xmrig | 5774f186ba1012eb3c0e319d5770cdc2366325a22939cff07a34151fc988c662

Analysis

max time kernel
94s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
Size

1.9MB
MD5

e4b3f83f81976ee68eafa0e7fe9a8ad0
SHA1

dcd999826865302fb8cad60604532f9020eeee99
SHA256

5774f186ba1012eb3c0e319d5770cdc2366325a22939cff07a34151fc988c662
SHA512

746a52ec3c7de18485a4af70db77ef603a4b24d340b02ff50901d6f5976408fc21d493d280aa78bc4ed6e93827dc5d0631522fdf5e2d3fa936432a7cb98cb843
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AKavC2YM:BemTLkNdfE0pZrs

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1028-0-0x00007FF705AD0000-0x00007FF705E24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023270-5.dat	xmrig
behavioral2/files/0x00070000000233b2-7.dat	xmrig
behavioral2/files/0x00070000000233b4-23.dat	xmrig
behavioral2/files/0x00070000000233b3-22.dat	xmrig
behavioral2/memory/2700-19-0x00007FF6E97E0000-0x00007FF6E9B34000-memory.dmp	xmrig
behavioral2/files/0x00070000000233b1-16.dat	xmrig
behavioral2/memory/4976-8-0x00007FF6821B0000-0x00007FF682504000-memory.dmp	xmrig
behavioral2/memory/2976-39-0x00007FF6F0E30000-0x00007FF6F1184000-memory.dmp	xmrig
behavioral2/files/0x00070000000233b5-44.dat	xmrig
behavioral2/files/0x00070000000233b6-49.dat	xmrig
behavioral2/files/0x00070000000233b8-53.dat	xmrig
behavioral2/files/0x00070000000233b7-51.dat	xmrig
behavioral2/memory/2864-46-0x00007FF6B78C0000-0x00007FF6B7C14000-memory.dmp	xmrig
behavioral2/memory/4808-42-0x00007FF641AF0000-0x00007FF641E44000-memory.dmp	xmrig
behavioral2/memory/64-38-0x00007FF6431E0000-0x00007FF643534000-memory.dmp	xmrig
behavioral2/memory/1012-29-0x00007FF749C10000-0x00007FF749F64000-memory.dmp	xmrig
behavioral2/memory/2932-26-0x00007FF785AA0000-0x00007FF785DF4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233b9-59.dat	xmrig
behavioral2/files/0x000a0000000233ac-64.dat	xmrig
behavioral2/memory/3996-58-0x00007FF64EBC0000-0x00007FF64EF14000-memory.dmp	xmrig
behavioral2/memory/5100-67-0x00007FF7FE4C0000-0x00007FF7FE814000-memory.dmp	xmrig
behavioral2/memory/2612-70-0x00007FF69A8D0000-0x00007FF69AC24000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ba-71.dat	xmrig
behavioral2/memory/3408-78-0x00007FF6CD290000-0x00007FF6CD5E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233bb-81.dat	xmrig
behavioral2/files/0x00070000000233bc-83.dat	xmrig
behavioral2/memory/4840-89-0x00007FF643F00000-0x00007FF644254000-memory.dmp	xmrig
behavioral2/files/0x00070000000233be-91.dat	xmrig
behavioral2/files/0x00070000000233bd-90.dat	xmrig
behavioral2/memory/3812-92-0x00007FF760D90000-0x00007FF7610E4000-memory.dmp	xmrig
behavioral2/memory/1028-94-0x00007FF705AD0000-0x00007FF705E24000-memory.dmp	xmrig
behavioral2/memory/4700-95-0x00007FF669F50000-0x00007FF66A2A4000-memory.dmp	xmrig
behavioral2/memory/4112-93-0x00007FF6D1480000-0x00007FF6D17D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c1-119.dat	xmrig
behavioral2/memory/1012-124-0x00007FF749C10000-0x00007FF749F64000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c7-131.dat	xmrig
behavioral2/files/0x00070000000233c6-143.dat	xmrig
behavioral2/files/0x00070000000233ca-153.dat	xmrig
behavioral2/memory/448-156-0x00007FF7AF020000-0x00007FF7AF374000-memory.dmp	xmrig
behavioral2/memory/64-162-0x00007FF6431E0000-0x00007FF643534000-memory.dmp	xmrig
behavioral2/memory/2384-165-0x00007FF785730000-0x00007FF785A84000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c9-167.dat	xmrig
behavioral2/memory/848-164-0x00007FF7F1750000-0x00007FF7F1AA4000-memory.dmp	xmrig
behavioral2/memory/2616-163-0x00007FF6F26F0000-0x00007FF6F2A44000-memory.dmp	xmrig
behavioral2/memory/4532-161-0x00007FF6895E0000-0x00007FF689934000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c8-157.dat	xmrig
behavioral2/memory/4640-155-0x00007FF723CC0000-0x00007FF724014000-memory.dmp	xmrig
behavioral2/memory/3700-154-0x00007FF7203E0000-0x00007FF720734000-memory.dmp	xmrig
behavioral2/memory/656-147-0x00007FF610A40000-0x00007FF610D94000-memory.dmp	xmrig
behavioral2/memory/412-141-0x00007FF7E7110000-0x00007FF7E7464000-memory.dmp	xmrig
behavioral2/memory/3784-136-0x00007FF780C60000-0x00007FF780FB4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c4-135.dat	xmrig
behavioral2/files/0x00070000000233c3-133.dat	xmrig
behavioral2/files/0x00070000000233c5-137.dat	xmrig
behavioral2/files/0x00070000000233bf-127.dat	xmrig
behavioral2/memory/2932-116-0x00007FF785AA0000-0x00007FF785DF4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c2-114.dat	xmrig
behavioral2/memory/4976-111-0x00007FF6821B0000-0x00007FF682504000-memory.dmp	xmrig
behavioral2/memory/2936-206-0x00007FF77DAF0000-0x00007FF77DE44000-memory.dmp	xmrig
behavioral2/memory/2864-215-0x00007FF6B78C0000-0x00007FF6B7C14000-memory.dmp	xmrig
behavioral2/memory/1940-212-0x00007FF70AD10000-0x00007FF70B064000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d0-198.dat	xmrig
behavioral2/memory/5112-203-0x00007FF624E10000-0x00007FF625164000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4976	EbPCxao.exe
2700	DcYWJgF.exe
2932	kMOicpd.exe
2976	bNMbPeI.exe
1012	uhTOicU.exe
4808	PQJYPjB.exe
64	fLnwPhJ.exe
2864	jtVflbx.exe
3996	SlnygPK.exe
5100	pEHqxrE.exe
2612	KcZwGIz.exe
3408	dmumDmH.exe
4840	zbOgueP.exe
3812	JMzDnpH.exe
4700	eNgkmWl.exe
4112	oFylKfI.exe
3784	lQqAvyc.exe
412	QwrKVGp.exe
4532	zTDfILN.exe
2616	ZLbRxUA.exe
656	jIdpNcB.exe
3700	fTaDelh.exe
848	fIfHwZV.exe
4640	qlnohQg.exe
2384	VUqywSB.exe
448	AENLikF.exe
5112	LbSRkcW.exe
1940	fLlbceE.exe
2936	CCZYymu.exe
4292	Jmzxdfm.exe
1276	ZZYbIdd.exe
1860	lDpUDAU.exe
908	vnsUsnq.exe
1376	LBxTUNH.exe
556	sFsUcHs.exe
452	yuwMlCG.exe
2172	adPnTkw.exe
3316	nqJnymi.exe
4580	gnDzvzQ.exe
3204	oFhKaan.exe
4276	RszAmxj.exe
4268	TxZydNg.exe
1752	HfnEKku.exe
4812	TMCnAgT.exe
4820	tBGEOZS.exe
4576	QrFtERe.exe
5004	wKEOGCB.exe
4420	JFpXssv.exe
2892	Taqkcoi.exe
316	NAWRGfB.exe
4068	mNdNpdX.exe
1052	WPqFpxU.exe
5108	ThxrWlG.exe
4508	BflBqrr.exe
1868	ugOXaGw.exe
4816	EdUtzlH.exe
5072	AWMaixM.exe
4192	lgnTfFz.exe
4768	driuynZ.exe
4896	WbHvlMH.exe
1368	RrObnbb.exe
1636	CxGZHAl.exe
5116	Axetbfm.exe
3736	jkoWWtd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1028-0-0x00007FF705AD0000-0x00007FF705E24000-memory.dmp	upx
behavioral2/files/0x0007000000023270-5.dat	upx
behavioral2/files/0x00070000000233b2-7.dat	upx
behavioral2/files/0x00070000000233b4-23.dat	upx
behavioral2/files/0x00070000000233b3-22.dat	upx
behavioral2/memory/2700-19-0x00007FF6E97E0000-0x00007FF6E9B34000-memory.dmp	upx
behavioral2/files/0x00070000000233b1-16.dat	upx
behavioral2/memory/4976-8-0x00007FF6821B0000-0x00007FF682504000-memory.dmp	upx
behavioral2/memory/2976-39-0x00007FF6F0E30000-0x00007FF6F1184000-memory.dmp	upx
behavioral2/files/0x00070000000233b5-44.dat	upx
behavioral2/files/0x00070000000233b6-49.dat	upx
behavioral2/files/0x00070000000233b8-53.dat	upx
behavioral2/files/0x00070000000233b7-51.dat	upx
behavioral2/memory/2864-46-0x00007FF6B78C0000-0x00007FF6B7C14000-memory.dmp	upx
behavioral2/memory/4808-42-0x00007FF641AF0000-0x00007FF641E44000-memory.dmp	upx
behavioral2/memory/64-38-0x00007FF6431E0000-0x00007FF643534000-memory.dmp	upx
behavioral2/memory/1012-29-0x00007FF749C10000-0x00007FF749F64000-memory.dmp	upx
behavioral2/memory/2932-26-0x00007FF785AA0000-0x00007FF785DF4000-memory.dmp	upx
behavioral2/files/0x00070000000233b9-59.dat	upx
behavioral2/files/0x000a0000000233ac-64.dat	upx
behavioral2/memory/3996-58-0x00007FF64EBC0000-0x00007FF64EF14000-memory.dmp	upx
behavioral2/memory/5100-67-0x00007FF7FE4C0000-0x00007FF7FE814000-memory.dmp	upx
behavioral2/memory/2612-70-0x00007FF69A8D0000-0x00007FF69AC24000-memory.dmp	upx
behavioral2/files/0x00070000000233ba-71.dat	upx
behavioral2/memory/3408-78-0x00007FF6CD290000-0x00007FF6CD5E4000-memory.dmp	upx
behavioral2/files/0x00070000000233bb-81.dat	upx
behavioral2/files/0x00070000000233bc-83.dat	upx
behavioral2/memory/4840-89-0x00007FF643F00000-0x00007FF644254000-memory.dmp	upx
behavioral2/files/0x00070000000233be-91.dat	upx
behavioral2/files/0x00070000000233bd-90.dat	upx
behavioral2/memory/3812-92-0x00007FF760D90000-0x00007FF7610E4000-memory.dmp	upx
behavioral2/memory/1028-94-0x00007FF705AD0000-0x00007FF705E24000-memory.dmp	upx
behavioral2/memory/4700-95-0x00007FF669F50000-0x00007FF66A2A4000-memory.dmp	upx
behavioral2/memory/4112-93-0x00007FF6D1480000-0x00007FF6D17D4000-memory.dmp	upx
behavioral2/files/0x00070000000233c1-119.dat	upx
behavioral2/memory/1012-124-0x00007FF749C10000-0x00007FF749F64000-memory.dmp	upx
behavioral2/files/0x00070000000233c7-131.dat	upx
behavioral2/files/0x00070000000233c6-143.dat	upx
behavioral2/files/0x00070000000233ca-153.dat	upx
behavioral2/memory/448-156-0x00007FF7AF020000-0x00007FF7AF374000-memory.dmp	upx
behavioral2/memory/64-162-0x00007FF6431E0000-0x00007FF643534000-memory.dmp	upx
behavioral2/memory/2384-165-0x00007FF785730000-0x00007FF785A84000-memory.dmp	upx
behavioral2/files/0x00070000000233c9-167.dat	upx
behavioral2/memory/848-164-0x00007FF7F1750000-0x00007FF7F1AA4000-memory.dmp	upx
behavioral2/memory/2616-163-0x00007FF6F26F0000-0x00007FF6F2A44000-memory.dmp	upx
behavioral2/memory/4532-161-0x00007FF6895E0000-0x00007FF689934000-memory.dmp	upx
behavioral2/files/0x00070000000233c8-157.dat	upx
behavioral2/memory/4640-155-0x00007FF723CC0000-0x00007FF724014000-memory.dmp	upx
behavioral2/memory/3700-154-0x00007FF7203E0000-0x00007FF720734000-memory.dmp	upx
behavioral2/memory/656-147-0x00007FF610A40000-0x00007FF610D94000-memory.dmp	upx
behavioral2/memory/412-141-0x00007FF7E7110000-0x00007FF7E7464000-memory.dmp	upx
behavioral2/memory/3784-136-0x00007FF780C60000-0x00007FF780FB4000-memory.dmp	upx
behavioral2/files/0x00070000000233c4-135.dat	upx
behavioral2/files/0x00070000000233c3-133.dat	upx
behavioral2/files/0x00070000000233c5-137.dat	upx
behavioral2/files/0x00070000000233bf-127.dat	upx
behavioral2/memory/2932-116-0x00007FF785AA0000-0x00007FF785DF4000-memory.dmp	upx
behavioral2/files/0x00070000000233c2-114.dat	upx
behavioral2/memory/4976-111-0x00007FF6821B0000-0x00007FF682504000-memory.dmp	upx
behavioral2/memory/2936-206-0x00007FF77DAF0000-0x00007FF77DE44000-memory.dmp	upx
behavioral2/memory/2864-215-0x00007FF6B78C0000-0x00007FF6B7C14000-memory.dmp	upx
behavioral2/memory/1940-212-0x00007FF70AD10000-0x00007FF70B064000-memory.dmp	upx
behavioral2/files/0x00070000000233d0-198.dat	upx
behavioral2/memory/5112-203-0x00007FF624E10000-0x00007FF625164000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QlongiK.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\iYFkWAq.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\XCoCKbm.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\RVehNZl.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\neBHSJl.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\YbcRiUb.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\VMYNXCy.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\SXiocdk.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\zTDfILN.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\lDpUDAU.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\WPqFpxU.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\ptLaaXN.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\zxoQKxO.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\LRAcXMH.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\OVBMMph.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\DDoeWsC.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\vRWsdaF.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\HfnEKku.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\mnhBPVd.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\zaETCxW.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\nAKAKsB.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\FFRZIqG.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\fBbQxYV.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\ofpwEeq.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\hZZIpgq.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\lgnTfFz.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\RAPDiYp.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\YKdPCrN.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\OOLMozw.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\csQwXHZ.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\dpFdiRb.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\IgiVgno.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\bHfMRyf.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\pqWyGEL.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\tPyDTas.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\EHSDfNc.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\RAtlBCu.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\RJjRMnt.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\KvGvcCr.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\bNMbPeI.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\GiCkvnO.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\TzlQxdG.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\sFMPAqR.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\zuRIiZV.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\LZFipCe.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\SsiXAGt.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\NNUYbro.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\wBJQfMl.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\DTpezyz.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\aMhuuCn.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\QrFtERe.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\aRtawky.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\rZdJvCT.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\hAmHjdf.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\DULUePC.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\ylvsDev.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\oFylKfI.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\LBxTUNH.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\BEZPeyj.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\okvgEts.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\aSiYsDS.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\nFjgbJy.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\jLrtgkt.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
