xmrig | f0c568c5b6cc20ef1b590c2b6bb5fb8ee18852d53f98decfeb1a454f0c3f3e98

Analysis

max time kernel
117s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
Size

1.7MB
MD5

048564c6f4bac39bf46244c8c1b9f5a0
SHA1

efc8d4d7dd58b0ced48aa476988700bf9c7f466b
SHA256

f0c568c5b6cc20ef1b590c2b6bb5fb8ee18852d53f98decfeb1a454f0c3f3e98
SHA512

ec90778023d10b6e492312a2bb6256dc3f5335de08622a61e5e0bf56d4f491deb8366ea66cd8e030d8c2be88addc194b620bf1363a4bac56f2cb6b7d4583e767
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD521v:BemTLkNdfE0pZrn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 15184 created 4168	15184	WerFaultSecure.exe	78

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4372-0-0x00007FF7BA2C0000-0x00007FF7BA614000-memory.dmp	xmrig
behavioral2/files/0x00090000000233ed-5.dat	xmrig
behavioral2/files/0x00070000000233f2-9.dat	xmrig
behavioral2/files/0x00070000000233f5-28.dat	xmrig
behavioral2/memory/4140-40-0x00007FF6DF800000-0x00007FF6DFB54000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ff-73.dat	xmrig
behavioral2/files/0x00070000000233fd-85.dat	xmrig
behavioral2/files/0x00070000000233fe-103.dat	xmrig
behavioral2/files/0x0007000000023403-132.dat	xmrig
behavioral2/memory/2676-149-0x00007FF7BA420000-0x00007FF7BA774000-memory.dmp	xmrig
behavioral2/memory/4960-153-0x00007FF738F80000-0x00007FF7392D4000-memory.dmp	xmrig
behavioral2/memory/3208-157-0x00007FF707450000-0x00007FF7077A4000-memory.dmp	xmrig
behavioral2/memory/2964-163-0x00007FF78D5D0000-0x00007FF78D924000-memory.dmp	xmrig
behavioral2/memory/2652-164-0x00007FF61C5E0000-0x00007FF61C934000-memory.dmp	xmrig
behavioral2/memory/4780-162-0x00007FF74A730000-0x00007FF74AA84000-memory.dmp	xmrig
behavioral2/memory/384-161-0x00007FF72FE50000-0x00007FF7301A4000-memory.dmp	xmrig
behavioral2/memory/3628-160-0x00007FF705160000-0x00007FF7054B4000-memory.dmp	xmrig
behavioral2/memory/3372-159-0x00007FF64D180000-0x00007FF64D4D4000-memory.dmp	xmrig
behavioral2/memory/3916-158-0x00007FF6FAEF0000-0x00007FF6FB244000-memory.dmp	xmrig
behavioral2/memory/5036-156-0x00007FF6A8EE0000-0x00007FF6A9234000-memory.dmp	xmrig
behavioral2/memory/3744-155-0x00007FF6BC4D0000-0x00007FF6BC824000-memory.dmp	xmrig
behavioral2/memory/3408-154-0x00007FF76AD80000-0x00007FF76B0D4000-memory.dmp	xmrig
behavioral2/memory/3480-152-0x00007FF776250000-0x00007FF7765A4000-memory.dmp	xmrig
behavioral2/memory/2660-151-0x00007FF7DB080000-0x00007FF7DB3D4000-memory.dmp	xmrig
behavioral2/memory/4536-150-0x00007FF728670000-0x00007FF7289C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-147.dat	xmrig
behavioral2/files/0x0007000000023409-145.dat	xmrig
behavioral2/files/0x0007000000023408-143.dat	xmrig
behavioral2/files/0x0007000000023407-141.dat	xmrig
behavioral2/files/0x0007000000023406-139.dat	xmrig
behavioral2/files/0x0007000000023405-137.dat	xmrig
behavioral2/files/0x0007000000023404-135.dat	xmrig
behavioral2/memory/3392-134-0x00007FF670380000-0x00007FF6706D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023401-130.dat	xmrig
behavioral2/memory/432-129-0x00007FF7D0260000-0x00007FF7D05B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-122.dat	xmrig
behavioral2/memory/2488-117-0x00007FF63EAF0000-0x00007FF63EE44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023400-93.dat	xmrig
behavioral2/files/0x00070000000233fa-92.dat	xmrig
behavioral2/memory/2824-89-0x00007FF790610000-0x00007FF790964000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fc-83.dat	xmrig
behavioral2/memory/4948-75-0x00007FF636D50000-0x00007FF6370A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fb-82.dat	xmrig
behavioral2/files/0x00070000000233f9-69.dat	xmrig
behavioral2/files/0x00070000000233f3-68.dat	xmrig
behavioral2/files/0x00070000000233f8-65.dat	xmrig
behavioral2/files/0x00070000000233f7-58.dat	xmrig
behavioral2/memory/3756-54-0x00007FF674D70000-0x00007FF6750C4000-memory.dmp	xmrig
behavioral2/memory/684-51-0x00007FF689DF0000-0x00007FF68A144000-memory.dmp	xmrig
behavioral2/memory/1724-41-0x00007FF6896D0000-0x00007FF689A24000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f4-44.dat	xmrig
behavioral2/memory/4920-34-0x00007FF61CB70000-0x00007FF61CEC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f6-30.dat	xmrig
behavioral2/memory/2904-22-0x00007FF725FA0000-0x00007FF7262F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f1-14.dat	xmrig
behavioral2/files/0x000700000002340e-194.dat	xmrig
behavioral2/files/0x0007000000023412-192.dat	xmrig
behavioral2/files/0x0007000000023411-191.dat	xmrig
behavioral2/memory/544-188-0x00007FF79D730000-0x00007FF79DA84000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-185.dat	xmrig
behavioral2/files/0x000700000002340d-184.dat	xmrig
behavioral2/memory/1268-178-0x00007FF61A5A0000-0x00007FF61A8F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-180.dat	xmrig
behavioral2/files/0x000700000002340b-170.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2904	rSIkSue.exe
3208	nVVnPEm.exe
4920	NglWbSt.exe
3916	NWgDuEy.exe
4140	StQJlvx.exe
1724	aPpCSFQ.exe
3372	zeeuucq.exe
684	FNtzxgI.exe
3756	LgYTJLw.exe
3628	CdSMpmr.exe
384	clupsmg.exe
4948	BkcTEAM.exe
2824	KOuaDFM.exe
4780	IesmvbQ.exe
2488	ODIAEdU.exe
432	QFDnpiB.exe
2964	ctLwPsV.exe
3392	YOasfwo.exe
2676	IBzYGFr.exe
4536	YRxxhna.exe
2652	EiCWaCE.exe
2660	lQHotPX.exe
3480	oqjUukN.exe
4960	aGcTBHT.exe
3408	bNxcAUc.exe
3744	tZcckPx.exe
5036	bjcytSB.exe
1268	TKWzzup.exe
544	hYWNncb.exe
2924	kHBrjZu.exe
4708	odfAfpg.exe
2344	pvAsgEf.exe
3912	xnQCUdT.exe
4956	IgxWtvR.exe
5068	NFTRpKi.exe
2604	QYkgMKd.exe
2360	VDMOQGj.exe
672	qoivqqe.exe
4368	lRKDvYh.exe
4984	yuxegBg.exe
3904	GwdTBOn.exe
5028	ZivxAyZ.exe
3252	lzwLmMY.exe
812	YPojElz.exe
1192	BGvkoLD.exe
1356	PldxlNn.exe
5012	JJIeoGl.exe
4440	xRZcZke.exe
3544	ivDNdRg.exe
3732	ROrYKtl.exe
2548	gguhIjc.exe
4596	GNwwfhM.exe
368	ySDAWlc.exe
1232	JzOWpZn.exe
2320	QCmoqUO.exe
3112	qeqeaHq.exe
4632	lFRhLZU.exe
4484	GIilxKt.exe
3724	OPpQtcz.exe
3680	ZxExxkJ.exe
892	LHuwKHx.exe
4520	ztvOdMZ.exe
4808	nDZyLjg.exe
3344	ASsjysO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4372-0-0x00007FF7BA2C0000-0x00007FF7BA614000-memory.dmp	upx
behavioral2/files/0x00090000000233ed-5.dat	upx
behavioral2/files/0x00070000000233f2-9.dat	upx
behavioral2/files/0x00070000000233f5-28.dat	upx
behavioral2/memory/4140-40-0x00007FF6DF800000-0x00007FF6DFB54000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-73.dat	upx
behavioral2/files/0x00070000000233fd-85.dat	upx
behavioral2/files/0x00070000000233fe-103.dat	upx
behavioral2/files/0x0007000000023403-132.dat	upx
behavioral2/memory/2676-149-0x00007FF7BA420000-0x00007FF7BA774000-memory.dmp	upx
behavioral2/memory/4960-153-0x00007FF738F80000-0x00007FF7392D4000-memory.dmp	upx
behavioral2/memory/3208-157-0x00007FF707450000-0x00007FF7077A4000-memory.dmp	upx
behavioral2/memory/2964-163-0x00007FF78D5D0000-0x00007FF78D924000-memory.dmp	upx
behavioral2/memory/2652-164-0x00007FF61C5E0000-0x00007FF61C934000-memory.dmp	upx
behavioral2/memory/4780-162-0x00007FF74A730000-0x00007FF74AA84000-memory.dmp	upx
behavioral2/memory/384-161-0x00007FF72FE50000-0x00007FF7301A4000-memory.dmp	upx
behavioral2/memory/3628-160-0x00007FF705160000-0x00007FF7054B4000-memory.dmp	upx
behavioral2/memory/3372-159-0x00007FF64D180000-0x00007FF64D4D4000-memory.dmp	upx
behavioral2/memory/3916-158-0x00007FF6FAEF0000-0x00007FF6FB244000-memory.dmp	upx
behavioral2/memory/5036-156-0x00007FF6A8EE0000-0x00007FF6A9234000-memory.dmp	upx
behavioral2/memory/3744-155-0x00007FF6BC4D0000-0x00007FF6BC824000-memory.dmp	upx
behavioral2/memory/3408-154-0x00007FF76AD80000-0x00007FF76B0D4000-memory.dmp	upx
behavioral2/memory/3480-152-0x00007FF776250000-0x00007FF7765A4000-memory.dmp	upx
behavioral2/memory/2660-151-0x00007FF7DB080000-0x00007FF7DB3D4000-memory.dmp	upx
behavioral2/memory/4536-150-0x00007FF728670000-0x00007FF7289C4000-memory.dmp	upx
behavioral2/files/0x000700000002340a-147.dat	upx
behavioral2/files/0x0007000000023409-145.dat	upx
behavioral2/files/0x0007000000023408-143.dat	upx
behavioral2/files/0x0007000000023407-141.dat	upx
behavioral2/files/0x0007000000023406-139.dat	upx
behavioral2/files/0x0007000000023405-137.dat	upx
behavioral2/files/0x0007000000023404-135.dat	upx
behavioral2/memory/3392-134-0x00007FF670380000-0x00007FF6706D4000-memory.dmp	upx
behavioral2/files/0x0007000000023401-130.dat	upx
behavioral2/memory/432-129-0x00007FF7D0260000-0x00007FF7D05B4000-memory.dmp	upx
behavioral2/files/0x0007000000023402-122.dat	upx
behavioral2/memory/2488-117-0x00007FF63EAF0000-0x00007FF63EE44000-memory.dmp	upx
behavioral2/files/0x0007000000023400-93.dat	upx
behavioral2/files/0x00070000000233fa-92.dat	upx
behavioral2/memory/2824-89-0x00007FF790610000-0x00007FF790964000-memory.dmp	upx
behavioral2/files/0x00070000000233fc-83.dat	upx
behavioral2/memory/4948-75-0x00007FF636D50000-0x00007FF6370A4000-memory.dmp	upx
behavioral2/files/0x00070000000233fb-82.dat	upx
behavioral2/files/0x00070000000233f9-69.dat	upx
behavioral2/files/0x00070000000233f3-68.dat	upx
behavioral2/files/0x00070000000233f8-65.dat	upx
behavioral2/files/0x00070000000233f7-58.dat	upx
behavioral2/memory/3756-54-0x00007FF674D70000-0x00007FF6750C4000-memory.dmp	upx
behavioral2/memory/684-51-0x00007FF689DF0000-0x00007FF68A144000-memory.dmp	upx
behavioral2/memory/1724-41-0x00007FF6896D0000-0x00007FF689A24000-memory.dmp	upx
behavioral2/files/0x00070000000233f4-44.dat	upx
behavioral2/memory/4920-34-0x00007FF61CB70000-0x00007FF61CEC4000-memory.dmp	upx
behavioral2/files/0x00070000000233f6-30.dat	upx
behavioral2/memory/2904-22-0x00007FF725FA0000-0x00007FF7262F4000-memory.dmp	upx
behavioral2/files/0x00070000000233f1-14.dat	upx
behavioral2/files/0x000700000002340e-194.dat	upx
behavioral2/files/0x0007000000023412-192.dat	upx
behavioral2/files/0x0007000000023411-191.dat	upx
behavioral2/memory/544-188-0x00007FF79D730000-0x00007FF79DA84000-memory.dmp	upx
behavioral2/files/0x000700000002340f-185.dat	upx
behavioral2/files/0x000700000002340d-184.dat	upx
behavioral2/memory/1268-178-0x00007FF61A5A0000-0x00007FF61A8F4000-memory.dmp	upx
behavioral2/files/0x000700000002340c-180.dat	upx
behavioral2/files/0x000700000002340b-170.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JKdGykX.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\DgHKyeN.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\BYgGPAp.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\HFnIeKO.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\aQKtocL.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\QSfMPJy.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\ZxExxkJ.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\bHunOhZ.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\MMdXWHx.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\YDeBUMP.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\nQUtsqX.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\lcVXscB.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\nVVnPEm.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\ZATTwzp.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\YAdKitU.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\cWxgTxX.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\IUHUqIt.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\WlHyuJP.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\LzmupdS.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\NWgDuEy.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\StQJlvx.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\ODIAEdU.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\IEidZFl.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\ZrHpHCN.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\cEkKmUz.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\ftiBafa.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\mzIHgwa.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\xfBRvWx.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\mlEPltR.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\ufqOZCw.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\jULbPGV.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\wDQGhSe.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\RpLbOFq.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\YblvTTT.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\nyJHuWb.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\pXyuZub.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\TKqBlAQ.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\xuPuamY.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\cmefZBK.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\SWKYkcP.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\uoHvKOH.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\XHmYPof.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\SaIJCEW.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\VGfahJK.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\bnfxQGT.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\AfKDyxV.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\klccwVG.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\nLvEZTr.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\Rsbjivu.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\QCmoqUO.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\VwjWMBO.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\kYihBoj.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\bzDSCnx.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\cZXQVrs.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\LHuwKHx.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\WYcPJqD.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\BtmeBnp.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\lacbEgN.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\bCbWhTX.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\EiCWaCE.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\kHBrjZu.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\YPojElz.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\svWVtAZ.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
File created	C:\Windows\System\Ykdmuht.exe	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
14612	WerFaultSecure.exe
14612	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15216	dwm.exe
Token: SeChangeNotifyPrivilege	15216	dwm.exe
Token: 33	15216	dwm.exe
Token: SeIncBasePriorityPrivilege	15216	dwm.exe
Token: SeShutdownPrivilege	15216	dwm.exe
Token: SeCreatePagefilePrivilege	15216	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 2904	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	83
PID 4372 wrote to memory of 2904	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	83
PID 4372 wrote to memory of 3208	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	84
PID 4372 wrote to memory of 3208	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	84
PID 4372 wrote to memory of 4920	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	85
PID 4372 wrote to memory of 4920	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	85
PID 4372 wrote to memory of 3372	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	86
PID 4372 wrote to memory of 3372	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	86
PID 4372 wrote to memory of 3916	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	87
PID 4372 wrote to memory of 3916	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	87
PID 4372 wrote to memory of 4140	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	88
PID 4372 wrote to memory of 4140	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	88
PID 4372 wrote to memory of 1724	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	89
PID 4372 wrote to memory of 1724	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	89
PID 4372 wrote to memory of 684	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	90
PID 4372 wrote to memory of 684	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	90
PID 4372 wrote to memory of 3756	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	91
PID 4372 wrote to memory of 3756	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	91
PID 4372 wrote to memory of 3628	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	92
PID 4372 wrote to memory of 3628	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	92
PID 4372 wrote to memory of 4780	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	93
PID 4372 wrote to memory of 4780	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	93
PID 4372 wrote to memory of 384	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	94
PID 4372 wrote to memory of 384	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	94
PID 4372 wrote to memory of 4948	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	95
PID 4372 wrote to memory of 4948	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	95
PID 4372 wrote to memory of 2824	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	96
PID 4372 wrote to memory of 2824	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	96
PID 4372 wrote to memory of 2488	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	97
PID 4372 wrote to memory of 2488	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	97
PID 4372 wrote to memory of 432	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	98
PID 4372 wrote to memory of 432	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	98
PID 4372 wrote to memory of 2964	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	99
PID 4372 wrote to memory of 2964	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	99
PID 4372 wrote to memory of 3392	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	100
PID 4372 wrote to memory of 3392	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	100
PID 4372 wrote to memory of 2676	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	101
PID 4372 wrote to memory of 2676	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	101
PID 4372 wrote to memory of 4536	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	102
PID 4372 wrote to memory of 4536	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	102
PID 4372 wrote to memory of 2652	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	103
PID 4372 wrote to memory of 2652	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	103
PID 4372 wrote to memory of 2660	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	104
PID 4372 wrote to memory of 2660	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	104
PID 4372 wrote to memory of 3480	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	105
PID 4372 wrote to memory of 3480	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	105
PID 4372 wrote to memory of 4960	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	106
PID 4372 wrote to memory of 4960	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	106
PID 4372 wrote to memory of 3408	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	107
PID 4372 wrote to memory of 3408	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	107
PID 4372 wrote to memory of 3744	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	108
PID 4372 wrote to memory of 3744	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	108
PID 4372 wrote to memory of 5036	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	109
PID 4372 wrote to memory of 5036	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	109
PID 4372 wrote to memory of 1268	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	110
PID 4372 wrote to memory of 1268	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	110
PID 4372 wrote to memory of 2924	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	111
PID 4372 wrote to memory of 2924	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	111
PID 4372 wrote to memory of 544	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	112
PID 4372 wrote to memory of 544	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	112
PID 4372 wrote to memory of 4708	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	113
PID 4372 wrote to memory of 4708	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	113
PID 4372 wrote to memory of 2344	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	114
PID 4372 wrote to memory of 2344	4372	048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe	114

