xmrig | ef033e193896865d40265c704c814e67a097a90f086c9c2caea85041a42b085d

Analysis

max time kernel
143s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
Size

2.8MB
MD5

5e852cd5a4e3eb42a7d709ad59988c50
SHA1

112bbdb97bb696d5f376dabbdfc16fac7f2ff5d7
SHA256

ef033e193896865d40265c704c814e67a097a90f086c9c2caea85041a42b085d
SHA512

7794470731f9170459af6f5326e0e9b0fbd7893d3bf3f28c832864534fe70dbaf09783b1b6a76fe61432732930b39194be1b86258bb5c16fe12e4f9a1cb57148
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/Rkk:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RY

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/940-0-0x00007FF7F0140000-0x00007FF7F0536000-memory.dmp	xmrig
C:\Windows\System\XmiZwhp.exe	xmrig
C:\Windows\System\bunMLVs.exe	xmrig
C:\Windows\System\IVbkugq.exe	xmrig
behavioral2/memory/4788-78-0x00007FF6D8A10000-0x00007FF6D8E06000-memory.dmp	xmrig
C:\Windows\System\AXYExcc.exe	xmrig
C:\Windows\System\TFWjilp.exe	xmrig
C:\Windows\System\aRDTHLw.exe	xmrig
behavioral2/memory/4856-159-0x00007FF764E40000-0x00007FF765236000-memory.dmp	xmrig
C:\Windows\System\xSXyJSA.exe	xmrig
behavioral2/memory/4376-187-0x00007FF7CC580000-0x00007FF7CC976000-memory.dmp	xmrig
behavioral2/memory/4608-192-0x00007FF7C5F20000-0x00007FF7C6316000-memory.dmp	xmrig
behavioral2/memory/1048-200-0x00007FF6B69F0000-0x00007FF6B6DE6000-memory.dmp	xmrig
behavioral2/memory/2704-201-0x00007FF6F0080000-0x00007FF6F0476000-memory.dmp	xmrig
behavioral2/memory/1556-222-0x00007FF795630000-0x00007FF795A26000-memory.dmp	xmrig
behavioral2/memory/4032-199-0x00007FF797730000-0x00007FF797B26000-memory.dmp	xmrig
behavioral2/memory/3512-197-0x00007FF637300000-0x00007FF6376F6000-memory.dmp	xmrig
behavioral2/memory/4772-196-0x00007FF673560000-0x00007FF673956000-memory.dmp	xmrig
behavioral2/memory/1920-195-0x00007FF743370000-0x00007FF743766000-memory.dmp	xmrig
behavioral2/memory/4148-194-0x00007FF72DBF0000-0x00007FF72DFE6000-memory.dmp	xmrig
behavioral2/memory/3724-193-0x00007FF6768B0000-0x00007FF676CA6000-memory.dmp	xmrig
behavioral2/memory/3324-191-0x00007FF75B9E0000-0x00007FF75BDD6000-memory.dmp	xmrig
behavioral2/memory/4216-190-0x00007FF6FB300000-0x00007FF6FB6F6000-memory.dmp	xmrig
behavioral2/memory/2440-189-0x00007FF6F8F90000-0x00007FF6F9386000-memory.dmp	xmrig
C:\Windows\System\VPWDZpF.exe	xmrig
C:\Windows\System\rqpilOI.exe	xmrig
behavioral2/memory/4872-180-0x00007FF6A66D0000-0x00007FF6A6AC6000-memory.dmp	xmrig
C:\Windows\System\ghGYKWb.exe	xmrig
behavioral2/memory/2520-175-0x00007FF7C48A0000-0x00007FF7C4C96000-memory.dmp	xmrig
C:\Windows\System\VieJoKl.exe	xmrig
C:\Windows\System\uxSOpfb.exe	xmrig
C:\Windows\System\xBIHgNQ.exe	xmrig
C:\Windows\System\hNtBuls.exe	xmrig
C:\Windows\System\FZRnRVt.exe	xmrig
C:\Windows\System\VYEfXWG.exe	xmrig
C:\Windows\System\qUgKBTj.exe	xmrig
C:\Windows\System\NDvAwnJ.exe	xmrig
C:\Windows\System\lTIpkBS.exe	xmrig
behavioral2/memory/1788-135-0x00007FF698040000-0x00007FF698436000-memory.dmp	xmrig
C:\Windows\System\UFQoZDU.exe	xmrig
C:\Windows\System\HCJAWWk.exe	xmrig
C:\Windows\System\InjzHkf.exe	xmrig
behavioral2/memory/3800-116-0x00007FF654AB0000-0x00007FF654EA6000-memory.dmp	xmrig
C:\Windows\System\VIQtZxZ.exe	xmrig
C:\Windows\System\TueRWWA.exe	xmrig
C:\Windows\System\pXGiGpy.exe	xmrig
C:\Windows\System\NYNLrzL.exe	xmrig
C:\Windows\System\MALZfQm.exe	xmrig
behavioral2/memory/4180-62-0x00007FF633030000-0x00007FF633426000-memory.dmp	xmrig
behavioral2/memory/4860-47-0x00007FF6C34E0000-0x00007FF6C38D6000-memory.dmp	xmrig
C:\Windows\System\jxpgEmg.exe	xmrig
C:\Windows\System\vCjTuPT.exe	xmrig
C:\Windows\System\xLQAdFC.exe	xmrig
C:\Windows\System\LCNxijB.exe	xmrig
C:\Windows\System\SaySApp.exe	xmrig
behavioral2/memory/1548-35-0x00007FF71B0F0000-0x00007FF71B4E6000-memory.dmp	xmrig
C:\Windows\System\ZCNnWer.exe	xmrig
behavioral2/memory/4060-14-0x00007FF7DAD20000-0x00007FF7DB116000-memory.dmp	xmrig
behavioral2/memory/4180-2612-0x00007FF633030000-0x00007FF633426000-memory.dmp	xmrig
behavioral2/memory/1548-3874-0x00007FF71B0F0000-0x00007FF71B4E6000-memory.dmp	xmrig
behavioral2/memory/4772-3878-0x00007FF673560000-0x00007FF673956000-memory.dmp	xmrig
behavioral2/memory/4860-3883-0x00007FF6C34E0000-0x00007FF6C38D6000-memory.dmp	xmrig
behavioral2/memory/3800-3880-0x00007FF654AB0000-0x00007FF654EA6000-memory.dmp	xmrig
behavioral2/memory/4788-3873-0x00007FF6D8A10000-0x00007FF6D8E06000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

Processes:

powershell.exe

flow	pid	process
10	4460	powershell.exe
12	4460	powershell.exe
14	4460	powershell.exe
15	4460	powershell.exe
17	4460	powershell.exe
18	4460	powershell.exe
19	4460	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

4460 powershell.exe

pid	process
4460	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

ZCNnWer.exeXmiZwhp.exeSaySApp.exevCjTuPT.exexLQAdFC.exeLCNxijB.exebunMLVs.exejxpgEmg.exeIVbkugq.exeTueRWWA.exeNYNLrzL.exepXGiGpy.exeVIQtZxZ.exeHCJAWWk.exeMALZfQm.exeInjzHkf.exeUFQoZDU.exeAXYExcc.exelTIpkBS.exeNDvAwnJ.exeqUgKBTj.exexBIHgNQ.exeTFWjilp.exeVYEfXWG.exeFZRnRVt.exeghGYKWb.exeVieJoKl.exeaRDTHLw.exexSXyJSA.exerqpilOI.exeVPWDZpF.exehNtBuls.exeuxSOpfb.exeWSsWqEi.exeKBzgcOq.exeuZDKutq.exeaMdIsxk.exeHjcWxUj.execEyscGd.exeiANcKGd.exevaewAqc.exeDHSfOdH.exeOqLPfmw.exeGSkTtFu.exeDYJmgnv.exeNASXnQN.exeppfXBJt.exeuUOufEe.exegaHycHl.exeiDrQkKB.exekaXiEwq.exeaRuNiqG.exeCwsXJib.exexPMKoHl.exejMzRkyw.exeEVkVTqr.exelHpiuEN.exefSgdOnW.exegWHYEsU.exeVHBsYCP.exeLEYdBnF.exehVsXHoq.exexSvNcJp.exeOrHDjBi.exe

pid	process
4060	ZCNnWer.exe
4772	XmiZwhp.exe
1548	SaySApp.exe
4860	vCjTuPT.exe
4180	xLQAdFC.exe
4788	LCNxijB.exe
3512	bunMLVs.exe
3800	jxpgEmg.exe
4032	IVbkugq.exe
1788	TueRWWA.exe
4856	NYNLrzL.exe
2520	pXGiGpy.exe
1048	VIQtZxZ.exe
4872	HCJAWWk.exe
4376	MALZfQm.exe
2704	InjzHkf.exe
2440	UFQoZDU.exe
4216	AXYExcc.exe
3324	lTIpkBS.exe
4608	NDvAwnJ.exe
3724	qUgKBTj.exe
4148	xBIHgNQ.exe
1920	TFWjilp.exe
1556	VYEfXWG.exe
4932	FZRnRVt.exe
1744	ghGYKWb.exe
1952	VieJoKl.exe
4484	aRDTHLw.exe
1244	xSXyJSA.exe
4612	rqpilOI.exe
736	VPWDZpF.exe
1800	hNtBuls.exe
3228	uxSOpfb.exe
1520	WSsWqEi.exe
644	KBzgcOq.exe
760	uZDKutq.exe
3856	aMdIsxk.exe
1524	HjcWxUj.exe
3184	cEyscGd.exe
4684	iANcKGd.exe
2940	vaewAqc.exe
4056	DHSfOdH.exe
4300	OqLPfmw.exe
4616	GSkTtFu.exe
5088	DYJmgnv.exe
4620	NASXnQN.exe
1172	ppfXBJt.exe
1456	uUOufEe.exe
2752	gaHycHl.exe
2452	iDrQkKB.exe
1232	kaXiEwq.exe
1640	aRuNiqG.exe
1144	CwsXJib.exe
2132	xPMKoHl.exe
1220	jMzRkyw.exe
4804	EVkVTqr.exe
4768	lHpiuEN.exe
440	fSgdOnW.exe
2656	gWHYEsU.exe
3172	VHBsYCP.exe
2148	LEYdBnF.exe
2252	hVsXHoq.exe
2384	xSvNcJp.exe
1304	OrHDjBi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/940-0-0x00007FF7F0140000-0x00007FF7F0536000-memory.dmp	upx
C:\Windows\System\XmiZwhp.exe	upx
C:\Windows\System\bunMLVs.exe	upx
C:\Windows\System\IVbkugq.exe	upx
behavioral2/memory/4788-78-0x00007FF6D8A10000-0x00007FF6D8E06000-memory.dmp	upx
C:\Windows\System\AXYExcc.exe	upx
C:\Windows\System\TFWjilp.exe	upx
C:\Windows\System\aRDTHLw.exe	upx
behavioral2/memory/4856-159-0x00007FF764E40000-0x00007FF765236000-memory.dmp	upx
C:\Windows\System\xSXyJSA.exe	upx
behavioral2/memory/4376-187-0x00007FF7CC580000-0x00007FF7CC976000-memory.dmp	upx
behavioral2/memory/4608-192-0x00007FF7C5F20000-0x00007FF7C6316000-memory.dmp	upx
behavioral2/memory/1048-200-0x00007FF6B69F0000-0x00007FF6B6DE6000-memory.dmp	upx
behavioral2/memory/2704-201-0x00007FF6F0080000-0x00007FF6F0476000-memory.dmp	upx
behavioral2/memory/1556-222-0x00007FF795630000-0x00007FF795A26000-memory.dmp	upx
behavioral2/memory/4032-199-0x00007FF797730000-0x00007FF797B26000-memory.dmp	upx
behavioral2/memory/3512-197-0x00007FF637300000-0x00007FF6376F6000-memory.dmp	upx
behavioral2/memory/4772-196-0x00007FF673560000-0x00007FF673956000-memory.dmp	upx
behavioral2/memory/1920-195-0x00007FF743370000-0x00007FF743766000-memory.dmp	upx
behavioral2/memory/4148-194-0x00007FF72DBF0000-0x00007FF72DFE6000-memory.dmp	upx
behavioral2/memory/3724-193-0x00007FF6768B0000-0x00007FF676CA6000-memory.dmp	upx
behavioral2/memory/3324-191-0x00007FF75B9E0000-0x00007FF75BDD6000-memory.dmp	upx
behavioral2/memory/4216-190-0x00007FF6FB300000-0x00007FF6FB6F6000-memory.dmp	upx
behavioral2/memory/2440-189-0x00007FF6F8F90000-0x00007FF6F9386000-memory.dmp	upx
C:\Windows\System\VPWDZpF.exe	upx
C:\Windows\System\rqpilOI.exe	upx
behavioral2/memory/4872-180-0x00007FF6A66D0000-0x00007FF6A6AC6000-memory.dmp	upx
C:\Windows\System\ghGYKWb.exe	upx
behavioral2/memory/2520-175-0x00007FF7C48A0000-0x00007FF7C4C96000-memory.dmp	upx
C:\Windows\System\VieJoKl.exe	upx
C:\Windows\System\uxSOpfb.exe	upx
C:\Windows\System\xBIHgNQ.exe	upx
C:\Windows\System\hNtBuls.exe	upx
C:\Windows\System\FZRnRVt.exe	upx
C:\Windows\System\VYEfXWG.exe	upx
C:\Windows\System\qUgKBTj.exe	upx
C:\Windows\System\NDvAwnJ.exe	upx
C:\Windows\System\lTIpkBS.exe	upx
behavioral2/memory/1788-135-0x00007FF698040000-0x00007FF698436000-memory.dmp	upx
C:\Windows\System\UFQoZDU.exe	upx
C:\Windows\System\HCJAWWk.exe	upx
C:\Windows\System\InjzHkf.exe	upx
behavioral2/memory/3800-116-0x00007FF654AB0000-0x00007FF654EA6000-memory.dmp	upx
C:\Windows\System\VIQtZxZ.exe	upx
C:\Windows\System\TueRWWA.exe	upx
C:\Windows\System\pXGiGpy.exe	upx
C:\Windows\System\NYNLrzL.exe	upx
C:\Windows\System\MALZfQm.exe	upx
behavioral2/memory/4180-62-0x00007FF633030000-0x00007FF633426000-memory.dmp	upx
behavioral2/memory/4860-47-0x00007FF6C34E0000-0x00007FF6C38D6000-memory.dmp	upx
C:\Windows\System\jxpgEmg.exe	upx
C:\Windows\System\vCjTuPT.exe	upx
C:\Windows\System\xLQAdFC.exe	upx
C:\Windows\System\LCNxijB.exe	upx
C:\Windows\System\SaySApp.exe	upx
behavioral2/memory/1548-35-0x00007FF71B0F0000-0x00007FF71B4E6000-memory.dmp	upx
C:\Windows\System\ZCNnWer.exe	upx
behavioral2/memory/4060-14-0x00007FF7DAD20000-0x00007FF7DB116000-memory.dmp	upx
behavioral2/memory/4180-2612-0x00007FF633030000-0x00007FF633426000-memory.dmp	upx
behavioral2/memory/1548-3874-0x00007FF71B0F0000-0x00007FF71B4E6000-memory.dmp	upx
behavioral2/memory/4772-3878-0x00007FF673560000-0x00007FF673956000-memory.dmp	upx
behavioral2/memory/4860-3883-0x00007FF6C34E0000-0x00007FF6C38D6000-memory.dmp	upx
behavioral2/memory/3800-3880-0x00007FF654AB0000-0x00007FF654EA6000-memory.dmp	upx
behavioral2/memory/4788-3873-0x00007FF6D8A10000-0x00007FF6D8E06000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

