\qhfLMXd.exe
  2⤵
  PID:5556
- C:\Windows\System\NkZhKFM.exe
  C:\Windows\System\NkZhKFM.exe
  2⤵
  PID:5712
- C:\Windows\System\fQkUSiD.exe
  C:\Windows\System\fQkUSiD.exe
  2⤵
  PID:5848
- C:\Windows\System\rljsXVZ.exe
  C:\Windows\System\rljsXVZ.exe
  2⤵
  PID:6048
- C:\Windows\System\DXeQXnJ.exe
  C:\Windows\System\DXeQXnJ.exe
  2⤵
  PID:5104
- C:\Windows\System\hOMdoMv.exe
  C:\Windows\System\hOMdoMv.exe
  2⤵
  PID:5884
- C:\Windows\System\clfJPxK.exe
  C:\Windows\System\clfJPxK.exe
  2⤵
  PID:5144
- C:\Windows\System\oQWfelk.exe
  C:\Windows\System\oQWfelk.exe
  2⤵
  PID:5372
- C:\Windows\System\sRDWYmi.exe
  C:\Windows\System\sRDWYmi.exe
  2⤵
  PID:6100
- C:\Windows\System\TKGqrSi.exe
  C:\Windows\System\TKGqrSi.exe
  2⤵
  PID:6176
- C:\Windows\System\xyGyjxZ.exe
  C:\Windows\System\xyGyjxZ.exe
  2⤵
  PID:6208
- C:\Windows\System\LsybcfM.exe
  C:\Windows\System\LsybcfM.exe
  2⤵
  PID:6240
- C:\Windows\System\ONqKBgV.exe
  C:\Windows\System\ONqKBgV.exe
  2⤵
  PID:6264
- C:\Windows\System\rrJXQzR.exe
  C:\Windows\System\rrJXQzR.exe
  2⤵
  PID:6296
- C:\Windows\System\ABXmhoi.exe
  C:\Windows\System\ABXmhoi.exe
  2⤵
  PID:6320
- C:\Windows\System\JQjxdlB.exe
  C:\Windows\System\JQjxdlB.exe
  2⤵
  PID:6348
- C:\Windows\System\NaxEZOv.exe
  C:\Windows\System\NaxEZOv.exe
  2⤵
  PID:6376
- C:\Windows\System\wxrSHiy.exe
  C:\Windows\System\wxrSHiy.exe
  2⤵
  PID:6408
- C:\Windows\System\ydxYxrW.exe
  C:\Windows\System\ydxYxrW.exe
  2⤵
  PID:6432
- C:\Windows\System\KHGrYzy.exe
  C:\Windows\System\KHGrYzy.exe
  2⤵
  PID:6460
- C:\Windows\System\SYSvKED.exe
  C:\Windows\System\SYSvKED.exe
  2⤵
  PID:6488
- C:\Windows\System\fBSdnJI.exe
  C:\Windows\System\fBSdnJI.exe
  2⤵
  PID:6520
- C:\Windows\System\PSJWZwl.exe
  C:\Windows\System\PSJWZwl.exe
  2⤵
  PID:6544
- C:\Windows\System\wFZjmwz.exe
  C:\Windows\System\wFZjmwz.exe
  2⤵
  PID:6572
- C:\Windows\System\vgMOuix.exe
  C:\Windows\System\vgMOuix.exe
  2⤵
  PID:6608
- C:\Windows\System\CDRBlFh.exe
  C:\Windows\System\CDRBlFh.exe
  2⤵
  PID:6636
- C:\Windows\System\ugoEarl.exe
  C:\Windows\System\ugoEarl.exe
  2⤵
  PID:6656
- C:\Windows\System\uUFjksl.exe
  C:\Windows\System\uUFjksl.exe
  2⤵
  PID:6684
- C:\Windows\System\qneZOth.exe
  C:\Windows\System\qneZOth.exe
  2⤵
  PID:6712
- C:\Windows\System\SrrmzDM.exe
  C:\Windows\System\SrrmzDM.exe
  2⤵
  PID:6740
- C:\Windows\System\GVVLgSC.exe
  C:\Windows\System\GVVLgSC.exe
  2⤵
  PID:6768
- C:\Windows\System\dHHtvHk.exe
  C:\Windows\System\dHHtvHk.exe
  2⤵
  PID:6796
- C:\Windows\System\zbaeARk.exe
  C:\Windows\System\zbaeARk.exe
  2⤵
  PID:6824
- C:\Windows\System\ThSjGXt.exe
  C:\Windows\System\ThSjGXt.exe
  2⤵
  PID:6856
- C:\Windows\System\NtVCYiG.exe
  C:\Windows\System\NtVCYiG.exe
  2⤵
  PID:6888
- C:\Windows\System\hrBHojO.exe
  C:\Windows\System\hrBHojO.exe
  2⤵
  PID:6916
- C:\Windows\System\oFjViDP.exe
  C:\Windows\System\oFjViDP.exe
  2⤵
  PID:6944
- C:\Windows\System\CobWogF.exe
  C:\Windows\System\CobWogF.exe
  2⤵
  PID:6976
- C:\Windows\System\LxGkzVy.exe
  C:\Windows\System\LxGkzVy.exe
  2⤵
  PID:7008
- C:\Windows\System\NywNDOG.exe
  C:\Windows\System\NywNDOG.exe
  2⤵
  PID:7048
- C:\Windows\System\NtdImwp.exe
  C:\Windows\System\NtdImwp.exe
  2⤵
  PID:7072
- C:\Windows\System\oAlOCMS.exe
  C:\Windows\System\oAlOCMS.exe
  2⤵
  PID:7100
- C:\Windows\System\OBeFLrT.exe
  C:\Windows\System\OBeFLrT.exe
  2⤵
  PID:7128
- C:\Windows\System\KDtWTMw.exe
  C:\Windows\System\KDtWTMw.exe
  2⤵
  PID:7164
- C:\Windows\System\HBdiDCk.exe
  C:\Windows\System\HBdiDCk.exe
  2⤵
  PID:6184
- C:\Windows\System\yIiFQeZ.exe
  C:\Windows\System\yIiFQeZ.exe
  2⤵
  PID:6260
- C:\Windows\System\ZEAXbwW.exe
  C:\Windows\System\ZEAXbwW.exe
  2⤵
  PID:6332
- C:\Windows\System\szKuUTg.exe
  C:\Windows\System\szKuUTg.exe
  2⤵
  PID:6388
- C:\Windows\System\QTALZHO.exe
  C:\Windows\System\QTALZHO.exe
  2⤵
  PID:6472
- C:\Windows\System\aKKbwRk.exe
  C:\Windows\System\aKKbwRk.exe
  2⤵
  PID:6556
- C:\Windows\System\LLcPrHY.exe
  C:\Windows\System\LLcPrHY.exe
  2⤵
  PID:6624
- C:\Windows\System\njpGWjM.exe
  C:\Windows\System\njpGWjM.exe
  2⤵
  PID:6680
- C:\Windows\System\ZSyfcdb.exe
  C:\Windows\System\ZSyfcdb.exe
  2⤵
  PID:6760
- C:\Windows\System\AWVKwCh.exe
  C:\Windows\System\AWVKwCh.exe
  2⤵
  PID:6836
- C:\Windows\System\HcbtXJz.exe
  C:\Windows\System\HcbtXJz.exe
  2⤵
  PID:6896
- C:\Windows\System\AqePQIU.exe
  C:\Windows\System\AqePQIU.exe
  2⤵
  PID:6984
- C:\Windows\System\ZzQxaEj.exe
  C:\Windows\System\ZzQxaEj.exe
  2⤵
  PID:7036
- C:\Windows\System\gaLjrHs.exe
  C:\Windows\System\gaLjrHs.exe
  2⤵
  PID:7112
- C:\Windows\System\QLjjHRy.exe
  C:\Windows\System\QLjjHRy.exe
  2⤵
  PID:6164
- C:\Windows\System\uExFkbb.exe
  C:\Windows\System\uExFkbb.exe
  2⤵
  PID:6312
- C:\Windows\System\zWAXUqC.exe
  C:\Windows\System\zWAXUqC.exe
  2⤵
  PID:6536
- C:\Windows\System\MBoUwkq.exe
  C:\Windows\System\MBoUwkq.exe
  2⤵
  PID:6708
- C:\Windows\System\jCBpkZQ.exe
  C:\Windows\System\jCBpkZQ.exe
  2⤵
  PID:6848
- C:\Windows\System\ixwRggV.exe
  C:\Windows\System\ixwRggV.exe
  2⤵
  PID:7004
- C:\Windows\System\kUiigyz.exe
  C:\Windows\System\kUiigyz.exe
  2⤵
  PID:7148
- C:\Windows\System\UNKCUmT.exe
  C:\Windows\System\UNKCUmT.exe
  2⤵
  PID:6596
- C:\Windows\System\DWSYpjh.exe
  C:\Windows\System\DWSYpjh.exe
  2⤵
  PID:5744
- C:\Windows\System\vjGXPjn.exe
  C:\Windows\System\vjGXPjn.exe
  2⤵
  PID:6372
- C:\Windows\System\LlaWpJR.exe
  C:\Windows\System\LlaWpJR.exe
  2⤵
  PID:6248
- C:\Windows\System\eYBitAs.exe
  C:\Windows\System\eYBitAs.exe
  2⤵
  PID:7188
- C:\Windows\System\nwOZucq.exe
  C:\Windows\System\nwOZucq.exe
  2⤵
  PID:7212
- C:\Windows\System\RjdEXST.exe
  C:\Windows\System\RjdEXST.exe
  2⤵
  PID:7244
- C:\Windows\System\MAcoUah.exe
  C:\Windows\System\MAcoUah.exe
  2⤵
  PID:7268
- C:\Windows\System\NmKVNOz.exe
  C:\Windows\System\NmKVNOz.exe
  2⤵
  PID:7296
- C:\Windows\System\KCsWZJK.exe
  C:\Windows\System\KCsWZJK.exe
  2⤵
  PID:7324
- C:\Windows\System\SgIopYA.exe
  C:\Windows\System\SgIopYA.exe
  2⤵
  PID:7352
- C:\Windows\System\IDbbDAN.exe
  C:\Windows\System\IDbbDAN.exe
  2⤵
  PID:7380
- C:\Windows\System\uOiTFci.exe
  C:\Windows\System\uOiTFci.exe
  2⤵
  PID:7408
- C:\Windows\System\yjRlLuc.exe
  C:\Windows\System\yjRlLuc.exe
  2⤵
  PID:7436
- C:\Windows\System\keqShJf.exe
  C:\Windows\System\keqShJf.exe
  2⤵
  PID:7460
- C:\Windows\System\JEhlKRt.exe
  C:\Windows\System\JEhlKRt.exe
  2⤵
  PID:7480
- C:\Windows\System\oBNhhnZ.exe
  C:\Windows\System\oBNhhnZ.exe
  2⤵
  PID:7512
- C:\Windows\System\lOqHKWq.exe
  C:\Windows\System\lOqHKWq.exe
  2⤵
  PID:7548
- C:\Windows\System\CbaEnYD.exe
  C:\Windows\System\CbaEnYD.exe
  2⤵
  PID:7572
- C:\Windows\System\lwWjSiR.exe
  C:\Windows\System\lwWjSiR.exe
  2⤵
  PID:7608
- C:\Windows\System\KgJHMDu.exe
  C:\Windows\System\KgJHMDu.exe
  2⤵
  PID:7628
- C:\Windows\System\GekfhED.exe
  C:\Windows\System\GekfhED.exe
  2⤵
  PID:7664
- C:\Windows\System\VQVTVRh.exe
  C:\Windows\System\VQVTVRh.exe
  2⤵
  PID:7680
- C:\Windows\System\nfjYobO.exe
  C:\Windows\System\nfjYobO.exe
  2⤵
  PID:7696
- C:\Windows\System\dCpivwq.exe
  C:\Windows\System\dCpivwq.exe
  2⤵
  PID:7724
- C:\Windows\System\erUtYQj.exe
  C:\Windows\System\erUtYQj.exe
  2⤵
  PID:7756
- C:\Windows\System\boUXMqS.exe
  C:\Windows\System\boUXMqS.exe
  2⤵
  PID:7796
- C:\Windows\System\plvZuJH.exe
  C:\Windows\System\plvZuJH.exe
  2⤵
  PID:7824
- C:\Windows\System\KyxyzVk.exe
  C:\Windows\System\KyxyzVk.exe
  2⤵
  PID:7856
- C:\Windows\System\rjGCPIK.exe
  C:\Windows\System\rjGCPIK.exe
  2⤵
  PID:7880
- C:\Windows\System\BWnjSrG.exe
  C:\Windows\System\BWnjSrG.exe
  2⤵
  PID:7916
- C:\Windows\System\yPqvTuh.exe
  C:\Windows\System\yPqvTuh.exe
  2⤵
  PID:7960
- C:\Windows\System\zHUEutm.exe
  C:\Windows\System\zHUEutm.exe
  2⤵
  PID:7980
- C:\Windows\System\dmbxIXK.exe
  C:\Windows\System\dmbxIXK.exe
  2⤵
  PID:8004
- C:\Windows\System\cIPgUFh.exe
  C:\Windows\System\cIPgUFh.exe
  2⤵
  PID:8024
- C:\Windows\System\AqnxZqE.exe
  C:\Windows\System\AqnxZqE.exe
  2⤵
  PID:8064
- C:\Windows\System\lHyEjHC.exe
  C:\Windows\System\lHyEjHC.exe
  2⤵
  PID:8100