File created	C:\Windows\System\DesGtUP.exe	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
15128	WerFaultSecure.exe
15128	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 4976	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	84
PID 1028 wrote to memory of 4976	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	84
PID 1028 wrote to memory of 2932	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	85
PID 1028 wrote to memory of 2932	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	85
PID 1028 wrote to memory of 2700	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	86
PID 1028 wrote to memory of 2700	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	86
PID 1028 wrote to memory of 2976	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	87
PID 1028 wrote to memory of 2976	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	87
PID 1028 wrote to memory of 1012	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	88
PID 1028 wrote to memory of 1012	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	88
PID 1028 wrote to memory of 4808	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	89
PID 1028 wrote to memory of 4808	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	89
PID 1028 wrote to memory of 64	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	90
PID 1028 wrote to memory of 64	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	90
PID 1028 wrote to memory of 2864	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	91
PID 1028 wrote to memory of 2864	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	91
PID 1028 wrote to memory of 3996	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	92
PID 1028 wrote to memory of 3996	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	92
PID 1028 wrote to memory of 5100	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	93
PID 1028 wrote to memory of 5100	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	93
PID 1028 wrote to memory of 2612	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	94
PID 1028 wrote to memory of 2612	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	94
PID 1028 wrote to memory of 3408	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	95
PID 1028 wrote to memory of 3408	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	95
PID 1028 wrote to memory of 4840	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	96
PID 1028 wrote to memory of 4840	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	96
PID 1028 wrote to memory of 3812	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	97
PID 1028 wrote to memory of 3812	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	97
PID 1028 wrote to memory of 4700	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	98
PID 1028 wrote to memory of 4700	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	98
PID 1028 wrote to memory of 4112	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	99
PID 1028 wrote to memory of 4112	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	99
PID 1028 wrote to memory of 3784	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	100
PID 1028 wrote to memory of 3784	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	100
PID 1028 wrote to memory of 412	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	101
PID 1028 wrote to memory of 412	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	101
PID 1028 wrote to memory of 4532	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	102
PID 1028 wrote to memory of 4532	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	102
PID 1028 wrote to memory of 2616	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	103
PID 1028 wrote to memory of 2616	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	103
PID 1028 wrote to memory of 656	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	104
PID 1028 wrote to memory of 656	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	104
PID 1028 wrote to memory of 3700	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	105
PID 1028 wrote to memory of 3700	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	105
PID 1028 wrote to memory of 848	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	106
PID 1028 wrote to memory of 848	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	106
PID 1028 wrote to memory of 4640	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	107
PID 1028 wrote to memory of 4640	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	107
PID 1028 wrote to memory of 2384	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	108
PID 1028 wrote to memory of 2384	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	108
PID 1028 wrote to memory of 5112	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	109
PID 1028 wrote to memory of 5112	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	109
PID 1028 wrote to memory of 448	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	110
PID 1028 wrote to memory of 448	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	110
PID 1028 wrote to memory of 1940	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	111
PID 1028 wrote to memory of 1940	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	111
PID 1028 wrote to memory of 2936	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	112
PID 1028 wrote to memory of 2936	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	112
PID 1028 wrote to memory of 1276	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	113
PID 1028 wrote to memory of 1276	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	113
PID 1028 wrote to memory of 4292	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	114
PID 1028 wrote to memory of 4292	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	114
PID 1028 wrote to memory of 1860	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	115
PID 1028 wrote to memory of 1860	1028	e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e4b3f83f81976ee68eafa0e7fe9a8ad0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\System\EbPCxao.exe
  C:\Windows\System\EbPCxao.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\kMOicpd.exe
  C:\Windows\System\kMOicpd.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\DcYWJgF.exe
  C:\Windows\System\DcYWJgF.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\bNMbPeI.exe
  C:\Windows\System\bNMbPeI.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\uhTOicU.exe
  C:\Windows\System\uhTOicU.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\PQJYPjB.exe
  C:\Windows\System\PQJYPjB.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\fLnwPhJ.exe
  C:\Windows\System\fLnwPhJ.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\jtVflbx.exe
  C:\Windows\System\jtVflbx.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\SlnygPK.exe
  C:\Windows\System\SlnygPK.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\pEHqxrE.exe
  C:\Windows\System\pEHqxrE.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\KcZwGIz.exe
  C:\Windows\System\KcZwGIz.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\dmumDmH.exe
  C:\Windows\System\dmumDmH.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\zbOgueP.exe
  C:\Windows\System\zbOgueP.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\JMzDnpH.exe
  C:\Windows\System\JMzDnpH.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\eNgkmWl.exe
  C:\Windows\System\eNgkmWl.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\oFylKfI.exe
  C:\Windows\System\oFylKfI.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\lQqAvyc.exe
  C:\Windows\System\lQqAvyc.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\QwrKVGp.exe
  C:\Windows\System\QwrKVGp.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\zTDfILN.exe
  C:\Windows\System\zTDfILN.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\ZLbRxUA.exe
  C:\Windows\System\ZLbRxUA.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\jIdpNcB.exe
  C:\Windows\System\jIdpNcB.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\fTaDelh.exe
  C:\Windows\System\fTaDelh.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\fIfHwZV.exe
  C:\Windows\System\fIfHwZV.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\qlnohQg.exe
  C:\Windows\System\qlnohQg.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\VUqywSB.exe
  C:\Windows\System\VUqywSB.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\LbSRkcW.exe
  C:\Windows\System\LbSRkcW.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\AENLikF.exe
  C:\Windows\System\AENLikF.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\fLlbceE.exe
  C:\Windows\System\fLlbceE.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\CCZYymu.exe
  C:\Windows\System\CCZYymu.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ZZYbIdd.exe
  C:\Windows\System\ZZYbIdd.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\Jmzxdfm.exe
  C:\Windows\System\Jmzxdfm.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\lDpUDAU.exe
  C:\Windows\System\lDpUDAU.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\vnsUsnq.exe
  C:\Windows\System\vnsUsnq.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\LBxTUNH.exe
  C:\Windows\System\LBxTUNH.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\sFsUcHs.exe
  C:\Windows\System\sFsUcHs.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\yuwMlCG.exe
  C:\Windows\System\yuwMlCG.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\adPnTkw.exe
  C:\Windows\System\adPnTkw.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\nqJnymi.exe
  C:\Windows\System\nqJnymi.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\gnDzvzQ.exe
  C:\Windows\System\gnDzvzQ.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\oFhKaan.exe
  C:\Windows\System\oFhKaan.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\RszAmxj.exe
  C:\Windows\System\RszAmxj.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\TxZydNg.exe
  C:\Windows\System\TxZydNg.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\HfnEKku.exe
  C:\Windows\System\HfnEKku.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\TMCnAgT.exe
  C:\Windows\System\TMCnAgT.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\tBGEOZS.exe
  C:\Windows\System\tBGEOZS.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\QrFtERe.exe
  C:\Windows\System\QrFtERe.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\wKEOGCB.exe
  C:\Windows\System\wKEOGCB.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\JFpXssv.exe
  C:\Windows\System\JFpXssv.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\Taqkcoi.exe
  C:\Windows\System\Taqkcoi.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\NAWRGfB.exe
  C:\Windows\System\NAWRGfB.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\mNdNpdX.exe
  C:\Windows\System\mNdNpdX.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\WPqFpxU.exe
  C:\Windows\System\WPqFpxU.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\ThxrWlG.exe