9 raw.githubusercontent.com
10 raw.githubusercontent.com

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\itwNTTH.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\mvSSOQm.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\bdcRzVI.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\bzYNjhM.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\cheACjH.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\sMHKowU.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\uMlcOYW.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\wPhpZoP.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\JwiFMwh.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\wTRBpni.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\XITXGGc.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\LnAuYXG.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\tDBWSzD.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\SwsdneV.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\WqpqPjI.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\FRMvIcs.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\MJzgrFw.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\ynPkRnb.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\yBwDTtA.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\zFNgUpR.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\FaxJQLJ.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\QbPdQRa.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\gYWXzTO.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\WDjWtNA.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\jkWcAHs.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\DAhPJfO.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\pNnuuQG.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\MNVYrjL.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\mbZmPdB.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\HqJqArk.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\MwdPMVh.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\aKrhAOK.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\hNahJbG.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\jfMrQXe.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\aWCBQgB.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\dvqLeAG.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\RXOVJBl.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\LcwEhRN.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\hsmMWDL.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\oGvicKj.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\ZvqwsxC.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\mNYkzwL.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\epXJctU.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\BLfXcIV.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\AIOCdGZ.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\RzBvVoV.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\aGqxfUr.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\Mpyofde.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\QBQvbRT.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\AsBBYsO.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\CvNwEoV.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\ZKaqiKz.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\iXeXpND.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\GQMpjex.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\GSZjWlG.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\sNUzCCi.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\lgWhieG.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\znAqRlA.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\OBcNCVA.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\QcsMTFz.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\PpXLcFp.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\fpautNf.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\ZBXaOxT.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
File created	C:\Windows\System\aRojJMY.exe	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exedwm.exedwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exedwm.exedwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

dwm.exedwm.exedwm.exedwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

powershell.exe

pid process

4460 powershell.exe
4460 powershell.exe
4460 powershell.exe
4460 powershell.exe

pid	process
4460	powershell.exe
4460	powershell.exe
4460	powershell.exe
4460	powershell.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

Processes:

powershell.exe5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exedwm.exedwm.exedwm.exedwm.exe

description	pid	process
Token: SeDebugPrivilege	4460	powershell.exe
Token: SeLockMemoryPrivilege	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
Token: SeCreateGlobalPrivilege	12632	dwm.exe
Token: SeChangeNotifyPrivilege	12632	dwm.exe
Token: 33	12632	dwm.exe
Token: SeIncBasePriorityPrivilege	12632	dwm.exe
Token: SeCreateGlobalPrivilege	6972	dwm.exe
Token: SeChangeNotifyPrivilege	6972	dwm.exe
Token: 33	6972	dwm.exe
Token: SeIncBasePriorityPrivilege	6972	dwm.exe
Token: SeCreateGlobalPrivilege	3216	dwm.exe
Token: SeChangeNotifyPrivilege	3216	dwm.exe
Token: 33	3216	dwm.exe
Token: SeIncBasePriorityPrivilege	3216	dwm.exe
Token: SeCreateGlobalPrivilege	8772	dwm.exe
Token: SeChangeNotifyPrivilege	8772	dwm.exe
Token: 33	8772	dwm.exe
Token: SeIncBasePriorityPrivilege	8772	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe

description	pid	process	target process
PID 940 wrote to memory of 4460	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	powershell.exe
PID 940 wrote to memory of 4460	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	powershell.exe
PID 940 wrote to memory of 4060	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	ZCNnWer.exe
PID 940 wrote to memory of 4060	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	ZCNnWer.exe
PID 940 wrote to memory of 1548	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	SaySApp.exe
PID 940 wrote to memory of 1548	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	SaySApp.exe
PID 940 wrote to memory of 4772	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	XmiZwhp.exe
PID 940 wrote to memory of 4772	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	XmiZwhp.exe
PID 940 wrote to memory of 4860	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	vCjTuPT.exe
PID 940 wrote to memory of 4860	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	vCjTuPT.exe
PID 940 wrote to memory of 4180	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	xLQAdFC.exe
PID 940 wrote to memory of 4180	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	xLQAdFC.exe
PID 940 wrote to memory of 4788	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	LCNxijB.exe
PID 940 wrote to memory of 4788	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	LCNxijB.exe
PID 940 wrote to memory of 3512	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	bunMLVs.exe
PID 940 wrote to memory of 3512	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	bunMLVs.exe
PID 940 wrote to memory of 3800	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	jxpgEmg.exe
PID 940 wrote to memory of 3800	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	jxpgEmg.exe
PID 940 wrote to memory of 1788	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	TueRWWA.exe
PID 940 wrote to memory of 1788	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	TueRWWA.exe
PID 940 wrote to memory of 4032	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	IVbkugq.exe
PID 940 wrote to memory of 4032	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	IVbkugq.exe
PID 940 wrote to memory of 4856	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	NYNLrzL.exe
PID 940 wrote to memory of 4856	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	NYNLrzL.exe
PID 940 wrote to memory of 2520	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	pXGiGpy.exe
PID 940 wrote to memory of 2520	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	pXGiGpy.exe
PID 940 wrote to memory of 1048	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	VIQtZxZ.exe
PID 940 wrote to memory of 1048	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	VIQtZxZ.exe
PID 940 wrote to memory of 4872	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	HCJAWWk.exe
PID 940 wrote to memory of 4872	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	HCJAWWk.exe
PID 940 wrote to memory of 4376	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	MALZfQm.exe
PID 940 wrote to memory of 4376	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	MALZfQm.exe
PID 940 wrote to memory of 2704	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	InjzHkf.exe
PID 940 wrote to memory of 2704	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	InjzHkf.exe
PID 940 wrote to memory of 2440	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	UFQoZDU.exe
PID 940 wrote to memory of 2440	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	UFQoZDU.exe
PID 940 wrote to memory of 4148	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	xBIHgNQ.exe
PID 940 wrote to memory of 4148	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	xBIHgNQ.exe
PID 940 wrote to memory of 4216	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	AXYExcc.exe
PID 940 wrote to memory of 4216	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	AXYExcc.exe
PID 940 wrote to memory of 3324	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	lTIpkBS.exe
PID 940 wrote to memory of 3324	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	lTIpkBS.exe
PID 940 wrote to memory of 4608	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	NDvAwnJ.exe
PID 940 wrote to memory of 4608	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	NDvAwnJ.exe
PID 940 wrote to memory of 3724	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	qUgKBTj.exe
PID 940 wrote to memory of 3724	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	qUgKBTj.exe
PID 940 wrote to memory of 1920	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	TFWjilp.exe
PID 940 wrote to memory of 1920	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	TFWjilp.exe
PID 940 wrote to memory of 1556	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	VYEfXWG.exe
PID 940 wrote to memory of 1556	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	VYEfXWG.exe
PID 940 wrote to memory of 4932	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	FZRnRVt.exe
PID 940 wrote to memory of 4932	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	FZRnRVt.exe
PID 940 wrote to memory of 1744	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	ghGYKWb.exe
PID 940 wrote to memory of 1744	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	ghGYKWb.exe
PID 940 wrote to memory of 1952	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	VieJoKl.exe
PID 940 wrote to memory of 1952	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	VieJoKl.exe
PID 940 wrote to memory of 4484	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	aRDTHLw.exe
PID 940 wrote to memory of 4484	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	aRDTHLw.exe
PID 940 wrote to memory of 1244	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	xSXyJSA.exe
PID 940 wrote to memory of 1244	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	xSXyJSA.exe
PID 940 wrote to memory of 4612	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	rqpilOI.exe
PID 940 wrote to memory of 4612	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	rqpilOI.exe
PID 940 wrote to memory of 736	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	VPWDZpF.exe
PID 940 wrote to memory of 736	940	5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe	VPWDZpF.exe

C:\Users\Admin\AppData\Local\Temp\5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5e852cd5a4e3eb42a7d709ad59988c50_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:940

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4460

C:\Windows\System\ZCNnWer.exe
C:\Windows\System\ZCNnWer.exe
2⤵
- Executes dropped EXE
PID:4060

C:\Windows\System\SaySApp.exe
C:\Windows\System\SaySApp.exe
2⤵
- Executes dropped EXE
PID:1548

C:\Windows\System\XmiZwhp.exe
C:\Windows\System\XmiZwhp.exe
2⤵
- Executes dropped EXE
PID:4772

C:\Windows\System\vCjTuPT.exe
C:\Windows\System\vCjTuPT.exe
2⤵
- Executes dropped EXE
PID:4860

C:\Windows\System\xLQAdFC.exe
C:\Windows\System\xLQAdFC.exe
2⤵
- Executes dropped EXE
PID:4180

C:\Windows\System\LCNxijB.exe
C:\Windows\System\LCNxijB.exe
2⤵
- Executes dropped EXE
PID:4788

C:\Windows\System\bunMLVs.exe
C:\Windows\System\bunMLVs.exe
2⤵
- Executes dropped EXE
PID:3512

C:\Windows\System\jxpgEmg.exe
C:\Windows\System\jxpgEmg.exe
2⤵
- Executes dropped EXE
PID:3800

C:\Windows\System\TueRWWA.exe
C:\Windows\System\TueRWWA.exe
2⤵
- Executes dropped EXE
PID:1788

C:\Windows\System\IVbkugq.exe
C:\Windows\System\IVbkugq.exe
2⤵
- Executes dropped EXE
PID:4032

C:\Windows\System\NYNLrzL.exe
C:\Windows\System\NYNLrzL.exe
2⤵
- Executes dropped EXE
PID:4856

C:\Windows\System\pXGiGpy.exe
C:\Windows\System\pXGiGpy.exe
2⤵
- Executes dropped EXE
PID:2520

C:\Windows\System\VIQtZxZ.exe
C:\Windows\System\VIQtZxZ.exe
2⤵
- Executes dropped EXE
PID:1048

C:\Windows\System\HCJAWWk.exe
C:\Windows\System\HCJAWWk.exe
2⤵
- Executes dropped EXE
PID:4872

C:\Windows\System\MALZfQm.exe
C:\Windows\System\MALZfQm.exe
2⤵
- Executes dropped EXE
PID:4376

C:\Windows\System\InjzHkf.exe
C:\Windows\System\InjzHkf.exe
2⤵
- Executes dropped EXE
PID:2704

C:\Windows\System\UFQoZDU.exe
C:\Windows\System\UFQoZDU.exe
2⤵
- Executes dropped EXE
PID:2440

C:\Windows\System\xBIHgNQ.exe
C:\Windows\System\xBIHgNQ.exe
2⤵
- Executes dropped EXE
PID:4148

C:\Windows\System\AXYExcc.exe
C:\Windows\System\AXYExcc.exe
2⤵
- Executes dropped EXE
PID:4216

C:\Windows\System\lTIpkBS.exe
C:\Windows\System\lTIpkBS.exe
2⤵
- Executes dropped EXE
PID:3324

C:\Windows\System\NDvAwnJ.exe
C:\Windows\System\NDvAwnJ.exe
2⤵
- Executes dropped EXE
PID:4608

C:\Windows\System\qUgKBTj.exe
C:\Windows\System\qUgKBTj.exe
2⤵
- Executes dropped EXE
PID:3724

C:\Windows\System\TFWjilp.exe
C:\Windows\System\TFWjilp.exe
2⤵
- Executes dropped EXE
PID:1920

C:\Windows\System\VYEfXWG.exe
C:\Windows\System\VYEfXWG.exe
2⤵
- Executes dropped EXE
PID:1556

C:\Windows\System\FZRnRVt.exe
C:\Windows\System\FZRnRVt.exe
2⤵
- Executes dropped EXE
PID:4932

C:\Windows\System\ghGYKWb.exe
C:\Windows\System\ghGYKWb.exe
2⤵
- Executes dropped EXE
PID:1744

C:\Windows\System\VieJoKl.exe
C:\Windows\System\VieJoKl.exe
2⤵
- Executes dropped EXE
PID:1952

C:\Windows\System\aRDTHLw.exe
C:\Windows\System\aRDTHLw.exe
2⤵
- Executes dropped EXE
PID:4484

C:\Windows\System\xSXyJSA.exe
C:\Windows\System\xSXyJSA.exe
2⤵
- Executes dropped EXE
PID:1244

C:\Windows\System\rqpilOI.exe
C:\Windows\System\rqpilOI.exe
2⤵
- Executes dropped EXE
PID:4612

C:\Windows\System\VPWDZpF.exe
C:\Windows\System\VPWDZpF.exe
2⤵
- Executes dropped EXE
PID:736