- C:\Windows\System\AJOALVJ.exe
  C:\Windows\System\AJOALVJ.exe
  2⤵
  PID:8116
- C:\Windows\System\EzyiTBB.exe
  C:\Windows\System\EzyiTBB.exe
  2⤵
  PID:8148
- C:\Windows\System\ZLKnaQm.exe
  C:\Windows\System\ZLKnaQm.exe
  2⤵
  PID:8172
- C:\Windows\System\JXULkbE.exe
  C:\Windows\System\JXULkbE.exe
  2⤵
  PID:7208
- C:\Windows\System\CDuuwpY.exe
  C:\Windows\System\CDuuwpY.exe
  2⤵
  PID:7280
- C:\Windows\System\jpszlPb.exe
  C:\Windows\System\jpszlPb.exe
  2⤵
  PID:7316
- C:\Windows\System\UJYmYZj.exe
  C:\Windows\System\UJYmYZj.exe
  2⤵
  PID:7404
- C:\Windows\System\IGgrmoz.exe
  C:\Windows\System\IGgrmoz.exe
  2⤵
  PID:7476
- C:\Windows\System\rYuDShR.exe
  C:\Windows\System\rYuDShR.exe
  2⤵
  PID:7544
- C:\Windows\System\bYSKpvI.exe
  C:\Windows\System\bYSKpvI.exe
  2⤵
  PID:7616
- C:\Windows\System\hihboku.exe
  C:\Windows\System\hihboku.exe
  2⤵
  PID:7648
- C:\Windows\System\DXxmMDR.exe
  C:\Windows\System\DXxmMDR.exe
  2⤵
  PID:7688
- C:\Windows\System\GICTFAN.exe
  C:\Windows\System\GICTFAN.exe
  2⤵
  PID:7768
- C:\Windows\System\rWEsNMO.exe
  C:\Windows\System\rWEsNMO.exe
  2⤵
  PID:7812
- C:\Windows\System\kqmJFLW.exe
  C:\Windows\System\kqmJFLW.exe
  2⤵
  PID:6592
- C:\Windows\System\sXOYULq.exe
  C:\Windows\System\sXOYULq.exe
  2⤵
  PID:7968
- C:\Windows\System\DJHZNbZ.exe
  C:\Windows\System\DJHZNbZ.exe
  2⤵
  PID:8020
- C:\Windows\System\XbkEyUV.exe
  C:\Windows\System\XbkEyUV.exe
  2⤵
  PID:8052
- C:\Windows\System\MtDIYIg.exe
  C:\Windows\System\MtDIYIg.exe
  2⤵
  PID:8156
- C:\Windows\System\lMTVciR.exe
  C:\Windows\System\lMTVciR.exe
  2⤵
  PID:7264
- C:\Windows\System\hEyZxBw.exe
  C:\Windows\System\hEyZxBw.exe
  2⤵
  PID:7468
- C:\Windows\System\TpiJGSa.exe
  C:\Windows\System\TpiJGSa.exe
  2⤵
  PID:7536
- C:\Windows\System\EiDXghE.exe
  C:\Windows\System\EiDXghE.exe
  2⤵
  PID:7708
- C:\Windows\System\AMHHBfM.exe
  C:\Windows\System\AMHHBfM.exe
  2⤵
  PID:7868
- C:\Windows\System\EntFrsE.exe
  C:\Windows\System\EntFrsE.exe
  2⤵
  PID:8044
- C:\Windows\System\yklCZRN.exe
  C:\Windows\System\yklCZRN.exe
  2⤵
  PID:7180
- C:\Windows\System\BsDrxhW.exe
  C:\Windows\System\BsDrxhW.exe
  2⤵
  PID:7508
- C:\Windows\System\lsNNGKa.exe
  C:\Windows\System\lsNNGKa.exe
  2⤵
  PID:7864
- C:\Windows\System\DrhlKRe.exe
  C:\Windows\System\DrhlKRe.exe
  2⤵
  PID:7368
- C:\Windows\System\tCklvFu.exe
  C:\Windows\System\tCklvFu.exe
  2⤵
  PID:8108
- C:\Windows\System\odXtWSM.exe
  C:\Windows\System\odXtWSM.exe
  2⤵
  PID:8200
- C:\Windows\System\aJOAoVR.exe
  C:\Windows\System\aJOAoVR.exe
  2⤵
  PID:8216
- C:\Windows\System\JcEwQeb.exe
  C:\Windows\System\JcEwQeb.exe
  2⤵
  PID:8256
- C:\Windows\System\vShOhQB.exe
  C:\Windows\System\vShOhQB.exe
  2⤵
  PID:8284
- C:\Windows\System\PtsVVam.exe
  C:\Windows\System\PtsVVam.exe
  2⤵
  PID:8304
- C:\Windows\System\agZfjpd.exe
  C:\Windows\System\agZfjpd.exe
  2⤵
  PID:8336
- C:\Windows\System\EPPztuz.exe
  C:\Windows\System\EPPztuz.exe
  2⤵
  PID:8368
- C:\Windows\System\UHdohxy.exe
  C:\Windows\System\UHdohxy.exe
  2⤵
  PID:8396
- C:\Windows\System\zhgoLCQ.exe
  C:\Windows\System\zhgoLCQ.exe
  2⤵
  PID:8424
- C:\Windows\System\VgAgrfF.exe
  C:\Windows\System\VgAgrfF.exe
  2⤵
  PID:8452
- C:\Windows\System\XnmuafM.exe
  C:\Windows\System\XnmuafM.exe
  2⤵
  PID:8480
- C:\Windows\System\DvyxnmI.exe
  C:\Windows\System\DvyxnmI.exe
  2⤵
  PID:8496
- C:\Windows\System\LshVHkR.exe
  C:\Windows\System\LshVHkR.exe
  2⤵
  PID:8512
- C:\Windows\System\fwTAjTd.exe
  C:\Windows\System\fwTAjTd.exe
  2⤵
  PID:8548
- C:\Windows\System\snoJEoh.exe
  C:\Windows\System\snoJEoh.exe
  2⤵
  PID:8580
- C:\Windows\System\JtgDahq.exe
  C:\Windows\System\JtgDahq.exe
  2⤵
  PID:8620
- C:\Windows\System\MUeLwBC.exe
  C:\Windows\System\MUeLwBC.exe
  2⤵
  PID:8648
- C:\Windows\System\gTkKMDS.exe
  C:\Windows\System\gTkKMDS.exe
  2⤵
  PID:8676
- C:\Windows\System\TwqHKcX.exe
  C:\Windows\System\TwqHKcX.exe
  2⤵
  PID:8704
- C:\Windows\System\GjxgGrS.exe
  C:\Windows\System\GjxgGrS.exe
  2⤵
  PID:8732
- C:\Windows\System\AVyxqPt.exe
  C:\Windows\System\AVyxqPt.exe
  2⤵
  PID:8760
- C:\Windows\System\tytZsSr.exe
  C:\Windows\System\tytZsSr.exe
  2⤵
  PID:8804
- C:\Windows\System\KFdcZkA.exe
  C:\Windows\System\KFdcZkA.exe
  2⤵
  PID:8832
- C:\Windows\System\GKLmROo.exe
  C:\Windows\System\GKLmROo.exe
  2⤵
  PID:8860
- C:\Windows\System\PbRBpbV.exe
  C:\Windows\System\PbRBpbV.exe
  2⤵
  PID:8876
- C:\Windows\System\WtZbBOc.exe
  C:\Windows\System\WtZbBOc.exe
  2⤵
  PID:8912
- C:\Windows\System\OzePXLP.exe
  C:\Windows\System\OzePXLP.exe
  2⤵
  PID:8944
- C:\Windows\System\NEdVAmU.exe
  C:\Windows\System\NEdVAmU.exe
  2⤵
  PID:8972
- C:\Windows\System\DQJvujz.exe
  C:\Windows\System\DQJvujz.exe
  2⤵
  PID:9000
- C:\Windows\System\ZiNGGwY.exe
  C:\Windows\System\ZiNGGwY.exe
  2⤵
  PID:9032
- C:\Windows\System\VcvMjal.exe
  C:\Windows\System\VcvMjal.exe
  2⤵
  PID:9048
- C:\Windows\System\yiQyBfR.exe
  C:\Windows\System\yiQyBfR.exe
  2⤵
  PID:9076
- C:\Windows\System\xzhtnTR.exe
  C:\Windows\System\xzhtnTR.exe
  2⤵
  PID:9104
- C:\Windows\System\fmuaOLx.exe
  C:\Windows\System\fmuaOLx.exe
  2⤵
  PID:9140
- C:\Windows\System\zmeiAZV.exe
  C:\Windows\System\zmeiAZV.exe
  2⤵
  PID:9172
- C:\Windows\System\gYYchWP.exe
  C:\Windows\System\gYYchWP.exe
  2⤵
  PID:9200
- C:\Windows\System\bDpVHzP.exe
  C:\Windows\System\bDpVHzP.exe
  2⤵
  PID:8208
- C:\Windows\System\EkzuaPy.exe
  C:\Windows\System\EkzuaPy.exe
  2⤵
  PID:8280
- C:\Windows\System\KhHXMRQ.exe
  C:\Windows\System\KhHXMRQ.exe
  2⤵
  PID:8320
- C:\Windows\System\lcCiIKT.exe
  C:\Windows\System\lcCiIKT.exe
  2⤵
  PID:8388
- C:\Windows\System\clUAruK.exe
  C:\Windows\System\clUAruK.exe
  2⤵
  PID:8436
- C:\Windows\System\LEmSNEQ.exe
  C:\Windows\System\LEmSNEQ.exe
  2⤵
  PID:8504
- C:\Windows\System\yeniImO.exe
  C:\Windows\System\yeniImO.exe
  2⤵
  PID:8576
- C:\Windows\System\iqyaQFf.exe
  C:\Windows\System\iqyaQFf.exe
  2⤵
  PID:8644
- C:\Windows\System\LXaSrss.exe
  C:\Windows\System\LXaSrss.exe
  2⤵
  PID:8700
- C:\Windows\System\rKsPUpo.exe
  C:\Windows\System\rKsPUpo.exe
  2⤵
  PID:7364
- C:\Windows\System\xstVZOS.exe
  C:\Windows\System\xstVZOS.exe
  2⤵
  PID:8816
- C:\Windows\System\lriowRx.exe
  C:\Windows\System\lriowRx.exe
  2⤵
  PID:8856
- C:\Windows\System\YmioIYh.exe
  C:\Windows\System\YmioIYh.exe
  2⤵
  PID:8904
- C:\Windows\System\tkAQHVT.exe
  C:\Windows\System\tkAQHVT.exe
  2⤵
  PID:8968
- C:\Windows\System\pPPIIpn.exe
  C:\Windows\System\pPPIIpn.exe
  2⤵
  PID:9060
- C:\Windows\System\DTHVetq.exe
  C:\Windows\System\DTHVetq.exe
  2⤵
  PID:9116
- C:\Windows\System\caiqCwL.exe
  C:\Windows\System\caiqCwL.exe
  2⤵
  PID:9160
- C:\Windows\System\NfGSSoD.exe
  C:\Windows\System\NfGSSoD.exe
  2⤵
  PID:9196
- C:\Windows\System\HwtnRvd.exe
  C:\Windows\System\HwtnRvd.exe
  2⤵
  PID:8356
- C:\Windows\System\LgWaJcz.exe
  C:\Windows\System\LgWaJcz.exe
  2⤵
  PID:8560
- C:\Windows\System\QOjkpKJ.exe
  C:\Windows\System\QOjkpKJ.exe
  2⤵
  PID:8640
- C:\Windows\System\UDXWsAi.exe
  C:\Windows\System\UDXWsAi.exe
  2⤵
  PID:4072
- C:\Windows\System\GOFrjaq.exe
  C:\Windows\System\GOFrjaq.exe
  2⤵
  PID:8872
- C:\Windows\System\qODmbZM.exe
  C:\Windows\System\qODmbZM.exe
  2⤵
  PID:8996
- C:\Windows\System\rbAymTa.exe
  C:\Windows\System\rbAymTa.exe
  2⤵
  PID:9148
- C:\Windows\System\UxkzwOr.exe
  C:\Windows\System\UxkzwOr.exe
  2⤵
  PID:8248
- C:\Windows\System\PkRyqQr.exe
  C:\Windows\System\PkRyqQr.exe
  2⤵
  PID:8492
- C:\Windows\System\hwkFsXC.exe
  C:\Windows\System\hwkFsXC.exe
  2⤵
  PID:8932
- C:\Windows\System\MeRzgXT.exe
  C:\Windows\System\MeRzgXT.exe
  2⤵
  PID:8608
- C:\Windows\System\zxBaxto.exe
  C:\Windows\System\zxBaxto.exe
  2⤵
  PID:8788
- C:\Windows\System\lbZyPni.exe
  C:\Windows\System\lbZyPni.exe
  2⤵
  PID:9248
- C:\Windows\System\QcXdePz.exe
  C:\Windows\System\QcXdePz.exe
  2⤵
  PID:9276
- C:\Windows\System\IUUVGVR.exe
  C:\Windows\System\IUUVGVR.exe
  2⤵
  PID:9304
- C:\Windows\System\cozMOIc.exe
  C:\Windows\System\cozMOIc.exe
  2⤵
  PID:9332
- C:\Windows\System\GifJcIX.exe
  C:\Windows\System\GifJcIX.exe
  2⤵
  PID:9360
- C:\Windows\System\fDhPqOs.exe