  C:\Windows\System\ThxrWlG.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\BflBqrr.exe
  C:\Windows\System\BflBqrr.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\ugOXaGw.exe
  C:\Windows\System\ugOXaGw.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\EdUtzlH.exe
  C:\Windows\System\EdUtzlH.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\AWMaixM.exe
  C:\Windows\System\AWMaixM.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\lgnTfFz.exe
  C:\Windows\System\lgnTfFz.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\driuynZ.exe
  C:\Windows\System\driuynZ.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\WbHvlMH.exe
  C:\Windows\System\WbHvlMH.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\RrObnbb.exe
  C:\Windows\System\RrObnbb.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\CxGZHAl.exe
  C:\Windows\System\CxGZHAl.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\Axetbfm.exe
  C:\Windows\System\Axetbfm.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\jkoWWtd.exe
  C:\Windows\System\jkoWWtd.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\wItnved.exe
  C:\Windows\System\wItnved.exe
  2⤵
  PID:3128
- C:\Windows\System\HWSlepq.exe
  C:\Windows\System\HWSlepq.exe
  2⤵
  PID:2156
- C:\Windows\System\lzudKjM.exe
  C:\Windows\System\lzudKjM.exe
  2⤵
  PID:3456
- C:\Windows\System\WLaKmGB.exe
  C:\Windows\System\WLaKmGB.exe
  2⤵
  PID:4304
- C:\Windows\System\hsUppxr.exe
  C:\Windows\System\hsUppxr.exe
  2⤵
  PID:1180
- C:\Windows\System\EpdcZNR.exe
  C:\Windows\System\EpdcZNR.exe
  2⤵
  PID:4760
- C:\Windows\System\IqSDmBL.exe
  C:\Windows\System\IqSDmBL.exe
  2⤵
  PID:1080
- C:\Windows\System\zdxwyAz.exe
  C:\Windows\System\zdxwyAz.exe
  2⤵
  PID:2340
- C:\Windows\System\ZJnkFMq.exe
  C:\Windows\System\ZJnkFMq.exe
  2⤵
  PID:3272
- C:\Windows\System\CbdAECK.exe
  C:\Windows\System\CbdAECK.exe
  2⤵
  PID:816
- C:\Windows\System\WeCKQZa.exe
  C:\Windows\System\WeCKQZa.exe
  2⤵
  PID:1520
- C:\Windows\System\CFOsASH.exe
  C:\Windows\System\CFOsASH.exe
  2⤵
  PID:2080
- C:\Windows\System\OctWMop.exe
  C:\Windows\System\OctWMop.exe
  2⤵
  PID:5016
- C:\Windows\System\NjsNpOp.exe
  C:\Windows\System\NjsNpOp.exe
  2⤵
  PID:2924
- C:\Windows\System\kWCvENE.exe
  C:\Windows\System\kWCvENE.exe
  2⤵
  PID:5084
- C:\Windows\System\YeTPavv.exe
  C:\Windows\System\YeTPavv.exe
  2⤵
  PID:3628
- C:\Windows\System\MOYYqco.exe
  C:\Windows\System\MOYYqco.exe
  2⤵
  PID:768
- C:\Windows\System\YHNYGoz.exe
  C:\Windows\System\YHNYGoz.exe
  2⤵
  PID:4436
- C:\Windows\System\oWjSCjk.exe
  C:\Windows\System\oWjSCjk.exe
  2⤵
  PID:3308
- C:\Windows\System\HQzkfMD.exe
  C:\Windows\System\HQzkfMD.exe
  2⤵
  PID:3436
- C:\Windows\System\hPgnijV.exe
  C:\Windows\System\hPgnijV.exe
  2⤵
  PID:4340
- C:\Windows\System\mhjmkwo.exe
  C:\Windows\System\mhjmkwo.exe
  2⤵
  PID:940
- C:\Windows\System\TKnyIEj.exe
  C:\Windows\System\TKnyIEj.exe
  2⤵
  PID:3596
- C:\Windows\System\PuajazL.exe
  C:\Windows\System\PuajazL.exe
  2⤵
  PID:1852
- C:\Windows\System\snAkXbp.exe
  C:\Windows\System\snAkXbp.exe
  2⤵
  PID:1248
- C:\Windows\System\SRhygjz.exe
  C:\Windows\System\SRhygjz.exe
  2⤵
  PID:4828
- C:\Windows\System\qlnJAgD.exe
  C:\Windows\System\qlnJAgD.exe
  2⤵
  PID:4932
- C:\Windows\System\DgGZWYo.exe
  C:\Windows\System\DgGZWYo.exe
  2⤵
  PID:1948
- C:\Windows\System\Scvxkui.exe
  C:\Windows\System\Scvxkui.exe
  2⤵
  PID:3620
- C:\Windows\System\bHfMRyf.exe
  C:\Windows\System\bHfMRyf.exe
  2⤵
  PID:3464
- C:\Windows\System\tECbwQN.exe
  C:\Windows\System\tECbwQN.exe
  2⤵
  PID:2532
- C:\Windows\System\hEgkKBY.exe
  C:\Windows\System\hEgkKBY.exe
  2⤵
  PID:3512
- C:\Windows\System\XQVgFFa.exe
  C:\Windows\System\XQVgFFa.exe
  2⤵
  PID:3276
- C:\Windows\System\arxWneZ.exe
  C:\Windows\System\arxWneZ.exe
  2⤵
  PID:3824
- C:\Windows\System\yKnPahE.exe
  C:\Windows\System\yKnPahE.exe
  2⤵
  PID:5132
- C:\Windows\System\botFrwj.exe
  C:\Windows\System\botFrwj.exe
  2⤵
  PID:5160
- C:\Windows\System\iGmsUma.exe
  C:\Windows\System\iGmsUma.exe
  2⤵
  PID:5192
- C:\Windows\System\DQIzvYm.exe
  C:\Windows\System\DQIzvYm.exe
  2⤵
  PID:5240
- C:\Windows\System\BlPrfmo.exe
  C:\Windows\System\BlPrfmo.exe
  2⤵
  PID:5276
- C:\Windows\System\QCdaghx.exe
  C:\Windows\System\QCdaghx.exe
  2⤵
  PID:5308
- C:\Windows\System\kjADkyp.exe
  C:\Windows\System\kjADkyp.exe
  2⤵
  PID:5340
- C:\Windows\System\mnhBPVd.exe
  C:\Windows\System\mnhBPVd.exe
  2⤵
  PID:5368
- C:\Windows\System\gpnUjFh.exe
  C:\Windows\System\gpnUjFh.exe
  2⤵
  PID:5388
- C:\Windows\System\ptLaaXN.exe
  C:\Windows\System\ptLaaXN.exe
  2⤵
  PID:5428
- C:\Windows\System\wPZOtJB.exe
  C:\Windows\System\wPZOtJB.exe
  2⤵
  PID:5448
- C:\Windows\System\QlongiK.exe
  C:\Windows\System\QlongiK.exe
  2⤵
  PID:5472
- C:\Windows\System\gHCMkbU.exe
  C:\Windows\System\gHCMkbU.exe
  2⤵
  PID:5500
- C:\Windows\System\nForXQp.exe
  C:\Windows\System\nForXQp.exe
  2⤵
  PID:5532
- C:\Windows\System\AxMKuna.exe
  C:\Windows\System\AxMKuna.exe
  2⤵
  PID:5560
- C:\Windows\System\otILjXA.exe
  C:\Windows\System\otILjXA.exe
  2⤵
  PID:5584
- C:\Windows\System\PxFYILr.exe
  C:\Windows\System\PxFYILr.exe
  2⤵
  PID:5624
- C:\Windows\System\AceTaKW.exe
  C:\Windows\System\AceTaKW.exe
  2⤵
  PID:5640
- C:\Windows\System\sHuZucl.exe
  C:\Windows\System\sHuZucl.exe
  2⤵
  PID:5676
- C:\Windows\System\nJpnMzB.exe
  C:\Windows\System\nJpnMzB.exe
  2⤵
  PID:5708
- C:\Windows\System\fYfrsvV.exe
  C:\Windows\System\fYfrsvV.exe
  2⤵
  PID:5724
- C:\Windows\System\BwzMcqr.exe
  C:\Windows\System\BwzMcqr.exe
  2⤵
  PID:5764
- C:\Windows\System\cTOJSsu.exe
  C:\Windows\System\cTOJSsu.exe
  2⤵
  PID:5796
- C:\Windows\System\ZFIOhQW.exe
  C:\Windows\System\ZFIOhQW.exe
  2⤵
  PID:5824
- C:\Windows\System\cguSCHS.exe
  C:\Windows\System\cguSCHS.exe
  2⤵
  PID:5840
- C:\Windows\System\CqpZYSZ.exe
  C:\Windows\System\CqpZYSZ.exe
  2⤵
  PID:5868
- C:\Windows\System\tLMLyZQ.exe
  C:\Windows\System\tLMLyZQ.exe
  2⤵
  PID:5888
- C:\Windows\System\ZtGjBDx.exe
  C:\Windows\System\ZtGjBDx.exe
  2⤵
  PID:5924
- C:\Windows\System\XnAyKdZ.exe
  C:\Windows\System\XnAyKdZ.exe
  2⤵
  PID:5940
- C:\Windows\System\FMdsvSf.exe
  C:\Windows\System\FMdsvSf.exe
  2⤵
  PID:5984
- C:\Windows\System\aRtawky.exe
  C:\Windows\System\aRtawky.exe
  2⤵
  PID:6020
- C:\Windows\System\citQttR.exe
  C:\Windows\System\citQttR.exe
  2⤵
  PID:6036
- C:\Windows\System\LNVjofR.exe
  C:\Windows\System\LNVjofR.exe
  2⤵
  PID:6064
- C:\Windows\System\htnScOb.exe
  C:\Windows\System\htnScOb.exe
  2⤵
  PID:6104
- C:\Windows\System\ztNcdYV.exe
  C:\Windows\System\ztNcdYV.exe
  2⤵
  PID:6132
- C:\Windows\System\jTLDxVl.exe
  C:\Windows\System\jTLDxVl.exe
  2⤵
  PID:5156
- C:\Windows\System\GiCkvnO.exe
  C:\Windows\System\GiCkvnO.exe
  2⤵
  PID:5224
- C:\Windows\System\TzlQxdG.exe
  C:\Windows\System\TzlQxdG.exe
  2⤵
  PID:5260
- C:\Windows\System\eqpJgVi.exe
  C:\Windows\System\eqpJgVi.exe
  2⤵
  PID:5356
- C:\Windows\System\uxgZRum.exe
  C:\Windows\System\uxgZRum.exe
  2⤵
  PID:5456
- C:\Windows\System\FXAEXGz.exe
  C:\Windows\System\FXAEXGz.exe
  2⤵
  PID:5516
- C:\Windows\System\gUrksMI.exe
  C:\Windows\System\gUrksMI.exe
  2⤵
  PID:5576
- C:\Windows\System\VrMXMTm.exe
  C:\Windows\System\VrMXMTm.exe
  2⤵
  PID:5636
- C:\Windows\System\JLAgvjX.exe
  C:\Windows\System\JLAgvjX.exe
  2⤵
  PID:5696
- C:\Windows\System\DDDIuLc.exe
  C:\Windows\System\DDDIuLc.exe
  2⤵
  PID:5760
- C:\Windows\System\TKAdIjZ.exe
  C:\Windows\System\TKAdIjZ.exe
  2⤵
  PID:5852
- C:\Windows\System\gtdUIQf.exe
  C:\Windows\System\gtdUIQf.exe
  2⤵
  PID:5912
- C:\Windows\System\PNYBBWw.exe
  C:\Windows\System\PNYBBWw.exe
  2⤵
  PID:5976
- C:\Windows\System\sTXVuHp.exe
  C:\Windows\System\sTXVuHp.exe
  2⤵
  PID:5992
- C:\Windows\System\beKJMHS.exe
  C:\Windows\System\beKJMHS.exe
  2⤵
  PID:6060
- C:\Windows\System\fBzvUnr.exe
  C:\Windows\System\fBzvUnr.exe
  2⤵
  PID:5128
- C:\Windows\System\jcRLtxP.exe
  C:\Windows\System\jcRLtxP.exe
  2⤵
  PID:5268
- C:\Windows\System\lIxykwd.exe
  C:\Windows\System\lIxykwd.exe
  2⤵
  PID:5400
- C:\Windows\System\HqyPEKc.exe
  C:\Windows\System\HqyPEKc.exe
  2⤵
  PID:5572
- C:\Windows\System\YavPYVt.exe
  C:\Windows\System\YavPYVt.exe
  2⤵
  PID:2452
- C:\Windows\System\sFMPAqR.exe
  C:\Windows\System\sFMPAqR.exe
  2⤵
  PID:5972
- C:\Windows\System\zUsqMMr.exe
  C:\Windows\System\zUsqMMr.exe
  2⤵
  PID:6048
- C:\Windows\System\wVpcklR.exe
  C:\Windows\System\wVpcklR.exe
  2⤵
  PID:5444
- C:\Windows\System\iNNuMjc.exe
  C:\Windows\System\iNNuMjc.exe
  2⤵
  PID:5784
- C:\Windows\System\rpoyQhZ.exe
  C:\Windows\System\rpoyQhZ.exe
  2⤵
  PID:5328
- C:\Windows\System\KuzWPPT.exe
  C:\Windows\System\KuzWPPT.exe
  2⤵
  PID:5548
- C:\Windows\System\cgPoyXm.exe
  C:\Windows\System\cgPoyXm.exe
  2⤵
  PID:6172
- C:\Windows\System\jKcJyxb.exe
  C:\Windows\System\jKcJyxb.exe
  2⤵
  PID:6188
- C:\Windows\System\zxoQKxO.exe
  C:\Windows\System\zxoQKxO.exe
  2⤵
  PID:6228
- C:\Windows\System\fJGxxvW.exe
  C:\Windows\System\fJGxxvW.exe
  2⤵
  PID:6260
- C:\Windows\System\JjQVVcV.exe
  C:\Windows\System\JjQVVcV.exe
  2⤵
  PID:6292
- C:\Windows\System\eDtVXhT.exe
  C:\Windows\System\eDtVXhT.exe
  2⤵
  PID:6316
- C:\Windows\System\YCSIzau.exe
  C:\Windows\System\YCSIzau.exe
  2⤵
  PID:6344
- C:\Windows\System\UDEZSnB.exe
  C:\Windows\System\UDEZSnB.exe
  2⤵
  PID:6364
- C:\Windows\System\wGamPVl.exe
  C:\Windows\System\wGamPVl.exe
  2⤵
  PID:6400
- C:\Windows\System\qyTMhxT.exe
  C:\Windows\System\qyTMhxT.exe
  2⤵
  PID:6416
- C:\Windows\System\vUOsyBA.exe
  C:\Windows\System\vUOsyBA.exe
  2⤵
  PID:6456
- C:\Windows\System\BBacIDN.exe
  C:\Windows\System\BBacIDN.exe
  2⤵
  PID:6484
- C:\Windows\System\frSPEBo.exe
  C:\Windows\System\frSPEBo.exe
  2⤵
  PID:6512
- C:\Windows\System\yYULeGL.exe
  C:\Windows\System\yYULeGL.exe
  2⤵
  PID:6540
- C:\Windows\System\tvwvTCy.exe
  C:\Windows\System\tvwvTCy.exe
  2⤵
  PID:6556
- C:\Windows\System\yRZsxSw.exe
  C:\Windows\System\yRZsxSw.exe
  2⤵
  PID:6572
- C:\Windows\System\gYTjsRe.exe
  C:\Windows\System\gYTjsRe.exe
  2⤵
  PID:6616
- C:\Windows\System\jQkiQQV.exe
  C:\Windows\System\jQkiQQV.exe
  2⤵
  PID:6652
- C:\Windows\System\TUnEOkG.exe
  C:\Windows\System\TUnEOkG.exe
  2⤵
  PID:6680
- C:\Windows\System\nYZXkdB.exe
  C:\Windows\System\nYZXkdB.exe
  2⤵
  PID:6696
- C:\Windows\System\uCInfnl.exe
  C:\Windows\System\uCInfnl.exe
  2⤵
  PID:6724
- C:\Windows\System\PIfMTQn.exe
  C:\Windows\System\PIfMTQn.exe
  2⤵
  PID:6756
- C:\Windows\System\ftfaNCY.exe
  C:\Windows\System\ftfaNCY.exe
  2⤵
  PID:6788
- C:\Windows\System\hZqMAvp.exe
  C:\Windows\System\hZqMAvp.exe
  2⤵
  PID:6832
- C:\Windows\System\ZJefngl.exe
  C:\Windows\System\ZJefngl.exe
  2⤵
  PID:6848
- C:\Windows\System\MofiZuo.exe
  C:\Windows\System\MofiZuo.exe
  2⤵
  PID:6864
- C:\Windows\System\FFBBFzL.exe
  C:\Windows\System\FFBBFzL.exe
  2⤵
  PID:6880
- C:\Windows\System\DbmWYDl.exe
  C:\Windows\System\DbmWYDl.exe
  2⤵
  PID:6896
- C:\Windows\System\syWlgmc.exe
  C:\Windows\System\syWlgmc.exe
  2⤵
  PID:6912
- C:\Windows\System\kZqMacP.exe
  C:\Windows\System\kZqMacP.exe
  2⤵
  PID:6944
- C:\Windows\System\NxwKqOG.exe
  C:\Windows\System\NxwKqOG.exe
  2⤵
  PID:6988
- C:\Windows\System\feUUoeE.exe
  C:\Windows\System\feUUoeE.exe
  2⤵
  PID:7020
- C:\Windows\System\WgmtOUo.exe
  C:\Windows\System\WgmtOUo.exe
  2⤵
  PID:7044
- C:\Windows\System\pvHGgZX.exe
  C:\Windows\System\pvHGgZX.exe
  2⤵
  PID:7088
- C:\Windows\System\BEZPeyj.exe
  C:\Windows\System\BEZPeyj.exe
  2⤵
  PID:7116
- C:\Windows\System\zCIUnIo.exe
  C:\Windows\System\zCIUnIo.exe
  2⤵
  PID:7144
- C:\Windows\System\CIlQpQx.exe
  C:\Windows\System\CIlQpQx.exe
  2⤵
  PID:7160
- C:\Windows\System\IxXmCzd.exe
  C:\Windows\System\IxXmCzd.exe
  2⤵
  PID:6180
- C:\Windows\System\qlwnxvZ.exe
  C:\Windows\System\qlwnxvZ.exe
  2⤵
  PID:6268
- C:\Windows\System\yPxTkvs.exe
  C:\Windows\System\yPxTkvs.exe
  2⤵
  PID:6340
- C:\Windows\System\uMiMxrD.exe
  C:\Windows\System\uMiMxrD.exe
  2⤵
  PID:6384
- C:\Windows\System\kXJHjvq.exe
  C:\Windows\System\kXJHjvq.exe
  2⤵
  PID:6472
- C:\Windows\System\BtjtGnc.exe
  C:\Windows\System\BtjtGnc.exe
  2⤵
  PID:6568
- C:\Windows\System\grKxbIC.exe
  C:\Windows\System\grKxbIC.exe
  2⤵
  PID:6608
- C:\Windows\System\vsfODBo.exe
  C:\Windows\System\vsfODBo.exe
  2⤵
  PID:6668
- C:\Windows\System\qBXwSGg.exe
  C:\Windows\System\qBXwSGg.exe
  2⤵
  PID:6744
- C:\Windows\System\PgNJsWJ.exe
  C:\Windows\System\PgNJsWJ.exe
  2⤵
  PID:6804
- C:\Windows\System\kRZzbDg.exe
  C:\Windows\System\kRZzbDg.exe
  2⤵
  PID:6844
- C:\Windows\System\aQJnXlM.exe