C:\Windows\System\hNtBuls.exe
C:\Windows\System\hNtBuls.exe
2⤵
- Executes dropped EXE
PID:1800

C:\Windows\System\uxSOpfb.exe
C:\Windows\System\uxSOpfb.exe
2⤵
- Executes dropped EXE
PID:3228

C:\Windows\System\WSsWqEi.exe
C:\Windows\System\WSsWqEi.exe
2⤵
- Executes dropped EXE
PID:1520

C:\Windows\System\KBzgcOq.exe
C:\Windows\System\KBzgcOq.exe
2⤵
- Executes dropped EXE
PID:644

C:\Windows\System\uZDKutq.exe
C:\Windows\System\uZDKutq.exe
2⤵
- Executes dropped EXE
PID:760

C:\Windows\System\aMdIsxk.exe
C:\Windows\System\aMdIsxk.exe
2⤵
- Executes dropped EXE
PID:3856

C:\Windows\System\HjcWxUj.exe
C:\Windows\System\HjcWxUj.exe
2⤵
- Executes dropped EXE
PID:1524

C:\Windows\System\cEyscGd.exe
C:\Windows\System\cEyscGd.exe
2⤵
- Executes dropped EXE
PID:3184

C:\Windows\System\iANcKGd.exe
C:\Windows\System\iANcKGd.exe
2⤵
- Executes dropped EXE
PID:4684

C:\Windows\System\vaewAqc.exe
C:\Windows\System\vaewAqc.exe
2⤵
- Executes dropped EXE
PID:2940

C:\Windows\System\DHSfOdH.exe
C:\Windows\System\DHSfOdH.exe
2⤵
- Executes dropped EXE
PID:4056

C:\Windows\System\OqLPfmw.exe
C:\Windows\System\OqLPfmw.exe
2⤵
- Executes dropped EXE
PID:4300

C:\Windows\System\GSkTtFu.exe
C:\Windows\System\GSkTtFu.exe
2⤵
- Executes dropped EXE
PID:4616

C:\Windows\System\DYJmgnv.exe
C:\Windows\System\DYJmgnv.exe
2⤵
- Executes dropped EXE
PID:5088

C:\Windows\System\NASXnQN.exe
C:\Windows\System\NASXnQN.exe
2⤵
- Executes dropped EXE
PID:4620

C:\Windows\System\ppfXBJt.exe
C:\Windows\System\ppfXBJt.exe
2⤵
- Executes dropped EXE
PID:1172

C:\Windows\System\uUOufEe.exe
C:\Windows\System\uUOufEe.exe
2⤵
- Executes dropped EXE
PID:1456

C:\Windows\System\gaHycHl.exe
C:\Windows\System\gaHycHl.exe
2⤵
- Executes dropped EXE
PID:2752

C:\Windows\System\iDrQkKB.exe
C:\Windows\System\iDrQkKB.exe
2⤵
- Executes dropped EXE
PID:2452

C:\Windows\System\kaXiEwq.exe
C:\Windows\System\kaXiEwq.exe
2⤵
- Executes dropped EXE
PID:1232

C:\Windows\System\aRuNiqG.exe
C:\Windows\System\aRuNiqG.exe
2⤵
- Executes dropped EXE
PID:1640

C:\Windows\System\CwsXJib.exe
C:\Windows\System\CwsXJib.exe
2⤵
- Executes dropped EXE
PID:1144

C:\Windows\System\xPMKoHl.exe
C:\Windows\System\xPMKoHl.exe
2⤵
- Executes dropped EXE
PID:2132

C:\Windows\System\jMzRkyw.exe
C:\Windows\System\jMzRkyw.exe
2⤵
- Executes dropped EXE
PID:1220

C:\Windows\System\EVkVTqr.exe
C:\Windows\System\EVkVTqr.exe
2⤵
- Executes dropped EXE
PID:4804

C:\Windows\System\lHpiuEN.exe
C:\Windows\System\lHpiuEN.exe
2⤵
- Executes dropped EXE
PID:4768

C:\Windows\System\fSgdOnW.exe
C:\Windows\System\fSgdOnW.exe
2⤵
- Executes dropped EXE
PID:440

C:\Windows\System\gWHYEsU.exe
C:\Windows\System\gWHYEsU.exe
2⤵
- Executes dropped EXE
PID:2656

C:\Windows\System\VHBsYCP.exe
C:\Windows\System\VHBsYCP.exe
2⤵
- Executes dropped EXE
PID:3172

C:\Windows\System\LEYdBnF.exe
C:\Windows\System\LEYdBnF.exe
2⤵
- Executes dropped EXE
PID:2148

C:\Windows\System\hVsXHoq.exe
C:\Windows\System\hVsXHoq.exe
2⤵
- Executes dropped EXE
PID:2252

C:\Windows\System\xSvNcJp.exe
C:\Windows\System\xSvNcJp.exe
2⤵
- Executes dropped EXE
PID:2384

C:\Windows\System\OrHDjBi.exe
C:\Windows\System\OrHDjBi.exe
2⤵
- Executes dropped EXE
PID:1304