  C:\Windows\System\fDhPqOs.exe
  2⤵
  PID:9388
- C:\Windows\System\VTbGplK.exe
  C:\Windows\System\VTbGplK.exe
  2⤵
  PID:9404
- C:\Windows\System\EejJYHI.exe
  C:\Windows\System\EejJYHI.exe
  2⤵
  PID:9440
- C:\Windows\System\WMPWlMh.exe
  C:\Windows\System\WMPWlMh.exe
  2⤵
  PID:9472
- C:\Windows\System\SoPnXgJ.exe
  C:\Windows\System\SoPnXgJ.exe
  2⤵
  PID:9488
- C:\Windows\System\PWzDUyl.exe
  C:\Windows\System\PWzDUyl.exe
  2⤵
  PID:9528
- C:\Windows\System\MwDwxTy.exe
  C:\Windows\System\MwDwxTy.exe
  2⤵
  PID:9552
- C:\Windows\System\brgBlXE.exe
  C:\Windows\System\brgBlXE.exe
  2⤵
  PID:9576
- C:\Windows\System\OZuEKBR.exe
  C:\Windows\System\OZuEKBR.exe
  2⤵
  PID:9600
- C:\Windows\System\jTngAGK.exe
  C:\Windows\System\jTngAGK.exe
  2⤵
  PID:9620
- C:\Windows\System\btJSNZX.exe
  C:\Windows\System\btJSNZX.exe
  2⤵
  PID:9652
- C:\Windows\System\qXLZvTo.exe
  C:\Windows\System\qXLZvTo.exe
  2⤵
  PID:9676
- C:\Windows\System\YRfaSYS.exe
  C:\Windows\System\YRfaSYS.exe
  2⤵
  PID:9700
- C:\Windows\System\vgUgvbk.exe
  C:\Windows\System\vgUgvbk.exe
  2⤵
  PID:9736
- C:\Windows\System\YkrQxMd.exe
  C:\Windows\System\YkrQxMd.exe
  2⤵
  PID:9768
- C:\Windows\System\WHDLUdZ.exe
  C:\Windows\System\WHDLUdZ.exe
  2⤵
  PID:9804
- C:\Windows\System\XGAribn.exe
  C:\Windows\System\XGAribn.exe
  2⤵
  PID:9828
- C:\Windows\System\CRAGZeZ.exe
  C:\Windows\System\CRAGZeZ.exe
  2⤵
  PID:9856
- C:\Windows\System\Bspsegq.exe
  C:\Windows\System\Bspsegq.exe
  2⤵
  PID:9880
- C:\Windows\System\nApLboR.exe
  C:\Windows\System\nApLboR.exe
  2⤵
  PID:9900
- C:\Windows\System\dKnszKE.exe
  C:\Windows\System\dKnszKE.exe
  2⤵
  PID:9928
- C:\Windows\System\nbkWFPt.exe
  C:\Windows\System\nbkWFPt.exe
  2⤵
  PID:9944
- C:\Windows\System\ygWATFg.exe
  C:\Windows\System\ygWATFg.exe
  2⤵
  PID:9976
- C:\Windows\System\BNMbHfA.exe
  C:\Windows\System\BNMbHfA.exe
  2⤵
  PID:10012
- C:\Windows\System\BisQRoK.exe
  C:\Windows\System\BisQRoK.exe
  2⤵
  PID:10040
- C:\Windows\System\pTQvKyp.exe
  C:\Windows\System\pTQvKyp.exe
  2⤵
  PID:10068
- C:\Windows\System\eEHRGBU.exe
  C:\Windows\System\eEHRGBU.exe
  2⤵
  PID:10100
- C:\Windows\System\vltjhlW.exe
  C:\Windows\System\vltjhlW.exe
  2⤵
  PID:10128
- C:\Windows\System\zwwXFII.exe
  C:\Windows\System\zwwXFII.exe
  2⤵
  PID:10152
- C:\Windows\System\rEQyIWC.exe
  C:\Windows\System\rEQyIWC.exe
  2⤵
  PID:10184
- C:\Windows\System\NKIEBai.exe
  C:\Windows\System\NKIEBai.exe
  2⤵
  PID:10216
- C:\Windows\System\eTSZJSP.exe
  C:\Windows\System\eTSZJSP.exe
  2⤵
  PID:9044
- C:\Windows\System\SRAEXcB.exe
  C:\Windows\System\SRAEXcB.exe
  2⤵
  PID:9272
- C:\Windows\System\xIBikAb.exe
  C:\Windows\System\xIBikAb.exe
  2⤵
  PID:9356
- C:\Windows\System\aaeqfBF.exe
  C:\Windows\System\aaeqfBF.exe
  2⤵
  PID:9400
- C:\Windows\System\AKzQvTT.exe
  C:\Windows\System\AKzQvTT.exe
  2⤵
  PID:9484
- C:\Windows\System\lXsIFgF.exe
  C:\Windows\System\lXsIFgF.exe
  2⤵
  PID:9544
- C:\Windows\System\cSGfCpf.exe
  C:\Windows\System\cSGfCpf.exe
  2⤵
  PID:9592
- C:\Windows\System\tvPfpvf.exe
  C:\Windows\System\tvPfpvf.exe
  2⤵
  PID:9664
- C:\Windows\System\MklriSK.exe
  C:\Windows\System\MklriSK.exe
  2⤵
  PID:9764
- C:\Windows\System\RVLPQJO.exe
  C:\Windows\System\RVLPQJO.exe
  2⤵
  PID:9748
- C:\Windows\System\TBNEOWe.exe
  C:\Windows\System\TBNEOWe.exe
  2⤵
  PID:9816
- C:\Windows\System\qgsMMeu.exe
  C:\Windows\System\qgsMMeu.exe
  2⤵
  PID:9920
- C:\Windows\System\iARSKHS.exe
  C:\Windows\System\iARSKHS.exe
  2⤵
  PID:10000
- C:\Windows\System\qzMbBYC.exe
  C:\Windows\System\qzMbBYC.exe
  2⤵
  PID:10032
- C:\Windows\System\asTCvEn.exe
  C:\Windows\System\asTCvEn.exe
  2⤵
  PID:10108
- C:\Windows\System\bbwSriS.exe
  C:\Windows\System\bbwSriS.exe
  2⤵
  PID:10204
- C:\Windows\System\FvmibHV.exe
  C:\Windows\System\FvmibHV.exe
  2⤵
  PID:10228
- C:\Windows\System\lQxrPfA.exe
  C:\Windows\System\lQxrPfA.exe
  2⤵
  PID:9324
- C:\Windows\System\tVBlRMK.exe
  C:\Windows\System\tVBlRMK.exe
  2⤵
  PID:9416
- C:\Windows\System\vtACSLG.exe
  C:\Windows\System\vtACSLG.exe
  2⤵
  PID:9568
- C:\Windows\System\eaodrfR.exe
  C:\Windows\System\eaodrfR.exe
  2⤵
  PID:4404
- C:\Windows\System\KgyYcdN.exe
  C:\Windows\System\KgyYcdN.exe
  2⤵
  PID:9724
- C:\Windows\System\kfsozho.exe
  C:\Windows\System\kfsozho.exe
  2⤵
  PID:9888
- C:\Windows\System\WTCcGRJ.exe
  C:\Windows\System\WTCcGRJ.exe
  2⤵
  PID:10092
- C:\Windows\System\jtCwvCr.exe
  C:\Windows\System\jtCwvCr.exe
  2⤵
  PID:9260
- C:\Windows\System\AyUnggs.exe
  C:\Windows\System\AyUnggs.exe
  2⤵
  PID:9512
- C:\Windows\System\MOcrFXo.exe
  C:\Windows\System\MOcrFXo.exe
  2⤵
  PID:9820
- C:\Windows\System\ouFJINq.exe
  C:\Windows\System\ouFJINq.exe
  2⤵
  PID:8564
- C:\Windows\System\HaKytdW.exe
  C:\Windows\System\HaKytdW.exe
  2⤵
  PID:10164
- C:\Windows\System\lmdwllT.exe
  C:\Windows\System\lmdwllT.exe
  2⤵
  PID:10264
- C:\Windows\System\DYyTusc.exe
  C:\Windows\System\DYyTusc.exe
  2⤵
  PID:10292
- C:\Windows\System\IdMHYjQ.exe
  C:\Windows\System\IdMHYjQ.exe
  2⤵
  PID:10320
- C:\Windows\System\gWorEgC.exe
  C:\Windows\System\gWorEgC.exe
  2⤵
  PID:10336
- C:\Windows\System\tdYQjqU.exe
  C:\Windows\System\tdYQjqU.exe
  2⤵
  PID:10372
- C:\Windows\System\EguIBeH.exe
  C:\Windows\System\EguIBeH.exe
  2⤵
  PID:10408
- C:\Windows\System\rLjjrtm.exe
  C:\Windows\System\rLjjrtm.exe
  2⤵
  PID:10440
- C:\Windows\System\nGSBwUX.exe
  C:\Windows\System\nGSBwUX.exe
  2⤵
  PID:10468
- C:\Windows\System\VJxzRQx.exe
  C:\Windows\System\VJxzRQx.exe
  2⤵
  PID:10484
- C:\Windows\System\FtBXhUb.exe
  C:\Windows\System\FtBXhUb.exe
  2⤵
  PID:10516
- C:\Windows\System\HFbkzSU.exe
  C:\Windows\System\HFbkzSU.exe
  2⤵
  PID:10544
- C:\Windows\System\bWEpEnx.exe
  C:\Windows\System\bWEpEnx.exe
  2⤵
  PID:10572
- C:\Windows\System\RyyZZJe.exe
  C:\Windows\System\RyyZZJe.exe
  2⤵
  PID:10600
- C:\Windows\System\DeaeKVN.exe
  C:\Windows\System\DeaeKVN.exe
  2⤵
  PID:10624
- C:\Windows\System\eMPapAa.exe
  C:\Windows\System\eMPapAa.exe
  2⤵
  PID:10644
- C:\Windows\System\gwjafju.exe
  C:\Windows\System\gwjafju.exe
  2⤵
  PID:10672
- C:\Windows\System\dbakfBB.exe
  C:\Windows\System\dbakfBB.exe
  2⤵
  PID:10688
- C:\Windows\System\lZaeZjl.exe
  C:\Windows\System\lZaeZjl.exe
  2⤵
  PID:10716
- C:\Windows\System\RsVtnqN.exe
  C:\Windows\System\RsVtnqN.exe
  2⤵
  PID:10756
- C:\Windows\System\SQKKpXl.exe
  C:\Windows\System\SQKKpXl.exe
  2⤵
  PID:10784
- C:\Windows\System\iHZHWLb.exe
  C:\Windows\System\iHZHWLb.exe
  2⤵
  PID:10812
- C:\Windows\System\ZqnAgMR.exe
  C:\Windows\System\ZqnAgMR.exe
  2⤵
  PID:10844
- C:\Windows\System\OCWSgnM.exe
  C:\Windows\System\OCWSgnM.exe
  2⤵
  PID:10880
- C:\Windows\System\zTIxHuc.exe
  C:\Windows\System\zTIxHuc.exe
  2⤵
  PID:10904
- C:\Windows\System\KwHwdUI.exe
  C:\Windows\System\KwHwdUI.exe
  2⤵
  PID:10932
- C:\Windows\System\ZERUhXd.exe
  C:\Windows\System\ZERUhXd.exe
  2⤵
  PID:10968
- C:\Windows\System\orJMTjs.exe
  C:\Windows\System\orJMTjs.exe
  2⤵
  PID:10992
- C:\Windows\System\eVJECNp.exe
  C:\Windows\System\eVJECNp.exe
  2⤵
  PID:11024
- C:\Windows\System\HwgcuBU.exe
  C:\Windows\System\HwgcuBU.exe
  2⤵
  PID:11052
- C:\Windows\System\CfMZQKk.exe
  C:\Windows\System\CfMZQKk.exe
  2⤵
  PID:11080
- C:\Windows\System\hOuoMdC.exe
  C:\Windows\System\hOuoMdC.exe
  2⤵
  PID:11116
- C:\Windows\System\mODHNgw.exe
  C:\Windows\System\mODHNgw.exe
  2⤵
  PID:11148
- C:\Windows\System\PYFbPIk.exe
  C:\Windows\System\PYFbPIk.exe
  2⤵
  PID:11168
- C:\Windows\System\pMWeJVK.exe
  C:\Windows\System\pMWeJVK.exe
  2⤵
  PID:11192
- C:\Windows\System\ZettEoX.exe
  C:\Windows\System\ZettEoX.exe
  2⤵
  PID:11224
- C:\Windows\System\iMRIpBy.exe
  C:\Windows\System\iMRIpBy.exe
  2⤵
  PID:11260
- C:\Windows\System\UfhFBaP.exe
  C:\Windows\System\UfhFBaP.exe
  2⤵
  PID:10252
- C:\Windows\System\GnvRQPk.exe
  C:\Windows\System\GnvRQPk.exe
  2⤵
  PID:10312
- C:\Windows\System\ZLTOLgV.exe
  C:\Windows\System\ZLTOLgV.exe
  2⤵
  PID:10348
- C:\Windows\System\csOQinC.exe
  C:\Windows\System\csOQinC.exe
  2⤵
  PID:10452
- C:\Windows\System\VvThEtz.exe
  C:\Windows\System\VvThEtz.exe
  2⤵