  C:\Windows\System\aQJnXlM.exe
  2⤵
  PID:6904
- C:\Windows\System\VYgXRbz.exe
  C:\Windows\System\VYgXRbz.exe
  2⤵
  PID:6968
- C:\Windows\System\kxLfAVz.exe
  C:\Windows\System\kxLfAVz.exe
  2⤵
  PID:7096
- C:\Windows\System\ArLISrr.exe
  C:\Windows\System\ArLISrr.exe
  2⤵
  PID:7112
- C:\Windows\System\okvgEts.exe
  C:\Windows\System\okvgEts.exe
  2⤵
  PID:6212
- C:\Windows\System\DNGcUDH.exe
  C:\Windows\System\DNGcUDH.exe
  2⤵
  PID:6356
- C:\Windows\System\xnyVSxG.exe
  C:\Windows\System\xnyVSxG.exe
  2⤵
  PID:6436
- C:\Windows\System\QiNAWoQ.exe
  C:\Windows\System\QiNAWoQ.exe
  2⤵
  PID:6636
- C:\Windows\System\rZdJvCT.exe
  C:\Windows\System\rZdJvCT.exe
  2⤵
  PID:6736
- C:\Windows\System\ldhtUzR.exe
  C:\Windows\System\ldhtUzR.exe
  2⤵
  PID:6888
- C:\Windows\System\pIbLeRB.exe
  C:\Windows\System\pIbLeRB.exe
  2⤵
  PID:7016
- C:\Windows\System\DHekAhY.exe
  C:\Windows\System\DHekAhY.exe
  2⤵
  PID:6308
- C:\Windows\System\XDTdEVJ.exe
  C:\Windows\System\XDTdEVJ.exe
  2⤵
  PID:6412
- C:\Windows\System\wAzuMIR.exe
  C:\Windows\System\wAzuMIR.exe
  2⤵
  PID:6644
- C:\Windows\System\EAbnbLL.exe
  C:\Windows\System\EAbnbLL.exe
  2⤵
  PID:7136
- C:\Windows\System\pxeLsJK.exe
  C:\Windows\System\pxeLsJK.exe
  2⤵
  PID:7156
- C:\Windows\System\KPqQjye.exe
  C:\Windows\System\KPqQjye.exe
  2⤵
  PID:7188
- C:\Windows\System\olaoqHg.exe
  C:\Windows\System\olaoqHg.exe
  2⤵
  PID:7224
- C:\Windows\System\gFgLzEI.exe
  C:\Windows\System\gFgLzEI.exe
  2⤵
  PID:7264
- C:\Windows\System\LzReseu.exe
  C:\Windows\System\LzReseu.exe
  2⤵
  PID:7280
- C:\Windows\System\pqWyGEL.exe
  C:\Windows\System\pqWyGEL.exe
  2⤵
  PID:7308
- C:\Windows\System\QeNtvEy.exe
  C:\Windows\System\QeNtvEy.exe
  2⤵
  PID:7336
- C:\Windows\System\CEhPStm.exe
  C:\Windows\System\CEhPStm.exe
  2⤵
  PID:7364
- C:\Windows\System\UGAJgPd.exe
  C:\Windows\System\UGAJgPd.exe
  2⤵
  PID:7380
- C:\Windows\System\GsqSTpI.exe
  C:\Windows\System\GsqSTpI.exe
  2⤵
  PID:7400
- C:\Windows\System\wZQLtDJ.exe
  C:\Windows\System\wZQLtDJ.exe
  2⤵
  PID:7436
- C:\Windows\System\EUPWWel.exe
  C:\Windows\System\EUPWWel.exe
  2⤵
  PID:7472
- C:\Windows\System\hAmHjdf.exe
  C:\Windows\System\hAmHjdf.exe
  2⤵
  PID:7492
- C:\Windows\System\ndDdIhm.exe
  C:\Windows\System\ndDdIhm.exe
  2⤵
  PID:7532
- C:\Windows\System\fLQQLwj.exe
  C:\Windows\System\fLQQLwj.exe
  2⤵
  PID:7556
- C:\Windows\System\zabBNYj.exe
  C:\Windows\System\zabBNYj.exe
  2⤵
  PID:7580
- C:\Windows\System\FHrdavM.exe
  C:\Windows\System\FHrdavM.exe
  2⤵
  PID:7620
- C:\Windows\System\gFyOFnw.exe
  C:\Windows\System\gFyOFnw.exe
  2⤵
  PID:7636
- C:\Windows\System\DzhvoMZ.exe
  C:\Windows\System\DzhvoMZ.exe
  2⤵
  PID:7676
- C:\Windows\System\oJCFnJu.exe
  C:\Windows\System\oJCFnJu.exe
  2⤵
  PID:7692
- C:\Windows\System\epJZdsY.exe
  C:\Windows\System\epJZdsY.exe
  2⤵
  PID:7720
- C:\Windows\System\GEsgCOc.exe
  C:\Windows\System\GEsgCOc.exe
  2⤵
  PID:7760
- C:\Windows\System\pIZSNgK.exe
  C:\Windows\System\pIZSNgK.exe
  2⤵
  PID:7776
- C:\Windows\System\vAHHBgj.exe
  C:\Windows\System\vAHHBgj.exe
  2⤵
  PID:7792
- C:\Windows\System\geQToam.exe
  C:\Windows\System\geQToam.exe
  2⤵
  PID:7824
- C:\Windows\System\lFiOaup.exe
  C:\Windows\System\lFiOaup.exe
  2⤵
  PID:7860
- C:\Windows\System\SGWYqzS.exe
  C:\Windows\System\SGWYqzS.exe
  2⤵
  PID:7888
- C:\Windows\System\TnKnRfH.exe
  C:\Windows\System\TnKnRfH.exe
  2⤵
  PID:7908
- C:\Windows\System\EMZBXdV.exe
  C:\Windows\System\EMZBXdV.exe
  2⤵
  PID:7936
- C:\Windows\System\zaETCxW.exe
  C:\Windows\System\zaETCxW.exe
  2⤵
  PID:7956
- C:\Windows\System\WOYYPoJ.exe
  C:\Windows\System\WOYYPoJ.exe
  2⤵
  PID:7972
- C:\Windows\System\HukbufC.exe
  C:\Windows\System\HukbufC.exe
  2⤵
  PID:7996
- C:\Windows\System\cFDoldL.exe
  C:\Windows\System\cFDoldL.exe
  2⤵
  PID:8020
- C:\Windows\System\pWrbxPr.exe
  C:\Windows\System\pWrbxPr.exe
  2⤵
  PID:8052
- C:\Windows\System\pKvjYtM.exe
  C:\Windows\System\pKvjYtM.exe
  2⤵
  PID:8116
- C:\Windows\System\ixVNjba.exe
  C:\Windows\System\ixVNjba.exe
  2⤵
  PID:8140
- C:\Windows\System\LBDewxB.exe
  C:\Windows\System\LBDewxB.exe
  2⤵
  PID:8172
- C:\Windows\System\sYywmQj.exe
  C:\Windows\System\sYywmQj.exe
  2⤵
  PID:8188
- C:\Windows\System\obwooyO.exe
  C:\Windows\System\obwooyO.exe
  2⤵
  PID:7240
- C:\Windows\System\vYXcsAt.exe
  C:\Windows\System\vYXcsAt.exe
  2⤵
  PID:4380
- C:\Windows\System\CgKzszD.exe
  C:\Windows\System\CgKzszD.exe
  2⤵
  PID:7296
- C:\Windows\System\UgroSij.exe
  C:\Windows\System\UgroSij.exe
  2⤵
  PID:7348
- C:\Windows\System\CdzaAdm.exe
  C:\Windows\System\CdzaAdm.exe
  2⤵
  PID:7388
- C:\Windows\System\TIymtsQ.exe
  C:\Windows\System\TIymtsQ.exe
  2⤵
  PID:7464
- C:\Windows\System\lpPicaX.exe
  C:\Windows\System\lpPicaX.exe
  2⤵
  PID:7512
- C:\Windows\System\vRShxhd.exe
  C:\Windows\System\vRShxhd.exe
  2⤵
  PID:7612
- C:\Windows\System\XtOVwCZ.exe
  C:\Windows\System\XtOVwCZ.exe
  2⤵
  PID:7656
- C:\Windows\System\aFJXUYX.exe
  C:\Windows\System\aFJXUYX.exe
  2⤵
  PID:7748
- C:\Windows\System\tPyDTas.exe
  C:\Windows\System\tPyDTas.exe
  2⤵
  PID:7876
- C:\Windows\System\DULUePC.exe
  C:\Windows\System\DULUePC.exe
  2⤵
  PID:7832
- C:\Windows\System\rEhzegn.exe
  C:\Windows\System\rEhzegn.exe
  2⤵
  PID:7840
- C:\Windows\System\lEVYtsE.exe
  C:\Windows\System\lEVYtsE.exe
  2⤵
  PID:8032
- C:\Windows\System\qejKUAg.exe
  C:\Windows\System\qejKUAg.exe
  2⤵
  PID:8072
- C:\Windows\System\nzqovZj.exe
  C:\Windows\System\nzqovZj.exe
  2⤵
  PID:8136
- C:\Windows\System\zkKAljS.exe
  C:\Windows\System\zkKAljS.exe
  2⤵
  PID:7180
- C:\Windows\System\MMONxIl.exe
  C:\Windows\System\MMONxIl.exe
  2⤵
  PID:7300
- C:\Windows\System\XybYYKD.exe
  C:\Windows\System\XybYYKD.exe
  2⤵
  PID:7320
- C:\Windows\System\KqxcYzQ.exe
  C:\Windows\System\KqxcYzQ.exe
  2⤵
  PID:7448
- C:\Windows\System\nSBcIPx.exe
  C:\Windows\System\nSBcIPx.exe
  2⤵
  PID:7688
- C:\Windows\System\xJqQNiM.exe
  C:\Windows\System\xJqQNiM.exe
  2⤵
  PID:7820
- C:\Windows\System\igsNGuo.exe
  C:\Windows\System\igsNGuo.exe
  2⤵
  PID:7944
- C:\Windows\System\aSiYsDS.exe
  C:\Windows\System\aSiYsDS.exe
  2⤵
  PID:8128
- C:\Windows\System\FCNRJrX.exe
  C:\Windows\System\FCNRJrX.exe
  2⤵
  PID:2456
- C:\Windows\System\ynMtIvZ.exe
  C:\Windows\System\ynMtIvZ.exe
  2⤵
  PID:7732
- C:\Windows\System\dBHeZSV.exe
  C:\Windows\System\dBHeZSV.exe
  2⤵
  PID:7900
- C:\Windows\System\kESjVZE.exe
  C:\Windows\System\kESjVZE.exe
  2⤵
  PID:8184
- C:\Windows\System\PQBQJsR.exe
  C:\Windows\System\PQBQJsR.exe
  2⤵
  PID:7632
- C:\Windows\System\zvoZVnJ.exe
  C:\Windows\System\zvoZVnJ.exe
  2⤵
  PID:8208
- C:\Windows\System\jvcDNVh.exe
  C:\Windows\System\jvcDNVh.exe
  2⤵
  PID:8236
- C:\Windows\System\dKFAGJh.exe
  C:\Windows\System\dKFAGJh.exe
  2⤵
  PID:8260
- C:\Windows\System\ukolvgP.exe
  C:\Windows\System\ukolvgP.exe
  2⤵
  PID:8292
- C:\Windows\System\CIDDxoe.exe
  C:\Windows\System\CIDDxoe.exe
  2⤵
  PID:8308
- C:\Windows\System\hiqqCCm.exe
  C:\Windows\System\hiqqCCm.exe
  2⤵
  PID:8332
- C:\Windows\System\wZXlZyd.exe
  C:\Windows\System\wZXlZyd.exe
  2⤵
  PID:8364
- C:\Windows\System\TqvMAMf.exe
  C:\Windows\System\TqvMAMf.exe
  2⤵
  PID:8404
- C:\Windows\System\oOksvUw.exe
  C:\Windows\System\oOksvUw.exe
  2⤵
  PID:8432
- C:\Windows\System\simCnnr.exe
  C:\Windows\System\simCnnr.exe
  2⤵
  PID:8456
- C:\Windows\System\QAmZEkF.exe
  C:\Windows\System\QAmZEkF.exe
  2⤵
  PID:8488
- C:\Windows\System\jhPUeGs.exe
  C:\Windows\System\jhPUeGs.exe
  2⤵
  PID:8504
- C:\Windows\System\SaUYbdz.exe
  C:\Windows\System\SaUYbdz.exe
  2⤵
  PID:8536
- C:\Windows\System\gaTAxvI.exe
  C:\Windows\System\gaTAxvI.exe
  2⤵
  PID:8572
- C:\Windows\System\LRadfBd.exe
  C:\Windows\System\LRadfBd.exe
  2⤵
  PID:8588
- C:\Windows\System\LXhKwnR.exe
  C:\Windows\System\LXhKwnR.exe
  2⤵
  PID:8632
- C:\Windows\System\clZCQbs.exe
  C:\Windows\System\clZCQbs.exe
  2⤵
  PID:8656
- C:\Windows\System\ESdDXsy.exe
  C:\Windows\System\ESdDXsy.exe
  2⤵
  PID:8684
- C:\Windows\System\breftvX.exe
  C:\Windows\System\breftvX.exe
  2⤵
  PID:8704
- C:\Windows\System\iqWYMpf.exe
  C:\Windows\System\iqWYMpf.exe
  2⤵
  PID:8732
- C:\Windows\System\txGaYUm.exe
  C:\Windows\System\txGaYUm.exe
  2⤵
  PID:8764
- C:\Windows\System\UXzojTC.exe
  C:\Windows\System\UXzojTC.exe
  2⤵
  PID:8792
- C:\Windows\System\jUisHpf.exe
  C:\Windows\System\jUisHpf.exe
  2⤵
  PID:8828
- C:\Windows\System\EkTkHbp.exe
  C:\Windows\System\EkTkHbp.exe
  2⤵
  PID:8860
- C:\Windows\System\twzljIV.exe
  C:\Windows\System\twzljIV.exe
  2⤵
  PID:8888
- C:\Windows\System\Bpxzoew.exe
  C:\Windows\System\Bpxzoew.exe
  2⤵
  PID:8904
- C:\Windows\System\YXFrTKd.exe
  C:\Windows\System\YXFrTKd.exe
  2⤵
  PID:8932
- C:\Windows\System\XVSHZAY.exe
  C:\Windows\System\XVSHZAY.exe
  2⤵
  PID:8952
- C:\Windows\System\JYmaxHO.exe
  C:\Windows\System\JYmaxHO.exe
  2⤵
  PID:8984
- C:\Windows\System\SNzdZDS.exe
  C:\Windows\System\SNzdZDS.exe
  2⤵
  PID:9016
- C:\Windows\System\suhsSnB.exe
  C:\Windows\System\suhsSnB.exe
  2⤵
  PID:9056
- C:\Windows\System\CFezXMR.exe
  C:\Windows\System\CFezXMR.exe
  2⤵
  PID:9084
- C:\Windows\System\VxBCGZA.exe
  C:\Windows\System\VxBCGZA.exe
  2⤵
  PID:9100
- C:\Windows\System\OuSjJeN.exe
  C:\Windows\System\OuSjJeN.exe
  2⤵
  PID:9124
- C:\Windows\System\fEhFFbl.exe
  C:\Windows\System\fEhFFbl.exe
  2⤵
  PID:9144
- C:\Windows\System\DoCSkmC.exe
  C:\Windows\System\DoCSkmC.exe
  2⤵
  PID:9180
- C:\Windows\System\RAPDiYp.exe
  C:\Windows\System\RAPDiYp.exe
  2⤵
  PID:8228
- C:\Windows\System\wughOJC.exe
  C:\Windows\System\wughOJC.exe
  2⤵
  PID:8304
- C:\Windows\System\hiPzYBZ.exe
  C:\Windows\System\hiPzYBZ.exe
  2⤵
  PID:8320
- C:\Windows\System\KYUzhNL.exe
  C:\Windows\System\KYUzhNL.exe
  2⤵
  PID:8420
- C:\Windows\System\xtiRZei.exe
  C:\Windows\System\xtiRZei.exe
  2⤵
  PID:8480
- C:\Windows\System\uuxPPNv.exe
  C:\Windows\System\uuxPPNv.exe
  2⤵
  PID:8520
- C:\Windows\System\hqCeiHq.exe
  C:\Windows\System\hqCeiHq.exe
  2⤵
  PID:8584
- C:\Windows\System\noSuHjU.exe
  C:\Windows\System\noSuHjU.exe
  2⤵
  PID:8644
- C:\Windows\System\CXjzvMi.exe
  C:\Windows\System\CXjzvMi.exe
  2⤵
  PID:8724
- C:\Windows\System\LzpZWsk.exe
  C:\Windows\System\LzpZWsk.exe
  2⤵
  PID:8760
- C:\Windows\System\MYoRvhF.exe
  C:\Windows\System\MYoRvhF.exe
  2⤵
  PID:8812
- C:\Windows\System\PJbpNxj.exe
  C:\Windows\System\PJbpNxj.exe
  2⤵
  PID:8856
- C:\Windows\System\lBwIfET.exe
  C:\Windows\System\lBwIfET.exe
  2⤵
  PID:8940
- C:\Windows\System\IMHgPeD.exe
  C:\Windows\System\IMHgPeD.exe
  2⤵
  PID:9008
- C:\Windows\System\OecFpES.exe
  C:\Windows\System\OecFpES.exe
  2⤵
  PID:9140
- C:\Windows\System\muKPOlq.exe
  C:\Windows\System\muKPOlq.exe
  2⤵
  PID:9176
- C:\Windows\System\dYHLMug.exe
  C:\Windows\System\dYHLMug.exe
  2⤵
  PID:8256
- C:\Windows\System\wKXtImZ.exe
  C:\Windows\System\wKXtImZ.exe
  2⤵
  PID:8400
- C:\Windows\System\kWVOVtz.exe
  C:\Windows\System\kWVOVtz.exe
  2⤵
  PID:8580
- C:\Windows\System\eqrJKuh.exe
  C:\Windows\System\eqrJKuh.exe
  2⤵
  PID:4888
- C:\Windows\System\YKdPCrN.exe
  C:\Windows\System\YKdPCrN.exe
  2⤵
  PID:8920
- C:\Windows\System\pjOdJxO.exe
  C:\Windows\System\pjOdJxO.exe
  2⤵
  PID:9068
- C:\Windows\System\LRAcXMH.exe
  C:\Windows\System\LRAcXMH.exe
  2⤵
  PID:8324
- C:\Windows\System\KzbhYZk.exe
  C:\Windows\System\KzbhYZk.exe
  2⤵
  PID:8500
- C:\Windows\System\FQbIVKU.exe
  C:\Windows\System\FQbIVKU.exe
  2⤵
  PID:9080
- C:\Windows\System\tmuelpk.exe
  C:\Windows\System\tmuelpk.exe
  2⤵
  PID:7768
- C:\Windows\System\YMtJsZt.exe
  C:\Windows\System\YMtJsZt.exe
  2⤵
  PID:8900
- C:\Windows\System\KvCyIcG.exe
  C:\Windows\System\KvCyIcG.exe
  2⤵
  PID:9244
- C:\Windows\System\qscyQQg.exe
  C:\Windows\System\qscyQQg.exe
  2⤵
  PID:9268
- C:\Windows\System\BuDgclN.exe
  C:\Windows\System\BuDgclN.exe
  2⤵
  PID:9284
- C:\Windows\System\vjnYViP.exe
  C:\Windows\System\vjnYViP.exe
  2⤵
  PID:9316
- C:\Windows\System\vEcsldi.exe
  C:\Windows\System\vEcsldi.exe
  2⤵
  PID:9336
- C:\Windows\System\WQrJihy.exe
  C:\Windows\System\WQrJihy.exe
  2⤵
  PID:9372
- C:\Windows\System\fqGYyfj.exe
  C:\Windows\System\fqGYyfj.exe
  2⤵
  PID:9396
- C:\Windows\System\sJIMXrr.exe
  C:\Windows\System\sJIMXrr.exe
  2⤵
  PID:9428
- C:\Windows\System\AvxmDbN.exe
  C:\Windows\System\AvxmDbN.exe
  2⤵
  PID:9460
- C:\Windows\System\mPSiCeJ.exe
  C:\Windows\System\mPSiCeJ.exe
  2⤵
  PID:9504
- C:\Windows\System\eaqUkTW.exe
  C:\Windows\System\eaqUkTW.exe
  2⤵
  PID:9532
- C:\Windows\System\KTcHGWk.exe
  C:\Windows\System\KTcHGWk.exe
  2⤵
  PID:9548
- C:\Windows\System\bJyZKFM.exe
  C:\Windows\System\bJyZKFM.exe