C:\Windows\System\yeIBWaC.exe
C:\Windows\System\yeIBWaC.exe
2⤵
PID:1236

C:\Windows\System\YEtexGk.exe
C:\Windows\System\YEtexGk.exe
2⤵
PID:4052

C:\Windows\System\mmWYwBA.exe
C:\Windows\System\mmWYwBA.exe
2⤵
PID:1752

C:\Windows\System\qliCRob.exe
C:\Windows\System\qliCRob.exe
2⤵
PID:4536

C:\Windows\System\YCIzPZP.exe
C:\Windows\System\YCIzPZP.exe
2⤵
PID:2408

C:\Windows\System\vtPTRoS.exe
C:\Windows\System\vtPTRoS.exe
2⤵
PID:620

C:\Windows\System\iXQDOfA.exe
C:\Windows\System\iXQDOfA.exe
2⤵
PID:4116

C:\Windows\System\xWyXnop.exe
C:\Windows\System\xWyXnop.exe
2⤵
PID:4572

C:\Windows\System\OwDcpFg.exe
C:\Windows\System\OwDcpFg.exe
2⤵
PID:3132

C:\Windows\System\SIsMXmN.exe
C:\Windows\System\SIsMXmN.exe
2⤵
PID:2684

C:\Windows\System\zIeEPWd.exe
C:\Windows\System\zIeEPWd.exe
2⤵
PID:2324

C:\Windows\System\OyVQMpn.exe
C:\Windows\System\OyVQMpn.exe
2⤵
PID:4976

C:\Windows\System\zRgFKsp.exe
C:\Windows\System\zRgFKsp.exe
2⤵
PID:5016

C:\Windows\System\HJtGDMx.exe
C:\Windows\System\HJtGDMx.exe
2⤵
PID:1628

C:\Windows\System\MVIUXWd.exe
C:\Windows\System\MVIUXWd.exe
2⤵
PID:4344

C:\Windows\System\TdnmYMK.exe
C:\Windows\System\TdnmYMK.exe
2⤵
PID:648

C:\Windows\System\ZEsrzDX.exe
C:\Windows\System\ZEsrzDX.exe
2⤵
PID:1976

C:\Windows\System\zWLdKsR.exe
C:\Windows\System\zWLdKsR.exe
2⤵
PID:856

C:\Windows\System\EcZTURG.exe
C:\Windows\System\EcZTURG.exe
2⤵
PID:436

C:\Windows\System\zDtvnXf.exe
C:\Windows\System\zDtvnXf.exe
2⤵
PID:3808

C:\Windows\System\TwNhzdm.exe
C:\Windows\System\TwNhzdm.exe
2⤵
PID:4272

C:\Windows\System\Wmfhffs.exe
C:\Windows\System\Wmfhffs.exe
2⤵
PID:4372

C:\Windows\System\XdJRleO.exe
C:\Windows\System\XdJRleO.exe
2⤵
PID:2660

C:\Windows\System\CkIZPgx.exe
C:\Windows\System\CkIZPgx.exe
2⤵
PID:5128

C:\Windows\System\VnUFwTG.exe
C:\Windows\System\VnUFwTG.exe
2⤵
PID:5168

C:\Windows\System\iEXWGxB.exe
C:\Windows\System\iEXWGxB.exe
2⤵
PID:5192

C:\Windows\System\DyTZWuS.exe
C:\Windows\System\DyTZWuS.exe
2⤵
PID:5208

C:\Windows\System\UfwjAAV.exe
C:\Windows\System\UfwjAAV.exe
2⤵
PID:5248

C:\Windows\System\BTuEHUd.exe
C:\Windows\System\BTuEHUd.exe
2⤵
PID:5276

C:\Windows\System\ulOTCYh.exe
C:\Windows\System\ulOTCYh.exe
2⤵
PID:5332

C:\Windows\System\lCALFWn.exe
C:\Windows\System\lCALFWn.exe
2⤵
PID:5384

C:\Windows\System\ZSXlfjo.exe
C:\Windows\System\ZSXlfjo.exe
2⤵
PID:5412

C:\Windows\System\ydhdtvn.exe
C:\Windows\System\ydhdtvn.exe
2⤵
PID:5440

C:\Windows\System\dbgEohj.exe
C:\Windows\System\dbgEohj.exe
2⤵
PID:5468

C:\Windows\System\RpkZtiK.exe
C:\Windows\System\RpkZtiK.exe
2⤵
PID:5508

C:\Windows\System\dPMuRaK.exe
C:\Windows\System\dPMuRaK.exe
2⤵
PID:5540

C:\Windows\System\AJrrCbw.exe
C:\Windows\System\AJrrCbw.exe
2⤵
PID:5568

C:\Windows\System\uFOcEtQ.exe
C:\Windows\System\uFOcEtQ.exe
2⤵
PID:5584

C:\Windows\System\wGxypFQ.exe
C:\Windows\System\wGxypFQ.exe
2⤵
PID:5632

C:\Windows\System\gNPtKtM.exe
C:\Windows\System\gNPtKtM.exe
2⤵
PID:5660

C:\Windows\System\yxwqhiI.exe
C:\Windows\System\yxwqhiI.exe
2⤵
PID:5692

C:\Windows\System\nwFrCzy.exe
C:\Windows\System\nwFrCzy.exe
2⤵
PID:5744

C:\Windows\System\eoOIKQa.exe
C:\Windows\System\eoOIKQa.exe
2⤵
PID:5780

C:\Windows\System\EiNsIbR.exe
C:\Windows\System\EiNsIbR.exe
2⤵
PID:5804

C:\Windows\System\BFpcabI.exe
C:\Windows\System\BFpcabI.exe
2⤵
PID:5840

C:\Windows\System\SpgsyYV.exe
C:\Windows\System\SpgsyYV.exe
2⤵
PID:5864

C:\Windows\System\ztrvpXR.exe
C:\Windows\System\ztrvpXR.exe
2⤵
PID:5896

C:\Windows\System\OBQUWXM.exe
C:\Windows\System\OBQUWXM.exe
2⤵
PID:5912

C:\Windows\System\EQHDSmg.exe
C:\Windows\System\EQHDSmg.exe
2⤵
PID:5952

C:\Windows\System\nECZbHX.exe
C:\Windows\System\nECZbHX.exe
2⤵
PID:5984

C:\Windows\System\dzQPAKZ.exe
C:\Windows\System\dzQPAKZ.exe
2⤵
PID:6020

C:\Windows\System\foehZYU.exe
C:\Windows\System\foehZYU.exe
2⤵
PID:6044

C:\Windows\System\metousc.exe
C:\Windows\System\metousc.exe
2⤵
PID:6080

C:\Windows\System\wsjmWTW.exe
C:\Windows\System\wsjmWTW.exe
2⤵
PID:6108

C:\Windows\System\RNzepNb.exe
C:\Windows\System\RNzepNb.exe
2⤵
PID:6124

C:\Windows\System\xMZBMQE.exe
C:\Windows\System\xMZBMQE.exe
2⤵
PID:5160

C:\Windows\System\zexHfkp.exe
C:\Windows\System\zexHfkp.exe
2⤵
PID:5204

C:\Windows\System\zTYYFNE.exe
C:\Windows\System\zTYYFNE.exe
2⤵
PID:5260

C:\Windows\System\dQfMFbB.exe
C:\Windows\System\dQfMFbB.exe
2⤵
PID:5380

C:\Windows\System\ouwocpH.exe
C:\Windows\System\ouwocpH.exe
2⤵
PID:5456

C:\Windows\System\UBYWEeI.exe
C:\Windows\System\UBYWEeI.exe
2⤵
PID:2476

C:\Windows\System\wJXrScm.exe
C:\Windows\System\wJXrScm.exe
2⤵
PID:5296

C:\Windows\System\QApHPdQ.exe
C:\Windows\System\QApHPdQ.exe
2⤵
PID:5556

C:\Windows\System\VpAbnqW.exe
C:\Windows\System\VpAbnqW.exe
2⤵
PID:5656

C:\Windows\System\ZkiBleu.exe
C:\Windows\System\ZkiBleu.exe
2⤵
PID:5768

C:\Windows\System\XlaKLTi.exe
C:\Windows\System\XlaKLTi.exe
2⤵
PID:5816

C:\Windows\System\SWTnqmF.exe
C:\Windows\System\SWTnqmF.exe
2⤵
PID:5860

C:\Windows\System\YOTkoBM.exe
C:\Windows\System\YOTkoBM.exe
2⤵
PID:5960

C:\Windows\System\UVIXELi.exe
C:\Windows\System\UVIXELi.exe
2⤵
PID:6012

C:\Windows\System\MGhjEYs.exe
C:\Windows\System\MGhjEYs.exe
2⤵
PID:6068

C:\Windows\System\saptdAF.exe
C:\Windows\System\saptdAF.exe
2⤵
PID:4508

C:\Windows\System\vHkjjLR.exe
C:\Windows\System\vHkjjLR.exe
2⤵
PID:6140

C:\Windows\System\DkXKzPW.exe
C:\Windows\System\DkXKzPW.exe
2⤵
PID:5408

C:\Windows\System\osCUebY.exe
C:\Windows\System\osCUebY.exe
2⤵
PID:5552

C:\Windows\System\SoMpYki.exe
C:\Windows\System\SoMpYki.exe
2⤵
PID:5752

C:\Windows\System\VKEImup.exe
C:\Windows\System\VKEImup.exe
2⤵
PID:5848

C:\Windows\System\VHkViRA.exe
C:\Windows\System\VHkViRA.exe
2⤵
PID:5924

C:\Windows\System\SnMXMWw.exe
C:\Windows\System\SnMXMWw.exe
2⤵
PID:6008

C:\Windows\System\BYdJwHq.exe
C:\Windows\System\BYdJwHq.exe
2⤵
PID:6096

C:\Windows\System\trMNKdh.exe
C:\Windows\System\trMNKdh.exe
2⤵
PID:5272

C:\Windows\System\IcfhmqG.exe
C:\Windows\System\IcfhmqG.exe
2⤵
PID:5908

C:\Windows\System\MOGnyeh.exe
C:\Windows\System\MOGnyeh.exe
2⤵
PID:6120

C:\Windows\System\pZsrKvb.exe
C:\Windows\System\pZsrKvb.exe
2⤵
PID:1512

C:\Windows\System\jMBZDNt.exe
C:\Windows\System\jMBZDNt.exe
2⤵
PID:6176

C:\Windows\System\ZcgWQVn.exe
C:\Windows\System\ZcgWQVn.exe
2⤵
PID:6204

C:\Windows\System\ENqPlet.exe
C:\Windows\System\ENqPlet.exe
2⤵
PID:6240

C:\Windows\System\KrTpgPH.exe
C:\Windows\System\KrTpgPH.exe
2⤵
PID:6264

C:\Windows\System\irZOlfn.exe
C:\Windows\System\irZOlfn.exe
2⤵
PID:6292

C:\Windows\System\bKuVTiI.exe
C:\Windows\System\bKuVTiI.exe
2⤵
PID:6308

C:\Windows\System\kHNeDWD.exe
C:\Windows\System\kHNeDWD.exe
2⤵
PID:6332

C:\Windows\System\JxJJmTC.exe
C:\Windows\System\JxJJmTC.exe
2⤵
PID:6376

C:\Windows\System\pjNzmMf.exe
C:\Windows\System\pjNzmMf.exe
2⤵
PID:6404

C:\Windows\System\OPWusMG.exe
C:\Windows\System\OPWusMG.exe
2⤵
PID:6420

C:\Windows\System\CqjmvRw.exe
C:\Windows\System\CqjmvRw.exe
2⤵
PID:6468

C:\Windows\System\rjFKsSL.exe
C:\Windows\System\rjFKsSL.exe
2⤵
PID:6488

C:\Windows\System\hKuBqXT.exe
C:\Windows\System\hKuBqXT.exe
2⤵
PID:6516

C:\Windows\System\ziaSMPE.exe
C:\Windows\System\ziaSMPE.exe
2⤵
PID:6532

C:\Windows\System\ckdabMn.exe
C:\Windows\System\ckdabMn.exe
2⤵
PID:6580

C:\Windows\System\ddlrfwp.exe
C:\Windows\System\ddlrfwp.exe
2⤵
PID:6600

C:\Windows\System\KXZlseA.exe
C:\Windows\System\KXZlseA.exe
2⤵
PID:6628

C:\Windows\System\KRHUtEE.exe
C:\Windows\System\KRHUtEE.exe
2⤵
PID:6664

C:\Windows\System\yooenpb.exe
C:\Windows\System\yooenpb.exe
2⤵
PID:6692

C:\Windows\System\CCzzmIT.exe
C:\Windows\System\CCzzmIT.exe
2⤵
PID:6736

C:\Windows\System\txNjfKi.exe
C:\Windows\System\txNjfKi.exe
2⤵
PID:6776

C:\Windows\System\IyOMhfo.exe
C:\Windows\System\IyOMhfo.exe
2⤵
PID:6796

C:\Windows\System\sWuPwaE.exe
C:\Windows\System\sWuPwaE.exe
2⤵
PID:6828

C:\Windows\System\WVHhHMX.exe
C:\Windows\System\WVHhHMX.exe
2⤵
PID:6856

C:\Windows\System\YTuUsOW.exe
C:\Windows\System\YTuUsOW.exe
2⤵
PID:6904

C:\Windows\System\nSyLylN.exe
C:\Windows\System\nSyLylN.exe
2⤵
PID:6924

C:\Windows\System\ibQwZbS.exe
C:\Windows\System\ibQwZbS.exe
2⤵
PID:6960

C:\Windows\System\YuHKqEy.exe
C:\Windows\System\YuHKqEy.exe
2⤵
PID:6984

C:\Windows\System\vdvnQnH.exe
C:\Windows\System\vdvnQnH.exe
2⤵
PID:7012

C:\Windows\System\uTFuJVI.exe
C:\Windows\System\uTFuJVI.exe
2⤵
PID:7028

C:\Windows\System\hjXpUNB.exe
C:\Windows\System\hjXpUNB.exe
2⤵
PID:7076

C:\Windows\System\pPzRqdI.exe
C:\Windows\System\pPzRqdI.exe
2⤵
PID:7100

C:\Windows\System\WESvxOP.exe
C:\Windows\System\WESvxOP.exe
2⤵
PID:7136

C:\Windows\System\KRTWezc.exe
C:\Windows\System\KRTWezc.exe
2⤵
PID:7164

C:\Windows\System\yFKtoKg.exe
C:\Windows\System\yFKtoKg.exe
2⤵
PID:632

C:\Windows\System\sQbOOsD.exe
C:\Windows\System\sQbOOsD.exe
2⤵
PID:6188

C:\Windows\System\acrNzwr.exe
C:\Windows\System\acrNzwr.exe
2⤵
PID:6256

C:\Windows\System\uXpfkcF.exe
C:\Windows\System\uXpfkcF.exe
2⤵
PID:6288

C:\Windows\System\zYInxQl.exe
C:\Windows\System\zYInxQl.exe
2⤵
PID:6400

C:\Windows\System\hRnYtrN.exe
C:\Windows\System\hRnYtrN.exe
2⤵
PID:6452

C:\Windows\System\CirPrPk.exe
C:\Windows\System\CirPrPk.exe
2⤵
PID:6524

C:\Windows\System\tJcDmTq.exe
C:\Windows\System\tJcDmTq.exe
2⤵
PID:6588

C:\Windows\System\mLSJprs.exe
C:\Windows\System\mLSJprs.exe
2⤵
PID:6640

C:\Windows\System\pEZzrRh.exe
C:\Windows\System\pEZzrRh.exe
2⤵
PID:6720

C:\Windows\System\THCHhJY.exe
C:\Windows\System\THCHhJY.exe
2⤵
PID:6820

C:\Windows\System\OIXIVGE.exe
C:\Windows\System\OIXIVGE.exe
2⤵
PID:6836

C:\Windows\System\GhLDATT.exe