  PID:10504
- C:\Windows\System\MCmDFEA.exe
  C:\Windows\System\MCmDFEA.exe
  2⤵
  PID:10560
- C:\Windows\System\VeIKlUU.exe
  C:\Windows\System\VeIKlUU.exe
  2⤵
  PID:10616
- C:\Windows\System\ffGJqrZ.exe
  C:\Windows\System\ffGJqrZ.exe
  2⤵
  PID:10700
- C:\Windows\System\XKvJbhT.exe
  C:\Windows\System\XKvJbhT.exe
  2⤵
  PID:10744
- C:\Windows\System\zsoMhln.exe
  C:\Windows\System\zsoMhln.exe
  2⤵
  PID:10800
- C:\Windows\System\OIosyoR.exe
  C:\Windows\System\OIosyoR.exe
  2⤵
  PID:10856
- C:\Windows\System\EaXOxIX.exe
  C:\Windows\System\EaXOxIX.exe
  2⤵
  PID:10956
- C:\Windows\System\aLxWRUF.exe
  C:\Windows\System\aLxWRUF.exe
  2⤵
  PID:11008
- C:\Windows\System\zjgelcM.exe
  C:\Windows\System\zjgelcM.exe
  2⤵
  PID:11072
- C:\Windows\System\HiuMprS.exe
  C:\Windows\System\HiuMprS.exe
  2⤵
  PID:11136
- C:\Windows\System\LuIirNs.exe
  C:\Windows\System\LuIirNs.exe
  2⤵
  PID:11184
- C:\Windows\System\ZqYaqFP.exe
  C:\Windows\System\ZqYaqFP.exe
  2⤵
  PID:11248
- C:\Windows\System\ygTHTEd.exe
  C:\Windows\System\ygTHTEd.exe
  2⤵
  PID:10360
- C:\Windows\System\coWqVMZ.exe
  C:\Windows\System\coWqVMZ.exe
  2⤵
  PID:10556
- C:\Windows\System\dsegngw.exe
  C:\Windows\System\dsegngw.exe
  2⤵
  PID:10668
- C:\Windows\System\flOBCkj.exe
  C:\Windows\System\flOBCkj.exe
  2⤵
  PID:10768
- C:\Windows\System\WsbJtDW.exe
  C:\Windows\System\WsbJtDW.exe
  2⤵
  PID:10984
- C:\Windows\System\NXnXJdQ.exe
  C:\Windows\System\NXnXJdQ.exe
  2⤵
  PID:11104
- C:\Windows\System\YdVDngm.exe
  C:\Windows\System\YdVDngm.exe
  2⤵
  PID:11232
- C:\Windows\System\dDDVxIO.exe
  C:\Windows\System\dDDVxIO.exe
  2⤵
  PID:10432
- C:\Windows\System\NSpPwEd.exe
  C:\Windows\System\NSpPwEd.exe
  2⤵
  PID:10476
- C:\Windows\System\RRypqkU.exe
  C:\Windows\System\RRypqkU.exe
  2⤵
  PID:10920
- C:\Windows\System\LMJBQma.exe
  C:\Windows\System\LMJBQma.exe
  2⤵
  PID:10276
- C:\Windows\System\rghcrPD.exe
  C:\Windows\System\rghcrPD.exe
  2⤵
  PID:11272
- C:\Windows\System\EeocHCw.exe
  C:\Windows\System\EeocHCw.exe
  2⤵
  PID:11304
- C:\Windows\System\nPkBbNi.exe
  C:\Windows\System\nPkBbNi.exe
  2⤵
  PID:11328
- C:\Windows\System\iRyGnGc.exe
  C:\Windows\System\iRyGnGc.exe
  2⤵
  PID:11344
- C:\Windows\System\sUaknWB.exe
  C:\Windows\System\sUaknWB.exe
  2⤵
  PID:11360
- C:\Windows\System\PpvnsIb.exe
  C:\Windows\System\PpvnsIb.exe
  2⤵
  PID:11400
- C:\Windows\System\qYNSgRv.exe
  C:\Windows\System\qYNSgRv.exe
  2⤵
  PID:11420
- C:\Windows\System\eLNfTYm.exe
  C:\Windows\System\eLNfTYm.exe
  2⤵
  PID:11444
- C:\Windows\System\YZhfhyg.exe
  C:\Windows\System\YZhfhyg.exe
  2⤵
  PID:11468
- C:\Windows\System\pKVLvOy.exe
  C:\Windows\System\pKVLvOy.exe
  2⤵
  PID:11496
- C:\Windows\System\gweyytT.exe
  C:\Windows\System\gweyytT.exe
  2⤵
  PID:11540
- C:\Windows\System\iKaqFqG.exe
  C:\Windows\System\iKaqFqG.exe
  2⤵
  PID:11568
- C:\Windows\System\uNyYtwk.exe
  C:\Windows\System\uNyYtwk.exe
  2⤵
  PID:11616
- C:\Windows\System\DVSAKKI.exe
  C:\Windows\System\DVSAKKI.exe
  2⤵
  PID:11632
- C:\Windows\System\stvjrxs.exe
  C:\Windows\System\stvjrxs.exe
  2⤵
  PID:11660
- C:\Windows\System\vDmWgdd.exe
  C:\Windows\System\vDmWgdd.exe
  2⤵
  PID:11688
- C:\Windows\System\jAZvLZI.exe
  C:\Windows\System\jAZvLZI.exe
  2⤵
  PID:11724
- C:\Windows\System\dfiWwaa.exe
  C:\Windows\System\dfiWwaa.exe
  2⤵
  PID:11752
- C:\Windows\System\kNioVXi.exe
  C:\Windows\System\kNioVXi.exe
  2⤵
  PID:11780
- C:\Windows\System\qpnOcfI.exe
  C:\Windows\System\qpnOcfI.exe
  2⤵
  PID:11816
- C:\Windows\System\LihVLDE.exe
  C:\Windows\System\LihVLDE.exe
  2⤵
  PID:11840
- C:\Windows\System\orliRjg.exe
  C:\Windows\System\orliRjg.exe
  2⤵
  PID:11872
- C:\Windows\System\CYNRUsR.exe
  C:\Windows\System\CYNRUsR.exe
  2⤵
  PID:11904
- C:\Windows\System\gcZinPp.exe
  C:\Windows\System\gcZinPp.exe
  2⤵
  PID:11936
- C:\Windows\System\WNgssPC.exe
  C:\Windows\System\WNgssPC.exe
  2⤵
  PID:11968
- C:\Windows\System\YXxIYWG.exe
  C:\Windows\System\YXxIYWG.exe
  2⤵
  PID:11992
- C:\Windows\System\hLoygQq.exe
  C:\Windows\System\hLoygQq.exe
  2⤵
  PID:12016
- C:\Windows\System\GyQFCkF.exe
  C:\Windows\System\GyQFCkF.exe
  2⤵
  PID:12048
- C:\Windows\System\GbLyKBz.exe
  C:\Windows\System\GbLyKBz.exe
  2⤵
  PID:12076
- C:\Windows\System\aqRHgQG.exe
  C:\Windows\System\aqRHgQG.exe
  2⤵
  PID:12096
- C:\Windows\System\UctAtiT.exe
  C:\Windows\System\UctAtiT.exe
  2⤵
  PID:12116
- C:\Windows\System\wEAFuuM.exe
  C:\Windows\System\wEAFuuM.exe
  2⤵
  PID:12140
- C:\Windows\System\CrgTjuA.exe
  C:\Windows\System\CrgTjuA.exe
  2⤵
  PID:12172
- C:\Windows\System\hkrgqnv.exe
  C:\Windows\System\hkrgqnv.exe
  2⤵
  PID:12192
- C:\Windows\System\PsdciSd.exe
  C:\Windows\System\PsdciSd.exe
  2⤵
  PID:12224
- C:\Windows\System\OZGfqmz.exe
  C:\Windows\System\OZGfqmz.exe
  2⤵
  PID:12256
- C:\Windows\System\dAYoMYP.exe
  C:\Windows\System\dAYoMYP.exe
  2⤵
  PID:12284
- C:\Windows\System\HCqoFMY.exe
  C:\Windows\System\HCqoFMY.exe
  2⤵
  PID:11312
- C:\Windows\System\RcdndFn.exe
  C:\Windows\System\RcdndFn.exe
  2⤵
  PID:11380
- C:\Windows\System\aTUKazV.exe
  C:\Windows\System\aTUKazV.exe
  2⤵
  PID:11356
- C:\Windows\System\sHHwFQL.exe
  C:\Windows\System\sHHwFQL.exe
  2⤵
  PID:11480
- C:\Windows\System\hHgKRQx.exe
  C:\Windows\System\hHgKRQx.exe
  2⤵
  PID:11508
- C:\Windows\System\XagzSRK.exe
  C:\Windows\System\XagzSRK.exe
  2⤵
  PID:11580
- C:\Windows\System\HeYsRuo.exe
  C:\Windows\System\HeYsRuo.exe
  2⤵
  PID:11684
- C:\Windows\System\bPPFfIx.exe
  C:\Windows\System\bPPFfIx.exe
  2⤵
  PID:11676
- C:\Windows\System\qiQYmib.exe
  C:\Windows\System\qiQYmib.exe
  2⤵
  PID:11896
- C:\Windows\System\HwyVvDD.exe
  C:\Windows\System\HwyVvDD.exe
  2⤵
  PID:11952
- C:\Windows\System\FZURAwM.exe
  C:\Windows\System\FZURAwM.exe
  2⤵
  PID:12036
- C:\Windows\System\ZWXxUej.exe
  C:\Windows\System\ZWXxUej.exe
  2⤵
  PID:12064
- C:\Windows\System\yssTMjm.exe
  C:\Windows\System\yssTMjm.exe
  2⤵
  PID:12104
- C:\Windows\System\BeulfhP.exe
  C:\Windows\System\BeulfhP.exe
  2⤵
  PID:12216
- C:\Windows\System\ZNXrRAX.exe
  C:\Windows\System\ZNXrRAX.exe
  2⤵
  PID:12240
- C:\Windows\System\cihARGX.exe
  C:\Windows\System\cihARGX.exe
  2⤵
  PID:11340
- C:\Windows\System\bnrSDSw.exe
  C:\Windows\System\bnrSDSw.exe
  2⤵
  PID:11440
- C:\Windows\System\chxTuCo.exe
  C:\Windows\System\chxTuCo.exe
  2⤵
  PID:11484
- C:\Windows\System\pPjbvZJ.exe
  C:\Windows\System\pPjbvZJ.exe
  2⤵
  PID:11772
- C:\Windows\System\biAEjYT.exe
  C:\Windows\System\biAEjYT.exe
  2⤵
  PID:11948
- C:\Windows\System\LLZMOgG.exe
  C:\Windows\System\LLZMOgG.exe
  2⤵
  PID:12180
- C:\Windows\System\rUzVHPk.exe
  C:\Windows\System\rUzVHPk.exe
  2⤵
  PID:12188
- C:\Windows\System\cOsqQVs.exe
  C:\Windows\System\cOsqQVs.exe
  2⤵
  PID:12272
- C:\Windows\System\MZipKoy.exe
  C:\Windows\System\MZipKoy.exe
  2⤵
  PID:11732
- C:\Windows\System\qluUVWV.exe
  C:\Windows\System\qluUVWV.exe
  2⤵
  PID:12088
- C:\Windows\System\SVUtxwI.exe
  C:\Windows\System\SVUtxwI.exe
  2⤵
  PID:11744
- C:\Windows\System\VysWbCA.exe
  C:\Windows\System\VysWbCA.exe
  2⤵
  PID:11396
- C:\Windows\System\xdOQKwK.exe
  C:\Windows\System\xdOQKwK.exe
  2⤵
  PID:12320
- C:\Windows\System\vakTlYm.exe
  C:\Windows\System\vakTlYm.exe
  2⤵
  PID:12340
- C:\Windows\System\ccrWivk.exe
  C:\Windows\System\ccrWivk.exe
  2⤵
  PID:12368
- C:\Windows\System\EUlqrmF.exe
  C:\Windows\System\EUlqrmF.exe
  2⤵
  PID:12396
- C:\Windows\System\WRbKINz.exe
  C:\Windows\System\WRbKINz.exe
  2⤵
  PID:12424
- C:\Windows\System\mytbcAC.exe
  C:\Windows\System\mytbcAC.exe
  2⤵
  PID:12440
- C:\Windows\System\BNPxXvU.exe
  C:\Windows\System\BNPxXvU.exe
  2⤵
  PID:12460
- C:\Windows\System\HMTfakv.exe
  C:\Windows\System\HMTfakv.exe
  2⤵
  PID:12504
- C:\Windows\System\whaUjiK.exe
  C:\Windows\System\whaUjiK.exe
  2⤵
  PID:12536
- C:\Windows\System\bZdFQTx.exe
  C:\Windows\System\bZdFQTx.exe
  2⤵
  PID:12552
- C:\Windows\System\vJkagUk.exe
  C:\Windows\System\vJkagUk.exe
  2⤵
  PID:12576
- C:\Windows\System\uFYrYaW.exe
  C:\Windows\System\uFYrYaW.exe
  2⤵
  PID:12604
- C:\Windows\System\aBdhtnf.exe
  C:\Windows\System\aBdhtnf.exe
  2⤵
  PID:12632