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:4168
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 4168 -s 2124
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:14612

C:\Users\Admin\AppData\Local\Temp\048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\048564c6f4bac39bf46244c8c1b9f5a0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\System\rSIkSue.exe
  C:\Windows\System\rSIkSue.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\nVVnPEm.exe
  C:\Windows\System\nVVnPEm.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\NglWbSt.exe
  C:\Windows\System\NglWbSt.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\zeeuucq.exe
  C:\Windows\System\zeeuucq.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\NWgDuEy.exe
  C:\Windows\System\NWgDuEy.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\StQJlvx.exe
  C:\Windows\System\StQJlvx.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\aPpCSFQ.exe
  C:\Windows\System\aPpCSFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\FNtzxgI.exe
  C:\Windows\System\FNtzxgI.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\LgYTJLw.exe
  C:\Windows\System\LgYTJLw.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\CdSMpmr.exe
  C:\Windows\System\CdSMpmr.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\IesmvbQ.exe
  C:\Windows\System\IesmvbQ.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\clupsmg.exe
  C:\Windows\System\clupsmg.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\BkcTEAM.exe
  C:\Windows\System\BkcTEAM.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\KOuaDFM.exe
  C:\Windows\System\KOuaDFM.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ODIAEdU.exe
  C:\Windows\System\ODIAEdU.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\QFDnpiB.exe
  C:\Windows\System\QFDnpiB.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\ctLwPsV.exe
  C:\Windows\System\ctLwPsV.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\YOasfwo.exe
  C:\Windows\System\YOasfwo.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\IBzYGFr.exe
  C:\Windows\System\IBzYGFr.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\YRxxhna.exe
  C:\Windows\System\YRxxhna.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\EiCWaCE.exe
  C:\Windows\System\EiCWaCE.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\lQHotPX.exe
  C:\Windows\System\lQHotPX.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\oqjUukN.exe
  C:\Windows\System\oqjUukN.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\aGcTBHT.exe
  C:\Windows\System\aGcTBHT.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\bNxcAUc.exe
  C:\Windows\System\bNxcAUc.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\tZcckPx.exe
  C:\Windows\System\tZcckPx.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\bjcytSB.exe
  C:\Windows\System\bjcytSB.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\TKWzzup.exe
  C:\Windows\System\TKWzzup.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\kHBrjZu.exe
  C:\Windows\System\kHBrjZu.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\hYWNncb.exe
  C:\Windows\System\hYWNncb.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\odfAfpg.exe
  C:\Windows\System\odfAfpg.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\pvAsgEf.exe
  C:\Windows\System\pvAsgEf.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\NFTRpKi.exe
  C:\Windows\System\NFTRpKi.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\xnQCUdT.exe
  C:\Windows\System\xnQCUdT.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\IgxWtvR.exe
  C:\Windows\System\IgxWtvR.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\QYkgMKd.exe
  C:\Windows\System\QYkgMKd.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\VDMOQGj.exe
  C:\Windows\System\VDMOQGj.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\qoivqqe.exe
  C:\Windows\System\qoivqqe.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\lRKDvYh.exe
  C:\Windows\System\lRKDvYh.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\yuxegBg.exe
  C:\Windows\System\yuxegBg.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\GwdTBOn.exe
  C:\Windows\System\GwdTBOn.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\ZivxAyZ.exe
  C:\Windows\System\ZivxAyZ.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\lzwLmMY.exe
  C:\Windows\System\lzwLmMY.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\YPojElz.exe
  C:\Windows\System\YPojElz.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\BGvkoLD.exe
  C:\Windows\System\BGvkoLD.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\PldxlNn.exe
  C:\Windows\System\PldxlNn.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\JJIeoGl.exe
  C:\Windows\System\JJIeoGl.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\xRZcZke.exe
  C:\Windows\System\xRZcZke.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\ivDNdRg.exe
  C:\Windows\System\ivDNdRg.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\ROrYKtl.exe
  C:\Windows\System\ROrYKtl.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\gguhIjc.exe
  C:\Windows\System\gguhIjc.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\GNwwfhM.exe
  C:\Windows\System\GNwwfhM.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\ySDAWlc.exe
  C:\Windows\System\ySDAWlc.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\JzOWpZn.exe
  C:\Windows\System\JzOWpZn.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\QCmoqUO.exe
  C:\Windows\System\QCmoqUO.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\qeqeaHq.exe
  C:\Windows\System\qeqeaHq.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\lFRhLZU.exe
  C:\Windows\System\lFRhLZU.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\GIilxKt.exe
  C:\Windows\System\GIilxKt.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\OPpQtcz.exe
  C:\Windows\System\OPpQtcz.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\ZxExxkJ.exe
  C:\Windows\System\ZxExxkJ.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\LHuwKHx.exe
  C:\Windows\System\LHuwKHx.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ztvOdMZ.exe
  C:\Windows\System\ztvOdMZ.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\nDZyLjg.exe
  C:\Windows\System\nDZyLjg.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\ASsjysO.exe
  C:\Windows\System\ASsjysO.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\UjiTzCd.exe
  C:\Windows\System\UjiTzCd.exe
  2⤵
  PID:4224
- C:\Windows\System\rdZzTfZ.exe
  C:\Windows\System\rdZzTfZ.exe
  2⤵
  PID:3576
- C:\Windows\System\HFnIeKO.exe
  C:\Windows\System\HFnIeKO.exe
  2⤵
  PID:4752
- C:\Windows\System\GrZvqhd.exe
  C:\Windows\System\GrZvqhd.exe
  2⤵
  PID:3676
- C:\Windows\System\zMcDDYD.exe
  C:\Windows\System\zMcDDYD.exe
  2⤵
  PID:1480
- C:\Windows\System\rDINXCV.exe
  C:\Windows\System\rDINXCV.exe
  2⤵
  PID:5116
- C:\Windows\System\JrdwiQj.exe
  C:\Windows\System\JrdwiQj.exe
  2⤵
  PID:4688
- C:\Windows\System\sXFNnFS.exe
  C:\Windows\System\sXFNnFS.exe
  2⤵
  PID:1340
- C:\Windows\System\sKapmOg.exe
  C:\Windows\System\sKapmOg.exe
  2⤵
  PID:2316
- C:\Windows\System\VIUwwfh.exe
  C:\Windows\System\VIUwwfh.exe
  2⤵
  PID:4040
- C:\Windows\System\BcWeuOr.exe
  C:\Windows\System\BcWeuOr.exe
  2⤵
  PID:2724
- C:\Windows\System\wNhQgcX.exe
  C:\Windows\System\wNhQgcX.exe
  2⤵
  PID:876
- C:\Windows\System\diIjHKi.exe
  C:\Windows\System\diIjHKi.exe
  2⤵
  PID:2608
- C:\Windows\System\PBZGMfh.exe
  C:\Windows\System\PBZGMfh.exe
  2⤵
  PID:3272
- C:\Windows\System\cmefZBK.exe
  C:\Windows\System\cmefZBK.exe
  2⤵
  PID:332
- C:\Windows\System\SWKYkcP.exe
  C:\Windows\System\SWKYkcP.exe
  2⤵
  PID:4856
- C:\Windows\System\jwMRphM.exe
  C:\Windows\System\jwMRphM.exe
  2⤵
  PID:1804
- C:\Windows\System\wMZfqRN.exe
  C:\Windows\System\wMZfqRN.exe
  2⤵
  PID:2936
- C:\Windows\System\NJCXHxf.exe
  C:\Windows\System\NJCXHxf.exe
  2⤵
  PID:3688
- C:\Windows\System\PWKyDxm.exe
  C:\Windows\System\PWKyDxm.exe
  2⤵
  PID:2900
- C:\Windows\System\xowkhLq.exe
  C:\Windows\System\xowkhLq.exe
  2⤵
  PID:1668
- C:\Windows\System\QYzbwhL.exe
  C:\Windows\System\QYzbwhL.exe
  2⤵
  PID:4792
- C:\Windows\System\rQtBzyF.exe
  C:\Windows\System\rQtBzyF.exe
  2⤵
  PID:3280
- C:\Windows\System\GmrjyBu.exe
  C:\Windows\System\GmrjyBu.exe
  2⤵
  PID:4868
- C:\Windows\System\QxUeIRR.exe
  C:\Windows\System\QxUeIRR.exe
  2⤵
  PID:3200
- C:\Windows\System\afJIYid.exe
  C:\Windows\System\afJIYid.exe
  2⤵
  PID:2168
- C:\Windows\System\aQKtocL.exe
  C:\Windows\System\aQKtocL.exe
  2⤵
  PID:4744
- C:\Windows\System\admRgUB.exe
  C:\Windows\System\admRgUB.exe
  2⤵
  PID:5024
- C:\Windows\System\VGfahJK.exe
  C:\Windows\System\VGfahJK.exe
  2⤵
  PID:1856
- C:\Windows\System\NhTwGBY.exe
  C:\Windows\System\NhTwGBY.exe
  2⤵
  PID:2644
- C:\Windows\System\geOdWPB.exe
  C:\Windows\System\geOdWPB.exe
  2⤵
  PID:5144
- C:\Windows\System\KZITlTl.exe
  C:\Windows\System\KZITlTl.exe
  2⤵
  PID:5180
- C:\Windows\System\EyICNmJ.exe
  C:\Windows\System\EyICNmJ.exe
  2⤵
  PID:5216
- C:\Windows\System\EYgyAus.exe
  C:\Windows\System\EYgyAus.exe
  2⤵
  PID:5240
- C:\Windows\System\aCynxNf.exe
  C:\Windows\System\aCynxNf.exe
  2⤵
  PID:5276
- C:\Windows\System\duCgHts.exe
  C:\Windows\System\duCgHts.exe
  2⤵
  PID:5304
- C:\Windows\System\kMRgUmb.exe
  C:\Windows\System\kMRgUmb.exe
  2⤵
  PID:5336
- C:\Windows\System\CmmKbDb.exe
  C:\Windows\System\CmmKbDb.exe
  2⤵
  PID:5376
- C:\Windows\System\RQTNELH.exe
  C:\Windows\System\RQTNELH.exe
  2⤵
  PID:5400
- C:\Windows\System\RGVYuYj.exe
  C:\Windows\System\RGVYuYj.exe
  2⤵
  PID:5436
- C:\Windows\System\sVXmskV.exe
  C:\Windows\System\sVXmskV.exe
  2⤵
  PID:5468
- C:\Windows\System\OBrHaLm.exe
  C:\Windows\System\OBrHaLm.exe
  2⤵
  PID:5484
- C:\Windows\System\MpRFXQi.exe
  C:\Windows\System\MpRFXQi.exe
  2⤵
  PID:5504
- C:\Windows\System\XOQGSHp.exe
  C:\Windows\System\XOQGSHp.exe
  2⤵
  PID:5532
- C:\Windows\System\lhKNcPq.exe
  C:\Windows\System\lhKNcPq.exe
  2⤵
  PID:5568
- C:\Windows\System\RmWZfuK.exe
  C:\Windows\System\RmWZfuK.exe
  2⤵
  PID:5600
- C:\Windows\System\CVeQlgj.exe
  C:\Windows\System\CVeQlgj.exe
  2⤵
  PID:5632
- C:\Windows\System\gKhHmqm.exe
  C:\Windows\System\gKhHmqm.exe
  2⤵
  PID:5672
- C:\Windows\System\PucZWjD.exe
  C:\Windows\System\PucZWjD.exe
  2⤵
  PID:5704
- C:\Windows\System\ooruKAf.exe
  C:\Windows\System\ooruKAf.exe
  2⤵
  PID:5740
- C:\Windows\System\gGVwWll.exe
  C:\Windows\System\gGVwWll.exe
  2⤵
  PID:5768
- C:\Windows\System\EeVMlPQ.exe
  C:\Windows\System\EeVMlPQ.exe
  2⤵
  PID:5796
- C:\Windows\System\ZATTwzp.exe
  C:\Windows\System\ZATTwzp.exe
  2⤵
  PID:5824
- C:\Windows\System\fTWnsfz.exe
  C:\Windows\System\fTWnsfz.exe
  2⤵
  PID:5852
- C:\Windows\System\LTReJJH.exe
  C:\Windows\System\LTReJJH.exe
  2⤵
  PID:5884
- C:\Windows\System\ujRTMtS.exe
  C:\Windows\System\ujRTMtS.exe