  2⤵
  PID:9576
- C:\Windows\System\faKFTtX.exe
  C:\Windows\System\faKFTtX.exe
  2⤵
  PID:9604
- C:\Windows\System\RSFJMeM.exe
  C:\Windows\System\RSFJMeM.exe
  2⤵
  PID:9628
- C:\Windows\System\qsBgHYk.exe
  C:\Windows\System\qsBgHYk.exe
  2⤵
  PID:9652
- C:\Windows\System\VAPzfdC.exe
  C:\Windows\System\VAPzfdC.exe
  2⤵
  PID:9676
- C:\Windows\System\wYkeeNl.exe
  C:\Windows\System\wYkeeNl.exe
  2⤵
  PID:9708
- C:\Windows\System\hoBBXwC.exe
  C:\Windows\System\hoBBXwC.exe
  2⤵
  PID:9748
- C:\Windows\System\xnTbvPW.exe
  C:\Windows\System\xnTbvPW.exe
  2⤵
  PID:9764
- C:\Windows\System\rvchEvj.exe
  C:\Windows\System\rvchEvj.exe
  2⤵
  PID:9804
- C:\Windows\System\oWyHiyG.exe
  C:\Windows\System\oWyHiyG.exe
  2⤵
  PID:9844
- C:\Windows\System\SeAyGnH.exe
  C:\Windows\System\SeAyGnH.exe
  2⤵
  PID:9868
- C:\Windows\System\QFCWFlb.exe
  C:\Windows\System\QFCWFlb.exe
  2⤵
  PID:9888
- C:\Windows\System\UgKpUZb.exe
  C:\Windows\System\UgKpUZb.exe
  2⤵
  PID:9916
- C:\Windows\System\BXAnOxk.exe
  C:\Windows\System\BXAnOxk.exe
  2⤵
  PID:9956
- C:\Windows\System\ZbZqNtd.exe
  C:\Windows\System\ZbZqNtd.exe
  2⤵
  PID:9972
- C:\Windows\System\NNUYbro.exe
  C:\Windows\System\NNUYbro.exe
  2⤵
  PID:10012
- C:\Windows\System\vXhGkFm.exe
  C:\Windows\System\vXhGkFm.exe
  2⤵
  PID:10040
- C:\Windows\System\pKHXANP.exe
  C:\Windows\System\pKHXANP.exe
  2⤵
  PID:10056
- C:\Windows\System\OWNwYrp.exe
  C:\Windows\System\OWNwYrp.exe
  2⤵
  PID:10076
- C:\Windows\System\OOLMozw.exe
  C:\Windows\System\OOLMozw.exe
  2⤵
  PID:10096
- C:\Windows\System\cdKkkNa.exe
  C:\Windows\System\cdKkkNa.exe
  2⤵
  PID:10124
- C:\Windows\System\zgJshHo.exe
  C:\Windows\System\zgJshHo.exe
  2⤵
  PID:10180
- C:\Windows\System\MTevMNK.exe
  C:\Windows\System\MTevMNK.exe
  2⤵
  PID:10196
- C:\Windows\System\btxIshH.exe
  C:\Windows\System\btxIshH.exe
  2⤵
  PID:10224
- C:\Windows\System\ZvXfITk.exe
  C:\Windows\System\ZvXfITk.exe
  2⤵
  PID:9224
- C:\Windows\System\wgmwTLd.exe
  C:\Windows\System\wgmwTLd.exe
  2⤵
  PID:9296
- C:\Windows\System\OVBMMph.exe
  C:\Windows\System\OVBMMph.exe
  2⤵
  PID:9344
- C:\Windows\System\RncmLNt.exe
  C:\Windows\System\RncmLNt.exe
  2⤵
  PID:9436
- C:\Windows\System\nTOyBUL.exe
  C:\Windows\System\nTOyBUL.exe
  2⤵
  PID:9476
- C:\Windows\System\NNtxOAC.exe
  C:\Windows\System\NNtxOAC.exe
  2⤵
  PID:8852
- C:\Windows\System\hBXzTto.exe
  C:\Windows\System\hBXzTto.exe
  2⤵
  PID:9620
- C:\Windows\System\vnYwiMf.exe
  C:\Windows\System\vnYwiMf.exe
  2⤵
  PID:9664
- C:\Windows\System\SONiwwJ.exe
  C:\Windows\System\SONiwwJ.exe
  2⤵
  PID:9728
- C:\Windows\System\PenJxbs.exe
  C:\Windows\System\PenJxbs.exe
  2⤵
  PID:9812
- C:\Windows\System\rzaocYI.exe
  C:\Windows\System\rzaocYI.exe
  2⤵
  PID:9860
- C:\Windows\System\guKCRBj.exe
  C:\Windows\System\guKCRBj.exe
  2⤵
  PID:9904
- C:\Windows\System\rSZYQDQ.exe
  C:\Windows\System\rSZYQDQ.exe
  2⤵
  PID:9964
- C:\Windows\System\wCfkWpt.exe
  C:\Windows\System\wCfkWpt.exe
  2⤵
  PID:10036
- C:\Windows\System\xEEVnRk.exe
  C:\Windows\System\xEEVnRk.exe
  2⤵
  PID:10084
- C:\Windows\System\DWXZapp.exe
  C:\Windows\System\DWXZapp.exe
  2⤵
  PID:10176
- C:\Windows\System\wOxeBHF.exe
  C:\Windows\System\wOxeBHF.exe
  2⤵
  PID:10216
- C:\Windows\System\iySCyuD.exe
  C:\Windows\System\iySCyuD.exe
  2⤵
  PID:9168
- C:\Windows\System\SXiocdk.exe
  C:\Windows\System\SXiocdk.exe
  2⤵
  PID:9356
- C:\Windows\System\lRVonns.exe
  C:\Windows\System\lRVonns.exe
  2⤵
  PID:9488
- C:\Windows\System\Kkfrgve.exe
  C:\Windows\System\Kkfrgve.exe
  2⤵
  PID:9560
- C:\Windows\System\mAcXvEA.exe
  C:\Windows\System\mAcXvEA.exe
  2⤵
  PID:9736
- C:\Windows\System\GtMhtLq.exe
  C:\Windows\System\GtMhtLq.exe
  2⤵
  PID:9788
- C:\Windows\System\JloyhTM.exe
  C:\Windows\System\JloyhTM.exe
  2⤵
  PID:9948
- C:\Windows\System\iyagUNK.exe
  C:\Windows\System\iyagUNK.exe
  2⤵
  PID:10108
- C:\Windows\System\xYdpNIK.exe
  C:\Windows\System\xYdpNIK.exe
  2⤵
  PID:10212
- C:\Windows\System\HrEgAfz.exe
  C:\Windows\System\HrEgAfz.exe
  2⤵
  PID:9588
- C:\Windows\System\QjVAphr.exe
  C:\Windows\System\QjVAphr.exe
  2⤵
  PID:9724
- C:\Windows\System\nwmWhGU.exe
  C:\Windows\System\nwmWhGU.exe
  2⤵
  PID:10192
- C:\Windows\System\YEQnwQM.exe
  C:\Windows\System\YEQnwQM.exe
  2⤵
  PID:9596
- C:\Windows\System\nMawrqs.exe
  C:\Windows\System\nMawrqs.exe
  2⤵
  PID:9392
- C:\Windows\System\tsXSTNl.exe
  C:\Windows\System\tsXSTNl.exe
  2⤵
  PID:10248
- C:\Windows\System\LzYjJKD.exe
  C:\Windows\System\LzYjJKD.exe
  2⤵
  PID:10276
- C:\Windows\System\MMJJDZi.exe
  C:\Windows\System\MMJJDZi.exe
  2⤵
  PID:10316
- C:\Windows\System\iTgxijo.exe
  C:\Windows\System\iTgxijo.exe
  2⤵
  PID:10332
- C:\Windows\System\ovdXfuA.exe
  C:\Windows\System\ovdXfuA.exe
  2⤵
  PID:10364
- C:\Windows\System\xootYhc.exe
  C:\Windows\System\xootYhc.exe
  2⤵
  PID:10388
- C:\Windows\System\gqznhIZ.exe
  C:\Windows\System\gqznhIZ.exe
  2⤵
  PID:10412
- C:\Windows\System\PZufyDe.exe
  C:\Windows\System\PZufyDe.exe
  2⤵
  PID:10444
- C:\Windows\System\RTbGQiz.exe
  C:\Windows\System\RTbGQiz.exe
  2⤵
  PID:10468
- C:\Windows\System\hsaQTYP.exe
  C:\Windows\System\hsaQTYP.exe
  2⤵
  PID:10508
- C:\Windows\System\QbfIzzs.exe
  C:\Windows\System\QbfIzzs.exe
  2⤵
  PID:10532
- C:\Windows\System\gGNjlgo.exe
  C:\Windows\System\gGNjlgo.exe
  2⤵
  PID:10552
- C:\Windows\System\jlRqLvc.exe
  C:\Windows\System\jlRqLvc.exe
  2⤵
  PID:10592
- C:\Windows\System\kmzdyhW.exe
  C:\Windows\System\kmzdyhW.exe
  2⤵
  PID:10616
- C:\Windows\System\bmDiukD.exe
  C:\Windows\System\bmDiukD.exe
  2⤵
  PID:10636
- C:\Windows\System\CaOirdw.exe
  C:\Windows\System\CaOirdw.exe
  2⤵
  PID:10656
- C:\Windows\System\wLFOcat.exe
  C:\Windows\System\wLFOcat.exe
  2⤵
  PID:10676
- C:\Windows\System\HvuOxJw.exe
  C:\Windows\System\HvuOxJw.exe
  2⤵
  PID:10708
- C:\Windows\System\EgIVPgR.exe
  C:\Windows\System\EgIVPgR.exe
  2⤵
  PID:10732
- C:\Windows\System\EhwJTJo.exe
  C:\Windows\System\EhwJTJo.exe
  2⤵
  PID:10752
- C:\Windows\System\ZJqTMdG.exe
  C:\Windows\System\ZJqTMdG.exe
  2⤵
  PID:10784
- C:\Windows\System\BDTYHtO.exe
  C:\Windows\System\BDTYHtO.exe
  2⤵
  PID:10816
- C:\Windows\System\RBawSzC.exe
  C:\Windows\System\RBawSzC.exe
  2⤵
  PID:10872
- C:\Windows\System\wBJQfMl.exe
  C:\Windows\System\wBJQfMl.exe
  2⤵
  PID:10904
- C:\Windows\System\DTpezyz.exe
  C:\Windows\System\DTpezyz.exe
  2⤵
  PID:10924
- C:\Windows\System\usHdobR.exe
  C:\Windows\System\usHdobR.exe
  2⤵
  PID:10964
- C:\Windows\System\qVpBZuD.exe
  C:\Windows\System\qVpBZuD.exe
  2⤵
  PID:10992
- C:\Windows\System\ODiJDWw.exe
  C:\Windows\System\ODiJDWw.exe
  2⤵
  PID:11008
- C:\Windows\System\csQwXHZ.exe
  C:\Windows\System\csQwXHZ.exe
  2⤵
  PID:11036
- C:\Windows\System\bGBaVxX.exe
  C:\Windows\System\bGBaVxX.exe
  2⤵
  PID:11064
- C:\Windows\System\BtBRqrm.exe
  C:\Windows\System\BtBRqrm.exe
  2⤵
  PID:11080
- C:\Windows\System\xSVgIcW.exe
  C:\Windows\System\xSVgIcW.exe
  2⤵
  PID:11104
- C:\Windows\System\lnwxNqp.exe
  C:\Windows\System\lnwxNqp.exe
  2⤵
  PID:11160
- C:\Windows\System\zuRIiZV.exe
  C:\Windows\System\zuRIiZV.exe
  2⤵
  PID:11176
- C:\Windows\System\ANDfvcm.exe
  C:\Windows\System\ANDfvcm.exe
  2⤵
  PID:11216
- C:\Windows\System\WUBeWYo.exe
  C:\Windows\System\WUBeWYo.exe
  2⤵
  PID:11244
- C:\Windows\System\FCZAYxL.exe
  C:\Windows\System\FCZAYxL.exe
  2⤵
  PID:3756
- C:\Windows\System\irTvIhU.exe
  C:\Windows\System\irTvIhU.exe
  2⤵
  PID:10312
- C:\Windows\System\dcEkEDt.exe
  C:\Windows\System\dcEkEDt.exe
  2⤵
  PID:10356
- C:\Windows\System\EHSDfNc.exe
  C:\Windows\System\EHSDfNc.exe
  2⤵
  PID:10384
- C:\Windows\System\PqtwpwM.exe
  C:\Windows\System\PqtwpwM.exe
  2⤵
  PID:10488
- C:\Windows\System\MiZRNyw.exe
  C:\Windows\System\MiZRNyw.exe
  2⤵
  PID:10520
- C:\Windows\System\dpFdiRb.exe
  C:\Windows\System\dpFdiRb.exe
  2⤵
  PID:10600
- C:\Windows\System\MHJBhio.exe
  C:\Windows\System\MHJBhio.exe
  2⤵
  PID:10652
- C:\Windows\System\DesGtUP.exe
  C:\Windows\System\DesGtUP.exe
  2⤵
  PID:10748
- C:\Windows\System\VkEdhNM.exe
  C:\Windows\System\VkEdhNM.exe
  2⤵
  PID:10744
- C:\Windows\System\LYnQGyA.exe
  C:\Windows\System\LYnQGyA.exe
  2⤵
  PID:10828
- C:\Windows\System\xesjsIL.exe
  C:\Windows\System\xesjsIL.exe
  2⤵
  PID:10880
- C:\Windows\System\wDtybZd.exe
  C:\Windows\System\wDtybZd.exe
  2⤵
  PID:10944
- C:\Windows\System\pBZRFhe.exe
  C:\Windows\System\pBZRFhe.exe
  2⤵
  PID:11056
- C:\Windows\System\RMoDfJT.exe
  C:\Windows\System\RMoDfJT.exe
  2⤵
  PID:11100
- C:\Windows\System\dcfVvvz.exe
  C:\Windows\System\dcfVvvz.exe
  2⤵
  PID:11168
- C:\Windows\System\VmpdnVE.exe
  C:\Windows\System\VmpdnVE.exe
  2⤵
  PID:11232
- C:\Windows\System\YuFHdjr.exe
  C:\Windows\System\YuFHdjr.exe
  2⤵
  PID:3984
- C:\Windows\System\buAKhKl.exe
  C:\Windows\System\buAKhKl.exe
  2⤵
  PID:1972
- C:\Windows\System\PWelWbc.exe
  C:\Windows\System\PWelWbc.exe
  2⤵
  PID:10452
- C:\Windows\System\YKWZmFh.exe
  C:\Windows\System\YKWZmFh.exe
  2⤵
  PID:10572
- C:\Windows\System\BERmBsP.exe
  C:\Windows\System\BERmBsP.exe
  2⤵
  PID:10668
- C:\Windows\System\fScQQMp.exe
  C:\Windows\System\fScQQMp.exe
  2⤵
  PID:10772
- C:\Windows\System\iIAvGnH.exe
  C:\Windows\System\iIAvGnH.exe
  2⤵
  PID:10896
- C:\Windows\System\aMhuuCn.exe
  C:\Windows\System\aMhuuCn.exe
  2⤵
  PID:11072
- C:\Windows\System\ptIverN.exe
  C:\Windows\System\ptIverN.exe
  2⤵
  PID:11152
- C:\Windows\System\VCQkuyz.exe
  C:\Windows\System\VCQkuyz.exe
  2⤵
  PID:10308
- C:\Windows\System\rMOoXzp.exe
  C:\Windows\System\rMOoXzp.exe
  2⤵
  PID:10580
- C:\Windows\System\lSVJsLv.exe
  C:\Windows\System\lSVJsLv.exe
  2⤵
  PID:11144
- C:\Windows\System\GcQmRoK.exe
  C:\Windows\System\GcQmRoK.exe
  2⤵
  PID:10352
- C:\Windows\System\ndxWqvP.exe
  C:\Windows\System\ndxWqvP.exe
  2⤵
  PID:11004
- C:\Windows\System\DkMzEVp.exe
  C:\Windows\System\DkMzEVp.exe
  2⤵
  PID:11280
- C:\Windows\System\vgWxQMT.exe
  C:\Windows\System\vgWxQMT.exe
  2⤵
  PID:11320
- C:\Windows\System\oTevxWX.exe
  C:\Windows\System\oTevxWX.exe
  2⤵
  PID:11340
- C:\Windows\System\iYFkWAq.exe
  C:\Windows\System\iYFkWAq.exe
  2⤵
  PID:11388
- C:\Windows\System\kSaoybN.exe
  C:\Windows\System\kSaoybN.exe
  2⤵
  PID:11408
- C:\Windows\System\RktfZVq.exe
  C:\Windows\System\RktfZVq.exe
  2⤵
  PID:11448
- C:\Windows\System\LeicpwH.exe
  C:\Windows\System\LeicpwH.exe
  2⤵
  PID:11472
- C:\Windows\System\nAKAKsB.exe
  C:\Windows\System\nAKAKsB.exe
  2⤵
  PID:11492
- C:\Windows\System\rCfLOYE.exe
  C:\Windows\System\rCfLOYE.exe
  2⤵
  PID:11532
- C:\Windows\System\MVBQJAL.exe
  C:\Windows\System\MVBQJAL.exe
  2⤵
  PID:11548
- C:\Windows\System\AsmIzHu.exe
  C:\Windows\System\AsmIzHu.exe
  2⤵
  PID:11564
- C:\Windows\System\QqqiOMk.exe
  C:\Windows\System\QqqiOMk.exe
  2⤵
  PID:11608
- C:\Windows\System\tmWjhax.exe
  C:\Windows\System\tmWjhax.exe
  2⤵
  PID:11648
- C:\Windows\System\IgiVgno.exe
  C:\Windows\System\IgiVgno.exe
  2⤵
  PID:11672
- C:\Windows\System\RhoLAoY.exe
  C:\Windows\System\RhoLAoY.exe
  2⤵
  PID:11696
- C:\Windows\System\BONAEww.exe
  C:\Windows\System\BONAEww.exe
  2⤵
  PID:11736
- C:\Windows\System\ooibnOx.exe
  C:\Windows\System\ooibnOx.exe
  2⤵
  PID:11772
- C:\Windows\System\gYGkQiO.exe
  C:\Windows\System\gYGkQiO.exe
  2⤵
  PID:11796
- C:\Windows\System\DoiFtQR.exe
  C:\Windows\System\DoiFtQR.exe
  2⤵
  PID:11816
- C:\Windows\System\ACjxjOm.exe
  C:\Windows\System\ACjxjOm.exe
  2⤵
  PID:11836
- C:\Windows\System\upKifwm.exe
  C:\Windows\System\upKifwm.exe
  2⤵
  PID:11888
- C:\Windows\System\XCoCKbm.exe
  C:\Windows\System\XCoCKbm.exe
  2⤵
  PID:11912
- C:\Windows\System\VfuvKBL.exe
  C:\Windows\System\VfuvKBL.exe
  2⤵
  PID:11960
- C:\Windows\System\khuoSeQ.exe
  C:\Windows\System\khuoSeQ.exe
  2⤵
  PID:11996
- C:\Windows\System\blBPMIr.exe
  C:\Windows\System\blBPMIr.exe
  2⤵
  PID:12024
- C:\Windows\System\AYmMTFB.exe
  C:\Windows\System\AYmMTFB.exe
  2⤵
  PID:12040
- C:\Windows\System\cniuFnF.exe
  C:\Windows\System\cniuFnF.exe
  2⤵
  PID:12068
- C:\Windows\System\FFRZIqG.exe
  C:\Windows\System\FFRZIqG.exe
  2⤵
  PID:12096
- C:\Windows\System\VcZztXQ.exe
  C:\Windows\System\VcZztXQ.exe
  2⤵
  PID:12112
- C:\Windows\System\LZijORQ.exe
  C:\Windows\System\LZijORQ.exe
  2⤵
  PID:12148
- C:\Windows\System\TbDpdTr.exe
  C:\Windows\System\TbDpdTr.exe
  2⤵
  PID:12168
- C:\Windows\System\SSeTKTK.exe
  C:\Windows\System\SSeTKTK.exe
  2⤵
  PID:12224
- C:\Windows\System\HsGMqSv.exe
  C:\Windows\System\HsGMqSv.exe
  2⤵
  PID:12240
- C:\Windows\System\HcmGxbX.exe
  C:\Windows\System\HcmGxbX.exe
  2⤵
  PID:12268
- C:\Windows\System\hUOxuRd.exe
  C:\Windows\System\hUOxuRd.exe