C:\Windows\System\GhLDATT.exe
2⤵
PID:6948

C:\Windows\System\qiNwChV.exe
C:\Windows\System\qiNwChV.exe
2⤵
PID:7020

C:\Windows\System\rUPsfti.exe
C:\Windows\System\rUPsfti.exe
2⤵
PID:7084

C:\Windows\System\gXCsyyN.exe
C:\Windows\System\gXCsyyN.exe
2⤵
PID:7092

C:\Windows\System\MYeGrkb.exe
C:\Windows\System\MYeGrkb.exe
2⤵
PID:7144

C:\Windows\System\vSUNtxT.exe
C:\Windows\System\vSUNtxT.exe
2⤵
PID:6160

C:\Windows\System\kXLHqhZ.exe
C:\Windows\System\kXLHqhZ.exe
2⤵
PID:6412

C:\Windows\System\GSyTCFd.exe
C:\Windows\System\GSyTCFd.exe
2⤵
PID:6508

C:\Windows\System\mqRhDMq.exe
C:\Windows\System\mqRhDMq.exe
2⤵
PID:6672

C:\Windows\System\EXXqEqz.exe
C:\Windows\System\EXXqEqz.exe
2⤵
PID:6760

C:\Windows\System\WESwzWk.exe
C:\Windows\System\WESwzWk.exe
2⤵
PID:6920

C:\Windows\System\jkyqffu.exe
C:\Windows\System\jkyqffu.exe
2⤵
PID:4380

C:\Windows\System\jaqDFXr.exe
C:\Windows\System\jaqDFXr.exe
2⤵
PID:6500

C:\Windows\System\MwMlokz.exe
C:\Windows\System\MwMlokz.exe
2⤵
PID:6892

C:\Windows\System\wBicrVm.exe
C:\Windows\System\wBicrVm.exe
2⤵
PID:7112

C:\Windows\System\umtqcYP.exe
C:\Windows\System\umtqcYP.exe
2⤵
PID:7204

C:\Windows\System\mBDqoEU.exe
C:\Windows\System\mBDqoEU.exe
2⤵
PID:7236

C:\Windows\System\WuHnlfI.exe
C:\Windows\System\WuHnlfI.exe
2⤵
PID:7264

C:\Windows\System\SbRArLd.exe
C:\Windows\System\SbRArLd.exe
2⤵
PID:7308

C:\Windows\System\jEsIbjS.exe
C:\Windows\System\jEsIbjS.exe
2⤵
PID:7340

C:\Windows\System\QhjDTRX.exe
C:\Windows\System\QhjDTRX.exe
2⤵
PID:7356

C:\Windows\System\PjsATYK.exe
C:\Windows\System\PjsATYK.exe
2⤵
PID:7404

C:\Windows\System\zijJlkc.exe
C:\Windows\System\zijJlkc.exe
2⤵
PID:7448

C:\Windows\System\orHlGzz.exe
C:\Windows\System\orHlGzz.exe
2⤵
PID:7476

C:\Windows\System\SSISjcn.exe
C:\Windows\System\SSISjcn.exe
2⤵
PID:7496

C:\Windows\System\IMpxVeJ.exe
C:\Windows\System\IMpxVeJ.exe
2⤵
PID:7536

C:\Windows\System\kQtVsVz.exe
C:\Windows\System\kQtVsVz.exe
2⤵
PID:7596

C:\Windows\System\DzjeHiK.exe
C:\Windows\System\DzjeHiK.exe
2⤵
PID:7640

C:\Windows\System\wZzIUDM.exe
C:\Windows\System\wZzIUDM.exe
2⤵
PID:7668

C:\Windows\System\PqtkgaU.exe
C:\Windows\System\PqtkgaU.exe
2⤵
PID:7696

C:\Windows\System\iqyeAdt.exe
C:\Windows\System\iqyeAdt.exe
2⤵
PID:7724

C:\Windows\System\Psfegjm.exe
C:\Windows\System\Psfegjm.exe
2⤵
PID:7752

C:\Windows\System\XVrVtsF.exe
C:\Windows\System\XVrVtsF.exe
2⤵
PID:7788

C:\Windows\System\pgghsYX.exe
C:\Windows\System\pgghsYX.exe
2⤵
PID:7820

C:\Windows\System\ckJHXnv.exe
C:\Windows\System\ckJHXnv.exe
2⤵
PID:7840

C:\Windows\System\MxnBmuG.exe
C:\Windows\System\MxnBmuG.exe
2⤵
PID:7868

C:\Windows\System\xFwaaFf.exe
C:\Windows\System\xFwaaFf.exe
2⤵
PID:7904

C:\Windows\System\aXYncqE.exe
C:\Windows\System\aXYncqE.exe
2⤵
PID:7944

C:\Windows\System\XhpaHQr.exe
C:\Windows\System\XhpaHQr.exe
2⤵
PID:7972

C:\Windows\System\ARHTuah.exe
C:\Windows\System\ARHTuah.exe
2⤵
PID:8008

C:\Windows\System\YifEoma.exe
C:\Windows\System\YifEoma.exe
2⤵
PID:8032

C:\Windows\System\fGAHCuH.exe
C:\Windows\System\fGAHCuH.exe
2⤵
PID:8064

C:\Windows\System\bBybkUk.exe
C:\Windows\System\bBybkUk.exe
2⤵
PID:8088

C:\Windows\System\xbhqVvM.exe
C:\Windows\System\xbhqVvM.exe
2⤵
PID:8116

C:\Windows\System\cjIntuw.exe
C:\Windows\System\cjIntuw.exe
2⤵
PID:8144

C:\Windows\System\KNmPmRh.exe
C:\Windows\System\KNmPmRh.exe
2⤵
PID:8172

C:\Windows\System\ENoHAZw.exe
C:\Windows\System\ENoHAZw.exe
2⤵
PID:6744

C:\Windows\System\vYWYYDK.exe
C:\Windows\System\vYWYYDK.exe
2⤵
PID:7224

C:\Windows\System\TzwjXoV.exe
C:\Windows\System\TzwjXoV.exe
2⤵
PID:7288

C:\Windows\System\OkzwLWK.exe
C:\Windows\System\OkzwLWK.exe
2⤵
PID:7352

C:\Windows\System\bdFImnT.exe
C:\Windows\System\bdFImnT.exe
2⤵
PID:7444

C:\Windows\System\uTJEQvD.exe
C:\Windows\System\uTJEQvD.exe
2⤵
PID:7544

C:\Windows\System\pBPPmFP.exe
C:\Windows\System\pBPPmFP.exe
2⤵
PID:7652

C:\Windows\System\eRNkjHs.exe
C:\Windows\System\eRNkjHs.exe
2⤵
PID:7764

C:\Windows\System\eKuqUiO.exe
C:\Windows\System\eKuqUiO.exe
2⤵
PID:7828

C:\Windows\System\MgICtwf.exe
C:\Windows\System\MgICtwf.exe
2⤵
PID:7888

C:\Windows\System\rlucseN.exe
C:\Windows\System\rlucseN.exe
2⤵
PID:7936

C:\Windows\System\GaNNyJM.exe
C:\Windows\System\GaNNyJM.exe
2⤵
PID:8044

C:\Windows\System\SsccnBB.exe
C:\Windows\System\SsccnBB.exe
2⤵
PID:8112

C:\Windows\System\CkeQWxU.exe
C:\Windows\System\CkeQWxU.exe
2⤵
PID:2028

C:\Windows\System\NvrnVme.exe
C:\Windows\System\NvrnVme.exe
2⤵
PID:7216

C:\Windows\System\wGVqmNG.exe
C:\Windows\System\wGVqmNG.exe
2⤵
PID:7432

C:\Windows\System\SdgYSqW.exe
C:\Windows\System\SdgYSqW.exe
2⤵
PID:7608

C:\Windows\System\JGfWhpq.exe
C:\Windows\System\JGfWhpq.exe
2⤵
PID:7812

C:\Windows\System\RWitTgE.exe
C:\Windows\System\RWitTgE.exe
2⤵
PID:7860

C:\Windows\System\iBxoshZ.exe
C:\Windows\System\iBxoshZ.exe
2⤵
PID:3464

C:\Windows\System\FUPjGmp.exe
C:\Windows\System\FUPjGmp.exe
2⤵
PID:7472

C:\Windows\System\lRtVjvX.exe
C:\Windows\System\lRtVjvX.exe
2⤵
PID:7636

C:\Windows\System\GwWXLws.exe
C:\Windows\System\GwWXLws.exe
2⤵
PID:8028

C:\Windows\System\wAqYslL.exe
C:\Windows\System\wAqYslL.exe
2⤵
PID:7784

C:\Windows\System\aTzEfsb.exe
C:\Windows\System\aTzEfsb.exe
2⤵
PID:8196

C:\Windows\System\fVJmRyJ.exe
C:\Windows\System\fVJmRyJ.exe
2⤵
PID:8224

C:\Windows\System\ddRGbsv.exe
C:\Windows\System\ddRGbsv.exe
2⤵
PID:8252

C:\Windows\System\HOrsyyj.exe
C:\Windows\System\HOrsyyj.exe
2⤵
PID:8280

C:\Windows\System\RfgOhmQ.exe
C:\Windows\System\RfgOhmQ.exe
2⤵
PID:8312

C:\Windows\System\JglMrzX.exe
C:\Windows\System\JglMrzX.exe
2⤵
PID:8340

C:\Windows\System\mDvNvYM.exe
C:\Windows\System\mDvNvYM.exe
2⤵
PID:8368

C:\Windows\System\eOHYRhW.exe
C:\Windows\System\eOHYRhW.exe
2⤵
PID:8396

C:\Windows\System\mnBlqKf.exe
C:\Windows\System\mnBlqKf.exe
2⤵
PID:8424

C:\Windows\System\dGGdbOp.exe
C:\Windows\System\dGGdbOp.exe
2⤵
PID:8452

C:\Windows\System\YUdyEZW.exe
C:\Windows\System\YUdyEZW.exe
2⤵
PID:8480

C:\Windows\System\uqMIjJD.exe
C:\Windows\System\uqMIjJD.exe
2⤵
PID:8508

C:\Windows\System\uvLjwfR.exe
C:\Windows\System\uvLjwfR.exe
2⤵
PID:8536

C:\Windows\System\ZsOWcCJ.exe
C:\Windows\System\ZsOWcCJ.exe
2⤵
PID:8564

C:\Windows\System\nEkepAX.exe
C:\Windows\System\nEkepAX.exe
2⤵
PID:8580

C:\Windows\System\yloaDwO.exe
C:\Windows\System\yloaDwO.exe
2⤵
PID:8608

C:\Windows\System\UBPUsOV.exe
C:\Windows\System\UBPUsOV.exe
2⤵
PID:8648

C:\Windows\System\mKzOlFo.exe
C:\Windows\System\mKzOlFo.exe
2⤵
PID:8676

C:\Windows\System\lZBKBUz.exe
C:\Windows\System\lZBKBUz.exe
2⤵
PID:8692

C:\Windows\System\avtPNLU.exe
C:\Windows\System\avtPNLU.exe
2⤵
PID:8732

C:\Windows\System\dTwVGob.exe
C:\Windows\System\dTwVGob.exe
2⤵
PID:8760

C:\Windows\System\gmJRcll.exe
C:\Windows\System\gmJRcll.exe
2⤵
PID:8788

C:\Windows\System\IhiVWnN.exe
C:\Windows\System\IhiVWnN.exe
2⤵
PID:8816

C:\Windows\System\hvFsPZW.exe
C:\Windows\System\hvFsPZW.exe
2⤵
PID:8844

C:\Windows\System\XFITzIP.exe
C:\Windows\System\XFITzIP.exe
2⤵
PID:8872

C:\Windows\System\OsDRQSF.exe
C:\Windows\System\OsDRQSF.exe
2⤵
PID:8900

C:\Windows\System\Shyptez.exe
C:\Windows\System\Shyptez.exe
2⤵
PID:8940

C:\Windows\System\oDsJAVc.exe
C:\Windows\System\oDsJAVc.exe
2⤵
PID:8956

C:\Windows\System\piMTWyD.exe
C:\Windows\System\piMTWyD.exe
2⤵
PID:8984

C:\Windows\System\OdpmmpY.exe
C:\Windows\System\OdpmmpY.exe
2⤵
PID:9012

C:\Windows\System\mUoNlFz.exe
C:\Windows\System\mUoNlFz.exe
2⤵
PID:9040

C:\Windows\System\JKwJtsm.exe
C:\Windows\System\JKwJtsm.exe
2⤵
PID:9068

C:\Windows\System\hguxhAT.exe
C:\Windows\System\hguxhAT.exe
2⤵
PID:9096

C:\Windows\System\GZvOrms.exe
C:\Windows\System\GZvOrms.exe
2⤵
PID:9124

C:\Windows\System\UieWfVe.exe
C:\Windows\System\UieWfVe.exe
2⤵
PID:9140

C:\Windows\System\IrLePtu.exe
C:\Windows\System\IrLePtu.exe
2⤵
PID:9180

C:\Windows\System\jlkUstC.exe
C:\Windows\System\jlkUstC.exe
2⤵
PID:9208

C:\Windows\System\fbYWpsv.exe
C:\Windows\System\fbYWpsv.exe
2⤵
PID:8236

C:\Windows\System\UJXAARL.exe
C:\Windows\System\UJXAARL.exe
2⤵
PID:8264

C:\Windows\System\nahXjVg.exe
C:\Windows\System\nahXjVg.exe
2⤵
PID:8360

C:\Windows\System\gMqcqxE.exe
C:\Windows\System\gMqcqxE.exe
2⤵
PID:8420

C:\Windows\System\mvjFndU.exe
C:\Windows\System\mvjFndU.exe
2⤵
PID:8492

C:\Windows\System\aiyJQCt.exe
C:\Windows\System\aiyJQCt.exe
2⤵
PID:8552

C:\Windows\System\zjovBdL.exe
C:\Windows\System\zjovBdL.exe
2⤵
PID:8620

C:\Windows\System\fwDIGcQ.exe
C:\Windows\System\fwDIGcQ.exe
2⤵
PID:8668

C:\Windows\System\jUVHcZV.exe
C:\Windows\System\jUVHcZV.exe
2⤵
PID:8752

C:\Windows\System\CSjoJnX.exe
C:\Windows\System\CSjoJnX.exe
2⤵
PID:8812

C:\Windows\System\TnbhFJy.exe
C:\Windows\System\TnbhFJy.exe
2⤵
PID:8892

C:\Windows\System\YNmnwZE.exe
C:\Windows\System\YNmnwZE.exe
2⤵
PID:8952

C:\Windows\System\LABvCTa.exe
C:\Windows\System\LABvCTa.exe
2⤵
PID:9008

C:\Windows\System\YVRBxwB.exe
C:\Windows\System\YVRBxwB.exe
2⤵
PID:9084

C:\Windows\System\GPojydK.exe
C:\Windows\System\GPojydK.exe
2⤵
PID:9152

C:\Windows\System\EwxIHaV.exe
C:\Windows\System\EwxIHaV.exe
2⤵
PID:7276

C:\Windows\System\HwxOphw.exe
C:\Windows\System\HwxOphw.exe
2⤵
PID:8324

C:\Windows\System\eQjDYhe.exe
C:\Windows\System\eQjDYhe.exe
2⤵
PID:8476

C:\Windows\System\hZMTeop.exe
C:\Windows\System\hZMTeop.exe
2⤵
PID:8604

C:\Windows\System\ZucysAP.exe
C:\Windows\System\ZucysAP.exe
2⤵
PID:8784

C:\Windows\System\yNbOgMS.exe
C:\Windows\System\yNbOgMS.exe
2⤵
PID:8948

C:\Windows\System\ciOXUnT.exe
C:\Windows\System\ciOXUnT.exe
2⤵
PID:9200

C:\Windows\System\RMFuoHT.exe
C:\Windows\System\RMFuoHT.exe