  2⤵
  PID:5916
- C:\Windows\System\OoxPDRO.exe
  C:\Windows\System\OoxPDRO.exe
  2⤵
  PID:5944
- C:\Windows\System\NlGzfGJ.exe
  C:\Windows\System\NlGzfGJ.exe
  2⤵
  PID:5972
- C:\Windows\System\nTuNyfc.exe
  C:\Windows\System\nTuNyfc.exe
  2⤵
  PID:6004
- C:\Windows\System\ASRQEJL.exe
  C:\Windows\System\ASRQEJL.exe
  2⤵
  PID:6032
- C:\Windows\System\gEMwpGR.exe
  C:\Windows\System\gEMwpGR.exe
  2⤵
  PID:6060
- C:\Windows\System\YAdKitU.exe
  C:\Windows\System\YAdKitU.exe
  2⤵
  PID:6076
- C:\Windows\System\TInrZLl.exe
  C:\Windows\System\TInrZLl.exe
  2⤵
  PID:6092
- C:\Windows\System\zICMRDw.exe
  C:\Windows\System\zICMRDw.exe
  2⤵
  PID:6116
- C:\Windows\System\thZnrHo.exe
  C:\Windows\System\thZnrHo.exe
  2⤵
  PID:3256
- C:\Windows\System\FTKTPGT.exe
  C:\Windows\System\FTKTPGT.exe
  2⤵
  PID:5128
- C:\Windows\System\owUJLSl.exe
  C:\Windows\System\owUJLSl.exe
  2⤵
  PID:5264
- C:\Windows\System\aVGaZRF.exe
  C:\Windows\System\aVGaZRF.exe
  2⤵
  PID:5300
- C:\Windows\System\woYaFAK.exe
  C:\Windows\System\woYaFAK.exe
  2⤵
  PID:5392
- C:\Windows\System\BiHQAhK.exe
  C:\Windows\System\BiHQAhK.exe
  2⤵
  PID:5464
- C:\Windows\System\WYcPJqD.exe
  C:\Windows\System\WYcPJqD.exe
  2⤵
  PID:5560
- C:\Windows\System\PYxflOq.exe
  C:\Windows\System\PYxflOq.exe
  2⤵
  PID:5644
- C:\Windows\System\XRZpewZ.exe
  C:\Windows\System\XRZpewZ.exe
  2⤵
  PID:5724
- C:\Windows\System\kCKIAYB.exe
  C:\Windows\System\kCKIAYB.exe
  2⤵
  PID:5764
- C:\Windows\System\qdVNteU.exe
  C:\Windows\System\qdVNteU.exe
  2⤵
  PID:5848
- C:\Windows\System\wqdoyqT.exe
  C:\Windows\System\wqdoyqT.exe
  2⤵
  PID:5940
- C:\Windows\System\QSfMPJy.exe
  C:\Windows\System\QSfMPJy.exe
  2⤵
  PID:6048
- C:\Windows\System\JUjTwcS.exe
  C:\Windows\System\JUjTwcS.exe
  2⤵
  PID:6140
- C:\Windows\System\sOiczZR.exe
  C:\Windows\System\sOiczZR.exe
  2⤵
  PID:6128
- C:\Windows\System\uvodnGX.exe
  C:\Windows\System\uvodnGX.exe
  2⤵
  PID:5232
- C:\Windows\System\byIAOgO.exe
  C:\Windows\System\byIAOgO.exe
  2⤵
  PID:5448
- C:\Windows\System\PgNGGPc.exe
  C:\Windows\System\PgNGGPc.exe
  2⤵
  PID:5712
- C:\Windows\System\xpsNlBO.exe
  C:\Windows\System\xpsNlBO.exe
  2⤵
  PID:5964
- C:\Windows\System\vLhadQO.exe
  C:\Windows\System\vLhadQO.exe
  2⤵
  PID:1320
- C:\Windows\System\KVRdKIx.exe
  C:\Windows\System\KVRdKIx.exe
  2⤵
  PID:5424
- C:\Windows\System\UwOveMv.exe
  C:\Windows\System\UwOveMv.exe
  2⤵
  PID:6056
- C:\Windows\System\KDRMsbo.exe
  C:\Windows\System\KDRMsbo.exe
  2⤵
  PID:5164
- C:\Windows\System\SRSUERr.exe
  C:\Windows\System\SRSUERr.exe
  2⤵
  PID:6160
- C:\Windows\System\JKBdSxh.exe
  C:\Windows\System\JKBdSxh.exe
  2⤵
  PID:6188
- C:\Windows\System\jrfAgTc.exe
  C:\Windows\System\jrfAgTc.exe
  2⤵
  PID:6216
- C:\Windows\System\hLtckvC.exe
  C:\Windows\System\hLtckvC.exe
  2⤵
  PID:6244
- C:\Windows\System\JYgpJTN.exe
  C:\Windows\System\JYgpJTN.exe
  2⤵
  PID:6276
- C:\Windows\System\tEtVQyz.exe
  C:\Windows\System\tEtVQyz.exe
  2⤵
  PID:6300
- C:\Windows\System\fiKUEUJ.exe
  C:\Windows\System\fiKUEUJ.exe
  2⤵
  PID:6328
- C:\Windows\System\yvThAgP.exe
  C:\Windows\System\yvThAgP.exe
  2⤵
  PID:6356
- C:\Windows\System\OulanzO.exe
  C:\Windows\System\OulanzO.exe
  2⤵
  PID:6384
- C:\Windows\System\IEidZFl.exe
  C:\Windows\System\IEidZFl.exe
  2⤵
  PID:6416
- C:\Windows\System\yPJxZAi.exe
  C:\Windows\System\yPJxZAi.exe
  2⤵
  PID:6444
- C:\Windows\System\ObwcTYP.exe
  C:\Windows\System\ObwcTYP.exe
  2⤵
  PID:6472
- C:\Windows\System\cVOZmSL.exe
  C:\Windows\System\cVOZmSL.exe
  2⤵
  PID:6504
- C:\Windows\System\GAjtQXV.exe
  C:\Windows\System\GAjtQXV.exe
  2⤵
  PID:6532
- C:\Windows\System\uWTLcfQ.exe
  C:\Windows\System\uWTLcfQ.exe
  2⤵
  PID:6560
- C:\Windows\System\TnXFUUg.exe
  C:\Windows\System\TnXFUUg.exe
  2⤵
  PID:6588
- C:\Windows\System\jRxFpwA.exe
  C:\Windows\System\jRxFpwA.exe
  2⤵
  PID:6616
- C:\Windows\System\LCEfGhY.exe
  C:\Windows\System\LCEfGhY.exe
  2⤵
  PID:6648
- C:\Windows\System\OODslMp.exe
  C:\Windows\System\OODslMp.exe
  2⤵
  PID:6672
- C:\Windows\System\TNSRJcq.exe
  C:\Windows\System\TNSRJcq.exe
  2⤵
  PID:6700
- C:\Windows\System\sBpPWUz.exe
  C:\Windows\System\sBpPWUz.exe
  2⤵
  PID:6728
- C:\Windows\System\YDeBUMP.exe
  C:\Windows\System\YDeBUMP.exe
  2⤵
  PID:6756
- C:\Windows\System\rssXtbd.exe
  C:\Windows\System\rssXtbd.exe
  2⤵
  PID:6788
- C:\Windows\System\UxloaQa.exe
  C:\Windows\System\UxloaQa.exe
  2⤵
  PID:6820
- C:\Windows\System\WNGqIlp.exe
  C:\Windows\System\WNGqIlp.exe
  2⤵
  PID:6852
- C:\Windows\System\ylzenIF.exe
  C:\Windows\System\ylzenIF.exe
  2⤵
  PID:6880
- C:\Windows\System\bKvdeQn.exe
  C:\Windows\System\bKvdeQn.exe
  2⤵
  PID:6912
- C:\Windows\System\zOICQId.exe
  C:\Windows\System\zOICQId.exe
  2⤵
  PID:6940
- C:\Windows\System\OHLOzcY.exe
  C:\Windows\System\OHLOzcY.exe
  2⤵
  PID:6968
- C:\Windows\System\rMbGPIb.exe
  C:\Windows\System\rMbGPIb.exe
  2⤵
  PID:6996
- C:\Windows\System\OzELZEb.exe
  C:\Windows\System\OzELZEb.exe
  2⤵
  PID:7024
- C:\Windows\System\kgOxAFU.exe
  C:\Windows\System\kgOxAFU.exe
  2⤵
  PID:7052
- C:\Windows\System\RrETSmB.exe
  C:\Windows\System\RrETSmB.exe
  2⤵
  PID:7080
- C:\Windows\System\BsPcbJp.exe
  C:\Windows\System\BsPcbJp.exe
  2⤵
  PID:7108
- C:\Windows\System\ftiBafa.exe
  C:\Windows\System\ftiBafa.exe
  2⤵
  PID:7136
- C:\Windows\System\zKrCRKq.exe
  C:\Windows\System\zKrCRKq.exe
  2⤵
  PID:6172
- C:\Windows\System\wPkoKYF.exe
  C:\Windows\System\wPkoKYF.exe
  2⤵
  PID:6212
- C:\Windows\System\onnrAtw.exe
  C:\Windows\System\onnrAtw.exe
  2⤵
  PID:6292
- C:\Windows\System\OEhTxPv.exe
  C:\Windows\System\OEhTxPv.exe
  2⤵
  PID:6348
- C:\Windows\System\DizFaBL.exe
  C:\Windows\System\DizFaBL.exe
  2⤵
  PID:6404
- C:\Windows\System\pEFdxXD.exe
  C:\Windows\System\pEFdxXD.exe
  2⤵
  PID:6484
- C:\Windows\System\ofPpjEH.exe
  C:\Windows\System\ofPpjEH.exe
  2⤵
  PID:6544
- C:\Windows\System\fgWGdyC.exe
  C:\Windows\System\fgWGdyC.exe
  2⤵
  PID:6600
- C:\Windows\System\gDiuFbm.exe
  C:\Windows\System\gDiuFbm.exe
  2⤵
  PID:6668
- C:\Windows\System\TQpCHIU.exe
  C:\Windows\System\TQpCHIU.exe
  2⤵
  PID:6748
- C:\Windows\System\bnfxQGT.exe
  C:\Windows\System\bnfxQGT.exe
  2⤵
  PID:6840
- C:\Windows\System\xyLjIuj.exe
  C:\Windows\System\xyLjIuj.exe
  2⤵
  PID:6896
- C:\Windows\System\wtUcrae.exe
  C:\Windows\System\wtUcrae.exe
  2⤵
  PID:6992
- C:\Windows\System\NEVYVoQ.exe
  C:\Windows\System\NEVYVoQ.exe
  2⤵
  PID:7064
- C:\Windows\System\KxLjabt.exe
  C:\Windows\System\KxLjabt.exe
  2⤵
  PID:7104
- C:\Windows\System\mHIYhOH.exe
  C:\Windows\System\mHIYhOH.exe
  2⤵
  PID:7148
- C:\Windows\System\uoHvKOH.exe
  C:\Windows\System\uoHvKOH.exe
  2⤵
  PID:6268
- C:\Windows\System\lUUiwlb.exe
  C:\Windows\System\lUUiwlb.exe
  2⤵
  PID:6440
- C:\Windows\System\zBCkUBU.exe
  C:\Windows\System\zBCkUBU.exe
  2⤵
  PID:6548
- C:\Windows\System\sQaxzbj.exe
  C:\Windows\System\sQaxzbj.exe
  2⤵
  PID:6628
- C:\Windows\System\YblvTTT.exe
  C:\Windows\System\YblvTTT.exe
  2⤵
  PID:6864
- C:\Windows\System\uevyEuF.exe
  C:\Windows\System\uevyEuF.exe
  2⤵
  PID:6960
- C:\Windows\System\oGTIWeg.exe
  C:\Windows\System\oGTIWeg.exe
  2⤵
  PID:7092
- C:\Windows\System\ZiBYDBt.exe
  C:\Windows\System\ZiBYDBt.exe
  2⤵
  PID:6528
- C:\Windows\System\ICrDMbq.exe
  C:\Windows\System\ICrDMbq.exe
  2⤵
  PID:7184
- C:\Windows\System\RBvruPi.exe
  C:\Windows\System\RBvruPi.exe
  2⤵
  PID:7216
- C:\Windows\System\lBzOHbn.exe
  C:\Windows\System\lBzOHbn.exe
  2⤵
  PID:7248
- C:\Windows\System\mRsJXnr.exe
  C:\Windows\System\mRsJXnr.exe
  2⤵
  PID:7276
- C:\Windows\System\rufksuH.exe
  C:\Windows\System\rufksuH.exe
  2⤵
  PID:7316
- C:\Windows\System\cWxgTxX.exe
  C:\Windows\System\cWxgTxX.exe
  2⤵
  PID:7344
- C:\Windows\System\wIUyrka.exe
  C:\Windows\System\wIUyrka.exe
  2⤵
  PID:7380
- C:\Windows\System\CmZvCIs.exe
  C:\Windows\System\CmZvCIs.exe
  2⤵
  PID:7404
- C:\Windows\System\yJTHJXs.exe
  C:\Windows\System\yJTHJXs.exe
  2⤵
  PID:7428
- C:\Windows\System\aAcicuF.exe
  C:\Windows\System\aAcicuF.exe
  2⤵
  PID:7472
- C:\Windows\System\QBcYZMX.exe
  C:\Windows\System\QBcYZMX.exe
  2⤵
  PID:7496
- C:\Windows\System\dxHqNOC.exe
  C:\Windows\System\dxHqNOC.exe
  2⤵
  PID:7528
- C:\Windows\System\BtmeBnp.exe
  C:\Windows\System\BtmeBnp.exe
  2⤵
  PID:7560
- C:\Windows\System\OemZazE.exe
  C:\Windows\System\OemZazE.exe
  2⤵
  PID:7584
- C:\Windows\System\ZzfaQjQ.exe
  C:\Windows\System\ZzfaQjQ.exe
  2⤵
  PID:7612
- C:\Windows\System\zWGsUmr.exe
  C:\Windows\System\zWGsUmr.exe
  2⤵
  PID:7648
- C:\Windows\System\qfuhNox.exe
  C:\Windows\System\qfuhNox.exe
  2⤵
  PID:7676
- C:\Windows\System\nQUtsqX.exe
  C:\Windows\System\nQUtsqX.exe
  2⤵
  PID:7692
- C:\Windows\System\sWtamct.exe
  C:\Windows\System\sWtamct.exe
  2⤵
  PID:7716
- C:\Windows\System\sCfNcxx.exe
  C:\Windows\System\sCfNcxx.exe
  2⤵
  PID:7740
- C:\Windows\System\lacbEgN.exe
  C:\Windows\System\lacbEgN.exe
  2⤵
  PID:7776
- C:\Windows\System\JKdGykX.exe
  C:\Windows\System\JKdGykX.exe
  2⤵
  PID:7804
- C:\Windows\System\zQSJPEO.exe
  C:\Windows\System\zQSJPEO.exe
  2⤵
  PID:7832
- C:\Windows\System\yKPSwme.exe
  C:\Windows\System\yKPSwme.exe
  2⤵
  PID:7868
- C:\Windows\System\oTSiotQ.exe
  C:\Windows\System\oTSiotQ.exe
  2⤵
  PID:7904
- C:\Windows\System\epVOJHF.exe
  C:\Windows\System\epVOJHF.exe
  2⤵
  PID:7936
- C:\Windows\System\yvtUmqa.exe
  C:\Windows\System\yvtUmqa.exe
  2⤵
  PID:7972
- C:\Windows\System\vWdqixt.exe
  C:\Windows\System\vWdqixt.exe
  2⤵
  PID:8000
- C:\Windows\System\XKvGmId.exe
  C:\Windows\System\XKvGmId.exe
  2⤵
  PID:8024
- C:\Windows\System\rPndPgv.exe
  C:\Windows\System\rPndPgv.exe
  2⤵
  PID:8064
- C:\Windows\System\ZhgxPMf.exe
  C:\Windows\System\ZhgxPMf.exe
  2⤵
  PID:8096
- C:\Windows\System\ZRTrMRl.exe
  C:\Windows\System\ZRTrMRl.exe
  2⤵
  PID:8124
- C:\Windows\System\mtXfssj.exe
  C:\Windows\System\mtXfssj.exe
  2⤵
  PID:8152
- C:\Windows\System\emMKUsk.exe
  C:\Windows\System\emMKUsk.exe
  2⤵
  PID:8184
- C:\Windows\System\oLrBjDs.exe
  C:\Windows\System\oLrBjDs.exe
  2⤵
  PID:6816
- C:\Windows\System\OVgoWAP.exe
  C:\Windows\System\OVgoWAP.exe
  2⤵
  PID:7196
- C:\Windows\System\VetGxEO.exe
  C:\Windows\System\VetGxEO.exe
  2⤵
  PID:7232
- C:\Windows\System\rKQvmce.exe
  C:\Windows\System\rKQvmce.exe
  2⤵
  PID:7392
- C:\Windows\System\YkTOyHI.exe
  C:\Windows\System\YkTOyHI.exe
  2⤵
  PID:7396
- C:\Windows\System\QbWSaIO.exe
  C:\Windows\System\QbWSaIO.exe
  2⤵
  PID:7424
- C:\Windows\System\GLnaIqr.exe
  C:\Windows\System\GLnaIqr.exe
  2⤵
  PID:7572
- C:\Windows\System\FqNOfuA.exe
  C:\Windows\System\FqNOfuA.exe
  2⤵
  PID:7640
- C:\Windows\System\TFpBRZo.exe
  C:\Windows\System\TFpBRZo.exe
  2⤵
  PID:7732
- C:\Windows\System\VwjWMBO.exe
  C:\Windows\System\VwjWMBO.exe
  2⤵
  PID:7728
- C:\Windows\System\McNNTeN.exe
  C:\Windows\System\McNNTeN.exe
  2⤵