  2⤵
  PID:10456
- C:\Windows\System\zpkbjbR.exe
  C:\Windows\System\zpkbjbR.exe
  2⤵
  PID:11300
- C:\Windows\System\aQkSpma.exe
  C:\Windows\System\aQkSpma.exe
  2⤵
  PID:11400
- C:\Windows\System\gZzSwSZ.exe
  C:\Windows\System\gZzSwSZ.exe
  2⤵
  PID:11464
- C:\Windows\System\BpQJEYm.exe
  C:\Windows\System\BpQJEYm.exe
  2⤵
  PID:11504
- C:\Windows\System\sJZKTNS.exe
  C:\Windows\System\sJZKTNS.exe
  2⤵
  PID:11588
- C:\Windows\System\FwqIZUB.exe
  C:\Windows\System\FwqIZUB.exe
  2⤵
  PID:11656
- C:\Windows\System\RVehNZl.exe
  C:\Windows\System\RVehNZl.exe
  2⤵
  PID:11720
- C:\Windows\System\neBHSJl.exe
  C:\Windows\System\neBHSJl.exe
  2⤵
  PID:11764
- C:\Windows\System\cOqArIu.exe
  C:\Windows\System\cOqArIu.exe
  2⤵
  PID:11884
- C:\Windows\System\IEdLCkx.exe
  C:\Windows\System\IEdLCkx.exe
  2⤵
  PID:11928
- C:\Windows\System\zksAPwE.exe
  C:\Windows\System\zksAPwE.exe
  2⤵
  PID:12036
- C:\Windows\System\aiRomtg.exe
  C:\Windows\System\aiRomtg.exe
  2⤵
  PID:12088
- C:\Windows\System\gWQdTaS.exe
  C:\Windows\System\gWQdTaS.exe
  2⤵
  PID:12140
- C:\Windows\System\xWxjtwK.exe
  C:\Windows\System\xWxjtwK.exe
  2⤵
  PID:12184
- C:\Windows\System\sWliMlp.exe
  C:\Windows\System\sWliMlp.exe
  2⤵
  PID:12260
- C:\Windows\System\KtWopqD.exe
  C:\Windows\System\KtWopqD.exe
  2⤵
  PID:10372
- C:\Windows\System\IigolFw.exe
  C:\Windows\System\IigolFw.exe
  2⤵
  PID:11488
- C:\Windows\System\ntIRIPN.exe
  C:\Windows\System\ntIRIPN.exe
  2⤵
  PID:11680
- C:\Windows\System\MLCCCCm.exe
  C:\Windows\System\MLCCCCm.exe
  2⤵
  PID:11788
- C:\Windows\System\nFjgbJy.exe
  C:\Windows\System\nFjgbJy.exe
  2⤵
  PID:12092
- C:\Windows\System\VfelyvE.exe
  C:\Windows\System\VfelyvE.exe
  2⤵
  PID:12104
- C:\Windows\System\mqBEHCy.exe
  C:\Windows\System\mqBEHCy.exe
  2⤵
  PID:10268
- C:\Windows\System\kYxLhQy.exe
  C:\Windows\System\kYxLhQy.exe
  2⤵
  PID:11556
- C:\Windows\System\MuIetTi.exe
  C:\Windows\System\MuIetTi.exe
  2⤵
  PID:11972
- C:\Windows\System\hXVMAkl.exe
  C:\Windows\System\hXVMAkl.exe
  2⤵
  PID:11380
- C:\Windows\System\bDWURNn.exe
  C:\Windows\System\bDWURNn.exe
  2⤵
  PID:11420
- C:\Windows\System\KcFmELO.exe
  C:\Windows\System\KcFmELO.exe
  2⤵
  PID:12308
- C:\Windows\System\AwkYuCv.exe
  C:\Windows\System\AwkYuCv.exe
  2⤵
  PID:12328
- C:\Windows\System\mrzJFAL.exe
  C:\Windows\System\mrzJFAL.exe
  2⤵
  PID:12344
- C:\Windows\System\YWeCWKm.exe
  C:\Windows\System\YWeCWKm.exe
  2⤵
  PID:12372
- C:\Windows\System\hnDLuIM.exe
  C:\Windows\System\hnDLuIM.exe
  2⤵
  PID:12408
- C:\Windows\System\QOOWpRC.exe
  C:\Windows\System\QOOWpRC.exe
  2⤵
  PID:12432
- C:\Windows\System\KhCgsEG.exe
  C:\Windows\System\KhCgsEG.exe
  2⤵
  PID:12452
- C:\Windows\System\rCDCesW.exe
  C:\Windows\System\rCDCesW.exe
  2⤵
  PID:12484
- C:\Windows\System\jFIxhWR.exe
  C:\Windows\System\jFIxhWR.exe
  2⤵
  PID:12528
- C:\Windows\System\XOdThtx.exe
  C:\Windows\System\XOdThtx.exe
  2⤵
  PID:12560
- C:\Windows\System\XSUWwwi.exe
  C:\Windows\System\XSUWwwi.exe
  2⤵
  PID:12596
- C:\Windows\System\HsrwKqd.exe
  C:\Windows\System\HsrwKqd.exe
  2⤵
  PID:12612
- C:\Windows\System\PftGEQp.exe
  C:\Windows\System\PftGEQp.exe
  2⤵
  PID:12636
- C:\Windows\System\yumeDJr.exe
  C:\Windows\System\yumeDJr.exe
  2⤵
  PID:12668
- C:\Windows\System\dcytskS.exe
  C:\Windows\System\dcytskS.exe
  2⤵
  PID:12688
- C:\Windows\System\UcPMgML.exe
  C:\Windows\System\UcPMgML.exe
  2⤵
  PID:12716
- C:\Windows\System\taQHbnw.exe
  C:\Windows\System\taQHbnw.exe
  2⤵
  PID:12748
- C:\Windows\System\HCGnwLa.exe
  C:\Windows\System\HCGnwLa.exe
  2⤵
  PID:12768
- C:\Windows\System\zFsuQiE.exe
  C:\Windows\System\zFsuQiE.exe
  2⤵
  PID:12792
- C:\Windows\System\ZcaKLmL.exe
  C:\Windows\System\ZcaKLmL.exe
  2⤵
  PID:12836
- C:\Windows\System\nJqVWcV.exe
  C:\Windows\System\nJqVWcV.exe
  2⤵
  PID:12856
- C:\Windows\System\ylvsDev.exe
  C:\Windows\System\ylvsDev.exe
  2⤵
  PID:12932
- C:\Windows\System\yBVVNJd.exe
  C:\Windows\System\yBVVNJd.exe
  2⤵
  PID:12948
- C:\Windows\System\AEqDUYJ.exe
  C:\Windows\System\AEqDUYJ.exe
  2⤵
  PID:12964
- C:\Windows\System\EpJMIXx.exe
  C:\Windows\System\EpJMIXx.exe
  2⤵
  PID:12992
- C:\Windows\System\aVVxYsf.exe
  C:\Windows\System\aVVxYsf.exe
  2⤵
  PID:13012
- C:\Windows\System\ntZdiop.exe
  C:\Windows\System\ntZdiop.exe
  2⤵
  PID:13080
- C:\Windows\System\qUuPJNj.exe
  C:\Windows\System\qUuPJNj.exe
  2⤵
  PID:13124
- C:\Windows\System\HLoQgLP.exe
  C:\Windows\System\HLoQgLP.exe
  2⤵
  PID:13144
- C:\Windows\System\hZZIpgq.exe
  C:\Windows\System\hZZIpgq.exe
  2⤵
  PID:13184
- C:\Windows\System\hLulHPg.exe
  C:\Windows\System\hLulHPg.exe
  2⤵
  PID:13212
- C:\Windows\System\NkMDDrk.exe
  C:\Windows\System\NkMDDrk.exe
  2⤵
  PID:13248
- C:\Windows\System\roxrCyK.exe
  C:\Windows\System\roxrCyK.exe
  2⤵
  PID:13300
- C:\Windows\System\nSZlBNb.exe
  C:\Windows\System\nSZlBNb.exe
  2⤵
  PID:11908
- C:\Windows\System\sUEcYmf.exe
  C:\Windows\System\sUEcYmf.exe
  2⤵
  PID:12380
- C:\Windows\System\RAtlBCu.exe
  C:\Windows\System\RAtlBCu.exe
  2⤵
  PID:12400
- C:\Windows\System\pRQskIF.exe
  C:\Windows\System\pRQskIF.exe
  2⤵
  PID:12496
- C:\Windows\System\RJjRMnt.exe
  C:\Windows\System\RJjRMnt.exe
  2⤵
  PID:12512
- C:\Windows\System\VpgNkPQ.exe
  C:\Windows\System\VpgNkPQ.exe
  2⤵
  PID:12584
- C:\Windows\System\friSsnW.exe
  C:\Windows\System\friSsnW.exe
  2⤵
  PID:12624
- C:\Windows\System\OIwZlWS.exe
  C:\Windows\System\OIwZlWS.exe
  2⤵
  PID:12760
- C:\Windows\System\ODwToTh.exe
  C:\Windows\System\ODwToTh.exe
  2⤵
  PID:12844
- C:\Windows\System\wVTIGAk.exe
  C:\Windows\System\wVTIGAk.exe
  2⤵
  PID:13036
- C:\Windows\System\omWEhoB.exe
  C:\Windows\System\omWEhoB.exe
  2⤵
  PID:13136
- C:\Windows\System\qDwJCau.exe
  C:\Windows\System\qDwJCau.exe
  2⤵
  PID:13164
- C:\Windows\System\rBokmjB.exe
  C:\Windows\System\rBokmjB.exe
  2⤵
  PID:13292
- C:\Windows\System\kiKbxDe.exe
  C:\Windows\System\kiKbxDe.exe
  2⤵
  PID:12320
- C:\Windows\System\iUBsSMQ.exe
  C:\Windows\System\iUBsSMQ.exe
  2⤵
  PID:12524
- C:\Windows\System\viWZVlg.exe
  C:\Windows\System\viWZVlg.exe
  2⤵
  PID:2640
- C:\Windows\System\FyBGoUR.exe
  C:\Windows\System\FyBGoUR.exe
  2⤵
  PID:12744
- C:\Windows\System\VhttiGW.exe
  C:\Windows\System\VhttiGW.exe
  2⤵
  PID:12828
- C:\Windows\System\jgajabW.exe
  C:\Windows\System\jgajabW.exe
  2⤵
  PID:13100
- C:\Windows\System\KMBSWtJ.exe
  C:\Windows\System\KMBSWtJ.exe
  2⤵
  PID:12424
- C:\Windows\System\iQszgTM.exe
  C:\Windows\System\iQszgTM.exe
  2⤵
  PID:12648
- C:\Windows\System\zUTTyMh.exe
  C:\Windows\System\zUTTyMh.exe
  2⤵
  PID:12784
- C:\Windows\System\BXXUDsr.exe
  C:\Windows\System\BXXUDsr.exe
  2⤵
  PID:13208
- C:\Windows\System\NUoJCmj.exe
  C:\Windows\System\NUoJCmj.exe
  2⤵
  PID:13320
- C:\Windows\System\MYGSaeb.exe
  C:\Windows\System\MYGSaeb.exe
  2⤵
  PID:13336
- C:\Windows\System\VuaLIQr.exe
  C:\Windows\System\VuaLIQr.exe
  2⤵
  PID:13384
- C:\Windows\System\zBVTPIW.exe
  C:\Windows\System\zBVTPIW.exe
  2⤵
  PID:13412
- C:\Windows\System\lOBddGv.exe
  C:\Windows\System\lOBddGv.exe
  2⤵
  PID:13444
- C:\Windows\System\YQSPIdw.exe
  C:\Windows\System\YQSPIdw.exe
  2⤵
  PID:13472
- C:\Windows\System\cndMkLw.exe
  C:\Windows\System\cndMkLw.exe
  2⤵
  PID:13488
- C:\Windows\System\edNjcfw.exe
  C:\Windows\System\edNjcfw.exe
  2⤵
  PID:13540
- C:\Windows\System\NzoJgGw.exe
  C:\Windows\System\NzoJgGw.exe
  2⤵
  PID:13576
- C:\Windows\System\ZvECRBn.exe
  C:\Windows\System\ZvECRBn.exe
  2⤵
  PID:13608
- C:\Windows\System\nJEZbUc.exe
  C:\Windows\System\nJEZbUc.exe
  2⤵
  PID:13640
- C:\Windows\System\bxTvPSP.exe
  C:\Windows\System\bxTvPSP.exe
  2⤵
  PID:13668
- C:\Windows\System\CZEAdMY.exe
  C:\Windows\System\CZEAdMY.exe
  2⤵
  PID:13684
- C:\Windows\System\FBImUrQ.exe
  C:\Windows\System\FBImUrQ.exe
  2⤵
  PID:13700
- C:\Windows\System\VwMNDwQ.exe
  C:\Windows\System\VwMNDwQ.exe
  2⤵
  PID:13744
- C:\Windows\System\CBbLsmx.exe
  C:\Windows\System\CBbLsmx.exe
  2⤵
  PID:13772
- C:\Windows\System\hLepYiw.exe
  C:\Windows\System\hLepYiw.exe
  2⤵
  PID:13812
- C:\Windows\System\LZFipCe.exe
  C:\Windows\System\LZFipCe.exe
  2⤵
  PID:13828
- C:\Windows\System\EBLpFOa.exe
  C:\Windows\System\EBLpFOa.exe
  2⤵
  PID:13868
- C:\Windows\System\BeqcpIx.exe
  C:\Windows\System\BeqcpIx.exe
  2⤵
  PID:13888
- C:\Windows\System\ydRzMOA.exe
  C:\Windows\System\ydRzMOA.exe
  2⤵
  PID:13924
- C:\Windows\System\YusxLZA.exe
  C:\Windows\System\YusxLZA.exe
  2⤵
  PID:13960
- C:\Windows\System\ByhkXhf.exe
  C:\Windows\System\ByhkXhf.exe
  2⤵
  PID:13976
- C:\Windows\System\qBoccTc.exe
  C:\Windows\System\qBoccTc.exe
  2⤵
  PID:14004
- C:\Windows\System\QIpyhaI.exe
  C:\Windows\System\QIpyhaI.exe
  2⤵
  PID:14024
- C:\Windows\System\stULsYO.exe
  C:\Windows\System\stULsYO.exe
  2⤵
  PID:14068
- C:\Windows\System\qcdNmQo.exe
  C:\Windows\System\qcdNmQo.exe
  2⤵
  PID:14092
- C:\Windows\System\fhIGytQ.exe
  C:\Windows\System\fhIGytQ.exe
  2⤵
  PID:14112
- C:\Windows\System\tEvFIWO.exe
  C:\Windows\System\tEvFIWO.exe
  2⤵
  PID:14140
- C:\Windows\System\KanzkDK.exe
  C:\Windows\System\KanzkDK.exe
  2⤵
  PID:14184
- C:\Windows\System\jLrtgkt.exe
  C:\Windows\System\jLrtgkt.exe
  2⤵
  PID:14216
- C:\Windows\System\spTsaNL.exe
  C:\Windows\System\spTsaNL.exe
  2⤵
  PID:14244
- C:\Windows\System\RZYgQet.exe
  C:\Windows\System\RZYgQet.exe
  2⤵
  PID:14272
- C:\Windows\System\flcvELV.exe
  C:\Windows\System\flcvELV.exe
  2⤵
  PID:14288
- C:\Windows\System\LKpwFVa.exe
  C:\Windows\System\LKpwFVa.exe
  2⤵
  PID:14312
- C:\Windows\System\uPtlZjG.exe
  C:\Windows\System\uPtlZjG.exe
  2⤵
  PID:14328
- C:\Windows\System\utuvuxO.exe
  C:\Windows\System\utuvuxO.exe
  2⤵
  PID:13328
- C:\Windows\System\EEaTznw.exe
  C:\Windows\System\EEaTznw.exe
  2⤵
  PID:13420
- C:\Windows\System\sIClnMU.exe
  C:\Windows\System\sIClnMU.exe
  2⤵
  PID:13436
- C:\Windows\System\DDoeWsC.exe
  C:\Windows\System\DDoeWsC.exe
  2⤵
  PID:13524
- C:\Windows\System\IHONtzN.exe
  C:\Windows\System\IHONtzN.exe
  2⤵
  PID:13652
- C:\Windows\System\qQspGFK.exe
  C:\Windows\System\qQspGFK.exe
  2⤵
  PID:13696
- C:\Windows\System\EbfIeKX.exe
  C:\Windows\System\EbfIeKX.exe
  2⤵
  PID:13768
- C:\Windows\System\UNXfcGp.exe
  C:\Windows\System\UNXfcGp.exe
  2⤵
  PID:13876
- C:\Windows\System\FAxVrvh.exe
  C:\Windows\System\FAxVrvh.exe
  2⤵
  PID:13952
- C:\Windows\System\TzuyksK.exe
  C:\Windows\System\TzuyksK.exe
  2⤵
  PID:14020
- C:\Windows\System\eIArpkN.exe
  C:\Windows\System\eIArpkN.exe
  2⤵
  PID:14076
- C:\Windows\System\fpNMgZs.exe
  C:\Windows\System\fpNMgZs.exe
  2⤵
  PID:14192
- C:\Windows\System\hkzWCOY.exe
  C:\Windows\System\hkzWCOY.exe
  2⤵
  PID:14260
- C:\Windows\System\dvQyNzn.exe
  C:\Windows\System\dvQyNzn.exe
  2⤵
  PID:14284
- C:\Windows\System\CWXVtBw.exe
  C:\Windows\System\CWXVtBw.exe
  2⤵
  PID:13372
- C:\Windows\System\kIDenWa.exe
  C:\Windows\System\kIDenWa.exe
  2⤵
  PID:13480
- C:\Windows\System\rQGUtoc.exe
  C:\Windows\System\rQGUtoc.exe
  2⤵
  PID:13656
- C:\Windows\System\EButdxW.exe
  C:\Windows\System\EButdxW.exe
  2⤵
  PID:13908
- C:\Windows\System\IUFVNKn.exe
  C:\Windows\System\IUFVNKn.exe
  2⤵
  PID:14048
- C:\Windows\System\LaWEqNG.exe
  C:\Windows\System\LaWEqNG.exe
  2⤵
  PID:14304
- C:\Windows\System\gFinvVX.exe
  C:\Windows\System\gFinvVX.exe
  2⤵
  PID:14320
- C:\Windows\System\gFGMsho.exe
  C:\Windows\System\gFGMsho.exe
  2⤵
  PID:13572
- C:\Windows\System\jJRrQwu.exe
  C:\Windows\System\jJRrQwu.exe
  2⤵
  PID:13692
- C:\Windows\System\JntYCcV.exe
  C:\Windows\System\JntYCcV.exe
  2⤵
  PID:14100
- C:\Windows\System\MdeWlhD.exe
  C:\Windows\System\MdeWlhD.exe
  2⤵
  PID:14344
- C:\Windows\System\jYpcuvt.exe
  C:\Windows\System\jYpcuvt.exe
  2⤵
  PID:14368
- C:\Windows\System\yZXlYdA.exe
  C:\Windows\System\yZXlYdA.exe
  2⤵
  PID:14408
- C:\Windows\System\vwRWTRU.exe
  C:\Windows\System\vwRWTRU.exe
  2⤵
  PID:14424
- C:\Windows\System\krNVssF.exe
  C:\Windows\System\krNVssF.exe
  2⤵
  PID:14448
- C:\Windows\System\YOZPysi.exe
  C:\Windows\System\YOZPysi.exe
  2⤵
  PID:14472
- C:\Windows\System\WdAKAFm.exe
  C:\Windows\System\WdAKAFm.exe
  2⤵
  PID:14500
- C:\Windows\System\ylfMekx.exe
  C:\Windows\System\ylfMekx.exe
  2⤵
  PID:14524
- C:\Windows\System\JsNeitu.exe
  C:\Windows\System\JsNeitu.exe
  2⤵
  PID:14564
- C:\Windows\System\dDeNmCi.exe
  C:\Windows\System\dDeNmCi.exe
  2⤵
  PID:14580
- C:\Windows\System\vRWsdaF.exe
  C:\Windows\System\vRWsdaF.exe
  2⤵
  PID:14608
- C:\Windows\System\kBhevun.exe
  C:\Windows\System\kBhevun.exe
  2⤵
  PID:14640
- C:\Windows\System\DEyszcW.exe
  C:\Windows\System\DEyszcW.exe
  2⤵
  PID:14744