- C:\Windows\System\eDePVgN.exe
  C:\Windows\System\eDePVgN.exe
  2⤵
  PID:12672
- C:\Windows\System\sXXgvzx.exe
  C:\Windows\System\sXXgvzx.exe
  2⤵
  PID:12696
- C:\Windows\System\tjBIpwJ.exe
  C:\Windows\System\tjBIpwJ.exe
  2⤵
  PID:12724
- C:\Windows\System\xaefVGZ.exe
  C:\Windows\System\xaefVGZ.exe
  2⤵
  PID:12752
- C:\Windows\System\fnCFaRN.exe
  C:\Windows\System\fnCFaRN.exe
  2⤵
  PID:12788
- C:\Windows\System\SEKjTMf.exe
  C:\Windows\System\SEKjTMf.exe
  2⤵
  PID:12820
- C:\Windows\System\eukjxhx.exe
  C:\Windows\System\eukjxhx.exe
  2⤵
  PID:12852
- C:\Windows\System\HSIPEar.exe
  C:\Windows\System\HSIPEar.exe
  2⤵
  PID:12880
- C:\Windows\System\PLndYXL.exe
  C:\Windows\System\PLndYXL.exe
  2⤵
  PID:12916
- C:\Windows\System\KGlkjnd.exe
  C:\Windows\System\KGlkjnd.exe
  2⤵
  PID:12940
- C:\Windows\System\ceuOkDy.exe
  C:\Windows\System\ceuOkDy.exe
  2⤵
  PID:12964
- C:\Windows\System\DyOZqIU.exe
  C:\Windows\System\DyOZqIU.exe
  2⤵
  PID:12992
- C:\Windows\System\GfRizZd.exe
  C:\Windows\System\GfRizZd.exe
  2⤵
  PID:13024
- C:\Windows\System\caxgYYQ.exe
  C:\Windows\System\caxgYYQ.exe
  2⤵
  PID:13048
- C:\Windows\System\jtsmhmV.exe
  C:\Windows\System\jtsmhmV.exe
  2⤵
  PID:13088
- C:\Windows\System\cIAAbZP.exe
  C:\Windows\System\cIAAbZP.exe
  2⤵
  PID:13104
- C:\Windows\System\XZzCanM.exe
  C:\Windows\System\XZzCanM.exe
  2⤵
  PID:13124
- C:\Windows\System\XxuNvRr.exe
  C:\Windows\System\XxuNvRr.exe
  2⤵
  PID:13148
- C:\Windows\System\LgQGbBk.exe
  C:\Windows\System\LgQGbBk.exe
  2⤵
  PID:13176
- C:\Windows\System\KefXqti.exe
  C:\Windows\System\KefXqti.exe
  2⤵
  PID:13216
- C:\Windows\System\TPHFPNJ.exe
  C:\Windows\System\TPHFPNJ.exe
  2⤵
  PID:13232
- C:\Windows\System\SnLeVAM.exe
  C:\Windows\System\SnLeVAM.exe
  2⤵
  PID:13264
- C:\Windows\System\eBcnycQ.exe
  C:\Windows\System\eBcnycQ.exe
  2⤵
  PID:13292
- C:\Windows\System\kmzuEhj.exe
  C:\Windows\System\kmzuEhj.exe
  2⤵
  PID:12008
- C:\Windows\System\AovYFPf.exe
  C:\Windows\System\AovYFPf.exe
  2⤵
  PID:12332
- C:\Windows\System\UAIstzl.exe
  C:\Windows\System\UAIstzl.exe
  2⤵
  PID:12360
- C:\Windows\System\jgBUBvm.exe
  C:\Windows\System\jgBUBvm.exe
  2⤵
  PID:12380
- C:\Windows\System\QnEHgMr.exe
  C:\Windows\System\QnEHgMr.exe
  2⤵
  PID:12488
- C:\Windows\System\IvpnADT.exe
  C:\Windows\System\IvpnADT.exe
  2⤵
  PID:12496
- C:\Windows\System\ATUTWeR.exe
  C:\Windows\System\ATUTWeR.exe
  2⤵
  PID:12628
- C:\Windows\System\yJPsZDB.exe
  C:\Windows\System\yJPsZDB.exe
  2⤵
  PID:12640
- C:\Windows\System\KThoLvR.exe
  C:\Windows\System\KThoLvR.exe
  2⤵
  PID:12740
- C:\Windows\System\SgFqudy.exe
  C:\Windows\System\SgFqudy.exe
  2⤵
  PID:12828
- C:\Windows\System\ZLtjWwo.exe
  C:\Windows\System\ZLtjWwo.exe
  2⤵
  PID:12896
- C:\Windows\System\kyQbXsn.exe
  C:\Windows\System\kyQbXsn.exe
  2⤵
  PID:12976
- C:\Windows\System\NVfdZuw.exe
  C:\Windows\System\NVfdZuw.exe
  2⤵
  PID:13032
- C:\Windows\System\vzbsaFC.exe
  C:\Windows\System\vzbsaFC.exe
  2⤵
  PID:13112
- C:\Windows\System\lfGthxy.exe
  C:\Windows\System\lfGthxy.exe
  2⤵
  PID:13132
- C:\Windows\System\QYvklkU.exe
  C:\Windows\System\QYvklkU.exe
  2⤵
  PID:13280
- C:\Windows\System\ATORkTA.exe
  C:\Windows\System\ATORkTA.exe
  2⤵
  PID:13260
- C:\Windows\System\cRYZZJZ.exe
  C:\Windows\System\cRYZZJZ.exe
  2⤵
  PID:12416
- C:\Windows\System\oPFNKZN.exe
  C:\Windows\System\oPFNKZN.exe
  2⤵
  PID:12664
- C:\Windows\System\gAfwYOU.exe
  C:\Windows\System\gAfwYOU.exe
  2⤵
  PID:12564
- C:\Windows\System\YbqTiei.exe
  C:\Windows\System\YbqTiei.exe
  2⤵
  PID:12892
- C:\Windows\System\yAOKYxb.exe
  C:\Windows\System\yAOKYxb.exe
  2⤵
  PID:13060
- C:\Windows\System\bTWOWmB.exe
  C:\Windows\System\bTWOWmB.exe
  2⤵
  PID:13204
- C:\Windows\System\BhkWcfR.exe
  C:\Windows\System\BhkWcfR.exe
  2⤵
  PID:12492
- C:\Windows\System\ABHDngX.exe
  C:\Windows\System\ABHDngX.exe
  2⤵
  PID:12928
- C:\Windows\System\jwZmcyX.exe
  C:\Windows\System\jwZmcyX.exe
  2⤵
  PID:13144
- C:\Windows\System\fAfuDls.exe
  C:\Windows\System\fAfuDls.exe
  2⤵
  PID:13196
- C:\Windows\System\RTSuOKn.exe
  C:\Windows\System\RTSuOKn.exe
  2⤵
  PID:13324
- C:\Windows\System\rufBXyY.exe
  C:\Windows\System\rufBXyY.exe
  2⤵
  PID:13356
- C:\Windows\System\tDMZCSU.exe
  C:\Windows\System\tDMZCSU.exe
  2⤵
  PID:13388
- C:\Windows\System\iGCddVI.exe
  C:\Windows\System\iGCddVI.exe
  2⤵
  PID:13412
- C:\Windows\System\rGmiWLt.exe
  C:\Windows\System\rGmiWLt.exe
  2⤵
  PID:13436
- C:\Windows\System\yEkzOwn.exe
  C:\Windows\System\yEkzOwn.exe
  2⤵
  PID:13464
- C:\Windows\System\JSsrTCB.exe
  C:\Windows\System\JSsrTCB.exe
  2⤵
  PID:13496
- C:\Windows\System\NhbVoGP.exe
  C:\Windows\System\NhbVoGP.exe
  2⤵
  PID:13516
- C:\Windows\System\WgceOvU.exe
  C:\Windows\System\WgceOvU.exe
  2⤵
  PID:13556
- C:\Windows\System\kZvFcPb.exe
  C:\Windows\System\kZvFcPb.exe
  2⤵
  PID:13580
- C:\Windows\System\EdoWisy.exe
  C:\Windows\System\EdoWisy.exe
  2⤵
  PID:13596
- C:\Windows\System\MshefOZ.exe
  C:\Windows\System\MshefOZ.exe
  2⤵
  PID:13624
- C:\Windows\System\dDQFqzN.exe
  C:\Windows\System\dDQFqzN.exe
  2⤵
  PID:13656
- C:\Windows\System\brbJZer.exe
  C:\Windows\System\brbJZer.exe
  2⤵
  PID:13688
- C:\Windows\System\ypsDOzy.exe
  C:\Windows\System\ypsDOzy.exe
  2⤵
  PID:13720
- C:\Windows\System\TUkShju.exe
  C:\Windows\System\TUkShju.exe
  2⤵
  PID:13760
- C:\Windows\System\RpWlySa.exe
  C:\Windows\System\RpWlySa.exe
  2⤵
  PID:13776
- C:\Windows\System\rqhLRoG.exe
  C:\Windows\System\rqhLRoG.exe
  2⤵
  PID:13804
- C:\Windows\System\eVYDMEt.exe
  C:\Windows\System\eVYDMEt.exe
  2⤵
  PID:13840
- C:\Windows\System\FAurdUi.exe
  C:\Windows\System\FAurdUi.exe
  2⤵
  PID:13868
- C:\Windows\System\DiLEUdX.exe
  C:\Windows\System\DiLEUdX.exe
  2⤵
  PID:13896
- C:\Windows\System\UxvGOJe.exe
  C:\Windows\System\UxvGOJe.exe
  2⤵
  PID:13924
- C:\Windows\System\yLOshpM.exe
  C:\Windows\System\yLOshpM.exe
  2⤵
  PID:13948
- C:\Windows\System\yjGgYIM.exe
  C:\Windows\System\yjGgYIM.exe
  2⤵
  PID:13976
- C:\Windows\System\GuJkEgh.exe
  C:\Windows\System\GuJkEgh.exe
  2⤵
  PID:14012
- C:\Windows\System\vqVrGOZ.exe
  C:\Windows\System\vqVrGOZ.exe
  2⤵
  PID:14044
- C:\Windows\System\WAEAPok.exe
  C:\Windows\System\WAEAPok.exe
  2⤵
  PID:14072
- C:\Windows\System\EWukJsM.exe
  C:\Windows\System\EWukJsM.exe
  2⤵
  PID:14092
- C:\Windows\System\zBRsKRU.exe
  C:\Windows\System\zBRsKRU.exe
  2⤵
  PID:14128
- C:\Windows\System\gjhjEBF.exe
  C:\Windows\System\gjhjEBF.exe
  2⤵
  PID:14144
- C:\Windows\System\ggWeOQA.exe
  C:\Windows\System\ggWeOQA.exe
  2⤵
  PID:14184
- C:\Windows\System\SGPaMNT.exe
  C:\Windows\System\SGPaMNT.exe
  2⤵
  PID:14212
- C:\Windows\System\gxcBBPa.exe
  C:\Windows\System\gxcBBPa.exe
  2⤵
  PID:14244
- C:\Windows\System\WNbZyag.exe
  C:\Windows\System\WNbZyag.exe
  2⤵
  PID:14272
- C:\Windows\System\IvjMtmw.exe
  C:\Windows\System\IvjMtmw.exe
  2⤵
  PID:14300
- C:\Windows\System\skxeUiQ.exe
  C:\Windows\System\skxeUiQ.exe
  2⤵
  PID:14328
- C:\Windows\System\zuzskoQ.exe
  C:\Windows\System\zuzskoQ.exe
  2⤵
  PID:13320
- C:\Windows\System\tZdOruN.exe
  C:\Windows\System\tZdOruN.exe
  2⤵
  PID:4076
- C:\Windows\System\dKltagh.exe
  C:\Windows\System\dKltagh.exe
  2⤵
  PID:13368
- C:\Windows\System\PgMeTTe.exe
  C:\Windows\System\PgMeTTe.exe
  2⤵
  PID:13432
- C:\Windows\System\JKiAASk.exe
  C:\Windows\System\JKiAASk.exe
  2⤵
  PID:13480
- C:\Windows\System\vWjGauZ.exe
  C:\Windows\System\vWjGauZ.exe
  2⤵
  PID:13540
- C:\Windows\System\qgSnElz.exe
  C:\Windows\System\qgSnElz.exe
  2⤵
  PID:13604
- C:\Windows\System\qTaGDmh.exe
  C:\Windows\System\qTaGDmh.exe
  2⤵
  PID:13740
- C:\Windows\System\SfrYLxh.exe
  C:\Windows\System\SfrYLxh.exe
  2⤵
  PID:13772
- C:\Windows\System\mPnpTGW.exe
  C:\Windows\System\mPnpTGW.exe
  2⤵
  PID:13828
- C:\Windows\System\eCAAAOE.exe
  C:\Windows\System\eCAAAOE.exe
  2⤵
  PID:13884
- C:\Windows\System\uidOsPY.exe
  C:\Windows\System\uidOsPY.exe
  2⤵
  PID:13996
- C:\Windows\System\lNrrCQv.exe
  C:\Windows\System\lNrrCQv.exe
  2⤵
  PID:14056
- C:\Windows\System\BQoJYAM.exe
  C:\Windows\System\BQoJYAM.exe
  2⤵
  PID:14080