  PID:7896
- C:\Windows\System\KPkyDAN.exe
  C:\Windows\System\KPkyDAN.exe
  2⤵
  PID:7968
- C:\Windows\System\wGqwFrf.exe
  C:\Windows\System\wGqwFrf.exe
  2⤵
  PID:8044
- C:\Windows\System\DUXNQzU.exe
  C:\Windows\System\DUXNQzU.exe
  2⤵
  PID:7996
- C:\Windows\System\ToIuzFJ.exe
  C:\Windows\System\ToIuzFJ.exe
  2⤵
  PID:6320
- C:\Windows\System\xkmcVpb.exe
  C:\Windows\System\xkmcVpb.exe
  2⤵
  PID:6964
- C:\Windows\System\qojwhjq.exe
  C:\Windows\System\qojwhjq.exe
  2⤵
  PID:7236
- C:\Windows\System\JWORLJg.exe
  C:\Windows\System\JWORLJg.exe
  2⤵
  PID:7488
- C:\Windows\System\KLLOAly.exe
  C:\Windows\System\KLLOAly.exe
  2⤵
  PID:7708
- C:\Windows\System\SWRZiXQ.exe
  C:\Windows\System\SWRZiXQ.exe
  2⤵
  PID:7880
- C:\Windows\System\jlvOVye.exe
  C:\Windows\System\jlvOVye.exe
  2⤵
  PID:6340
- C:\Windows\System\eKyvbYz.exe
  C:\Windows\System\eKyvbYz.exe
  2⤵
  PID:8180
- C:\Windows\System\tKKJoDJ.exe
  C:\Windows\System\tKKJoDJ.exe
  2⤵
  PID:7628
- C:\Windows\System\rOkGpAI.exe
  C:\Windows\System\rOkGpAI.exe
  2⤵
  PID:8200
- C:\Windows\System\JXavCBc.exe
  C:\Windows\System\JXavCBc.exe
  2⤵
  PID:8236
- C:\Windows\System\QhoumFB.exe
  C:\Windows\System\QhoumFB.exe
  2⤵
  PID:8264
- C:\Windows\System\qMWEqLa.exe
  C:\Windows\System\qMWEqLa.exe
  2⤵
  PID:8296
- C:\Windows\System\AfKDyxV.exe
  C:\Windows\System\AfKDyxV.exe
  2⤵
  PID:8320
- C:\Windows\System\GeHupDf.exe
  C:\Windows\System\GeHupDf.exe
  2⤵
  PID:8356
- C:\Windows\System\zHtRdUo.exe
  C:\Windows\System\zHtRdUo.exe
  2⤵
  PID:8384
- C:\Windows\System\ujaEQFt.exe
  C:\Windows\System\ujaEQFt.exe
  2⤵
  PID:8412
- C:\Windows\System\Lwbxqcr.exe
  C:\Windows\System\Lwbxqcr.exe
  2⤵
  PID:8444
- C:\Windows\System\cDNrOaP.exe
  C:\Windows\System\cDNrOaP.exe
  2⤵
  PID:8476
- C:\Windows\System\VGnNHUT.exe
  C:\Windows\System\VGnNHUT.exe
  2⤵
  PID:8500
- C:\Windows\System\augqzLH.exe
  C:\Windows\System\augqzLH.exe
  2⤵
  PID:8536
- C:\Windows\System\SjUMbtN.exe
  C:\Windows\System\SjUMbtN.exe
  2⤵
  PID:8576
- C:\Windows\System\kfZRjlK.exe
  C:\Windows\System\kfZRjlK.exe
  2⤵
  PID:8600
- C:\Windows\System\NUYywhz.exe
  C:\Windows\System\NUYywhz.exe
  2⤵
  PID:8624
- C:\Windows\System\jiKljjU.exe
  C:\Windows\System\jiKljjU.exe
  2⤵
  PID:8644
- C:\Windows\System\LAuhDvx.exe
  C:\Windows\System\LAuhDvx.exe
  2⤵
  PID:8664
- C:\Windows\System\DgHKyeN.exe
  C:\Windows\System\DgHKyeN.exe
  2⤵
  PID:8692
- C:\Windows\System\NDaiGjH.exe
  C:\Windows\System\NDaiGjH.exe
  2⤵
  PID:8712
- C:\Windows\System\ZTrZxqf.exe
  C:\Windows\System\ZTrZxqf.exe
  2⤵
  PID:8728
- C:\Windows\System\IUHUqIt.exe
  C:\Windows\System\IUHUqIt.exe
  2⤵
  PID:8744
- C:\Windows\System\MSeIObb.exe
  C:\Windows\System\MSeIObb.exe
  2⤵
  PID:8772
- C:\Windows\System\njDrHNR.exe
  C:\Windows\System\njDrHNR.exe
  2⤵
  PID:8788
- C:\Windows\System\ZhspAcW.exe
  C:\Windows\System\ZhspAcW.exe
  2⤵
  PID:8804
- C:\Windows\System\QEABJRm.exe
  C:\Windows\System\QEABJRm.exe
  2⤵
  PID:8836
- C:\Windows\System\EXTXJWX.exe
  C:\Windows\System\EXTXJWX.exe
  2⤵
  PID:8864
- C:\Windows\System\LCxaTOy.exe
  C:\Windows\System\LCxaTOy.exe
  2⤵
  PID:8888
- C:\Windows\System\YLkeTOf.exe
  C:\Windows\System\YLkeTOf.exe
  2⤵
  PID:8924
- C:\Windows\System\tSxHvQM.exe
  C:\Windows\System\tSxHvQM.exe
  2⤵
  PID:8960
- C:\Windows\System\ZrHpHCN.exe
  C:\Windows\System\ZrHpHCN.exe
  2⤵
  PID:8988
- C:\Windows\System\sUTmdFp.exe
  C:\Windows\System\sUTmdFp.exe
  2⤵
  PID:9020
- C:\Windows\System\AYTKZCQ.exe
  C:\Windows\System\AYTKZCQ.exe
  2⤵
  PID:9044
- C:\Windows\System\dyLqwFD.exe
  C:\Windows\System\dyLqwFD.exe
  2⤵
  PID:9080
- C:\Windows\System\fuNkMBH.exe
  C:\Windows\System\fuNkMBH.exe
  2⤵
  PID:9112
- C:\Windows\System\YREgOXQ.exe
  C:\Windows\System\YREgOXQ.exe
  2⤵
  PID:9148
- C:\Windows\System\IgCpMpg.exe
  C:\Windows\System\IgCpMpg.exe
  2⤵
  PID:9176
- C:\Windows\System\vIUAoQK.exe
  C:\Windows\System\vIUAoQK.exe
  2⤵
  PID:9200
- C:\Windows\System\GBPthJu.exe
  C:\Windows\System\GBPthJu.exe
  2⤵
  PID:7620
- C:\Windows\System\iEbkrWR.exe
  C:\Windows\System\iEbkrWR.exe
  2⤵
  PID:8212
- C:\Windows\System\HDKRUga.exe
  C:\Windows\System\HDKRUga.exe
  2⤵
  PID:8316
- C:\Windows\System\jULbPGV.exe
  C:\Windows\System\jULbPGV.exe
  2⤵
  PID:8376
- C:\Windows\System\dEnAgOz.exe
  C:\Windows\System\dEnAgOz.exe
  2⤵
  PID:8464
- C:\Windows\System\bCbWhTX.exe
  C:\Windows\System\bCbWhTX.exe
  2⤵
  PID:6432
- C:\Windows\System\kYihBoj.exe
  C:\Windows\System\kYihBoj.exe
  2⤵
  PID:8568
- C:\Windows\System\RQLOzHQ.exe
  C:\Windows\System\RQLOzHQ.exe
  2⤵
  PID:8620
- C:\Windows\System\JJZpYra.exe
  C:\Windows\System\JJZpYra.exe
  2⤵
  PID:8656
- C:\Windows\System\EECXDSj.exe
  C:\Windows\System\EECXDSj.exe
  2⤵
  PID:8784
- C:\Windows\System\wDQGhSe.exe
  C:\Windows\System\wDQGhSe.exe
  2⤵
  PID:8852
- C:\Windows\System\MwsWEWi.exe
  C:\Windows\System\MwsWEWi.exe
  2⤵
  PID:8980
- C:\Windows\System\BOwLrWr.exe
  C:\Windows\System\BOwLrWr.exe
  2⤵
  PID:8956
- C:\Windows\System\RpLbOFq.exe
  C:\Windows\System\RpLbOFq.exe
  2⤵
  PID:8952
- C:\Windows\System\nyJHuWb.exe
  C:\Windows\System\nyJHuWb.exe
  2⤵
  PID:9036
- C:\Windows\System\eIrKqFR.exe
  C:\Windows\System\eIrKqFR.exe
  2⤵
  PID:9120
- C:\Windows\System\ZKUJfAm.exe
  C:\Windows\System\ZKUJfAm.exe
  2⤵
  PID:8016
- C:\Windows\System\HOEjwAI.exe
  C:\Windows\System\HOEjwAI.exe
  2⤵
  PID:8420
- C:\Windows\System\WbqHMHL.exe
  C:\Windows\System\WbqHMHL.exe
  2⤵
  PID:8608
- C:\Windows\System\YIGItFT.exe
  C:\Windows\System\YIGItFT.exe
  2⤵
  PID:8828
- C:\Windows\System\NIvWuuM.exe
  C:\Windows\System\NIvWuuM.exe
  2⤵
  PID:8760
- C:\Windows\System\LnLImXC.exe
  C:\Windows\System\LnLImXC.exe
  2⤵
  PID:9000
- C:\Windows\System\uuIeMSV.exe
  C:\Windows\System\uuIeMSV.exe
  2⤵
  PID:9160
- C:\Windows\System\GEOdcaz.exe
  C:\Windows\System\GEOdcaz.exe
  2⤵
  PID:8488
- C:\Windows\System\VasbejT.exe
  C:\Windows\System\VasbejT.exe
  2⤵
  PID:8584
- C:\Windows\System\msgtnkB.exe
  C:\Windows\System\msgtnkB.exe
  2⤵
  PID:9224
- C:\Windows\System\fyBvrpU.exe
  C:\Windows\System\fyBvrpU.exe
  2⤵
  PID:9256
- C:\Windows\System\XdLTeZU.exe
  C:\Windows\System\XdLTeZU.exe
  2⤵
  PID:9288
- C:\Windows\System\pXyuZub.exe
  C:\Windows\System\pXyuZub.exe
  2⤵
  PID:9308
- C:\Windows\System\uqgIneW.exe
  C:\Windows\System\uqgIneW.exe
  2⤵
  PID:9336
- C:\Windows\System\FOdOwKp.exe
  C:\Windows\System\FOdOwKp.exe
  2⤵
  PID:9376
- C:\Windows\System\SrlTBWc.exe
  C:\Windows\System\SrlTBWc.exe
  2⤵
  PID:9412
- C:\Windows\System\xfBRvWx.exe
  C:\Windows\System\xfBRvWx.exe
  2⤵
  PID:9440
- C:\Windows\System\XjxLwXN.exe
  C:\Windows\System\XjxLwXN.exe
  2⤵
  PID:9468
- C:\Windows\System\rutJFfC.exe
  C:\Windows\System\rutJFfC.exe
  2⤵
  PID:9508
- C:\Windows\System\GzopGDP.exe
  C:\Windows\System\GzopGDP.exe
  2⤵
  PID:9536
- C:\Windows\System\mMbDFZJ.exe
  C:\Windows\System\mMbDFZJ.exe
  2⤵
  PID:9572
- C:\Windows\System\ZgALKoX.exe
  C:\Windows\System\ZgALKoX.exe
  2⤵
  PID:9612
- C:\Windows\System\lLaiVnD.exe
  C:\Windows\System\lLaiVnD.exe
  2⤵
  PID:9628
- C:\Windows\System\jhMHdjY.exe
  C:\Windows\System\jhMHdjY.exe
  2⤵
  PID:9644
- C:\Windows\System\NOUlPFX.exe
  C:\Windows\System\NOUlPFX.exe
  2⤵
  PID:9668
- C:\Windows\System\DsOAgPc.exe
  C:\Windows\System\DsOAgPc.exe
  2⤵
  PID:9700
- C:\Windows\System\DFpXSQu.exe
  C:\Windows\System\DFpXSQu.exe
  2⤵
  PID:9728
- C:\Windows\System\yJHGRDG.exe
  C:\Windows\System\yJHGRDG.exe
  2⤵
  PID:9756
- C:\Windows\System\AaBIVRM.exe
  C:\Windows\System\AaBIVRM.exe
  2⤵
  PID:9792
- C:\Windows\System\RPXTBKZ.exe
  C:\Windows\System\RPXTBKZ.exe
  2⤵
  PID:9812
- C:\Windows\System\aWPdcud.exe
  C:\Windows\System\aWPdcud.exe
  2⤵
  PID:9840
- C:\Windows\System\CMcKHiQ.exe
  C:\Windows\System\CMcKHiQ.exe
  2⤵
  PID:9880
- C:\Windows\System\TaOEfiX.exe
  C:\Windows\System\TaOEfiX.exe
  2⤵
  PID:9904
- C:\Windows\System\fegNwFG.exe
  C:\Windows\System\fegNwFG.exe
  2⤵
  PID:9932
- C:\Windows\System\TKqBlAQ.exe
  C:\Windows\System\TKqBlAQ.exe
  2⤵
  PID:9956
- C:\Windows\System\NIbENye.exe
  C:\Windows\System\NIbENye.exe
  2⤵
  PID:9988
- C:\Windows\System\seRvpBc.exe
  C:\Windows\System\seRvpBc.exe
  2⤵
  PID:10016
- C:\Windows\System\DMtfZZz.exe
  C:\Windows\System\DMtfZZz.exe
  2⤵
  PID:10048
- C:\Windows\System\BcivVHF.exe
  C:\Windows\System\BcivVHF.exe
  2⤵
  PID:10076
- C:\Windows\System\xoibqmg.exe
  C:\Windows\System\xoibqmg.exe
  2⤵
  PID:10116
- C:\Windows\System\zqSPGqQ.exe
  C:\Windows\System\zqSPGqQ.exe
  2⤵
  PID:10164
- C:\Windows\System\RZoHTsz.exe
  C:\Windows\System\RZoHTsz.exe
  2⤵
  PID:10192
- C:\Windows\System\cEkKmUz.exe
  C:\Windows\System\cEkKmUz.exe
  2⤵
  PID:10212
- C:\Windows\System\NrKoaVO.exe
  C:\Windows\System\NrKoaVO.exe
  2⤵
  PID:9012
- C:\Windows\System\ngVusML.exe
  C:\Windows\System\ngVusML.exe
  2⤵
  PID:8932
- C:\Windows\System\awQaZjc.exe
  C:\Windows\System\awQaZjc.exe
  2⤵
  PID:9296
- C:\Windows\System\JGwaeCj.exe
  C:\Windows\System\JGwaeCj.exe
  2⤵
  PID:9356
- C:\Windows\System\yUdBhZz.exe
  C:\Windows\System\yUdBhZz.exe
  2⤵
  PID:9452
- C:\Windows\System\keZMHqg.exe
  C:\Windows\System\keZMHqg.exe
  2⤵
  PID:9544
- C:\Windows\System\WxfNXzg.exe
  C:\Windows\System\WxfNXzg.exe
  2⤵
  PID:9580
- C:\Windows\System\IQhReJI.exe
  C:\Windows\System\IQhReJI.exe
  2⤵
  PID:9592
- C:\Windows\System\xcIueve.exe
  C:\Windows\System\xcIueve.exe
  2⤵
  PID:7700
- C:\Windows\System\goXGqSU.exe
  C:\Windows\System\goXGqSU.exe
  2⤵
  PID:9752
- C:\Windows\System\lRvCYoA.exe
  C:\Windows\System\lRvCYoA.exe
  2⤵
  PID:9808
- C:\Windows\System\svWVtAZ.exe
  C:\Windows\System\svWVtAZ.exe
  2⤵
  PID:9900
- C:\Windows\System\ZMuOhvN.exe
  C:\Windows\System\ZMuOhvN.exe
  2⤵
  PID:9964
- C:\Windows\System\KOSqxSZ.exe
  C:\Windows\System\KOSqxSZ.exe
  2⤵
  PID:10040
- C:\Windows\System\sYXTaln.exe
  C:\Windows\System\sYXTaln.exe
  2⤵
  PID:10108
- C:\Windows\System\KtFOnQL.exe
  C:\Windows\System\KtFOnQL.exe
  2⤵
  PID:10200
- C:\Windows\System\HgOvDJo.exe
  C:\Windows\System\HgOvDJo.exe
  2⤵
  PID:8916
- C:\Windows\System\WpjVibc.exe
  C:\Windows\System\WpjVibc.exe
  2⤵
  PID:9368
- C:\Windows\System\iLeFfTp.exe
  C:\Windows\System\iLeFfTp.exe
  2⤵
  PID:9480
- C:\Windows\System\vanuZAh.exe
  C:\Windows\System\vanuZAh.exe
  2⤵
  PID:9784
- C:\Windows\System\dQCuWjr.exe
  C:\Windows\System\dQCuWjr.exe
  2⤵
  PID:9712
- C:\Windows\System\XGwoYla.exe
  C:\Windows\System\XGwoYla.exe
  2⤵
  PID:9952
- C:\Windows\System\SvSxJup.exe
  C:\Windows\System\SvSxJup.exe
  2⤵
  PID:10176
- C:\Windows\System\TRtuRCW.exe
  C:\Windows\System\TRtuRCW.exe
  2⤵
  PID:9268
- C:\Windows\System\sgjpRsb.exe
  C:\Windows\System\sgjpRsb.exe
  2⤵
  PID:9664
- C:\Windows\System\SfcwAVj.exe
  C:\Windows\System\SfcwAVj.exe
  2⤵
  PID:8596
- C:\Windows\System\VkaMvwX.exe
  C:\Windows\System\VkaMvwX.exe
  2⤵