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 3720 -s 2128
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:15128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AENLikF.exe

Filesize
1.9MB

MD5
e2614d5ff1a963ae4a2c4abfd4ade5d4

SHA1
3344a5c5e0431a1e9910cbb882eca8fbd90b8aeb

SHA256
0e2b70f6a3b5259c2e83a5a8154747e7a81ed303e1d11e366d6081c8d5f4e595

SHA512
76bac34e47d83fd79c616299ae10a2a3401aa04b8b02803e84ea293459948d4efe5a28842f4bff05e1c15019c8216b14b988cd7f6d5feb620c38715a6e6168c1

Download Submit
C:\Windows\System\CCZYymu.exe

Filesize
1.9MB

MD5
57c0d0341b757d01bfbbb4a8a70d0856

SHA1
a95569dce67ff9e6bf6504bfcb1f03d8dab060f0

SHA256
0f3aa2b793c630d4949fe17b85b65728ef6ae241ce78f25c82f57048abde92f0

SHA512
ed32d6b699908f3185765d979ac6c82b5dc4b62d2f929c9ab4fc857f73d95e2dd88a06c429c63821b9495f1e6a0d733617446c181982006bc31596f77d5b03aa

Download Submit
C:\Windows\System\DcYWJgF.exe

Filesize
1.9MB

MD5
e371843904edfa3cb4776c5a7931e9f2

SHA1
5509a884590c487d85c56bf702db76267bba2820

SHA256
482490c93f4e263504a402af1acff2adc0f9301b679527a338235c2b1f5f2a48

SHA512
691ca65895cda6bbdd997d63a2a65ca92f45981b7ef4d2aa1c79ac281124a83af090e49c465e38cdf2facb79c2a838ed82995dee1fcdd500467bed41c71a748e

Download Submit
C:\Windows\System\EbPCxao.exe

Filesize
1.9MB

MD5
64d69d88107aba7525ee270c468b9693

SHA1
83c5fab9bad948c904d994ef67d42eda11b498e0

SHA256
cd8f70aefe9eab5fea8825a542b50f94fb2d2b4f6c7de080c0d80cc4b8242924

SHA512
4a839a0224a2949d621f20632e3dfd2c0ef6eac07df42dcbb69505276d90136d614756a16ae00b0623f21abcd484a7a67da1f97358ce6e3c59544c87ffcbba5a

Download Submit
C:\Windows\System\JMzDnpH.exe

Filesize
1.9MB

MD5
bd9bc6ab06762bde0cf48be5037872ea

SHA1
918c0f18235725c4c0bf1127c08f916096244439

SHA256
f902495b1e38d71fb34a30b5bd939ec9554adf45f872533a58373c1010b5801a

SHA512
9e3c34b72d68949961bcfff48f88a41ec146ac4dfd3024731bc60f390d47c187209059ebfb59d0efa77c094e6dd04ca1ae0b848f6994bff020e786de5d20e002

Download Submit
C:\Windows\System\Jmzxdfm.exe

Filesize
1.9MB

MD5
5c9ac86ce7c3c4c27bfa05acb447bcc1

SHA1
758ee0776af964bbcb96d2f49802d3188471c7a8

SHA256
532d6568c0e0813fcf6c45ce5077743751fbcdbb30e81995a854cc3fa773a0b0

SHA512
c1b88b0538e84a32de1e8be67fb8efaad4e94bab9acb2b02a7e642167a2a3dbed3ef420036d103319fded4b2ab548ebf9d5861ee1b309c8263511bf5f6d24881

Download Submit
C:\Windows\System\KcZwGIz.exe

Filesize
1.9MB

MD5
8228ac2dd5ae1036b33130d58805b3ae

SHA1
642ecf8e8a705b4bd3660ea2b213fd7a6fd32eba

SHA256
49ab141eca22aba56e671fe0f288492d2c93401f559a2e00f9ecafddbe105a1b

SHA512
c0d457a8c97026d2877b27a7bbc9c09d1a7ed63442375905a476d246d9e446ca429241f8b29181a2441aec21932f0160a4dca2f3bf8c4b39d38a86651ac403b5

Download Submit
C:\Windows\System\LbSRkcW.exe

Filesize
1.9MB

MD5
87ff0526b50ce18e5b9a63476809a9be

SHA1
304a5634f0b0df92f1b05cef89c5a427bc1ee6fb

SHA256
e2d790d507842df5d9e69be88b79dc1aecdc9d628bd62fce225652268ec44c67

SHA512
8c55b2f781bf44feac1c02f3f83ea24a480e8fe9d53320ba1e5b53a7f41184f808ad0d96431259f5b307707c8b06257bc018ea1c74ab8a676b94f6841b4749bd

Download Submit
C:\Windows\System\PQJYPjB.exe

Filesize
1.9MB

MD5
e8a8b4801024d2df856a934c7a9ffb96

SHA1
cc1449e19992a9b0adb554b976e72a907a9ec36c

SHA256
d24078a8ac1bd8dcd789641ced5e42915e1107f29d38fb53eab900a5adb6873d

SHA512
288ba9124bd3f9e8b00ffc7ae9c67501c069b1626f4b71930ca0db44f2e16acf70dfe027617fd6d75a9eba48c92613a9463b0f7247032532ffc5c701f8ef5ee5

Download Submit
C:\Windows\System\QwrKVGp.exe

Filesize
1.9MB

MD5
f2dde055e96054abd3cad9e821801d81

SHA1
e4c3fe3d17724da023ac2572173b1c7492ebafd3

SHA256
c19a6ef0bbda7547e4cd47bd1482e6f2873103e0c5538b9d0b063b1b58578e38

SHA512
17d5ef71e288ed4a1c0649e908c21bfd6b706a577e8e0a77a97f81a3d649753b27747049334253e54dda1d1bea148ddb675fccdee9ac933fd30ed9c4681cc8c8

Download Submit
C:\Windows\System\SlnygPK.exe

Filesize
1.9MB

MD5
8bbf7c472005f21f551878acd2c712f8

SHA1
32b7709b979392174bfd5bdafcdacbb3082520fa

SHA256
99068639b6ca304bbffdab509cee8868ba3a36c1489bc4717ea3f6a9ef8261b5

SHA512
502c1a0b57ee3b751867f27bbee1d337b9d9d34ffe6e7c8db300d38652c4a10409c7aeab27889e1f35725e2d87d98ea4d749862275e2868e811a8e8592e79d98

Download Submit
C:\Windows\System\VUqywSB.exe

Filesize
1.9MB

MD5
f6076f2bc595ac71b5b25950740330f2

SHA1
da94c9982793e953439f33ed73d78e86370ec959

SHA256
d09fafa2586124dcbfbcb2700bc67d41a5377212c7877d508e17992ad71ff9dd

SHA512
f1af4907ab9d9a1494de297ea44616d02e184c69d3e31afa8190fe2662fa9ca1d0bff423e311e3ba9a121c8e0542899f87b41bbd5b896cb8c1fd68f853db5171

Download Submit
C:\Windows\System\ZLbRxUA.exe

Filesize
1.9MB

MD5
e354c4885f125153600573fc105401c6

SHA1
ed0f15b10102fc4c1cb8937e57fee3bf9d209933

SHA256
f1b4464eb6ac37d83ba6b53636f21b9d668f24fdb4b58528db8bf491839d25a7

SHA512
793bb595751ec2131e17d54c815f20505df2434f4bdd6ce0bf7d5f8f7d1be5622fe7a99a783398e180ba484cfa13feb36853e96eb40eb55e9fe8fe0fb28afd98

Download Submit
C:\Windows\System\ZZYbIdd.exe

Filesize
1.9MB

MD5
73ee5ac67f08cb335fbedc93ac3d4131

SHA1
713e38037d34bf6fd81a6fe18a29c36d6bcb8311

SHA256
ed7959dc8ed54f75e51a82f324eb0b3a64ca7cc271dd5b9a1dba1794e156f3a8

SHA512
28eb21447e7971f4e2530cded77de1bbd01d14996f652a674ad0a03dfb0fe4e3dc6658c9449a49337768d8bda28fed707a55b4f0e66e576611359b00f7bca173

Download Submit
C:\Windows\System\bNMbPeI.exe

Filesize
1.9MB

MD5
c0880d560327313750fefc4557f2dbe7

SHA1
60941de4eb455817809c2f99ade4aeb0d921e4be

SHA256
179d8cd98f6787c055c221836022637ffba936c5e5c47a35e7e66a10d331763d

SHA512
f63c50e2b4779a64831ac7aa6fb7dfc650cec784e2d7568c9f2edb31ce9f800ad30500409e763fddd9dc502a1676374298abc72d920d18d8bd37c93edf304025

Download Submit
C:\Windows\System\dmumDmH.exe

Filesize
1.9MB

MD5
5a302a35ce27ad687a244af7a69d4565

SHA1
8391470436b9120f2b1f6795e8fd5665aed09c0f

SHA256
8cd617bfa8fe41688fb212e2863202dc64c91b0ee1a90d74fc4ca7684da05d3d

SHA512
dc86c8c9cc74d5ddca7f0007ce43088ffbc28d190f98e984542d339fe8a6b04d702536cd72ce58baa9184d0a0c2e7abfafb31d7fb24603924ac24c3a90a9bf5e

Download Submit
C:\Windows\System\eNgkmWl.exe

Filesize
1.9MB

MD5
a48068c70c4c091fff2cac2cef44dfca

SHA1
1080aebe66edd7f03a4029aa22aea0f59747f46d

SHA256
2109bcf206fbbf981891b1493e6c4260b045e417123a099f3676482ad7796a1e

SHA512
6eb53b719bd83e17f5224825b8d213521f52e8f4890864d49b4653caebfda009e4ccd4ad01941fe615b6ce62da774acb6f1dd24e831a4b9d27db25e906cdbaa6