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 14068 -s 744
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BYtOoNT.exe

Filesize
2.2MB

MD5
a50d11b14c530e32bf3fb119e8130e63

SHA1
07d1dc8ae9355a77505cc70330505ca3c59f73be

SHA256
7f3fda11a049190c19256329ccb800a01d803e32296143ff28bd1bc1a17dba7f

SHA512
b01eb5d182e6ae5f8320f5ebf4dc34d9c57a5928bd9e6a9aa3472f3e471edadb740f733317aa79d717d79276cea2e4cd460997fe259ed34e83c883801a4cefa6

Download Submit
C:\Windows\System\DIKUfzh.exe

Filesize
2.2MB

MD5
f8b4a92b3233928f92d0bf555b33dad6

SHA1
fc4b2d606566fca2eea153cbbd36573edd17167d

SHA256
536b1c36be390634bf933c4392ad34994fc680d051d3d92a566e76afdf33edec

SHA512
0141fdfd5d902cd693a6951965fd58a5a2d99caec87ce9cc0f4f28471a71a3d60defccbfe2effb1a30e841d48d435b95d8c96b7b055aba85e2f3a80d7457c89a

Download Submit
C:\Windows\System\DgecbVT.exe

Filesize
2.2MB

MD5
34648828cdb0340b15e9d187e69cc802

SHA1
e512d68c8c4012f23b2455029c3ac601e3c58588

SHA256
7d35b1a81de67cf9cf0dbf0ea2a8eed0c48f08189dee4e6c3d4b695d80c15503

SHA512
3017fafddf17915050db578861a908d40149399f74d5fc4acd03cc9632bff471e0537f66d53cb6e4543b37cab9fcb94647dc867af71e6b7371cc085f02355f09

Download Submit
C:\Windows\System\DtjAlzW.exe

Filesize
2.2MB

MD5
fcf72dea936b9c24ea8d76732dc5855e

SHA1
9367ca0e0706238432a7afb1a3395b09e0af0e7e

SHA256
73f56baea8db398c445a527a931e8e35a3967f2f728653d6179ffccad7cb1117

SHA512
6493e0a54a0caf4141bf59e525f74f857a185ace5b01ac968cfcf8e2d27037d296868f76fa7cb29996b86fa97373bc0b7d33d6570f7ef0b8094a344a4f6dad75

Download Submit
C:\Windows\System\HKXrpUh.exe

Filesize
2.2MB

MD5
d0b725d82417bb538dd15e984e9c8cc6

SHA1
000241cde9f486bd28619b7e7c539d2eaf975d32

SHA256
9109198410f1281b7d5ce2ced55949a4c9a7ad2b81efc70786f63dad61191a98

SHA512
0329800936e86058a18551911580d26b86ac45e66608026d84b3e5f8c02b28254faf7c532bf931712d196a1a257d93179f5c69ee3ec49595bbd27f3e3b8e09e6