  PID:9916
- C:\Windows\System\YtLwsXV.exe
  C:\Windows\System\YtLwsXV.exe
  2⤵
  PID:9928
- C:\Windows\System\ufuNgdf.exe
  C:\Windows\System\ufuNgdf.exe
  2⤵
  PID:10268
- C:\Windows\System\ggQRjHs.exe
  C:\Windows\System\ggQRjHs.exe
  2⤵
  PID:10300
- C:\Windows\System\tkvsDLi.exe
  C:\Windows\System\tkvsDLi.exe
  2⤵
  PID:10328
- C:\Windows\System\oigtTrR.exe
  C:\Windows\System\oigtTrR.exe
  2⤵
  PID:10356
- C:\Windows\System\oRMKNZR.exe
  C:\Windows\System\oRMKNZR.exe
  2⤵
  PID:10388
- C:\Windows\System\ReGVCrv.exe
  C:\Windows\System\ReGVCrv.exe
  2⤵
  PID:10404
- C:\Windows\System\YcOXkJM.exe
  C:\Windows\System\YcOXkJM.exe
  2⤵
  PID:10432
- C:\Windows\System\JxWdiUI.exe
  C:\Windows\System\JxWdiUI.exe
  2⤵
  PID:10468
- C:\Windows\System\PapDFvo.exe
  C:\Windows\System\PapDFvo.exe
  2⤵
  PID:10500
- C:\Windows\System\aQumBss.exe
  C:\Windows\System\aQumBss.exe
  2⤵
  PID:10524
- C:\Windows\System\zKNgdXo.exe
  C:\Windows\System\zKNgdXo.exe
  2⤵
  PID:10548
- C:\Windows\System\vwVGImd.exe
  C:\Windows\System\vwVGImd.exe
  2⤵
  PID:10584
- C:\Windows\System\XvgzEic.exe
  C:\Windows\System\XvgzEic.exe
  2⤵
  PID:10612
- C:\Windows\System\bHunOhZ.exe
  C:\Windows\System\bHunOhZ.exe
  2⤵
  PID:10636
- C:\Windows\System\xXgqsyk.exe
  C:\Windows\System\xXgqsyk.exe
  2⤵
  PID:10656
- C:\Windows\System\BQGXuiv.exe
  C:\Windows\System\BQGXuiv.exe
  2⤵
  PID:10684
- C:\Windows\System\zvDOTca.exe
  C:\Windows\System\zvDOTca.exe
  2⤵
  PID:10712
- C:\Windows\System\YtqXGDc.exe
  C:\Windows\System\YtqXGDc.exe
  2⤵
  PID:10740
- C:\Windows\System\jDkjFOX.exe
  C:\Windows\System\jDkjFOX.exe
  2⤵
  PID:10768
- C:\Windows\System\BzMoCtC.exe
  C:\Windows\System\BzMoCtC.exe
  2⤵
  PID:10788
- C:\Windows\System\arRUqVq.exe
  C:\Windows\System\arRUqVq.exe
  2⤵
  PID:10816
- C:\Windows\System\BHgiIkG.exe
  C:\Windows\System\BHgiIkG.exe
  2⤵
  PID:10848
- C:\Windows\System\bvDGTwu.exe
  C:\Windows\System\bvDGTwu.exe
  2⤵
  PID:10880
- C:\Windows\System\Niovmib.exe
  C:\Windows\System\Niovmib.exe
  2⤵
  PID:10904
- C:\Windows\System\fgmvKIx.exe
  C:\Windows\System\fgmvKIx.exe
  2⤵
  PID:10940
- C:\Windows\System\gumBsEX.exe
  C:\Windows\System\gumBsEX.exe
  2⤵
  PID:10964
- C:\Windows\System\tsRXOFp.exe
  C:\Windows\System\tsRXOFp.exe
  2⤵
  PID:10992
- C:\Windows\System\YJNZrON.exe
  C:\Windows\System\YJNZrON.exe
  2⤵
  PID:11020
- C:\Windows\System\cNbMoWu.exe
  C:\Windows\System\cNbMoWu.exe
  2⤵
  PID:11052
- C:\Windows\System\DMDXGgS.exe
  C:\Windows\System\DMDXGgS.exe
  2⤵
  PID:11072
- C:\Windows\System\otbfinR.exe
  C:\Windows\System\otbfinR.exe
  2⤵
  PID:11100
- C:\Windows\System\DFKFSGD.exe
  C:\Windows\System\DFKFSGD.exe
  2⤵
  PID:11132
- C:\Windows\System\IJKjCMp.exe
  C:\Windows\System\IJKjCMp.exe
  2⤵
  PID:11152
- C:\Windows\System\jaTudaz.exe
  C:\Windows\System\jaTudaz.exe
  2⤵
  PID:11188
- C:\Windows\System\upwTrUW.exe
  C:\Windows\System\upwTrUW.exe
  2⤵
  PID:11208
- C:\Windows\System\aLphNjw.exe
  C:\Windows\System\aLphNjw.exe
  2⤵
  PID:11244
- C:\Windows\System\WdQkncA.exe
  C:\Windows\System\WdQkncA.exe
  2⤵
  PID:10256
- C:\Windows\System\LERFVLM.exe
  C:\Windows\System\LERFVLM.exe
  2⤵
  PID:10320
- C:\Windows\System\lMzLUFT.exe
  C:\Windows\System\lMzLUFT.exe
  2⤵
  PID:10396
- C:\Windows\System\klccwVG.exe
  C:\Windows\System\klccwVG.exe
  2⤵
  PID:10456
- C:\Windows\System\NuHvUaP.exe
  C:\Windows\System\NuHvUaP.exe
  2⤵
  PID:10516
- C:\Windows\System\HYATERz.exe
  C:\Windows\System\HYATERz.exe
  2⤵
  PID:10576
- C:\Windows\System\lhzSEyQ.exe
  C:\Windows\System\lhzSEyQ.exe
  2⤵
  PID:10648
- C:\Windows\System\cfIClvs.exe
  C:\Windows\System\cfIClvs.exe
  2⤵
  PID:10728
- C:\Windows\System\wALXgnz.exe
  C:\Windows\System\wALXgnz.exe
  2⤵
  PID:10756
- C:\Windows\System\nLvEZTr.exe
  C:\Windows\System\nLvEZTr.exe
  2⤵
  PID:10840
- C:\Windows\System\lMSYqDc.exe
  C:\Windows\System\lMSYqDc.exe
  2⤵
  PID:10864
- C:\Windows\System\FHnjEOT.exe
  C:\Windows\System\FHnjEOT.exe
  2⤵
  PID:10920
- C:\Windows\System\pOGEQHk.exe
  C:\Windows\System\pOGEQHk.exe
  2⤵
  PID:11008
- C:\Windows\System\pwxNRME.exe
  C:\Windows\System\pwxNRME.exe
  2⤵
  PID:11032
- C:\Windows\System\CmjXhIh.exe
  C:\Windows\System\CmjXhIh.exe
  2⤵
  PID:11084
- C:\Windows\System\uOSFlxi.exe
  C:\Windows\System\uOSFlxi.exe
  2⤵
  PID:11164
- C:\Windows\System\EMtOmLP.exe
  C:\Windows\System\EMtOmLP.exe
  2⤵
  PID:11228
- C:\Windows\System\mfGfnlb.exe
  C:\Windows\System\mfGfnlb.exe
  2⤵
  PID:10324
- C:\Windows\System\YxuJnxJ.exe
  C:\Windows\System\YxuJnxJ.exe
  2⤵
  PID:10600
- C:\Windows\System\QGUjvdv.exe
  C:\Windows\System\QGUjvdv.exe
  2⤵
  PID:10568
- C:\Windows\System\LDuevtP.exe
  C:\Windows\System\LDuevtP.exe
  2⤵
  PID:10736
- C:\Windows\System\SrGAAQC.exe
  C:\Windows\System\SrGAAQC.exe
  2⤵
  PID:10928
- C:\Windows\System\EubzwJd.exe
  C:\Windows\System\EubzwJd.exe
  2⤵
  PID:11120
- C:\Windows\System\waHOTmg.exe
  C:\Windows\System\waHOTmg.exe
  2⤵
  PID:11232
- C:\Windows\System\CqXEvRq.exe
  C:\Windows\System\CqXEvRq.exe
  2⤵
  PID:10480
- C:\Windows\System\WBgKssV.exe
  C:\Windows\System\WBgKssV.exe
  2⤵
  PID:10572
- C:\Windows\System\RSrLoLo.exe
  C:\Windows\System\RSrLoLo.exe
  2⤵
  PID:11068
- C:\Windows\System\yFQnyOZ.exe
  C:\Windows\System\yFQnyOZ.exe
  2⤵
  PID:10444
- C:\Windows\System\ASXNoiK.exe
  C:\Windows\System\ASXNoiK.exe
  2⤵
  PID:11284
- C:\Windows\System\MqOOzWh.exe
  C:\Windows\System\MqOOzWh.exe
  2⤵
  PID:11304
- C:\Windows\System\UvdRREw.exe
  C:\Windows\System\UvdRREw.exe
  2⤵
  PID:11328
- C:\Windows\System\sTLOwet.exe
  C:\Windows\System\sTLOwet.exe
  2⤵
  PID:11360
- C:\Windows\System\ZFHmLnZ.exe
  C:\Windows\System\ZFHmLnZ.exe
  2⤵
  PID:11380
- C:\Windows\System\sXyLDRC.exe
  C:\Windows\System\sXyLDRC.exe
  2⤵
  PID:11412
- C:\Windows\System\IOiBELq.exe
  C:\Windows\System\IOiBELq.exe
  2⤵
  PID:11440
- C:\Windows\System\Swtebhf.exe
  C:\Windows\System\Swtebhf.exe
  2⤵
  PID:11468
- C:\Windows\System\XDQmycr.exe
  C:\Windows\System\XDQmycr.exe
  2⤵
  PID:11504
- C:\Windows\System\PKoYapn.exe
  C:\Windows\System\PKoYapn.exe
  2⤵
  PID:11532
- C:\Windows\System\KrVAbYG.exe
  C:\Windows\System\KrVAbYG.exe
  2⤵
  PID:11564
- C:\Windows\System\WssuDmy.exe
  C:\Windows\System\WssuDmy.exe
  2⤵
  PID:11596
- C:\Windows\System\kjKSCCp.exe
  C:\Windows\System\kjKSCCp.exe
  2⤵
  PID:11628
- C:\Windows\System\rNUbQyj.exe
  C:\Windows\System\rNUbQyj.exe
  2⤵
  PID:11660
- C:\Windows\System\sGhiOHY.exe
  C:\Windows\System\sGhiOHY.exe
  2⤵
  PID:11684
- C:\Windows\System\fKNNaAn.exe
  C:\Windows\System\fKNNaAn.exe
  2⤵
  PID:11712
- C:\Windows\System\ubHBzbG.exe
  C:\Windows\System\ubHBzbG.exe
  2⤵
  PID:11736
- C:\Windows\System\XyqDTBd.exe
  C:\Windows\System\XyqDTBd.exe
  2⤵
  PID:11764
- C:\Windows\System\bFXhfuU.exe
  C:\Windows\System\bFXhfuU.exe
  2⤵
  PID:11788
- C:\Windows\System\UHLtMfk.exe
  C:\Windows\System\UHLtMfk.exe
  2⤵
  PID:11816
- C:\Windows\System\zlagaCD.exe
  C:\Windows\System\zlagaCD.exe
  2⤵
  PID:11844
- C:\Windows\System\JCsHlgH.exe
  C:\Windows\System\JCsHlgH.exe
  2⤵
  PID:11876
- C:\Windows\System\OzMvJZQ.exe
  C:\Windows\System\OzMvJZQ.exe
  2⤵
  PID:11904
- C:\Windows\System\gmEHEoV.exe
  C:\Windows\System\gmEHEoV.exe
  2⤵
  PID:11928
- C:\Windows\System\mSHRNHQ.exe
  C:\Windows\System\mSHRNHQ.exe
  2⤵
  PID:11964
- C:\Windows\System\qPfYvUH.exe
  C:\Windows\System\qPfYvUH.exe
  2⤵
  PID:11980
- C:\Windows\System\bBeJoqu.exe
  C:\Windows\System\bBeJoqu.exe
  2⤵
  PID:12020
- C:\Windows\System\orDsmUX.exe
  C:\Windows\System\orDsmUX.exe
  2⤵
  PID:12052
- C:\Windows\System\EfySqlp.exe
  C:\Windows\System\EfySqlp.exe
  2⤵
  PID:12076
- C:\Windows\System\dJeuIwz.exe
  C:\Windows\System\dJeuIwz.exe
  2⤵
  PID:12108
- C:\Windows\System\DgXsikS.exe
  C:\Windows\System\DgXsikS.exe
  2⤵
  PID:12136
- C:\Windows\System\BHAZikt.exe
  C:\Windows\System\BHAZikt.exe
  2⤵
  PID:12160
- C:\Windows\System\CRrnnbd.exe
  C:\Windows\System\CRrnnbd.exe
  2⤵
  PID:12188
- C:\Windows\System\rCiLuzm.exe
  C:\Windows\System\rCiLuzm.exe
  2⤵
  PID:12216
- C:\Windows\System\KnFTXhg.exe
  C:\Windows\System\KnFTXhg.exe
  2⤵
  PID:12240
- C:\Windows\System\YcmYNuS.exe
  C:\Windows\System\YcmYNuS.exe
  2⤵
  PID:12268
- C:\Windows\System\NwMRTej.exe
  C:\Windows\System\NwMRTej.exe
  2⤵
  PID:11276
- C:\Windows\System\ZrdLbQY.exe
  C:\Windows\System\ZrdLbQY.exe
  2⤵
  PID:436
- C:\Windows\System\ltxFZfL.exe
  C:\Windows\System\ltxFZfL.exe
  2⤵
  PID:11316
- C:\Windows\System\rYWgsDl.exe
  C:\Windows\System\rYWgsDl.exe
  2⤵
  PID:11324
- C:\Windows\System\WiQIEQo.exe
  C:\Windows\System\WiQIEQo.exe
  2⤵
  PID:11516
- C:\Windows\System\jGKxZfK.exe
  C:\Windows\System\jGKxZfK.exe
  2⤵
  PID:11572
- C:\Windows\System\cbTDmdT.exe
  C:\Windows\System\cbTDmdT.exe
  2⤵
  PID:11648
- C:\Windows\System\PEEeRRP.exe
  C:\Windows\System\PEEeRRP.exe
  2⤵
  PID:11656
- C:\Windows\System\spUBZpP.exe
  C:\Windows\System\spUBZpP.exe
  2⤵
  PID:11780
- C:\Windows\System\MVQJaEE.exe
  C:\Windows\System\MVQJaEE.exe
  2⤵
  PID:11824
- C:\Windows\System\pzOEnec.exe
  C:\Windows\System\pzOEnec.exe
  2⤵
  PID:11836
- C:\Windows\System\bzDSCnx.exe
  C:\Windows\System\bzDSCnx.exe
  2⤵
  PID:11992
- C:\Windows\System\gHyPUIZ.exe
  C:\Windows\System\gHyPUIZ.exe
  2⤵
  PID:12036
- C:\Windows\System\BnplUJv.exe
  C:\Windows\System\BnplUJv.exe
  2⤵
  PID:12004
- C:\Windows\System\LbgXGEN.exe
  C:\Windows\System\LbgXGEN.exe
  2⤵
  PID:12152
- C:\Windows\System\GGDAKoz.exe
  C:\Windows\System\GGDAKoz.exe
  2⤵
  PID:12124
- C:\Windows\System\doXrMnO.exe
  C:\Windows\System\doXrMnO.exe
  2⤵
  PID:12148
- C:\Windows\System\JzRAEfN.exe
  C:\Windows\System\JzRAEfN.exe
  2⤵
  PID:10868
- C:\Windows\System\Ykdmuht.exe
  C:\Windows\System\Ykdmuht.exe
  2⤵
  PID:11448
- C:\Windows\System\mKrBQMJ.exe
  C:\Windows\System\mKrBQMJ.exe
  2⤵
  PID:12064
- C:\Windows\System\AoBFlFx.exe
  C:\Windows\System\AoBFlFx.exe
  2⤵
  PID:3524
- C:\Windows\System\vMnKLJO.exe
  C:\Windows\System\vMnKLJO.exe
  2⤵
  PID:12068
- C:\Windows\System\pckAzUI.exe
  C:\Windows\System\pckAzUI.exe
  2⤵
  PID:12284
- C:\Windows\System\nBZFiGQ.exe
  C:\Windows\System\nBZFiGQ.exe
  2⤵
  PID:12252
- C:\Windows\System\gEABxNe.exe
  C:\Windows\System\gEABxNe.exe
  2⤵
  PID:11808
- C:\Windows\System\mlEPltR.exe
  C:\Windows\System\mlEPltR.exe
  2⤵
  PID:11972
- C:\Windows\System\iRObgVK.exe
  C:\Windows\System\iRObgVK.exe
  2⤵
  PID:11492
- C:\Windows\System\pNTcczB.exe
  C:\Windows\System\pNTcczB.exe
  2⤵
  PID:12312
- C:\Windows\System\hqPkeHm.exe
  C:\Windows\System\hqPkeHm.exe
  2⤵
  PID:12344
- C:\Windows\System\Rsbjivu.exe
  C:\Windows\System\Rsbjivu.exe
  2⤵
  PID:12368
- C:\Windows\System\tpsbwld.exe
  C:\Windows\System\tpsbwld.exe
  2⤵
  PID:12396
- C:\Windows\System\HUmnWOP.exe
  C:\Windows\System\HUmnWOP.exe
  2⤵
  PID:12432
- C:\Windows\System\slEEZcy.exe