Download Submit
C:\Windows\System\fIfHwZV.exe

Filesize
1.9MB

MD5
9852e3b80f8e32ef8590b6e27768a4b1

SHA1
60a1d8d1c20761eb9b094380d0757957e4724378

SHA256
3bb06c07e8e37d1866586935ab9cd84292b3c463d3494e1ffc025f1c9ef45e31

SHA512
8b41f50b31aa2bbffda4e9a6ddcf675dc37d9b624b43a4fa4277e394931f4b472b9a51ee08cd8768d49afd2a1ee3cea1fa141bb815ee528b0ca8a7c89db695a7

Download Submit
C:\Windows\System\fLlbceE.exe

Filesize
1.9MB

MD5
e04d63d5cd834dd74ca9e9bb87cebe41

SHA1
62210c5cdc0b194aecf81824451a248693fef4d0

SHA256
b74e5942180cb34e389c4ba4dafbaaf5f1e9307da82e6d805b174522b2c8ae4d

SHA512
fbcc841fb65de465fe1269fbc12927573aef15fc4b5f9cbf09db7943c1101cefe91c7a93a0ac58e37d9da75453786292cc80945c27d201d1c4fe90af47144e32

Download Submit
C:\Windows\System\fLnwPhJ.exe

Filesize
1.9MB

MD5
d1f23c08e9b4ea49ee54296b8d7d4e7a

SHA1
4a288937384092b8c80b483e499502318dcfd8d4

SHA256
fd2d5dd290e56958af1ce8afe22a3d5fe1cc881772ba99297e7c0d15d87690c3

SHA512
a7df3540f4be31d0e98333d1aa5994599cb0613683e9f9287cb956e2c59d481ba3e774cea64d8ca01ce62c46551cd85d5b8d8c189e274fb75673d238bf1d731b

Download Submit
C:\Windows\System\fTaDelh.exe

Filesize
1.9MB

MD5
dc9d2cd7d6b9b40f012db7e739503658

SHA1
6c418b0db330e6361194202a3e122ad2cc88b72b

SHA256
5998ae27a29ae9ab64d2d05745c1616864a2f63f7692d31a0ca5e8fd0dc6de7e

SHA512
d87c752672400b657a196f46b5f533c4cacf2961adb6cca60e01590090820db5de9df4a916a0a1b59bb96a9da94a6ee4260dc2e878256546594ee09e3f4f267d

Download Submit
C:\Windows\System\jIdpNcB.exe

Filesize
1.9MB

MD5
5b866cfe10cf479619ce1ed41ee9540e

SHA1
e4819948b537a26ddb5a8495fffbff116ba1876c

SHA256
885d32cf9ca2ef6967ef7ed0a49002e89e0874a4dbee5feadf5b32eade5b4da4

SHA512
320b724d151c3140743aeff2cc99adfade7af7af7b215752f33ae1cfee0f2a0099011ebcd9d09d427f38797802b7c8250648f6a95c14e987b87812d9a3610925

Download Submit
C:\Windows\System\jtVflbx.exe

Filesize
1.9MB

MD5
34e48ccaea3c6e76af19e0320ba6c836

SHA1
02a218c31634baf36e9ab690ad589282297e3794

SHA256
6c6c2cbc927435bd4676848e5c3db558ee4ca551dc5847ef834bce111f617f0b

SHA512
9411960f51c7535cba9105e0d586a1ec61988ea762cc6ada7ae6bc4cee27a8061e8d8c07f5762c04765ddae0485ff1559a8a7082f31111cec3535266fcab4939

Download Submit
C:\Windows\System\kMOicpd.exe

Filesize
1.9MB

MD5
168f8bcbe3194af2f5c448b6afe89e8b

SHA1
373ac495a16d1286e52b8d07f2c2085099aa2e51

SHA256
5a17e2e939f2039407f1b54f098ae35db82350fa82050d767ed3c744c4abc99f

SHA512
1ce6e8af27a90c306e1b266b2325d7a92e35ddb31f987f603f857de2dc5853d238cbc0ef319b5972a8fd5f659d62d0cadd46890c2d0e666866e666d64dd80336

Download Submit
C:\Windows\System\lDpUDAU.exe

Filesize
1.9MB

MD5
8ded64746e3d52415c1db2f470a4041e

SHA1
d78af29693487ae035d019fd499c63eda652a189

SHA256
ed424e76702b4101d9a4893881d6597a1867ffd41b45df738a39c3bfbe076919

SHA512
d32883b3530af9b6ce425588e77576c1a8b1b9dc477037032a060028d7dd2696673bbc443f432bdf411b5f18b8eddbb7818b3d511faa4323d99098240d9bddb1

Download Submit
C:\Windows\System\lQqAvyc.exe

Filesize
1.9MB

MD5
9f0efe62c9fc4854b4bf8776e6b22475

SHA1
6baafa7d593839024d07d1df9086f85be08e3458

SHA256
f31505c1091222fdc4e5805df2aecd1b87d5828c3dea4919c2b30b59b5e9787f

SHA512
b73a0c27c2b12ac37c774324d8060d1276caf65cf5068ae4277c2bc32c7c2c362e7fa29b7eaee8c637f85fbfe3a1a602b1e53bd6785f2f0473e708971be06a26

Download Submit
C:\Windows\System\oFylKfI.exe

Filesize
1.9MB

MD5
c026b5d69659dbf23e0d1e5b4a689625

SHA1
d5904759d80f0052686397fc9f9eb9acb64efa2a

SHA256
9081e641b0c389e0e6a33835fb9a8b098ea28a490597cb3ea0d39ccd6812b179

SHA512
ce9b3683b084699f2d0b765fc45a0df2a3f0fd2c7e7912e311bfdd4f0561184e3e7db2398a26285b383eefb39b91eb9eda58cfa897871f349fd4ce25f842ef81

Download Submit
C:\Windows\System\pEHqxrE.exe

Filesize
1.9MB

MD5
c917c4d41caa889cab9b2683c5847b7b

SHA1
7b0d5a52664ba2fe65ea90169eb42e0d69562485

SHA256
c7e31106a4def5f0a820c5bd475e02ffb7609015f4c0fec7a0a073ea5b20ad13

SHA512
c5412d8f216d9dc099dae5fce6767e140ce36136ffae75c7f914c03c616454fd522ce0c25962b16469cd707efee6f37aadc01b20c7db42473b0be9b156572df1

Download Submit
C:\Windows\System\qlnohQg.exe

Filesize
1.9MB

MD5
11a07e3f0dda561bbbb7b84fe0d339f9

SHA1
149878781ab56510cb8d46883ba08f2d9aecb35c

SHA256
509716e2fd57b7cbe079568fd2c905ae8ecc0f44bc7b4f188a88d347d783af6d

SHA512
16d53bd5c896b57f1504bb7fbb226132bbcc98ce063b65cdc6cb538e85f0f73ff88170be974b71392d0cdcc229b0bdc3474ae14a31dfede056512c3825f0703a

Download Submit
C:\Windows\System\uhTOicU.exe

Filesize
1.9MB

MD5
013fbef90f5c7ad4c319a1bc1c36e1f3

SHA1
9c0398fbd38d68f0f54c76aee7ef94c9c56323d9

SHA256
6fea4ad0147b5344ecf34d018b0c156bbd8af64e5f351495c075b7a5ac4d4b20

SHA512
7d8afe59b03a98bff014f829f6ba36aeb78d10c7484e69c9ddb86af1ea2c4d7726f1326294d7769b5838412d3511f3b8684e91a311648e1d5243fe5f3acb37fb

Download Submit
C:\Windows\System\vnsUsnq.exe

Filesize
1.9MB

MD5
ae453755f37f1ce75358d964a178e09e

SHA1
0171f9bed309e20412893c544a9f9eda36df0541

SHA256
cd045e1382fdc4bd6e253ea3c017770d1015a7428a3af3c12fb7784b912e1e6d

SHA512
f0ec8f5da1513aea3193b7f8e5adb1de14abb1411f89265849ce252411907a32f36a8c68938ed8c40510ccbec99e3808fe8c8a71258fe26e1fc7f284fe4daf14

Download Submit
C:\Windows\System\zTDfILN.exe

Filesize
1.9MB

MD5
9c883f68203ebf6d0dd8d22cadb60978

SHA1
e5d61337ec7348daf5d4831bf42661f244043545

SHA256
dd003d4640b365277f801c580a1b7597538ea7377f76df61438ad072bedfd90b

SHA512
e347c975a4abefec538214e46dd322545447d9787f6eab1c1854c0adb81b0db59b64b6041c721dbce3080373b7b03c442a2e81c675fbd8a4cba35f920ec21883

Download Submit
C:\Windows\System\zbOgueP.exe

Filesize
1.9MB

MD5
60ffc3c8fae58316f928fb3fc713b2cc

SHA1
8bd0595653ca2fa4f4caffe417036aa9fe50d4b6

SHA256
4808cb0261091e835bbd7a99c35ef158cd48dd681d9700456d6da9e00674685d

SHA512
6d20a6cb9567e88e5da00c2fe357382de756ee5e0ea3f6653e51e267052cfb4309bcfc61347b5bf46568b0b2e04f5af3b69ff17fbe5ad113c20a82ea93df0158

Download Submit
memory/64-162-0x00007FF6431E0000-0x00007FF643534000-memory.dmp

Filesize
3.3MB

Download
memory/64-38-0x00007FF6431E0000-0x00007FF643534000-memory.dmp

Filesize
3.3MB

Download
memory/64-2195-0x00007FF6431E0000-0x00007FF643534000-memory.dmp

Filesize
3.3MB

Download
memory/412-141-0x00007FF7E7110000-0x00007FF7E7464000-memory.dmp

Filesize
3.3MB

Download
memory/412-2211-0x00007FF7E7110000-0x00007FF7E7464000-memory.dmp

Filesize
3.3MB

Download
memory/448-2187-0x00007FF7AF020000-0x00007FF7AF374000-memory.dmp

Filesize
3.3MB

Download
memory/448-156-0x00007FF7AF020000-0x00007FF7AF374000-memory.dmp

Filesize
3.3MB

Download
memory/448-2221-0x00007FF7AF020000-0x00007FF7AF374000-memory.dmp

Filesize
3.3MB

Download
memory/656-147-0x00007FF610A40000-0x00007FF610D94000-memory.dmp

Filesize
3.3MB

Download
memory/656-2214-0x00007FF610A40000-0x00007FF610D94000-memory.dmp

Filesize
3.3MB

Download
memory/848-2219-0x00007FF7F1750000-0x00007FF7F1AA4000-memory.dmp

Filesize
3.3MB

Download
memory/848-164-0x00007FF7F1750000-0x00007FF7F1AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1012-29-0x00007FF749C10000-0x00007FF749F64000-memory.dmp

Filesize
3.3MB

Download
memory/1012-124-0x00007FF749C10000-0x00007FF749F64000-memory.dmp

Filesize
3.3MB

Download
memory/1012-2192-0x00007FF749C10000-0x00007FF749F64000-memory.dmp

Filesize
3.3MB

Download
memory/1028-94-0x00007FF705AD0000-0x00007FF705E24000-memory.dmp

Filesize
3.3MB

Download
memory/1028-0-0x00007FF705AD0000-0x00007FF705E24000-memory.dmp

Filesize
3.3MB

Download
memory/1028-1-0x000001C1F8C90000-0x000001C1F8CA0000-memory.dmp

Filesize
64KB

Download
memory/1940-2225-0x00007FF70AD10000-0x00007FF70B064000-memory.dmp

Filesize
3.3MB

Download
memory/1940-212-0x00007FF70AD10000-0x00007FF70B064000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2222-0x00007FF785730000-0x00007FF785A84000-memory.dmp

Filesize
3.3MB

Download
memory/2384-165-0x00007FF785730000-0x00007FF785A84000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2198-0x00007FF69A8D0000-0x00007FF69AC24000-memory.dmp

Filesize
3.3MB

Download
memory/2612-70-0x00007FF69A8D0000-0x00007FF69AC24000-memory.dmp

Filesize
3.3MB

Download
memory/2616-163-0x00007FF6F26F0000-0x00007FF6F2A44000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2213-0x00007FF6F26F0000-0x00007FF6F2A44000-memory.dmp

Filesize
3.3MB

Download
memory/2700-19-0x00007FF6E97E0000-0x00007FF6E9B34000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2188-0x00007FF6E97E0000-0x00007FF6E9B34000-memory.dmp

Filesize
3.3MB

Download
memory/2864-215-0x00007FF6B78C0000-0x00007FF6B7C14000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2194-0x00007FF6B78C0000-0x00007FF6B7C14000-memory.dmp

Filesize
3.3MB

Download
memory/2864-46-0x00007FF6B78C0000-0x00007FF6B7C14000-memory.dmp

Filesize
3.3MB

Download
memory/2932-26-0x00007FF785AA0000-0x00007FF785DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2191-0x00007FF785AA0000-0x00007FF785DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-116-0x00007FF785AA0000-0x00007FF785DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-206-0x00007FF77DAF0000-0x00007FF77DE44000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2224-0x00007FF77DAF0000-0x00007FF77DE44000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2190-0x00007FF6F0E30000-0x00007FF6F1184000-memory.dmp

Filesize
3.3MB

Download
memory/2976-39-0x00007FF6F0E30000-0x00007FF6F1184000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2011-0x00007FF6CD290000-0x00007FF6CD5E4000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2199-0x00007FF6CD290000-0x00007FF6CD5E4000-memory.dmp

Filesize
3.3MB

Download
memory/3408-78-0x00007FF6CD290000-0x00007FF6CD5E4000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2215-0x00007FF7203E0000-0x00007FF720734000-memory.dmp

Filesize
3.3MB

Download
memory/3700-154-0x00007FF7203E0000-0x00007FF720734000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2186-0x00007FF780C60000-0x00007FF780FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-136-0x00007FF780C60000-0x00007FF780FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2212-0x00007FF780C60000-0x00007FF780FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3812-2201-0x00007FF760D90000-0x00007FF7610E4000-memory.dmp

Filesize
3.3MB

Download
memory/3812-92-0x00007FF760D90000-0x00007FF7610E4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-2193-0x00007FF64EBC0000-0x00007FF64EF14000-memory.dmp

Filesize
3.3MB

Download
memory/3996-58-0x00007FF64EBC0000-0x00007FF64EF14000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2208-0x00007FF6D1480000-0x00007FF6D17D4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2184-0x00007FF6D1480000-0x00007FF6D17D4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-93-0x00007FF6D1480000-0x00007FF6D17D4000-memory.dmp

Filesize
3.3MB

Download
memory/4532-161-0x00007FF6895E0000-0x00007FF689934000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2210-0x00007FF6895E0000-0x00007FF689934000-memory.dmp

Filesize
3.3MB

Download
memory/4640-155-0x00007FF723CC0000-0x00007FF724014000-memory.dmp

Filesize
3.3MB

Download
memory/4640-2223-0x00007FF723CC0000-0x00007FF724014000-memory.dmp

Filesize
3.3MB

Download
memory/4700-95-0x00007FF669F50000-0x00007FF66A2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2209-0x00007FF669F50000-0x00007FF66A2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2185-0x00007FF669F50000-0x00007FF66A2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4808-2196-0x00007FF641AF0000-0x00007FF641E44000-memory.dmp

Filesize
3.3MB

Download
memory/4808-42-0x00007FF641AF0000-0x00007FF641E44000-memory.dmp

Filesize
3.3MB

Download
memory/4808-181-0x00007FF641AF0000-0x00007FF641E44000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2200-0x00007FF643F00000-0x00007FF644254000-memory.dmp

Filesize
3.3MB

Download
memory/4840-89-0x00007FF643F00000-0x00007FF644254000-memory.dmp

Filesize
3.3MB

Download
memory/4976-111-0x00007FF6821B0000-0x00007FF682504000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2189-0x00007FF6821B0000-0x00007FF682504000-memory.dmp

Filesize
3.3MB

Download
memory/4976-8-0x00007FF6821B0000-0x00007FF682504000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2197-0x00007FF7FE4C0000-0x00007FF7FE814000-memory.dmp

Filesize
3.3MB

Download
memory/5100-67-0x00007FF7FE4C0000-0x00007FF7FE814000-memory.dmp

Filesize
3.3MB

Download
memory/5112-203-0x00007FF624E10000-0x00007FF625164000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2220-0x00007FF624E10000-0x00007FF625164000-memory.dmp

Filesize
3.3MB

Download