2⤵
PID:8292

C:\Windows\System\pWKAVBq.exe
C:\Windows\System\pWKAVBq.exe
2⤵
PID:8728

C:\Windows\System\dGKTFZs.exe
C:\Windows\System\dGKTFZs.exe
2⤵
PID:8244

C:\Windows\System\iJFDCXN.exe
C:\Windows\System\iJFDCXN.exe
2⤵
PID:9224

C:\Windows\System\sgoivJX.exe
C:\Windows\System\sgoivJX.exe
2⤵
PID:9252

C:\Windows\System\IKNpqAd.exe
C:\Windows\System\IKNpqAd.exe
2⤵
PID:9288

C:\Windows\System\eiWQkMW.exe
C:\Windows\System\eiWQkMW.exe
2⤵
PID:9320

C:\Windows\System\zfuAgJD.exe
C:\Windows\System\zfuAgJD.exe
2⤵
PID:9336

C:\Windows\System\tUcvfwx.exe
C:\Windows\System\tUcvfwx.exe
2⤵
PID:9364

C:\Windows\System\vgUaDFq.exe
C:\Windows\System\vgUaDFq.exe
2⤵
PID:9404

C:\Windows\System\DkBOwwf.exe
C:\Windows\System\DkBOwwf.exe
2⤵
PID:9420

C:\Windows\System\LJTNNRy.exe
C:\Windows\System\LJTNNRy.exe
2⤵
PID:9448

C:\Windows\System\VykxGBe.exe
C:\Windows\System\VykxGBe.exe
2⤵
PID:9476

C:\Windows\System\VgtZvkD.exe
C:\Windows\System\VgtZvkD.exe
2⤵
PID:9508

C:\Windows\System\bjSPKIQ.exe
C:\Windows\System\bjSPKIQ.exe
2⤵
PID:9532

C:\Windows\System\DbkXbHT.exe
C:\Windows\System\DbkXbHT.exe
2⤵
PID:9560

C:\Windows\System\ftRCDpd.exe
C:\Windows\System\ftRCDpd.exe
2⤵
PID:9596

C:\Windows\System\lpEwMkX.exe
C:\Windows\System\lpEwMkX.exe
2⤵
PID:9620

C:\Windows\System\knUpzbL.exe
C:\Windows\System\knUpzbL.exe
2⤵
PID:9644

C:\Windows\System\TnwowOI.exe
C:\Windows\System\TnwowOI.exe
2⤵
PID:9672

C:\Windows\System\bUXmesK.exe
C:\Windows\System\bUXmesK.exe
2⤵
PID:9700

C:\Windows\System\VffrgWA.exe
C:\Windows\System\VffrgWA.exe
2⤵
PID:9740

C:\Windows\System\XuGXIah.exe
C:\Windows\System\XuGXIah.exe
2⤵
PID:9768

C:\Windows\System\PDCzpSa.exe
C:\Windows\System\PDCzpSa.exe
2⤵
PID:9784

C:\Windows\System\NVHdwBF.exe
C:\Windows\System\NVHdwBF.exe
2⤵
PID:9800

C:\Windows\System\ETygMXN.exe
C:\Windows\System\ETygMXN.exe
2⤵
PID:9840

C:\Windows\System\JlUOnGv.exe
C:\Windows\System\JlUOnGv.exe
2⤵
PID:9868

C:\Windows\System\HjgUkgr.exe
C:\Windows\System\HjgUkgr.exe
2⤵
PID:9896

C:\Windows\System\BNbvTEC.exe
C:\Windows\System\BNbvTEC.exe
2⤵
PID:9920

C:\Windows\System\EIuxpVk.exe
C:\Windows\System\EIuxpVk.exe
2⤵
PID:9948

C:\Windows\System\KCuzHsF.exe
C:\Windows\System\KCuzHsF.exe
2⤵
PID:9984

C:\Windows\System\FgfCfVc.exe
C:\Windows\System\FgfCfVc.exe
2⤵
PID:10008

C:\Windows\System\EmAMVzk.exe
C:\Windows\System\EmAMVzk.exe
2⤵
PID:10036

C:\Windows\System\cDPqiiY.exe
C:\Windows\System\cDPqiiY.exe
2⤵
PID:10072

C:\Windows\System\RQkNwno.exe
C:\Windows\System\RQkNwno.exe
2⤵
PID:10092

C:\Windows\System\xkOqtEZ.exe
C:\Windows\System\xkOqtEZ.exe
2⤵
PID:10120

C:\Windows\System\eWjqjSt.exe
C:\Windows\System\eWjqjSt.exe
2⤵
PID:10148

C:\Windows\System\rMAJZpi.exe
C:\Windows\System\rMAJZpi.exe
2⤵
PID:10172

C:\Windows\System\KrqvBFP.exe
C:\Windows\System\KrqvBFP.exe
2⤵
PID:10216

C:\Windows\System\dKSsHhW.exe
C:\Windows\System\dKSsHhW.exe
2⤵
PID:10232

C:\Windows\System\gfXVOdB.exe
C:\Windows\System\gfXVOdB.exe
2⤵
PID:9232

C:\Windows\System\JXSYoee.exe
C:\Windows\System\JXSYoee.exe
2⤵
PID:9328

C:\Windows\System\NXNDMmB.exe
C:\Windows\System\NXNDMmB.exe
2⤵
PID:9416

C:\Windows\System\aIgAMvI.exe
C:\Windows\System\aIgAMvI.exe
2⤵
PID:9444

C:\Windows\System\JtaSYds.exe
C:\Windows\System\JtaSYds.exe
2⤵
PID:9504

C:\Windows\System\lLcJSDb.exe
C:\Windows\System\lLcJSDb.exe
2⤵
PID:9580

C:\Windows\System\eLnEtXY.exe
C:\Windows\System\eLnEtXY.exe
2⤵
PID:9656

C:\Windows\System\cgybEFI.exe
C:\Windows\System\cgybEFI.exe
2⤵
PID:9736

C:\Windows\System\MLSXOJT.exe
C:\Windows\System\MLSXOJT.exe
2⤵
PID:9796

C:\Windows\System\ANsmSwK.exe
C:\Windows\System\ANsmSwK.exe
2⤵
PID:9856

C:\Windows\System\rVmeDtr.exe
C:\Windows\System\rVmeDtr.exe
2⤵
PID:9932

C:\Windows\System\WkrrfBd.exe
C:\Windows\System\WkrrfBd.exe
2⤵
PID:9972

C:\Windows\System\dDMFqvC.exe
C:\Windows\System\dDMFqvC.exe
2⤵
PID:10048

C:\Windows\System\hjDdBKN.exe
C:\Windows\System\hjDdBKN.exe
2⤵
PID:10136

C:\Windows\System\BFGHvGe.exe
C:\Windows\System\BFGHvGe.exe
2⤵
PID:10168

C:\Windows\System\cRVestr.exe
C:\Windows\System\cRVestr.exe
2⤵
PID:10212

C:\Windows\System\TTMJUSL.exe
C:\Windows\System\TTMJUSL.exe
2⤵
PID:9272

C:\Windows\System\oRkKLjl.exe
C:\Windows\System\oRkKLjl.exe
2⤵
PID:9488

C:\Windows\System\EXBVNLI.exe
C:\Windows\System\EXBVNLI.exe
2⤵
PID:9628

C:\Windows\System\KKrJcHK.exe
C:\Windows\System\KKrJcHK.exe
2⤵
PID:9780

C:\Windows\System\EeOMerx.exe
C:\Windows\System\EeOMerx.exe
2⤵
PID:9884

C:\Windows\System\YPtwBMM.exe
C:\Windows\System\YPtwBMM.exe
2⤵
PID:10156

C:\Windows\System\ZZNJEvf.exe
C:\Windows\System\ZZNJEvf.exe
2⤵
PID:9392

C:\Windows\System\sBGufrO.exe
C:\Windows\System\sBGufrO.exe
2⤵
PID:10064

C:\Windows\System\ROiQaCl.exe
C:\Windows\System\ROiQaCl.exe
2⤵
PID:9280

C:\Windows\System\nBrwZxL.exe
C:\Windows\System\nBrwZxL.exe
2⤵
PID:9956

C:\Windows\System\GnXCSaA.exe
C:\Windows\System\GnXCSaA.exe
2⤵
PID:10248

C:\Windows\System\IpjylmI.exe
C:\Windows\System\IpjylmI.exe
2⤵
PID:10276

C:\Windows\System\aBdKrRV.exe
C:\Windows\System\aBdKrRV.exe
2⤵
PID:10304

C:\Windows\System\SdrQvLe.exe
C:\Windows\System\SdrQvLe.exe
2⤵
PID:10332

C:\Windows\System\DdHcEwI.exe
C:\Windows\System\DdHcEwI.exe
2⤵
PID:10348

C:\Windows\System\mFUnwYi.exe
C:\Windows\System\mFUnwYi.exe
2⤵
PID:10384

C:\Windows\System\sWridcX.exe
C:\Windows\System\sWridcX.exe
2⤵
PID:10404

C:\Windows\System\jnXNVoI.exe
C:\Windows\System\jnXNVoI.exe
2⤵
PID:10444

C:\Windows\System\dYLhwDf.exe
C:\Windows\System\dYLhwDf.exe
2⤵
PID:10472

C:\Windows\System\KBGwGJJ.exe
C:\Windows\System\KBGwGJJ.exe
2⤵
PID:10500

C:\Windows\System\LHJhKpT.exe
C:\Windows\System\LHJhKpT.exe
2⤵
PID:10528

C:\Windows\System\cJvXGIe.exe
C:\Windows\System\cJvXGIe.exe
2⤵
PID:10556

C:\Windows\System\LjlkRGU.exe
C:\Windows\System\LjlkRGU.exe
2⤵
PID:10584

C:\Windows\System\VagHYzj.exe
C:\Windows\System\VagHYzj.exe
2⤵
PID:10612

C:\Windows\System\xscMIKT.exe
C:\Windows\System\xscMIKT.exe
2⤵
PID:10640

C:\Windows\System\VpFMQcO.exe
C:\Windows\System\VpFMQcO.exe
2⤵
PID:10668

C:\Windows\System\KKcpQmo.exe
C:\Windows\System\KKcpQmo.exe
2⤵
PID:10696

C:\Windows\System\CdnYWIS.exe
C:\Windows\System\CdnYWIS.exe
2⤵
PID:10724

C:\Windows\System\HAyxqMQ.exe
C:\Windows\System\HAyxqMQ.exe
2⤵
PID:10752

C:\Windows\System\GdtsXIr.exe
C:\Windows\System\GdtsXIr.exe
2⤵
PID:10780

C:\Windows\System\SwVejrX.exe
C:\Windows\System\SwVejrX.exe
2⤵
PID:10808

C:\Windows\System\yktJbJw.exe
C:\Windows\System\yktJbJw.exe
2⤵
PID:10836

C:\Windows\System\crJnJVm.exe
C:\Windows\System\crJnJVm.exe
2⤵
PID:10864

C:\Windows\System\dGbWaCA.exe
C:\Windows\System\dGbWaCA.exe
2⤵
PID:10892

C:\Windows\System\rIdbtUU.exe
C:\Windows\System\rIdbtUU.exe
2⤵
PID:10924

C:\Windows\System\wKFmlQf.exe
C:\Windows\System\wKFmlQf.exe
2⤵
PID:10952

C:\Windows\System\fAdtjny.exe
C:\Windows\System\fAdtjny.exe
2⤵
PID:10980

C:\Windows\System\RTCoEwL.exe
C:\Windows\System\RTCoEwL.exe
2⤵
PID:11008

C:\Windows\System\ACcjPXz.exe
C:\Windows\System\ACcjPXz.exe
2⤵
PID:11036

C:\Windows\System\cEsbDHY.exe
C:\Windows\System\cEsbDHY.exe
2⤵
PID:11064

C:\Windows\System\NULpEMD.exe
C:\Windows\System\NULpEMD.exe
2⤵
PID:11092

C:\Windows\System\apEfVdi.exe
C:\Windows\System\apEfVdi.exe
2⤵
PID:11120

C:\Windows\System\TbDgkqA.exe
C:\Windows\System\TbDgkqA.exe
2⤵
PID:11148

C:\Windows\System\OKwqobh.exe
C:\Windows\System\OKwqobh.exe
2⤵
PID:11176

C:\Windows\System\JsJOUUW.exe
C:\Windows\System\JsJOUUW.exe
2⤵
PID:11204

C:\Windows\System\KKjtDkR.exe
C:\Windows\System\KKjtDkR.exe
2⤵
PID:11232

C:\Windows\System\VOFLmLw.exe
C:\Windows\System\VOFLmLw.exe
2⤵
PID:11260

C:\Windows\System\pqqHCqB.exe
C:\Windows\System\pqqHCqB.exe
2⤵
PID:10296

C:\Windows\System\BDokrAm.exe
C:\Windows\System\BDokrAm.exe
2⤵
PID:10360

C:\Windows\System\KvzSYfv.exe
C:\Windows\System\KvzSYfv.exe
2⤵
PID:10424

C:\Windows\System\XjLMVmB.exe
C:\Windows\System\XjLMVmB.exe
2⤵
PID:10484

C:\Windows\System\mNZXMlF.exe
C:\Windows\System\mNZXMlF.exe
2⤵
PID:10540

C:\Windows\System\adynNdG.exe
C:\Windows\System\adynNdG.exe
2⤵
PID:10604

C:\Windows\System\CxYbgKm.exe
C:\Windows\System\CxYbgKm.exe
2⤵
PID:10652

C:\Windows\System\xZmixgg.exe
C:\Windows\System\xZmixgg.exe
2⤵
PID:10708

C:\Windows\System\qfPbyFO.exe
C:\Windows\System\qfPbyFO.exe
2⤵
PID:10792

C:\Windows\System\xaOEtPC.exe
C:\Windows\System\xaOEtPC.exe
2⤵
PID:10848

C:\Windows\System\YsEvnge.exe
C:\Windows\System\YsEvnge.exe
2⤵
PID:10916

C:\Windows\System\wmEmPqP.exe
C:\Windows\System\wmEmPqP.exe
2⤵
PID:10976

C:\Windows\System\Idtwanj.exe
C:\Windows\System\Idtwanj.exe
2⤵
PID:11060

C:\Windows\System\ZUIrkEC.exe
C:\Windows\System\ZUIrkEC.exe
2⤵
PID:11112

C:\Windows\System\CphMJkJ.exe
C:\Windows\System\CphMJkJ.exe
2⤵
PID:11172

C:\Windows\System\lsGhwQn.exe
C:\Windows\System\lsGhwQn.exe
2⤵
PID:10260

C:\Windows\System\VgWAhHZ.exe
C:\Windows\System\VgWAhHZ.exe
2⤵
PID:10400

C:\Windows\System\YaGcEEX.exe
C:\Windows\System\YaGcEEX.exe
2⤵
PID:10512

C:\Windows\System\aQTDsIe.exe
C:\Windows\System\aQTDsIe.exe
2⤵
PID:10660

C:\Windows\System\FRusHmG.exe
C:\Windows\System\FRusHmG.exe
2⤵
PID:10944

C:\Windows\System\oqyiAJs.exe
C:\Windows\System\oqyiAJs.exe
2⤵
PID:11020

C:\Windows\System\yYzqKdB.exe
C:\Windows\System\yYzqKdB.exe
2⤵
PID:11144

C:\Windows\System\XTwfbNf.exe
C:\Windows\System\XTwfbNf.exe
2⤵
PID:10392

C:\Windows\System\DIvSphZ.exe
C:\Windows\System\DIvSphZ.exe
2⤵
PID:10800

C:\Windows\System\PcYtAJI.exe
C:\Windows\System\PcYtAJI.exe
2⤵
PID:11168

C:\Windows\System\WspnLYu.exe
C:\Windows\System\WspnLYu.exe
2⤵