  C:\Windows\System\slEEZcy.exe
  2⤵
  PID:12464
- C:\Windows\System\KbmtOLb.exe
  C:\Windows\System\KbmtOLb.exe
  2⤵
  PID:12500
- C:\Windows\System\pFEjXYT.exe
  C:\Windows\System\pFEjXYT.exe
  2⤵
  PID:12532
- C:\Windows\System\EbyNDsj.exe
  C:\Windows\System\EbyNDsj.exe
  2⤵
  PID:12548
- C:\Windows\System\KTPBJfb.exe
  C:\Windows\System\KTPBJfb.exe
  2⤵
  PID:12588
- C:\Windows\System\OkldFAS.exe
  C:\Windows\System\OkldFAS.exe
  2⤵
  PID:12612
- C:\Windows\System\vCKZFdS.exe
  C:\Windows\System\vCKZFdS.exe
  2⤵
  PID:12648
- C:\Windows\System\FfQqQOO.exe
  C:\Windows\System\FfQqQOO.exe
  2⤵
  PID:12684
- C:\Windows\System\zZfzWaK.exe
  C:\Windows\System\zZfzWaK.exe
  2⤵
  PID:12708
- C:\Windows\System\vWqmLbT.exe
  C:\Windows\System\vWqmLbT.exe
  2⤵
  PID:12728
- C:\Windows\System\fOdNmLB.exe
  C:\Windows\System\fOdNmLB.exe
  2⤵
  PID:12744
- C:\Windows\System\BJSmaID.exe
  C:\Windows\System\BJSmaID.exe
  2⤵
  PID:12780
- C:\Windows\System\dpCDIeN.exe
  C:\Windows\System\dpCDIeN.exe
  2⤵
  PID:12808
- C:\Windows\System\MjfocEr.exe
  C:\Windows\System\MjfocEr.exe
  2⤵
  PID:12836
- C:\Windows\System\mdZKuGv.exe
  C:\Windows\System\mdZKuGv.exe
  2⤵
  PID:12864
- C:\Windows\System\xuPuamY.exe
  C:\Windows\System\xuPuamY.exe
  2⤵
  PID:12904
- C:\Windows\System\BoUteyv.exe
  C:\Windows\System\BoUteyv.exe
  2⤵
  PID:12928
- C:\Windows\System\sHDkfNx.exe
  C:\Windows\System\sHDkfNx.exe
  2⤵
  PID:12956
- C:\Windows\System\KdkVeEK.exe
  C:\Windows\System\KdkVeEK.exe
  2⤵
  PID:12988
- C:\Windows\System\kPpQMtb.exe
  C:\Windows\System\kPpQMtb.exe
  2⤵
  PID:13016
- C:\Windows\System\BjwKmKR.exe
  C:\Windows\System\BjwKmKR.exe
  2⤵
  PID:13044
- C:\Windows\System\ZNexCLf.exe
  C:\Windows\System\ZNexCLf.exe
  2⤵
  PID:13068
- C:\Windows\System\bIkmofN.exe
  C:\Windows\System\bIkmofN.exe
  2⤵
  PID:13096
- C:\Windows\System\vwSXiyQ.exe
  C:\Windows\System\vwSXiyQ.exe
  2⤵
  PID:13128
- C:\Windows\System\RRGVgGV.exe
  C:\Windows\System\RRGVgGV.exe
  2⤵
  PID:13148
- C:\Windows\System\qMclzta.exe
  C:\Windows\System\qMclzta.exe
  2⤵
  PID:13168
- C:\Windows\System\uHVvBzI.exe
  C:\Windows\System\uHVvBzI.exe
  2⤵
  PID:13188
- C:\Windows\System\VyYbVhf.exe
  C:\Windows\System\VyYbVhf.exe
  2⤵
  PID:13220
- C:\Windows\System\LjwCtay.exe
  C:\Windows\System\LjwCtay.exe
  2⤵
  PID:13256
- C:\Windows\System\BYgGPAp.exe
  C:\Windows\System\BYgGPAp.exe
  2⤵
  PID:13284
- C:\Windows\System\xciqQiX.exe
  C:\Windows\System\xciqQiX.exe
  2⤵
  PID:13304
- C:\Windows\System\JYEaZaj.exe
  C:\Windows\System\JYEaZaj.exe
  2⤵
  PID:12324
- C:\Windows\System\IPnkueW.exe
  C:\Windows\System\IPnkueW.exe
  2⤵
  PID:12360
- C:\Windows\System\voZpfAW.exe
  C:\Windows\System\voZpfAW.exe
  2⤵
  PID:12524
- C:\Windows\System\HjwcaWr.exe
  C:\Windows\System\HjwcaWr.exe
  2⤵
  PID:12540
- C:\Windows\System\cpLWHbo.exe
  C:\Windows\System\cpLWHbo.exe
  2⤵
  PID:12632
- C:\Windows\System\XWaxdnQ.exe
  C:\Windows\System\XWaxdnQ.exe
  2⤵
  PID:12620
- C:\Windows\System\UZWoYQN.exe
  C:\Windows\System\UZWoYQN.exe
  2⤵
  PID:12768
- C:\Windows\System\lAofBcz.exe
  C:\Windows\System\lAofBcz.exe
  2⤵
  PID:12820
- C:\Windows\System\phLCTrf.exe
  C:\Windows\System\phLCTrf.exe
  2⤵
  PID:12856
- C:\Windows\System\yijVdaQ.exe
  C:\Windows\System\yijVdaQ.exe
  2⤵
  PID:12976
- C:\Windows\System\tVYeXtX.exe
  C:\Windows\System\tVYeXtX.exe
  2⤵
  PID:13032
- C:\Windows\System\vfRlrzt.exe
  C:\Windows\System\vfRlrzt.exe
  2⤵
  PID:12520
- C:\Windows\System\yclUPqj.exe
  C:\Windows\System\yclUPqj.exe
  2⤵
  PID:13112
- C:\Windows\System\WDtBmJh.exe
  C:\Windows\System\WDtBmJh.exe
  2⤵
  PID:13228
- C:\Windows\System\iOgnfIb.exe
  C:\Windows\System\iOgnfIb.exe
  2⤵
  PID:13268
- C:\Windows\System\oXUiTUM.exe
  C:\Windows\System\oXUiTUM.exe
  2⤵
  PID:12260
- C:\Windows\System\gcpqzvn.exe
  C:\Windows\System\gcpqzvn.exe
  2⤵
  PID:12660
- C:\Windows\System\AWDtsyY.exe
  C:\Windows\System\AWDtsyY.exe
  2⤵
  PID:12724
- C:\Windows\System\wiMMyKI.exe
  C:\Windows\System\wiMMyKI.exe
  2⤵
  PID:12804
- C:\Windows\System\RoChYvB.exe
  C:\Windows\System\RoChYvB.exe
  2⤵
  PID:13056
- C:\Windows\System\lYMhEqM.exe
  C:\Windows\System\lYMhEqM.exe
  2⤵
  PID:13204
- C:\Windows\System\lcVXscB.exe
  C:\Windows\System\lcVXscB.exe
  2⤵
  PID:13276
- C:\Windows\System\gCJVNpu.exe
  C:\Windows\System\gCJVNpu.exe
  2⤵
  PID:12628
- C:\Windows\System\RRGZInc.exe
  C:\Windows\System\RRGZInc.exe
  2⤵
  PID:12880
- C:\Windows\System\SnUzDrB.exe
  C:\Windows\System\SnUzDrB.exe
  2⤵
  PID:13248
- C:\Windows\System\UuwjerD.exe
  C:\Windows\System\UuwjerD.exe
  2⤵
  PID:13316
- C:\Windows\System\MTtozxj.exe
  C:\Windows\System\MTtozxj.exe
  2⤵
  PID:13348
- C:\Windows\System\sdQgvqU.exe
  C:\Windows\System\sdQgvqU.exe
  2⤵
  PID:13376
- C:\Windows\System\iOwfhfi.exe
  C:\Windows\System\iOwfhfi.exe
  2⤵
  PID:13412
- C:\Windows\System\mycLQgx.exe
  C:\Windows\System\mycLQgx.exe
  2⤵
  PID:13436
- C:\Windows\System\AYBLtHL.exe
  C:\Windows\System\AYBLtHL.exe
  2⤵
  PID:13460
- C:\Windows\System\BhWYQqk.exe
  C:\Windows\System\BhWYQqk.exe
  2⤵
  PID:13492
- C:\Windows\System\CTuLKyL.exe
  C:\Windows\System\CTuLKyL.exe
  2⤵
  PID:13524
- C:\Windows\System\EjIYVDz.exe
  C:\Windows\System\EjIYVDz.exe
  2⤵
  PID:13552
- C:\Windows\System\QCynuna.exe
  C:\Windows\System\QCynuna.exe
  2⤵
  PID:13584
- C:\Windows\System\DJwkxvN.exe
  C:\Windows\System\DJwkxvN.exe
  2⤵
  PID:13608
- C:\Windows\System\PkJKOlO.exe
  C:\Windows\System\PkJKOlO.exe
  2⤵
  PID:13624
- C:\Windows\System\laTIAye.exe
  C:\Windows\System\laTIAye.exe
  2⤵
  PID:13648
- C:\Windows\System\RwgrEeN.exe
  C:\Windows\System\RwgrEeN.exe
  2⤵
  PID:13668
- C:\Windows\System\VBGJJTH.exe
  C:\Windows\System\VBGJJTH.exe
  2⤵
  PID:13692
- C:\Windows\System\rxPVOPf.exe
  C:\Windows\System\rxPVOPf.exe
  2⤵
  PID:13720
- C:\Windows\System\LKRqOsz.exe
  C:\Windows\System\LKRqOsz.exe
  2⤵
  PID:13740
- C:\Windows\System\JVNxLyt.exe
  C:\Windows\System\JVNxLyt.exe
  2⤵
  PID:13784
- C:\Windows\System\PPDRCJq.exe
  C:\Windows\System\PPDRCJq.exe
  2⤵
  PID:13812
- C:\Windows\System\FgEwkTr.exe
  C:\Windows\System\FgEwkTr.exe
  2⤵
  PID:13844
- C:\Windows\System\WeWdWix.exe
  C:\Windows\System\WeWdWix.exe
  2⤵
  PID:13864
- C:\Windows\System\hYHLMXM.exe
  C:\Windows\System\hYHLMXM.exe
  2⤵
  PID:13888
- C:\Windows\System\RwknqrY.exe
  C:\Windows\System\RwknqrY.exe
  2⤵
  PID:13912
- C:\Windows\System\NMeaOaj.exe
  C:\Windows\System\NMeaOaj.exe
  2⤵
  PID:13948
- C:\Windows\System\pUBEIsw.exe
  C:\Windows\System\pUBEIsw.exe
  2⤵
  PID:13980
- C:\Windows\System\iwmcaOh.exe
  C:\Windows\System\iwmcaOh.exe
  2⤵
  PID:14012
- C:\Windows\System\LaypKmE.exe
  C:\Windows\System\LaypKmE.exe
  2⤵
  PID:14048
- C:\Windows\System\KlpfcQe.exe
  C:\Windows\System\KlpfcQe.exe
  2⤵
  PID:14072
- C:\Windows\System\nKeuYmV.exe
  C:\Windows\System\nKeuYmV.exe
  2⤵
  PID:14096
- C:\Windows\System\BYvTzMH.exe
  C:\Windows\System\BYvTzMH.exe
  2⤵
  PID:14120
- C:\Windows\System\nixnyln.exe
  C:\Windows\System\nixnyln.exe
  2⤵
  PID:14148
- C:\Windows\System\hToSvpj.exe
  C:\Windows\System\hToSvpj.exe
  2⤵
  PID:14180
- C:\Windows\System\vgFKVeO.exe
  C:\Windows\System\vgFKVeO.exe
  2⤵
  PID:14204
- C:\Windows\System\iGrkQmb.exe
  C:\Windows\System\iGrkQmb.exe
  2⤵
  PID:14240
- C:\Windows\System\nLWXgVB.exe
  C:\Windows\System\nLWXgVB.exe
  2⤵
  PID:14268
- C:\Windows\System\GhvbHFV.exe
  C:\Windows\System\GhvbHFV.exe
  2⤵
  PID:14300
- C:\Windows\System\TgVJMiq.exe
  C:\Windows\System\TgVJMiq.exe
  2⤵
  PID:14320
- C:\Windows\System\MRjyfTZ.exe
  C:\Windows\System\MRjyfTZ.exe
  2⤵
  PID:12604
- C:\Windows\System\PIWBfcR.exe
  C:\Windows\System\PIWBfcR.exe
  2⤵
  PID:13372
- C:\Windows\System\paZVrSe.exe
  C:\Windows\System\paZVrSe.exe
  2⤵
  PID:13420
- C:\Windows\System\ZuDQsVJ.exe
  C:\Windows\System\ZuDQsVJ.exe
  2⤵
  PID:13504
- C:\Windows\System\kwiyvOK.exe
  C:\Windows\System\kwiyvOK.exe
  2⤵
  PID:13580
- C:\Windows\System\BFFyltL.exe
  C:\Windows\System\BFFyltL.exe
  2⤵
  PID:13716
- C:\Windows\System\CdtZSqs.exe
  C:\Windows\System\CdtZSqs.exe
  2⤵
  PID:13676
- C:\Windows\System\zEDenSe.exe
  C:\Windows\System\zEDenSe.exe
  2⤵
  PID:13796
- C:\Windows\System\SpsVmvE.exe
  C:\Windows\System\SpsVmvE.exe
  2⤵
  PID:13684
- C:\Windows\System\uAommlK.exe
  C:\Windows\System\uAommlK.exe
  2⤵
  PID:13860
- C:\Windows\System\iwjNpbV.exe
  C:\Windows\System\iwjNpbV.exe
  2⤵
  PID:13972
- C:\Windows\System\AUQuxZe.exe
  C:\Windows\System\AUQuxZe.exe
  2⤵
  PID:14032
- C:\Windows\System\JPxSuYV.exe
  C:\Windows\System\JPxSuYV.exe
  2⤵
  PID:14092
- C:\Windows\System\ikeYvOm.exe
  C:\Windows\System\ikeYvOm.exe
  2⤵
  PID:14128
- C:\Windows\System\OplCrZG.exe
  C:\Windows\System\OplCrZG.exe
  2⤵
  PID:1316
- C:\Windows\System\HSZHsHi.exe
  C:\Windows\System\HSZHsHi.exe
  2⤵
  PID:14232
- C:\Windows\System\ZupndpS.exe
  C:\Windows\System\ZupndpS.exe
  2⤵
  PID:14252
- C:\Windows\System\AFJVGtE.exe
  C:\Windows\System\AFJVGtE.exe
  2⤵
  PID:14308
- C:\Windows\System\eVGgRKw.exe
  C:\Windows\System\eVGgRKw.exe
  2⤵
  PID:1796
- C:\Windows\System\QnBZIHr.exe
  C:\Windows\System\QnBZIHr.exe
  2⤵
  PID:3296
- C:\Windows\System\BkoJWmN.exe
  C:\Windows\System\BkoJWmN.exe
  2⤵
  PID:13564
- C:\Windows\System\SUheOYl.exe
  C:\Windows\System\SUheOYl.exe
  2⤵
  PID:12428
- C:\Windows\System\xqyDQXi.exe
  C:\Windows\System\xqyDQXi.exe
  2⤵
  PID:13756
- C:\Windows\System\JbcGoNf.exe
  C:\Windows\System\JbcGoNf.exe
  2⤵
  PID:13736
- C:\Windows\System\vpJeiQa.exe
  C:\Windows\System\vpJeiQa.exe
  2⤵
  PID:13964
- C:\Windows\System\FEHimkm.exe
  C:\Windows\System\FEHimkm.exe
  2⤵
  PID:452
- C:\Windows\System\sMfihhF.exe
  C:\Windows\System\sMfihhF.exe
  2⤵
  PID:1108
- C:\Windows\System\olirywj.exe
  C:\Windows\System\olirywj.exe
  2⤵
  PID:14264
- C:\Windows\System\CNVZOTD.exe
  C:\Windows\System\CNVZOTD.exe
  2⤵
  PID:13936
- C:\Windows\System\bJDzlRF.exe
  C:\Windows\System\bJDzlRF.exe
  2⤵
  PID:13516
- C:\Windows\System\rccLxqK.exe
  C:\Windows\System\rccLxqK.exe
  2⤵
  PID:14296
- C:\Windows\System\GMVeMGi.exe
  C:\Windows\System\GMVeMGi.exe
  2⤵
  PID:13992
- C:\Windows\System\bIWsWdJ.exe
  C:\Windows\System\bIWsWdJ.exe
  2⤵
  PID:14364
- C:\Windows\System\dQRJhMx.exe
  C:\Windows\System\dQRJhMx.exe
  2⤵
  PID:14392
- C:\Windows\System\XdpHmnd.exe
  C:\Windows\System\XdpHmnd.exe
  2⤵
  PID:14424
- C:\Windows\System\VdJBVSQ.exe
  C:\Windows\System\VdJBVSQ.exe
  2⤵
  PID:14460
- C:\Windows\System\kvDIeSH.exe
  C:\Windows\System\kvDIeSH.exe
  2⤵
  PID:14488
- C:\Windows\System\SqzYwAb.exe
  C:\Windows\System\SqzYwAb.exe
  2⤵
  PID:14620
- C:\Windows\System\wkuunij.exe
  C:\Windows\System\wkuunij.exe
  2⤵
  PID:14636
- C:\Windows\System\FUsFGZB.exe
  C:\Windows\System\FUsFGZB.exe
  2⤵
  PID:14664
- C:\Windows\System\bpTkZZI.exe
  C:\Windows\System\bpTkZZI.exe
  2⤵
  PID:14720