Download Submit
C:\Windows\System\KSNKBRl.exe

Filesize
2.2MB

MD5
70173ad5012972e4df0a08d66c61098f

SHA1
619a24caaf04053832e93b5a0587b20c422ae4d2

SHA256
911f99dcf51087879cf28e4fd94b16c17de31859a3064b0b97145f1372fa412f

SHA512
bbbbfe7592e82f47b07ce2f228b2d815b60251158ca70ce8ab9f1ac2b2dd14ee34300812c69aee8ab801a116b17ea467001726a1e405b642d598fbb7e8ff1a40

Download Submit
C:\Windows\System\MnIWJvK.exe

Filesize
2.2MB

MD5
ec1b52cf04177ece68c2d004fabc51b9

SHA1
3f138593a55310bb1f99377dcdd290a7e8cef79e

SHA256
c5d280f7737c18fa4df71d0077a0f9bd4f7bcf7f7f4f599904acf826c12aed7d

SHA512
61cafb965683b62c2a8a8a8e4fc0322de123224811eadc3c8473f82e32d8c9b46562addc350855d6cb380e164246de26e36e0b92c48d725a6b97fafdf8822e2c

Download Submit
C:\Windows\System\NKNnejn.exe

Filesize
2.2MB

MD5
1e43f91b1376560fec94220ec6d0f40e

SHA1
250966ad0026c91e3650a894382f2c26ff0034df

SHA256
9b134d14b516d61d338c959b1fc7ca7e946e1fd5456df610e408c4f987238e7c

SHA512
03f2c1678edac606c47e54e38dd1f3bce7777bdc96ad31f723f1a407055112894daa28158bec1e997e21cee08c935ccbd82d975c66d14227ce3bcb65e1b09b3f

Download Submit
C:\Windows\System\PoyfkbO.exe

Filesize
2.2MB

MD5
60cea2c2ee12811397eb9c138e63909d

SHA1
7b7a6536cf33f16f041cbf8860e1e665be0aff7c

SHA256
4812e850b83be5bdab3528c01d6e57041f56af9822efe048311b4b151ec1c453

SHA512
280c27672bcd8a53c9efaf32852deef84fa65bff234da027d5039e2cfc5324d881a27f901db4b6b005df3228ad31a4d58f8f4bd1059c69b94581f8cb3230bbd1

Download Submit
C:\Windows\System\RyVndPE.exe

Filesize
2.2MB

MD5
9738329adc4b3ad6b450164bbe8991aa

SHA1
1c467b5ffdba21023b6ba6f4ded2a8d5486adea2

SHA256
caf0abd26fbd5b110bf45e1ea37d446c41ac0447febd9e37795158415fe8fffb

SHA512
670fd2c7ea67266d755c9e1d8c63f6041acd00f72a0dd89dd942a7d77b502dc74464bc0d491ecace9bc9f38b69f77d7c39d9b1a8aceaa70eae01a538e052b3b1

Download Submit
C:\Windows\System\TQuspTX.exe

Filesize
2.2MB

MD5
702eb83b0c8465192610c60bc84b8bec

SHA1
92683bfc7c2581c7932493c21407a71ec2b788bd

SHA256
ec9278b49f9bc2bc14bbdced401ff877aa550444b5b9c3e98bf8d40fa348afb9

SHA512
a82127f45d004002e397023be5fc58fb0c05df01a64314ddfc99439207868f1872bcffb4b1b3a2b8fac0ae8b30609663533483bb0a0ff49ea2735f133fa81654

Download Submit
C:\Windows\System\UgtcqeD.exe

Filesize
2.2MB

MD5
bd2237a0c3eebf727afa36abfe1ac778

SHA1
b8154b5e12355291a5a1ad966660cad9c6e53e4b

SHA256
d62ba6fe2d17b66632e24b1f293a84f06f3b4a6a44b7cae413e0ba3b3bc69fa9

SHA512
ef0163822ffadd5fc6a9f008d45bec234021114844411297ffb417515bc5775c2c4d953bc0caab05b6fd4fc67d514dda5e33ea4f790929b168b28896e3f12d6c

Download Submit
C:\Windows\System\XdXJrkj.exe

Filesize
2.2MB

MD5
9e41963be8e04f2eed1cf0906d8204a2

SHA1
fb72ac38b4bdf3f7aa2367f51cc31865566e1b02

SHA256
b2033d680b22bae9274ed323cea866bf021fd889907c94cc15fa3b3c0d475840

SHA512
630c939659ffea9741603e9aa3ecc69b8a2a7b2d3a7147c14a7813dd03f1bde31d878b67b9e2c2ad5cb9b42d009e27e8e56e1795452e7ce43ef5f5f294483519

Download Submit
C:\Windows\System\XiAgkxz.exe

Filesize
2.2MB

MD5
c3245576183a03ceee801f94487d4400

SHA1
0a28d6ca1606ee39e611488a80f94be737176aee

SHA256
1bdf38c8e4f79516a6af76b0cc46651d904783b68a6e5697fb7d94b015ed36ca

SHA512
434d4b1d634c65cd5e17260685928b9f657f3d55d9b6886469f05b368f392ab626edb3dd4df1eeaae1eca49eb892cf084711612c52860870228f51786f5581e5

Download Submit
C:\Windows\System\YLGSWcH.exe

Filesize
2.2MB

MD5
02fb28ae3b639f7bf6c1e882aa2f172f

SHA1
ffe45847d82bc653c9a97398088c9f78f4762377

SHA256
63b9c291400be6cc886e70ac59cef6392d1808c0623f7a016c3f665e40a30f67

SHA512
ddf1799f82f17e3f4813e54ce20a4de12ed618daaf584f2b329638293efbf6c8fc5112ce200b7213087a5f6bbafedda44d3fbc44e994f9adc0e1d54488438216

Download Submit
C:\Windows\System\YfARqGj.exe

Filesize
2.2MB

MD5
0331d6fded7182acc02e92c88998b942

SHA1
ca7bd545d69aad4717b87a87d9d4292976915d36

SHA256
ad80efa4100c78f72bd27f67fa7bced57f3fb81824169611501129dfcb1401f5

SHA512
971b378dd4069e8797f1ac96a1847aa3e1890b9f675983ae6d971437b3ca4b5ea415d5cc6d91e8b8ff1afd076e35ead79a8d586d931ecd5110ab1dd600fa7004

Download Submit
C:\Windows\System\aTFWxOa.exe

Filesize
2.2MB

MD5
8677df594fd6b125547805992f8632f6

SHA1
bd19b19144752d125369f9b58a17f8838a1c5719

SHA256
49e64f64a53c6407f02f78295e72f34028dca7ef23ce92d3a8713976be6d22f3

SHA512
61c5c5b578aef034fbd8fd93a2f1e14cd511f227068e4295c764216cb183d6d2f55580c1a71acb94a109e9888a5ad1c9a40e67ff70f8b6adaa9567ecc3e3e3f8

Download Submit
C:\Windows\System\cUIjOEQ.exe

Filesize
2.2MB

MD5
9507ad651bfcc82d7ebb22930150e60c

SHA1
6518d793163382788ea2a340cf865afd453a92a5

SHA256
28a96e70f82dda4e22882eb4d9e09d181a8e120779ea87365fdfa753c95649f9

SHA512
41eca468665dd4f7385b14841002ff56f4b9c307bfc35681b4a41905b7d4a56ec73a522486116d9f95748a514e8766be3f721b5d9d8d7a86fc18c26e8a56361c

Download Submit
C:\Windows\System\efRGxYn.exe

Filesize
2.2MB

MD5
3aa14c540f9d219ce7af5d56ae61138d

SHA1
d17ed87a1e7971a5095dd118ab82d41bc3c0794d

SHA256
d4e06cbb4a051b6a753beb5965d4e6ff2022cf85a6d68af6a143a407963f6b6b

SHA512
21449327023dc331924424e913bbd632526d3a927906cef96b941bf69f819cbcc13af13066d2c3fd5b499ede56c5543917c8de6e730ede2c211b5fb1d1911dca

Download Submit
C:\Windows\System\gVSBFkR.exe

Filesize
2.2MB

MD5
bb9531c834ab06fb6332f676e7e935ef

SHA1
5f4fa50600de93aa421b3c68fb84ea1728aa92d7

SHA256
853b4f4836602fac4c4ce8fec6c570c2291da469298dfdd604ebf4902fdba985

SHA512
2179b64bf2de9291e001c06a03e121d84fae46dec7b3f7fd1e9a8865e1c1c7eecabaee961ab3b0fe4506db8194ac78f5c68e84a56f1f16e7dc01c728860a8061

Download Submit
C:\Windows\System\hVefsqZ.exe

Filesize
2.2MB

MD5
498541d2914e900057667d4e7b04ba10

SHA1
4c3f5dd8dc71c4b3808f2e6ebfd7bc377a4d25d1

SHA256
a650066570c92dd2c18632e2dfeb054fc2c4b3bc8408cba5692e607b0a9c859f

SHA512
027c7c0d64d272af2f5b11dc4268a7f593d1a8bf842047887b2514e66610ba1af51f502e6144cab28af178a5dfc89c601f1cae088ffef351d96639e949c81aa8

Download Submit
C:\Windows\System\hpfkyXL.exe

Filesize
2.2MB

MD5
3ac00dc09f8eb0ac754c5eb15d78587a

SHA1
1738df55a983ebf25644cd643f8151e1f66fb393

SHA256
77e55b17b0198b4e9ec3c4c4897a2dee9a3ea2c425162f04e04c2dadda376339

SHA512
296294e90eb7afaa2f0f648439e265a1b867d9d9f7915cd728520800e3c23036d1dc14aba637b872f3de624b60e0e6a61ffad764c928bc885d471e09d0211d0d

Download Submit
C:\Windows\System\itzyHNX.exe

Filesize
2.2MB

MD5
5587aa38e386fc90073177d5bf5e57f2

SHA1
5e16a61ffba053a2d770c0fdf898d719db05049b

SHA256
6cd573c0e9821ab2e159cc3017d393563a6ddad7bea87b5cc6777948b0ee2e54

SHA512
8334fcb2ac89ea368fd1ce4a3cc09c97629bddc32f51243f180972f8347da1bd286e9312bd79ab66bf7404c5660eb8d447a618ce103bb039468ce95416b55c36

Download Submit
C:\Windows\System\jHdxQpd.exe

Filesize
2.2MB

MD5
ea219f1bb5b758265609bb439d9de603

SHA1
b21152d05e87df7d00e3d7e1271bfd4b1590fb17

SHA256
be79e1aa334ce5befc50d9cdf3c3bc1fd27e303972eb4d1921b8ae3e6b9e4449

SHA512
b1d8c27f89fd329696d9ccd1526643f077ab7ba01001903362e2834f79bb3e5864ee88a85cbd0946cdf34cc04d6f11582f19f6f0ebb1a8c751ed99170c9f8b96

Download Submit
C:\Windows\System\kpGoJeh.exe

Filesize
2.2MB

MD5
94cbe3238901dc484bd6eeebf1719ae3

SHA1
dbd4a6b21885f9aa412944be7ab327f770e24f09

SHA256
07da2512769945ed4749af2f647904966a32d730080c144a9bbfa2adfc44c136

SHA512
b4b8ad6dbf84ae7308bc79e4fe63d26e954ca30adfd1d4751c04e49c579f881a6ec34ed689130480101a6d4f8534a950e3de0f9d6876bd9b34e64eec3f53becb