PID:10964

C:\Windows\System\bqoTwzu.exe
C:\Windows\System\bqoTwzu.exe
2⤵
PID:11276

C:\Windows\System\GoJxJHE.exe
C:\Windows\System\GoJxJHE.exe
2⤵
PID:11312

C:\Windows\System\AFJbdFo.exe
C:\Windows\System\AFJbdFo.exe
2⤵
PID:11336

C:\Windows\System\WEFhfAc.exe
C:\Windows\System\WEFhfAc.exe
2⤵
PID:11372

C:\Windows\System\pUriCKK.exe
C:\Windows\System\pUriCKK.exe
2⤵
PID:11404

C:\Windows\System\jhDLHBL.exe
C:\Windows\System\jhDLHBL.exe
2⤵
PID:11444

C:\Windows\System\AOQClwp.exe
C:\Windows\System\AOQClwp.exe
2⤵
PID:11480

C:\Windows\System\TMeqNVQ.exe
C:\Windows\System\TMeqNVQ.exe
2⤵
PID:11516

C:\Windows\System\UfKPobE.exe
C:\Windows\System\UfKPobE.exe
2⤵
PID:11548

C:\Windows\System\TftkegR.exe
C:\Windows\System\TftkegR.exe
2⤵
PID:11580

C:\Windows\System\XLFSwlh.exe
C:\Windows\System\XLFSwlh.exe
2⤵
PID:11596

C:\Windows\System\ryVXEAt.exe
C:\Windows\System\ryVXEAt.exe
2⤵
PID:11628

C:\Windows\System\LxJxnis.exe
C:\Windows\System\LxJxnis.exe
2⤵
PID:11660

C:\Windows\System\xzMvQjV.exe
C:\Windows\System\xzMvQjV.exe
2⤵
PID:11704

C:\Windows\System\woalWEL.exe
C:\Windows\System\woalWEL.exe
2⤵
PID:11728

C:\Windows\System\KvcfEgs.exe
C:\Windows\System\KvcfEgs.exe
2⤵
PID:11756

C:\Windows\System\EKhypgC.exe
C:\Windows\System\EKhypgC.exe
2⤵
PID:11788

C:\Windows\System\FdgdIOk.exe
C:\Windows\System\FdgdIOk.exe
2⤵
PID:11828

C:\Windows\System\LsdnJSx.exe
C:\Windows\System\LsdnJSx.exe
2⤵
PID:11864

C:\Windows\System\kDcPGnL.exe
C:\Windows\System\kDcPGnL.exe
2⤵
PID:11896

C:\Windows\System\ojUpkXs.exe
C:\Windows\System\ojUpkXs.exe
2⤵
PID:11932

C:\Windows\System\HALoPLv.exe
C:\Windows\System\HALoPLv.exe
2⤵
PID:11952

C:\Windows\System\thgXTGh.exe
C:\Windows\System\thgXTGh.exe
2⤵
PID:11988

C:\Windows\System\ztJWUjK.exe
C:\Windows\System\ztJWUjK.exe
2⤵
PID:12028

C:\Windows\System\UtQaQtg.exe
C:\Windows\System\UtQaQtg.exe
2⤵
PID:12068

C:\Windows\System\QOjhUIE.exe
C:\Windows\System\QOjhUIE.exe
2⤵
PID:12104

C:\Windows\System\HHpTHkz.exe
C:\Windows\System\HHpTHkz.exe
2⤵
PID:12140

C:\Windows\System\gZuhXxz.exe
C:\Windows\System\gZuhXxz.exe
2⤵
PID:12156

C:\Windows\System\yNTPWES.exe
C:\Windows\System\yNTPWES.exe
2⤵
PID:12192

C:\Windows\System\BzdesNZ.exe
C:\Windows\System\BzdesNZ.exe
2⤵
PID:12216

C:\Windows\System\AvfZFNk.exe
C:\Windows\System\AvfZFNk.exe
2⤵
PID:12240

C:\Windows\System\VuqSimK.exe
C:\Windows\System\VuqSimK.exe
2⤵
PID:12268

C:\Windows\System\FZVnxsR.exe
C:\Windows\System\FZVnxsR.exe
2⤵
PID:12284

C:\Windows\System\yiEHSaz.exe
C:\Windows\System\yiEHSaz.exe
2⤵
PID:11320

C:\Windows\System\GaRpsVx.exe
C:\Windows\System\GaRpsVx.exe
2⤵
PID:11400

C:\Windows\System\NIDwmVb.exe
C:\Windows\System\NIDwmVb.exe
2⤵
PID:11388

C:\Windows\System\wxLyXtO.exe
C:\Windows\System\wxLyXtO.exe
2⤵
PID:11496

C:\Windows\System\xPihLti.exe
C:\Windows\System\xPihLti.exe
2⤵
PID:11576

C:\Windows\System\aFgDrGu.exe
C:\Windows\System\aFgDrGu.exe
2⤵
PID:11592

C:\Windows\System\aGqxfUr.exe
C:\Windows\System\aGqxfUr.exe
2⤵
PID:11680

C:\Windows\System\hQkPMUF.exe
C:\Windows\System\hQkPMUF.exe
2⤵
PID:11652

C:\Windows\System\OSpCMAd.exe
C:\Windows\System\OSpCMAd.exe
2⤵
PID:11820

C:\Windows\System\hnFYMLE.exe
C:\Windows\System\hnFYMLE.exe
2⤵
PID:11948

C:\Windows\System\diiTqYF.exe
C:\Windows\System\diiTqYF.exe
2⤵
PID:11980

C:\Windows\System\PLplwCg.exe
C:\Windows\System\PLplwCg.exe
2⤵
PID:12036

C:\Windows\System\KBUCENe.exe
C:\Windows\System\KBUCENe.exe
2⤵
PID:12128

C:\Windows\System\hBxnhrf.exe
C:\Windows\System\hBxnhrf.exe
2⤵
PID:12168

C:\Windows\System\aJGpeGI.exe
C:\Windows\System\aJGpeGI.exe
2⤵
PID:12256

C:\Windows\System\ekbzDcK.exe
C:\Windows\System\ekbzDcK.exe
2⤵
PID:11304

C:\Windows\System\pWsbWNv.exe
C:\Windows\System\pWsbWNv.exe
2⤵
PID:11440

C:\Windows\System\kLvJQQv.exe
C:\Windows\System\kLvJQQv.exe
2⤵
PID:3956

C:\Windows\System\QLIUaZc.exe
C:\Windows\System\QLIUaZc.exe
2⤵
PID:11456

C:\Windows\System\vSJzbMc.exe
C:\Windows\System\vSJzbMc.exe
2⤵
PID:11884

C:\Windows\System\PMVGayp.exe
C:\Windows\System\PMVGayp.exe
2⤵
PID:12080

C:\Windows\System\KDwLlmV.exe
C:\Windows\System\KDwLlmV.exe
2⤵
PID:11940

C:\Windows\System\RyMbqtW.exe
C:\Windows\System\RyMbqtW.exe
2⤵
PID:12132

C:\Windows\System\GpRPgZE.exe
C:\Windows\System\GpRPgZE.exe
2⤵
PID:12276

C:\Windows\System\zPwkofU.exe
C:\Windows\System\zPwkofU.exe
2⤵
PID:11272

C:\Windows\System\MYgGsbb.exe
C:\Windows\System\MYgGsbb.exe
2⤵
PID:12292

C:\Windows\System\BMIcWXY.exe
C:\Windows\System\BMIcWXY.exe
2⤵
PID:12332

C:\Windows\System\qDfnEYl.exe
C:\Windows\System\qDfnEYl.exe
2⤵
PID:12372

C:\Windows\System\SvESdLE.exe
C:\Windows\System\SvESdLE.exe
2⤵
PID:12400

C:\Windows\System\XvYZnAg.exe
C:\Windows\System\XvYZnAg.exe
2⤵
PID:12428

C:\Windows\System\GhByZqO.exe
C:\Windows\System\GhByZqO.exe
2⤵
PID:12464

C:\Windows\System\iFkcwGK.exe
C:\Windows\System\iFkcwGK.exe
2⤵
PID:12488

C:\Windows\System\bAtJqPO.exe
C:\Windows\System\bAtJqPO.exe
2⤵
PID:12516

C:\Windows\System\HkNnlLw.exe
C:\Windows\System\HkNnlLw.exe
2⤵
PID:12552

C:\Windows\System\MYILfvg.exe
C:\Windows\System\MYILfvg.exe
2⤵
PID:12580

C:\Windows\System\zKDiTcV.exe
C:\Windows\System\zKDiTcV.exe
2⤵
PID:12612

C:\Windows\System\ErONjZQ.exe
C:\Windows\System\ErONjZQ.exe
2⤵
PID:12652

C:\Windows\System\zrwmJae.exe
C:\Windows\System\zrwmJae.exe
2⤵
PID:12692

C:\Windows\System\mVHnwwF.exe
C:\Windows\System\mVHnwwF.exe
2⤵
PID:12708

C:\Windows\System\QlMPGRU.exe
C:\Windows\System\QlMPGRU.exe
2⤵
PID:12736

C:\Windows\System\eyAEmGD.exe
C:\Windows\System\eyAEmGD.exe
2⤵
PID:12776

C:\Windows\System\jmjDWgO.exe
C:\Windows\System\jmjDWgO.exe
2⤵
PID:12816

C:\Windows\System\pWMsNXx.exe
C:\Windows\System\pWMsNXx.exe
2⤵
PID:12836

C:\Windows\System\uNVoraZ.exe
C:\Windows\System\uNVoraZ.exe
2⤵
PID:12860

C:\Windows\System\taekXwf.exe
C:\Windows\System\taekXwf.exe
2⤵
PID:12892

C:\Windows\System\GFwDHDl.exe
C:\Windows\System\GFwDHDl.exe
2⤵
PID:12908

C:\Windows\System\bqJimAH.exe
C:\Windows\System\bqJimAH.exe
2⤵
PID:12924

C:\Windows\System\tVUjKIb.exe
C:\Windows\System\tVUjKIb.exe
2⤵
PID:12968

C:\Windows\System\jzyOZcz.exe
C:\Windows\System\jzyOZcz.exe
2⤵
PID:12992

C:\Windows\System\StrRgDZ.exe
C:\Windows\System\StrRgDZ.exe
2⤵
PID:13020

C:\Windows\System\ISszWyA.exe
C:\Windows\System\ISszWyA.exe
2⤵
PID:13048

C:\Windows\System\VAEmXwF.exe
C:\Windows\System\VAEmXwF.exe
2⤵
PID:13076

C:\Windows\System\ytDkmDs.exe
C:\Windows\System\ytDkmDs.exe
2⤵
PID:13104

C:\Windows\System\gCliNgJ.exe
C:\Windows\System\gCliNgJ.exe
2⤵
PID:13132

C:\Windows\System\qWiyxCh.exe
C:\Windows\System\qWiyxCh.exe
2⤵
PID:13172

C:\Windows\System\dDbVjPp.exe
C:\Windows\System\dDbVjPp.exe
2⤵
PID:13188

C:\Windows\System\WopjOuH.exe
C:\Windows\System\WopjOuH.exe
2⤵
PID:13224

C:\Windows\System\PGtONPM.exe
C:\Windows\System\PGtONPM.exe
2⤵
PID:13252

C:\Windows\System\qcSMPrS.exe
C:\Windows\System\qcSMPrS.exe
2⤵
PID:13284

C:\Windows\System\nPMfiGw.exe
C:\Windows\System\nPMfiGw.exe
2⤵
PID:12044

C:\Windows\System\rFqPEyV.exe
C:\Windows\System\rFqPEyV.exe
2⤵
PID:12232

C:\Windows\System\vOFFwNe.exe
C:\Windows\System\vOFFwNe.exe
2⤵
PID:12880

C:\Windows\System\ALoZJUB.exe
C:\Windows\System\ALoZJUB.exe
2⤵
PID:12900

C:\Windows\System\tNEJWno.exe
C:\Windows\System\tNEJWno.exe
2⤵
PID:1832

C:\Windows\System\FdAnNsc.exe
C:\Windows\System\FdAnNsc.exe
2⤵
PID:13036

C:\Windows\System\TZwDMPT.exe
C:\Windows\System\TZwDMPT.exe
2⤵
PID:6748

C:\Windows\System\TBDTyDb.exe
C:\Windows\System\TBDTyDb.exe
2⤵
PID:12392

C:\Windows\System\HFXMEsg.exe
C:\Windows\System\HFXMEsg.exe
2⤵
PID:12504

C:\Windows\System\ZjvIZDw.exe
C:\Windows\System\ZjvIZDw.exe
2⤵
PID:12600

C:\Windows\System\jNfXRdb.exe
C:\Windows\System\jNfXRdb.exe
2⤵
PID:12676

C:\Windows\System\zkavWoU.exe
C:\Windows\System\zkavWoU.exe
2⤵
PID:12720

C:\Windows\System\cMTwtwI.exe
C:\Windows\System\cMTwtwI.exe
2⤵
PID:12772

C:\Windows\System\KTaLwDh.exe
C:\Windows\System\KTaLwDh.exe
2⤵
PID:12904

C:\Windows\System\hFWPAQe.exe
C:\Windows\System\hFWPAQe.exe
2⤵
PID:13040

C:\Windows\System\twrHtWF.exe
C:\Windows\System\twrHtWF.exe
2⤵
PID:7412

C:\Windows\System\rjLnXmi.exe
C:\Windows\System\rjLnXmi.exe
2⤵
PID:13068

C:\Windows\System\SwbLPjy.exe
C:\Windows\System\SwbLPjy.exe
2⤵
PID:12500

C:\Windows\System\JmvNMfP.exe
C:\Windows\System\JmvNMfP.exe
2⤵
PID:372

C:\Windows\System\FHLfdkZ.exe
C:\Windows\System\FHLfdkZ.exe
2⤵
PID:2268

C:\Windows\System\ZiPCoyG.exe
C:\Windows\System\ZiPCoyG.exe
2⤵
PID:6652

C:\Windows\System\cbPySic.exe
C:\Windows\System\cbPySic.exe
2⤵
PID:13116

C:\Windows\System\EIIQMhh.exe
C:\Windows\System\EIIQMhh.exe
2⤵
PID:13232

C:\Windows\System\rbNRcEF.exe
C:\Windows\System\rbNRcEF.exe
2⤵
PID:4228

C:\Windows\System\BgRNBVX.exe
C:\Windows\System\BgRNBVX.exe
2⤵
PID:4972

C:\Windows\System\tccAbwU.exe
C:\Windows\System\tccAbwU.exe
2⤵
PID:3960

C:\Windows\System\qnNHubo.exe
C:\Windows\System\qnNHubo.exe
2⤵
PID:3328

C:\Windows\System\ZmdQaGw.exe
C:\Windows\System\ZmdQaGw.exe
2⤵
PID:1184

C:\Windows\System\CBikNwT.exe
C:\Windows\System\CBikNwT.exe
2⤵
PID:828

C:\Windows\System\OonoWjH.exe
C:\Windows\System\OonoWjH.exe
2⤵
PID:1964

C:\Windows\System\UoepTCU.exe
C:\Windows\System\UoepTCU.exe
2⤵
PID:4556

C:\Windows\System\CsDFQpS.exe
C:\Windows\System\CsDFQpS.exe
2⤵
PID:12576

C:\Windows\System\THZJQgm.exe
C:\Windows\System\THZJQgm.exe
2⤵
PID:12388

C:\Windows\System\ulKzADM.exe
C:\Windows\System\ulKzADM.exe
2⤵
PID:4776

C:\Windows\System\HIPeesy.exe
C:\Windows\System\HIPeesy.exe
2⤵
PID:1068

C:\Windows\System\fqnKiDO.exe
C:\Windows\System\fqnKiDO.exe