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 4168 -i 4168 -h 428 -j 432 -s 444 -d 15148
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:15184

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BkcTEAM.exe

Filesize
1.7MB

MD5
7a8c5a9ac8673b12e281d0ab94435480

SHA1
e28bc30264aa2c0e7c3bf6454c3b6a0de5897512

SHA256
efb9f656b5266f70002da53b616192e2c89cc5b71894cc4fbe3f2828e898f3d3

SHA512
4aa5fa5a6fee32a188661dcb925614ce74aebe81f18fb29da008e7f0bf7d2bb8932d08d9119c76cb7cecc0d2807552ba1157d3696be478f4e836657049eb84bc

Download Submit
C:\Windows\System\CdSMpmr.exe

Filesize
1.7MB

MD5
bd5bc992e6528431b964e00bc17c1b5b

SHA1
8f8e4f6a605eba88c226cb42d6f3342337b3ea6a

SHA256
01497ba7ba585ef8a27b53f9bc5f845ec452f9837c0da6cc214bf89590aa6b78

SHA512
928586d41c0c339b662183fd509f81e4ce45712afb715fa2cd4e5c2de86f7193d0156551e2d6c21cdcdd7f5eeac2bd8c5e1729ead68186cd32d4b1c255c862ca

Download Submit
C:\Windows\System\EiCWaCE.exe

Filesize
1.7MB

MD5
36157a10d20e616cd2775142441e945d

SHA1
774b23a0b0a04238c8ac3a607c75b30d7db91c61

SHA256
a09a674a19225b89859e75c05738bb85ff4f3d77165e338c8dc1f2637e0ba647

SHA512
04d375da3bd6d1f1ce3ae97ec8545f47f1481d31342a1956e9f7f1c6a28b26c3f98d0b828899bd890a8dc73b56e4345275ee908e9d420a20c9805b6a88038963

Download Submit
C:\Windows\System\FNtzxgI.exe

Filesize
1.7MB

MD5
302ab90b8afd6c24c122a28ea1451368

SHA1
52869869451f76d0339bd38ee00827d22ecd7689

SHA256
c36cf379fdd78d3e26c271f2e2b8d1a103bab41e46056ce9c3e497839488ebcc

SHA512
35c11b9580bee19492693aa8a6e827785c294e74f73848db76751bef02ad7d07d0c6c0a7a75b3b30ff6a3e160ef9f2fedebc3eff666fc5d4999fc4da77a9a0e3

Download Submit
C:\Windows\System\IBzYGFr.exe

Filesize
1.7MB

MD5
f9cf50453ac6de7a937eb2b35d149f23

SHA1
a152883de6b55e1c73670fa4bd0b054baf4a6e79

SHA256
f8b17a5dc33b88bc306ecfceb0ce324c631215501682d1e32139fe3351c90734

SHA512
dbc27c41a57e3ba2c8f5eed50ba2802f2b4fb58e82670df109ca667185365055533a1e5dc6232b35ea84dbf9890be7aaed0735a83ab229c7161fd54ed8efce1f

Download Submit
C:\Windows\System\IesmvbQ.exe

Filesize
1.7MB

MD5
d988e1420287f30a113c90c8171a0be8

SHA1
f3716ec8b43c718d96d58cbe59d5bb1728ebe13c

SHA256
c42e05059474108448188adf15666ec361e4a7585c93c91cc5d66945cc255382

SHA512
77ce0eb652af5884083a7ec9b83be5821ee519465816c2875d30e77b236b1be5d3a3c1d13cc79f964fbb6d0401ea6f21a902fd40c90378415df49491e7563ba7

Download Submit
C:\Windows\System\IgxWtvR.exe

Filesize
1.7MB

MD5
1e13cb222ff2b322c9b825357cee37e0

SHA1
62385662c53b070384ab1c25f5c95e370f86df4a

SHA256
2a9d04e83bf645e6bc609563800bdc9cfd6f79816524d02416f7de42dd727692

SHA512
6421c793d298fd471e8684f60219b197be3a6b98afc9415a22cbf96bbdc742978ace98a6607d80a217337d3202fa002e18f2d65b3a74ff15800d334165ff6099

Download Submit
C:\Windows\System\KOuaDFM.exe

Filesize
1.7MB

MD5
209c4a9c199fc165f842076fc21e0497

SHA1
66bbdc32864965e9cd9779c688d863a015ba2354

SHA256
f357ba952f07004048df3bb9e16e9ac5de225e8ca1cb120a183d1dd731bf09f3

SHA512
09c09ffb5ef7dc4915a223226395fd2c67983f3a8181915badf7b911e406493de9f4d2c4ad1e199b811e2b48febebcac048796b9f8087d61a2b6a963fdc7f6af

Download Submit
C:\Windows\System\LgYTJLw.exe

Filesize
1.7MB

MD5
01e1adab2a59b261727dbdeca6bfe733

SHA1
9e40fb1f3190460ed363df889a9221959b4c3b28

SHA256
0741ac5623e7edc2d4fba017e58be7f8acee039887cfb149037f6d718f68e79c

SHA512
282c12af41176b0e736e4c57807d8483c0b9d72873dcc0bae51835215148d03e15c65705abcc97c007a9d861082b559d8d5657ad277d06efac4e19624a470391

Download Submit
C:\Windows\System\NWgDuEy.exe

Filesize
1.7MB

MD5
b714beb2fc00f04d55c13aab3d30597c

SHA1
4efdfc51f846703b30079262c17a193e28b102cf

SHA256
4c2b41472fd2a2ba901b58486d8925aebcd09ec2d847b10295be867bee084923

SHA512
3cccf4bfd56ed282d38666cc873ed3da7409cdf41c343ab750dc1b5ef648f9f034cc68c76f906c9508b5a4e45e1003ea84d8c9e97981af64d9ad2d8beb6d4a5e

Download Submit
C:\Windows\System\NglWbSt.exe

Filesize
1.7MB

MD5
d23e17a33870e0e82d8a616ef1b214ab

SHA1
284c0f52bc3cf8370b316f05685fcc1785cf476c

SHA256
9f7bcf26388579348e1ec36a30ac294944da95c2aed6df5b33d3e1c8f6ae751a

SHA512
5c862997d44f1a5b7988351e5c3a17ffe7e8202695279cb15fca09f3bf6d5507eff71161b7459e8d568bfdfcc5b308e093f518aad8cfbc3d04b4e0b95985511c

Download Submit
C:\Windows\System\ODIAEdU.exe

Filesize
1.7MB

MD5
07e04905d36c3ed0d328e06361f76ea0

SHA1
09b1d755b72696799c26f2a942a9727c6f4321ae

SHA256
ed18d46060c60fbad7172e37b7fc0e1fac79d39b843dee8fd085df26e61588aa

SHA512
da4c468bd52c2faf791a780606f0455e3857fb068d2ecbcbfd8a2e471a2c0c4e462ba6d9a4df61c6cd7a5745dab42325574acdfcd5075dfecb04fd54570cb8c1

Download Submit
C:\Windows\System\QFDnpiB.exe

Filesize
1.7MB

MD5
dad991e75d8332cd712be08949902b72

SHA1
0c4468c5c688bb19c95e30113faf08737a0996c3

SHA256
206d64d1714b7b15c47f6e55d38d3d70f705a28c6a9ce6eda5ff19c4fa29174a

SHA512
6fc54632c0eabec3f04a82eb6367162ab2f9a183e7a40cf202fb8512e774ef78ea87fd661b2d11ee7371b3b89f948dc18bc05b0104d3e11d730311ff6d880a75

Download Submit
C:\Windows\System\StQJlvx.exe

Filesize
1.7MB

MD5
9de6fff5f70f7a5ea29fbc0389334202

SHA1
fe5464a6db5f1a5151bf84d843f0599fa8d77090

SHA256
cf6ed31588d3c02bb18c7e9d0c48d2ca0939d8e33c4169b0b64578e6408e309c

SHA512
ca916f770f9cd24506bb7df8417c083f93127bef52d744170651056ec65aac64fef8cd3465af344eaffb76919efcfe985eabab627426b6c7c9afde57510f2af1

Download Submit
C:\Windows\System\TKWzzup.exe

Filesize
1.7MB

MD5
e0a54327ca1a729061c3e4e666475714

SHA1
f963b90a05913576ebf67bf39ba65511dff83deb

SHA256
f148cb30b45583c5261258542d917644c2a1c03047c6d3d72b7c9d8ab798c55e

SHA512
5a333c3942e5e9bffafc561d0e41608a1a647d1929aabc96e8ef694063fb14d80b3f110863368350effaf54b1de4d681a7e6861e1925ba4137056db2bd96b3d5

Download Submit
C:\Windows\System\YOasfwo.exe

Filesize
1.7MB

MD5
b77b04e70d6a3bd4adadd3d348a5a687

SHA1
a86799898e869018207c3d48e2143fa6c967afa3

SHA256
8a8db3d49f71da62c2b2fe80754426c030879be33ac84b1ae65493699f9ffa4e

SHA512
7bbd2dd25981f42e12a73ae0a96bceb91d51b22eab3175a91bb1b02c0a996c602f3b10142a88ca90318529ec4a419667e7efff69f9569c771de1d685028f1505

Download Submit
C:\Windows\System\YRxxhna.exe

Filesize
1.7MB

MD5
61a4c2f3369c171f91590f1fb9aad4f3

SHA1
43950060e0e2a440e6006b43d7d6a53b7a330aa4

SHA256
59a5cb357632eb858067fee80aaf30ffcc9bc076c0d1fc5e8a3c15d31086d093

SHA512
44305737e5223987a5a3555a12f019e0d49a44a7e270e830a1fe56b785560d14804cc8652af55908923ce3ae345e2ff2c72d485977cb4ae3c73834bdf0d8d49a