Download Submit
C:\Windows\System\mDukIQm.exe

Filesize
2.2MB

MD5
961b6cef5b9a822d1374f924f5cc417d

SHA1
8f69769ac2c3f053dc9e94bd4460d73cf016b9cb

SHA256
1faa320780c0b08a066525061bb27a4ccbafe7b8f704df0d00d54d25bc633426

SHA512
f78576cf906275d8f7f6540623b4c9372039580a490beb716198a66bdacb594d35fce72a699195a3340dd4ffef90a38964652c77163b74e2a039bf9ed7d65faa

Download Submit
C:\Windows\System\nfJTGuy.exe

Filesize
2.2MB

MD5
2740171e6111649f3eb5f17a2eb9d275

SHA1
2b057c7948204da59324cc9a6cadc47cbe195b17

SHA256
e9ee4da156bf4fe6bd96314fd08a392b03566fff77fc8a23232051d09919acdf

SHA512
21303acac2c9c289c04dbe0b441842f2606cceb57ecd75103ad2a7950302bf11fc9adbc8f1f9117b1ab30d9a89dd68d1dec50d8acd64902560e09124c4f3af3f

Download Submit
C:\Windows\System\rcIPmbA.exe

Filesize
2.2MB

MD5
eac799b25ccf38bf8903d7e07a8acdc3

SHA1
94ac38d30ea9ee258a089cf04fa967de921af5e0

SHA256
52828a308d49075952474c86665e401adf7671ad7d13d396e9685d8a2b7831c3

SHA512
6e880fc181e47cff9edae13cd85d220d289d832d9a91524a209ed67d189457db597dc6be72331e240b72b2b18d97d12cbbc0504e605bf5f97bddd48a69ce7b34

Download Submit
C:\Windows\System\rjmfExJ.exe

Filesize
2.2MB

MD5
ef6fcd68b5ff73ea6646fa79a0767df8

SHA1
02a059760f81dbc192c291e8384fb8e190da3d31

SHA256
86e0350ac2d085f22d522b6a2254a73d638f0a08e61a8e2de8504bb3a3a61ab8

SHA512
364642e5973e316cf58d5e5f7eea7a1a5a019e58cecc9d6be3c38fdfaaafcf8b47dc6c09f335221e23f1687a9a29dfb19547a17b40b063eec21b4aba98a397cb

Download Submit
C:\Windows\System\tXnoxbR.exe

Filesize
2.2MB

MD5
5d340e7370c0a5c50b375c244caf0975

SHA1
9d815ba7cebb0bb10bedca2aaadfc02f799239f5

SHA256
7ab5e4677a0da18b63ae200b036e0f803ab8748a213450efd87e370b81b13dc8

SHA512
571b72ee1a15982be574d1d2eb857d2be373725f05bd39401bfd472bda1beb8b4eee1938f117e107c153da3e645a56e6fc25c32d47761ef0c0db067effff85c5

Download Submit
C:\Windows\System\tqkvPkI.exe

Filesize
2.2MB

MD5
de4a8c8f9996fef6c934034582d8bc7f

SHA1
8a3e68f5ec68ff07fee6df0820e2405edfb1be5d

SHA256
04342cac1ae2e73e62a1d1512894d16fb1bab6d5c8250160332bdaf112c986c0

SHA512
6d1c18fa36a0fabb8d9c727d0b6ad95a9a2e12ad072d5de390e1127cac8f03ef8cbddd1d17b3a0888c016e17aeed00a9ae9950b2c065ae236d9ffb3a08555d55

Download Submit
C:\Windows\System\tuPMQFT.exe

Filesize
2.2MB

MD5
2738ecd9469a7f3a274e805492727a80

SHA1
1b48e5dbdcc82cdad92a8d050c12e5e053263c2f

SHA256
5e4e39a979789e600c765a3f39a4d5731a78c70cdce7c1ab076d934c6569f0b1

SHA512
5f877f84cef8d5929879fca2e13b403c7d3a459fbb154414399c6217e534f98834775a803c6128e481fb4b9ccfefa72dfdb6175cc0a07cabb63ff05dcffb2e4a

Download Submit
C:\Windows\System\zPCxrfh.exe

Filesize
2.2MB

MD5
ae0d9b58e10158aaf313c2edb7e0eb5c

SHA1
c7794d712ade5ca1a3909d012c036c3c39743142

SHA256
83f34b319de15e5a9c13105dbd56d7440e23def8c7beaf347fd9087d9f953337

SHA512
66c2f4ccf85e587da5afb0812bb554217bd07f35e6c4390589b3856d5725ce9ae1389a0945eb03819563e5dcb1d3b23abd9c84b00017260b9430c4719fad4a16

Download Submit
memory/60-129-0x00007FF6473C0000-0x00007FF647714000-memory.dmp

Filesize
3.3MB

Download
memory/60-2135-0x00007FF6473C0000-0x00007FF647714000-memory.dmp

Filesize
3.3MB

Download
memory/60-2160-0x00007FF6473C0000-0x00007FF647714000-memory.dmp

Filesize
3.3MB

Download
memory/212-2139-0x00007FF795650000-0x00007FF7959A4000-memory.dmp

Filesize
3.3MB

Download
memory/212-8-0x00007FF795650000-0x00007FF7959A4000-memory.dmp

Filesize
3.3MB

Download
memory/212-2129-0x00007FF795650000-0x00007FF7959A4000-memory.dmp

Filesize
3.3MB

Download
memory/368-2140-0x00007FF67C880000-0x00007FF67CBD4000-memory.dmp

Filesize
3.3MB

Download
memory/368-18-0x00007FF67C880000-0x00007FF67CBD4000-memory.dmp

Filesize
3.3MB

Download
memory/368-2130-0x00007FF67C880000-0x00007FF67CBD4000-memory.dmp

Filesize
3.3MB

Download
memory/416-2146-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp

Filesize
3.3MB

Download
memory/416-2138-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp

Filesize
3.3MB

Download
memory/416-42-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp

Filesize
3.3MB

Download
memory/528-170-0x00007FF77FA20000-0x00007FF77FD74000-memory.dmp

Filesize
3.3MB

Download
memory/528-2147-0x00007FF77FA20000-0x00007FF77FD74000-memory.dmp

Filesize
3.3MB

Download
memory/556-2144-0x00007FF700AE0000-0x00007FF700E34000-memory.dmp

Filesize
3.3MB

Download
memory/556-2133-0x00007FF700AE0000-0x00007FF700E34000-memory.dmp

Filesize
3.3MB

Download
memory/556-78-0x00007FF700AE0000-0x00007FF700E34000-memory.dmp

Filesize
3.3MB

Download
memory/664-162-0x00007FF6B16C0000-0x00007FF6B1A14000-memory.dmp

Filesize
3.3MB

Download
memory/664-2158-0x00007FF6B16C0000-0x00007FF6B1A14000-memory.dmp

Filesize
3.3MB

Download
memory/820-2149-0x00007FF728C00000-0x00007FF728F54000-memory.dmp

Filesize
3.3MB

Download
memory/820-172-0x00007FF728C00000-0x00007FF728F54000-memory.dmp

Filesize
3.3MB

Download
memory/928-2159-0x00007FF6F2310000-0x00007FF6F2664000-memory.dmp

Filesize
3.3MB

Download
memory/928-139-0x00007FF6F2310000-0x00007FF6F2664000-memory.dmp

Filesize
3.3MB

Download
memory/1148-163-0x00007FF7837C0000-0x00007FF783B14000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2157-0x00007FF7837C0000-0x00007FF783B14000-memory.dmp

Filesize
3.3MB

Download
memory/1176-38-0x00007FF6606B0000-0x00007FF660A04000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2142-0x00007FF6606B0000-0x00007FF660A04000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2131-0x00007FF6606B0000-0x00007FF660A04000-memory.dmp

Filesize
3.3MB

Download
memory/1340-27-0x00007FF6C4AA0000-0x00007FF6C4DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1340-2136-0x00007FF6C4AA0000-0x00007FF6C4DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1340-2145-0x00007FF6C4AA0000-0x00007FF6C4DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2132-0x00007FF688DD0000-0x00007FF689124000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2167-0x00007FF688DD0000-0x00007FF689124000-memory.dmp

Filesize
3.3MB

Download
memory/1408-59-0x00007FF688DD0000-0x00007FF689124000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2155-0x00007FF6B5E90000-0x00007FF6B61E4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-161-0x00007FF6B5E90000-0x00007FF6B61E4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-175-0x00007FF619250000-0x00007FF6195A4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2163-0x00007FF619250000-0x00007FF6195A4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2166-0x00007FF720740000-0x00007FF720A94000-memory.dmp

Filesize
3.3MB

Download
memory/2136-138-0x00007FF720740000-0x00007FF720A94000-memory.dmp

Filesize
3.3MB

Download
memory/2208-1-0x000001E06F640000-0x000001E06F650000-memory.dmp

Filesize
64KB

Download
memory/2208-0-0x00007FF6CB120000-0x00007FF6CB474000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2156-0x00007FF6F8C50000-0x00007FF6F8FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-166-0x00007FF6F8C50000-0x00007FF6F8FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-173-0x00007FF753E50000-0x00007FF7541A4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2148-0x00007FF753E50000-0x00007FF7541A4000-memory.dmp

Filesize
3.3MB

Download
memory/3300-165-0x00007FF7BF450000-0x00007FF7BF7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3300-2162-0x00007FF7BF450000-0x00007FF7BF7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2154-0x00007FF72B950000-0x00007FF72BCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-167-0x00007FF72B950000-0x00007FF72BCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2161-0x00007FF7E8140000-0x00007FF7E8494000-memory.dmp

Filesize
3.3MB

Download
memory/3720-164-0x00007FF7E8140000-0x00007FF7E8494000-memory.dmp

Filesize
3.3MB

Download
memory/3772-2134-0x00007FF7ACAA0000-0x00007FF7ACDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3772-2143-0x00007FF7ACAA0000-0x00007FF7ACDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3772-108-0x00007FF7ACAA0000-0x00007FF7ACDF4000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2165-0x00007FF6081B0000-0x00007FF608504000-memory.dmp

Filesize
3.3MB

Download
memory/4336-174-0x00007FF6081B0000-0x00007FF608504000-memory.dmp

Filesize
3.3MB

Download
memory/4356-171-0x00007FF7FB6E0000-0x00007FF7FBA34000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2150-0x00007FF7FB6E0000-0x00007FF7FBA34000-memory.dmp

Filesize
3.3MB

Download
memory/4612-169-0x00007FF654B60000-0x00007FF654EB4000-memory.dmp

Filesize
3.3MB

Download
memory/4612-2151-0x00007FF654B60000-0x00007FF654EB4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-156-0x00007FF709760000-0x00007FF709AB4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-2164-0x00007FF709760000-0x00007FF709AB4000-memory.dmp

Filesize
3.3MB

Download
memory/4636-2137-0x00007FF658D50000-0x00007FF6590A4000-memory.dmp

Filesize
3.3MB

Download
memory/4636-2141-0x00007FF658D50000-0x00007FF6590A4000-memory.dmp

Filesize
3.3MB

Download
memory/4636-30-0x00007FF658D50000-0x00007FF6590A4000-memory.dmp

Filesize
3.3MB

Download
memory/5012-176-0x00007FF790F00000-0x00007FF791254000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2153-0x00007FF790F00000-0x00007FF791254000-memory.dmp

Filesize
3.3MB

Download
memory/5092-2152-0x00007FF7B00C0000-0x00007FF7B0414000-memory.dmp

Filesize
3.3MB

Download
memory/5092-168-0x00007FF7B00C0000-0x00007FF7B0414000-memory.dmp

Filesize
3.3MB

Download