Download Submit
C:\Windows\System\aGcTBHT.exe

Filesize
1.7MB

MD5
272f39a4fdfff4c73d0784f12226ca1c

SHA1
fbee544f964ac8fdea0f34ef21c4d2ffa23943c7

SHA256
c5c9a5f9628a06c9f2f4294ecbee870d793b472a86bc8da13c93ffe38debbea3

SHA512
a738c742b9c2f0df46688af8e15fe9dad26909cdad87c451ccf68526530ffcc66405f089f0527645984f769cd40877800b5c7796ddc0cba786568b54b1b54829

Download Submit
C:\Windows\System\aPpCSFQ.exe

Filesize
1.7MB

MD5
c70bab5127441bd13886584bc5365ce2

SHA1
544353d0ac290e025aa54f3c7f14711423f3dbcc

SHA256
b22c11022d426cd71bb19221b6cdbaeb4f0d2a76d284d3798da97778af6346bf

SHA512
3b9aec1e530397149926d4b4c076a11a81b4ed6d4ad657c9861243a488405df5394624f43026651a9ca89b03f54842c511a1b409cf5f9821bdc93cee45f94a5f

Download Submit
C:\Windows\System\bNxcAUc.exe

Filesize
1.7MB

MD5
65ad27d778562271a614bdd8c13497c1

SHA1
bdbf3762542fd73c508c59ca7dd61565ec5786c8

SHA256
01e561df1e6882faaa751edf4d8b5e47a023f2f284c81aa0112c0d23da1b4759

SHA512
de5de1b471f5818d444c40f4a9e4d816ca9e0cee92a852dec1e0dc1f198da9815b11633d647a197495e79cb411e26d5301ab61eea32a76d7f94715cdad66c806

Download Submit
C:\Windows\System\bjcytSB.exe

Filesize
1.7MB

MD5
d424794fdb791f1b61af40e24b3e4ddc

SHA1
f39b4b63d5ea264ef99bf8955ec2baed71c9fdcd

SHA256
0d2c8e5c276bf2549b926b3c3186268efcaf580490178708fb7455227171be47

SHA512
fa47e6a455e15de44460f71cb96fefe8aa22fcf13bef513ba6adbcbffadcf542dcd3fe2eed8d11ccb26879083b09aa574033434d5d63cdfd652723308ae5bbe6

Download Submit
C:\Windows\System\clupsmg.exe

Filesize
1.7MB

MD5
73f9191420d4601f44ab928c4860f50a

SHA1
33a26df983207f7eddc30d427efc8a812b7b6577

SHA256
ed6fc94c788e111189edb04ee860f18f774c6b25d262680c112659c72afe2284

SHA512
a13ddcb9a6b9c167a13402ea0b4a56f4fd09726311055e760201d4f097a3492376363141142314d4c71fe15a22ccb58424a6f6fcfccef371b0146526c53a0ed1

Download Submit
C:\Windows\System\ctLwPsV.exe

Filesize
1.7MB

MD5
b21318465b190aef8ca7c02ee3364517

SHA1
19cfc5e9de584c67208a65d62ec83f7907bbd276

SHA256
c1f3c1b0955e66d7f1266aed73b417dfb1541a96385623386f934fd7dbead9e7

SHA512
602c9c3d672b5e358d683e4f01d24c5d6d5fb74533521addfb77edac83227fe84fca19be4ab4f516c8c6853a184b595e58a8f48043b194c062917b9348591359

Download Submit
C:\Windows\System\hYWNncb.exe

Filesize
1.7MB

MD5
872ba085c0ad63d10702398a18eb34e2

SHA1
79a3b954f68c0da0185956518993837055c02387

SHA256
b60fec3142489a4845432c024229b95eac5d4c121a023e8c480ff4de0f7e35fd

SHA512
de2b3ba6c84c4fca963bf374afe091b06ead8d587dd71f30a1e15222a2e945f0a0ab7c441406d8ad9918444137a97db5ca010b7718afface13c4f40af56f22af

Download Submit
C:\Windows\System\kHBrjZu.exe

Filesize
1.7MB

MD5
b7a656b67b423dc155668ff2d858d7bd

SHA1
429e87badf9a85ffd1af9ce8af4de1f6642ea3db

SHA256
e1be82dce52e09b4a7b6d2cac9eb5bbb59790b16227827c4ff9806592629d16d

SHA512
7a3f241d7b02b116c3947fdb0c0587ed3722051feb808cd00d1b4c688011329ab20632054d8beef882ad5d2d5912fe6745136ae288e20cc057638c3411fd691a

Download Submit
C:\Windows\System\lQHotPX.exe

Filesize
1.7MB

MD5
53e76420d4df03a255aa384de349d71d

SHA1
42a46e6bf70c2c29fdcf80785e3ed33bfd4b090c

SHA256
7cb2fc16d31ba39c214f464b68830659d4a91515be2c05b8059789f91e3e085a

SHA512
c3b25950f927022ad308b39a10a6ad64245612a0816c4d5bcc54caa30fb904c592a005e87617e3d24a62e60078f3091ec35f0ca8aa6d55792020af865f8569e8

Download Submit
C:\Windows\System\nVVnPEm.exe

Filesize
1.7MB

MD5
006af1d1f22276d1928e57a7023925a8

SHA1
e38d835591d9385fa36249be668a94d827ec2770

SHA256
31ae55d45744a078cf7902c3d30fc277580d6a3721abead849a63e8f31a5a7bd

SHA512
4729ef99f5bb21e85b3104762cfb6a57bb714862b2003683e59680099d7054c37e73727ddeef91000f7f124070797a46954aa008c388e3715aa64248f2c49252

Download Submit
C:\Windows\System\odfAfpg.exe

Filesize
1.7MB

MD5
fb1a64b5bfad0d2c3b833688b60ce7d0

SHA1
fa78c85bfe203e261570fb92268fb5adaf06ee06

SHA256
a51caa843cb9662532b9ffa11a84d2fc91865b9b7341ce59d5a8743b26bb2f39

SHA512
02fa19812cc97b653eab0526666613c3b644b9bfbf8ef0b1ec88919e87443bdd87ab59c152b02a0ece54f2b80a51b3c66b4246cd0e95034d4281d030bbaaab8c

Download Submit
C:\Windows\System\oqjUukN.exe

Filesize
1.7MB

MD5
183e0758e782c9e43c7290888b926793

SHA1
3fc06d8a901eb200832dfe3c76043367867a4a7f

SHA256
8ff5d1ff7ffb0346b477a798b1f0a103e6e550781291826c65403a21219bc002

SHA512
04dcaa66f6dc5ba034eb1990af000ca8bb94e41ade3e0e0f2c4f00b902e7d69d8933c4abdde82e1f362eb5985078cb9776c7628428e6ab884e75b344aa427ba0

Download Submit
C:\Windows\System\pvAsgEf.exe

Filesize
1.7MB

MD5
aeadae592a67a78d54e981df0979c794

SHA1
ed9a76f1249da98e0739af08eac802cf7cb73bc9

SHA256
b75ab4c14f5cad9377e65b8a92b321816a148fbf9b581fb6d5dbe71ea023898c

SHA512
f8d235cd275b42d513ec38daefab278dd8197b08ba22fd4e76e8c24fbc9a7d9d6b4cf4001b91455201f3de8bd49d9c26d9c40267161f48490257d0bd77cd90b1

Download Submit
C:\Windows\System\rSIkSue.exe

Filesize
1.7MB

MD5
9f9cb5f9a1e88105dfa14ea0b14d80f0

SHA1
b47a2f3a22343d5b5b319ab86942ed0c46190bea

SHA256
3c579514b68bee6258ba6ca5bf19ea185a17eb069157106e9b6a67f6898894ce

SHA512
330c5f8739dd36667a3369cc9fb775e5c87005bfebc613683750d27660e2576a8fa1e46d3859ec3a4def2071fb022e84d33671d3374ca421fcae9f3d17bd9091

Download Submit
C:\Windows\System\tZcckPx.exe

Filesize
1.7MB

MD5
eafc014b5e1f60914a7f624ed66b1543

SHA1
f511f66594cd2960574e2f50401633756ea9f522

SHA256
4308364198a5fd1ab16206a04fec8677340bd8caf963334f79f3b68f3a4601e7

SHA512
b2b320a097a1a76debe14ee884a04ea7a8b37a8a470d642cdc456103b4651a70db10cb17ff56e61ff75ebbb4588f69f37936f18494fd44279e7457caa5f57cda

Download Submit
C:\Windows\System\xnQCUdT.exe

Filesize
1.7MB

MD5
7e955220c4ef3fe54212bcdb5d32696b

SHA1
181feb8beaa75c729b7f5f01bbc69021c1de75c2

SHA256
e2c6dac358e25e0c0775551071cf7306d22e48d33935c40cfe073d2b8869fde7

SHA512
da5ec360926d4aa6c87a56de2c528026185345ee2db41229e3dd139bf8bd20824dee48c201ede90738c5665185e07cca9dd0bdadbf5527aa191c2393359dedf3

Download Submit
C:\Windows\System\zeeuucq.exe

Filesize
1.7MB

MD5
8d75a63eb8032dcd23fa412a43026115

SHA1
c8e0780c6a807f7ef12d49e1e4af6371f016b3a7

SHA256
93d9e6c2251e1c4f6a28dbdc91b68268b00c1b904aa2a80256f90ae7f8e7dd3c

SHA512
b568924e456042a4aa353be3385c3a7bdce477baf4e25d0f6658dd61b1c3306fed94b7bd54649f2614c21b07691d012755605488a58bde5e80479809239b7681

Download Submit
memory/384-161-0x00007FF72FE50000-0x00007FF7301A4000-memory.dmp

Filesize
3.3MB

Download
memory/384-2145-0x00007FF72FE50000-0x00007FF7301A4000-memory.dmp

Filesize
3.3MB

Download
memory/432-2144-0x00007FF7D0260000-0x00007FF7D05B4000-memory.dmp

Filesize
3.3MB

Download
memory/432-129-0x00007FF7D0260000-0x00007FF7D05B4000-memory.dmp

Filesize
3.3MB

Download
memory/544-2125-0x00007FF79D730000-0x00007FF79DA84000-memory.dmp

Filesize
3.3MB

Download
memory/544-2163-0x00007FF79D730000-0x00007FF79DA84000-memory.dmp

Filesize
3.3MB

Download
memory/544-188-0x00007FF79D730000-0x00007FF79DA84000-memory.dmp

Filesize
3.3MB

Download
memory/684-2132-0x00007FF689DF0000-0x00007FF68A144000-memory.dmp

Filesize
3.3MB

Download
memory/684-51-0x00007FF689DF0000-0x00007FF68A144000-memory.dmp

Filesize
3.3MB

Download
memory/684-2119-0x00007FF689DF0000-0x00007FF68A144000-memory.dmp

Filesize
3.3MB

Download
memory/1268-178-0x00007FF61A5A0000-0x00007FF61A8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2162-0x00007FF61A5A0000-0x00007FF61A8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2129-0x00007FF6896D0000-0x00007FF689A24000-memory.dmp

Filesize
3.3MB

Download
memory/1724-41-0x00007FF6896D0000-0x00007FF689A24000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2148-0x00007FF63EAF0000-0x00007FF63EE44000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2122-0x00007FF63EAF0000-0x00007FF63EE44000-memory.dmp

Filesize
3.3MB

Download
memory/2488-117-0x00007FF63EAF0000-0x00007FF63EE44000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2160-0x00007FF61C5E0000-0x00007FF61C934000-memory.dmp

Filesize
3.3MB

Download
memory/2652-164-0x00007FF61C5E0000-0x00007FF61C934000-memory.dmp

Filesize
3.3MB

Download
memory/2660-151-0x00007FF7DB080000-0x00007FF7DB3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-2154-0x00007FF7DB080000-0x00007FF7DB3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-149-0x00007FF7BA420000-0x00007FF7BA774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2149-0x00007FF7BA420000-0x00007FF7BA774000-memory.dmp

Filesize
3.3MB

Download
memory/2824-89-0x00007FF790610000-0x00007FF790964000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2123-0x00007FF790610000-0x00007FF790964000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2137-0x00007FF790610000-0x00007FF790964000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2126-0x00007FF725FA0000-0x00007FF7262F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-22-0x00007FF725FA0000-0x00007FF7262F4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-163-0x00007FF78D5D0000-0x00007FF78D924000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2146-0x00007FF78D5D0000-0x00007FF78D924000-memory.dmp

Filesize
3.3MB

Download
memory/3208-157-0x00007FF707450000-0x00007FF7077A4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2127-0x00007FF707450000-0x00007FF7077A4000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2134-0x00007FF64D180000-0x00007FF64D4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3372-159-0x00007FF64D180000-0x00007FF64D4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2155-0x00007FF670380000-0x00007FF6706D4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2124-0x00007FF670380000-0x00007FF6706D4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-134-0x00007FF670380000-0x00007FF6706D4000-memory.dmp

Filesize
3.3MB

Download
memory/3408-154-0x00007FF76AD80000-0x00007FF76B0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2158-0x00007FF76AD80000-0x00007FF76B0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2161-0x00007FF776250000-0x00007FF7765A4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-152-0x00007FF776250000-0x00007FF7765A4000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2135-0x00007FF705160000-0x00007FF7054B4000-memory.dmp

Filesize
3.3MB

Download
memory/3628-160-0x00007FF705160000-0x00007FF7054B4000-memory.dmp

Filesize
3.3MB

Download
memory/3744-2156-0x00007FF6BC4D0000-0x00007FF6BC824000-memory.dmp

Filesize
3.3MB

Download
memory/3744-155-0x00007FF6BC4D0000-0x00007FF6BC824000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2133-0x00007FF674D70000-0x00007FF6750C4000-memory.dmp

Filesize
3.3MB

Download
memory/3756-54-0x00007FF674D70000-0x00007FF6750C4000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2120-0x00007FF674D70000-0x00007FF6750C4000-memory.dmp

Filesize
3.3MB

Download
memory/3916-158-0x00007FF6FAEF0000-0x00007FF6FB244000-memory.dmp

Filesize
3.3MB

Download
memory/3916-2130-0x00007FF6FAEF0000-0x00007FF6FB244000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2131-0x00007FF6DF800000-0x00007FF6DFB54000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2118-0x00007FF6DF800000-0x00007FF6DFB54000-memory.dmp

Filesize
3.3MB

Download
memory/4140-40-0x00007FF6DF800000-0x00007FF6DFB54000-memory.dmp

Filesize
3.3MB

Download
memory/4372-1-0x0000024EAAFC0000-0x0000024EAAFD0000-memory.dmp

Filesize
64KB

Download
memory/4372-0-0x00007FF7BA2C0000-0x00007FF7BA614000-memory.dmp

Filesize
3.3MB

Download
memory/4536-150-0x00007FF728670000-0x00007FF7289C4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2153-0x00007FF728670000-0x00007FF7289C4000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2147-0x00007FF74A730000-0x00007FF74AA84000-memory.dmp

Filesize
3.3MB

Download
memory/4780-162-0x00007FF74A730000-0x00007FF74AA84000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2128-0x00007FF61CB70000-0x00007FF61CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4920-34-0x00007FF61CB70000-0x00007FF61CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2136-0x00007FF636D50000-0x00007FF6370A4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2121-0x00007FF636D50000-0x00007FF6370A4000-memory.dmp

Filesize
3.3MB

Download
memory/4948-75-0x00007FF636D50000-0x00007FF6370A4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2157-0x00007FF738F80000-0x00007FF7392D4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-153-0x00007FF738F80000-0x00007FF7392D4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2159-0x00007FF6A8EE0000-0x00007FF6A9234000-memory.dmp

Filesize
3.3MB

Download
memory/5036-156-0x00007FF6A8EE0000-0x00007FF6A9234000-memory.dmp

Filesize
3.3MB

Download