2⤵
PID:3468

C:\Windows\System\IJZENMA.exe
C:\Windows\System\IJZENMA.exe
2⤵
PID:3448

C:\Windows\System\enehokU.exe
C:\Windows\System\enehokU.exe
2⤵
PID:2988

C:\Windows\System\wTRBpni.exe
C:\Windows\System\wTRBpni.exe
2⤵
PID:1676

C:\Windows\System\qREKNAp.exe
C:\Windows\System\qREKNAp.exe
2⤵
PID:3864

C:\Windows\System\HGbxIzX.exe
C:\Windows\System\HGbxIzX.exe
2⤵
PID:4672

C:\Windows\System\FBZPPmF.exe
C:\Windows\System\FBZPPmF.exe
2⤵
PID:2532

C:\Windows\System\VLNMTJU.exe
C:\Windows\System\VLNMTJU.exe
2⤵
PID:1452

C:\Windows\System\lTXIdtR.exe
C:\Windows\System\lTXIdtR.exe
2⤵
PID:3608

C:\Windows\System\BTOIwwj.exe
C:\Windows\System\BTOIwwj.exe
2⤵
PID:5008

C:\Windows\System\JFbzgCk.exe
C:\Windows\System\JFbzgCk.exe
2⤵
PID:1564

C:\Windows\System\FfiZRWU.exe
C:\Windows\System\FfiZRWU.exe
2⤵
PID:11752

C:\Windows\System\YUyyQpB.exe
C:\Windows\System\YUyyQpB.exe
2⤵
PID:3876

C:\Windows\System\bQCXfWY.exe
C:\Windows\System\bQCXfWY.exe
2⤵
PID:960

C:\Windows\System\XPCQTxZ.exe
C:\Windows\System\XPCQTxZ.exe
2⤵
PID:4304

C:\Windows\System\DeNerTE.exe
C:\Windows\System\DeNerTE.exe
2⤵
PID:5140

C:\Windows\System\AzXQGBn.exe
C:\Windows\System\AzXQGBn.exe
2⤵
PID:4184

C:\Windows\System\rHrDEJZ.exe
C:\Windows\System\rHrDEJZ.exe
2⤵
PID:5292

C:\Windows\System\NJGzSFn.exe
C:\Windows\System\NJGzSFn.exe
2⤵
PID:5448

C:\Windows\System\WvsHPfn.exe
C:\Windows\System\WvsHPfn.exe
2⤵
PID:5604

C:\Windows\System\XXkkqRJ.exe
C:\Windows\System\XXkkqRJ.exe
2⤵
PID:4532

C:\Windows\System\YtsFGVo.exe
C:\Windows\System\YtsFGVo.exe
2⤵
PID:6016

C:\Windows\System\eQHwdnG.exe
C:\Windows\System\eQHwdnG.exe
2⤵
PID:6136

C:\Windows\System\vAxsUDA.exe
C:\Windows\System\vAxsUDA.exe
2⤵
PID:2068

C:\Windows\System\jLjTNgy.exe
C:\Windows\System\jLjTNgy.exe
2⤵
PID:2024

C:\Windows\System\FVhBHqJ.exe
C:\Windows\System\FVhBHqJ.exe
2⤵
PID:3904

C:\Windows\System\cseANPS.exe
C:\Windows\System\cseANPS.exe
2⤵
PID:2944

C:\Windows\System\HOEUgJV.exe
C:\Windows\System\HOEUgJV.exe
2⤵
PID:9156

C:\Windows\System\fSppRkh.exe
C:\Windows\System\fSppRkh.exe
2⤵
PID:6872

C:\Windows\System\wheQVfA.exe
C:\Windows\System\wheQVfA.exe
2⤵
PID:9188

C:\Windows\System\RbqKXvz.exe
C:\Windows\System\RbqKXvz.exe
2⤵
PID:7160

C:\Windows\System\YMRojYQ.exe
C:\Windows\System\YMRojYQ.exe
2⤵
PID:13184

C:\Windows\System\bmiqkYn.exe
C:\Windows\System\bmiqkYn.exe
2⤵
PID:1212

C:\Windows\System\LPwMTUz.exe
C:\Windows\System\LPwMTUz.exe
2⤵
PID:7252

C:\Windows\System\tPvjbPU.exe
C:\Windows\System\tPvjbPU.exe
2⤵
PID:8260

C:\Windows\System\DfbmEnu.exe
C:\Windows\System\DfbmEnu.exe
2⤵
PID:9284

C:\Windows\System\RNxhYek.exe
C:\Windows\System\RNxhYek.exe
2⤵
PID:5156

C:\Windows\System\pqcpaFh.exe
C:\Windows\System\pqcpaFh.exe
2⤵
PID:7316

C:\Windows\System\ZPjvmzU.exe
C:\Windows\System\ZPjvmzU.exe
2⤵
PID:5452

C:\Windows\System\bYMYKYs.exe
C:\Windows\System\bYMYKYs.exe
2⤵
PID:7364

C:\Windows\System\PvNCBWL.exe
C:\Windows\System\PvNCBWL.exe
2⤵
PID:8432

C:\Windows\System\VuFrshQ.exe
C:\Windows\System\VuFrshQ.exe
2⤵
PID:9456

C:\Windows\System\IJvLOTx.exe
C:\Windows\System\IJvLOTx.exe
2⤵
PID:1468

C:\Windows\System\dbZHAks.exe
C:\Windows\System\dbZHAks.exe
2⤵
PID:9680

C:\Windows\System\JBauXWX.exe
C:\Windows\System\JBauXWX.exe
2⤵
PID:5200

C:\Windows\System\DHljYWM.exe
C:\Windows\System\DHljYWM.exe
2⤵
PID:8544

C:\Windows\System\UzeQUtU.exe
C:\Windows\System\UzeQUtU.exe
2⤵
PID:8628

C:\Windows\System\afxawhp.exe
C:\Windows\System\afxawhp.exe
2⤵
PID:3244

C:\Windows\System\IOOxGxy.exe
C:\Windows\System\IOOxGxy.exe
2⤵
PID:6076

C:\Windows\System\BHBDtcr.exe
C:\Windows\System\BHBDtcr.exe
2⤵
PID:1128

C:\Windows\System\KzfwoSh.exe
C:\Windows\System\KzfwoSh.exe
2⤵
PID:8488

C:\Windows\System\saLdAhz.exe
C:\Windows\System\saLdAhz.exe
2⤵
PID:9716

C:\Windows\System\OEXYGsm.exe
C:\Windows\System\OEXYGsm.exe
2⤵
PID:7648

C:\Windows\System\hyOumpn.exe
C:\Windows\System\hyOumpn.exe
2⤵
PID:7396

C:\Windows\System\tUjNNtH.exe
C:\Windows\System\tUjNNtH.exe
2⤵
PID:7612

C:\Windows\System\wihFosb.exe
C:\Windows\System\wihFosb.exe
2⤵
PID:7656

C:\Windows\System\dlQRgON.exe
C:\Windows\System\dlQRgON.exe
2⤵
PID:9968

C:\Windows\System\BjFNWKL.exe
C:\Windows\System\BjFNWKL.exe
2⤵
PID:8700

C:\Windows\System\LvqJtGe.exe
C:\Windows\System\LvqJtGe.exe
2⤵
PID:5432

C:\Windows\System\OQuGcRR.exe
C:\Windows\System\OQuGcRR.exe
2⤵
PID:8804

C:\Windows\System\RfgGHoz.exe
C:\Windows\System\RfgGHoz.exe
2⤵
PID:7704

C:\Windows\System\hlwdaQS.exe
C:\Windows\System\hlwdaQS.exe
2⤵
PID:5040

C:\Windows\System\lRfhCas.exe
C:\Windows\System\lRfhCas.exe
2⤵
PID:3552

C:\Windows\System\nhHDnVY.exe
C:\Windows\System\nhHDnVY.exe
2⤵
PID:6156

C:\Windows\System\TXSkUvF.exe
C:\Windows\System\TXSkUvF.exe
2⤵
PID:9308

C:\Windows\System\WarInmz.exe
C:\Windows\System\WarInmz.exe
2⤵
PID:10180

C:\Windows\System\hMYOvEu.exe
C:\Windows\System\hMYOvEu.exe
2⤵
PID:3368

C:\Windows\System\WVAVOiJ.exe
C:\Windows\System\WVAVOiJ.exe
2⤵
PID:6212

C:\Windows\System\eqofNEJ.exe
C:\Windows\System\eqofNEJ.exe
2⤵
PID:9496

C:\Windows\System\yFkyyXZ.exe
C:\Windows\System\yFkyyXZ.exe
2⤵
PID:9528

C:\Windows\System\qqeWyXx.exe
C:\Windows\System\qqeWyXx.exe
2⤵
PID:9588

C:\Windows\System\ethSfRV.exe
C:\Windows\System\ethSfRV.exe
2⤵
PID:9636

C:\Windows\System\prhnueQ.exe
C:\Windows\System\prhnueQ.exe
2⤵
PID:9692

C:\Windows\System\qZbmFpa.exe
C:\Windows\System\qZbmFpa.exe
2⤵
PID:7956

C:\Windows\System\kjHqSoN.exe
C:\Windows\System\kjHqSoN.exe
2⤵
PID:7916

C:\Windows\System\DAhPJfO.exe
C:\Windows\System\DAhPJfO.exe
2⤵
PID:8972

C:\Windows\System\oPGmgfI.exe
C:\Windows\System\oPGmgfI.exe
2⤵
PID:12800

C:\Windows\System\dmdarOo.exe
C:\Windows\System\dmdarOo.exe
2⤵
PID:10080

C:\Windows\System\qAzJdkr.exe
C:\Windows\System\qAzJdkr.exe
2⤵
PID:6504

C:\Windows\System\QfZpCrc.exe
C:\Windows\System\QfZpCrc.exe
2⤵
PID:8864

C:\Windows\System\sgPTSPk.exe
C:\Windows\System\sgPTSPk.exe
2⤵
PID:9060

C:\Windows\System\wMPpxco.exe
C:\Windows\System\wMPpxco.exe
2⤵
PID:9360

C:\Windows\System\qcdLeyH.exe
C:\Windows\System\qcdLeyH.exe
2⤵
PID:6636

C:\Windows\System\MGumuQh.exe
C:\Windows\System\MGumuQh.exe
2⤵
PID:6560

C:\Windows\System\wvKaPBd.exe
C:\Windows\System\wvKaPBd.exe
2⤵
PID:8040

C:\Windows\System\SYrAxVW.exe
C:\Windows\System\SYrAxVW.exe
2⤵
PID:10228

C:\Windows\System\vwbydvc.exe
C:\Windows\System\vwbydvc.exe
2⤵
PID:10292

C:\Windows\System\BlaYDhi.exe
C:\Windows\System\BlaYDhi.exe
2⤵
PID:10412

C:\Windows\System\qdwAEpP.exe
C:\Windows\System\qdwAEpP.exe
2⤵
PID:10508

C:\Windows\System\nUHDHlP.exe
C:\Windows\System\nUHDHlP.exe
2⤵
PID:10636

C:\Windows\System\tcaHWxp.exe
C:\Windows\System\tcaHWxp.exe
2⤵
PID:10704

C:\Windows\System\FVDiQhO.exe
C:\Windows\System\FVDiQhO.exe
2⤵
PID:10816

C:\Windows\System\caLGaek.exe
C:\Windows\System\caLGaek.exe
2⤵
PID:10940

C:\Windows\System\NTfxsfX.exe
C:\Windows\System\NTfxsfX.exe
2⤵
PID:11052

C:\Windows\System\pqTuZHx.exe
C:\Windows\System\pqTuZHx.exe
2⤵
PID:564

C:\Windows\System\EGqzUnz.exe
C:\Windows\System\EGqzUnz.exe
2⤵
PID:1944

C:\Windows\System\LQArjLe.exe
C:\Windows\System\LQArjLe.exe
2⤵
PID:1892

C:\Windows\System\anOgEZO.exe
C:\Windows\System\anOgEZO.exe
2⤵
PID:6732

C:\Windows\System\eWPlZLy.exe
C:\Windows\System\eWPlZLy.exe
2⤵
PID:11184

C:\Windows\System\eKchjAJ.exe
C:\Windows\System\eKchjAJ.exe
2⤵
PID:11248

C:\Windows\System\OWRjDuy.exe
C:\Windows\System\OWRjDuy.exe
2⤵
PID:9196

C:\Windows\System\xzPCuyj.exe
C:\Windows\System\xzPCuyj.exe
2⤵
PID:6876

C:\Windows\System\gmQXGrz.exe
C:\Windows\System\gmQXGrz.exe
2⤵
PID:10888

C:\Windows\System\QZepipN.exe
C:\Windows\System\QZepipN.exe
2⤵
PID:11000

C:\Windows\System\SVUkvQl.exe
C:\Windows\System\SVUkvQl.exe
2⤵
PID:8464

C:\Windows\System\uoSywMA.exe
C:\Windows\System\uoSywMA.exe
2⤵
PID:7720

C:\Windows\System\CfDiqpt.exe
C:\Windows\System\CfDiqpt.exe
2⤵
PID:11132

C:\Windows\System\VTaiHch.exe
C:\Windows\System\VTaiHch.exe
2⤵
PID:7056

C:\Windows\System\mqhgPGS.exe
C:\Windows\System\mqhgPGS.exe
2⤵
PID:7072

C:\Windows\System\QCUMgwU.exe
C:\Windows\System\QCUMgwU.exe
2⤵
PID:10468

C:\Windows\System\TFjaZCg.exe
C:\Windows\System\TFjaZCg.exe
2⤵
PID:10688

C:\Windows\System\vFlcMgu.exe
C:\Windows\System\vFlcMgu.exe
2⤵
PID:3236

C:\Windows\System\uGUAKrA.exe
C:\Windows\System\uGUAKrA.exe
2⤵
PID:2996

C:\Windows\System\rnLBwSG.exe
C:\Windows\System\rnLBwSG.exe
2⤵
PID:6196

C:\Windows\System\DWjkkfv.exe
C:\Windows\System\DWjkkfv.exe
2⤵
PID:6688

C:\Windows\System\PbxLYMW.exe
C:\Windows\System\PbxLYMW.exe
2⤵
PID:8572

C:\Windows\System\XfNguJF.exe
C:\Windows\System\XfNguJF.exe
2⤵
PID:6996

C:\Windows\System\PNxGTNV.exe
C:\Windows\System\PNxGTNV.exe
2⤵
PID:3216

C:\Windows\System\ISqeElo.exe
C:\Windows\System\ISqeElo.exe
2⤵
PID:6564

C:\Windows\System\SlvatsL.exe
C:\Windows\System\SlvatsL.exe
2⤵
PID:9164

C:\Windows\System\RXOVJBl.exe
C:\Windows\System\RXOVJBl.exe
2⤵
PID:2008

C:\Windows\System\OawVsSE.exe
C:\Windows\System\OawVsSE.exe
2⤵
PID:6348

C:\Windows\System\qmNKBuI.exe
C:\Windows\System\qmNKBuI.exe
2⤵
PID:11452

C:\Windows\System\hhUnIaY.exe
C:\Windows\System\hhUnIaY.exe
2⤵
PID:8220

C:\Windows\System\IJmKSnr.exe
C:\Windows\System\IJmKSnr.exe
2⤵
PID:11532

C:\Windows\System\xGRSMQC.exe
C:\Windows\System\xGRSMQC.exe
2⤵
PID:6276

C:\Windows\System\vBxuAid.exe
C:\Windows\System\vBxuAid.exe
2⤵
PID:6320

C:\Windows\System\NUyczvD.exe
C:\Windows\System\NUyczvD.exe
2⤵
PID:8520

C:\Windows\System\bscFtuC.exe
C:\Windows\System\bscFtuC.exe
2⤵
PID:5812

C:\Windows\System\wwtQpTr.exe
C:\Windows\System\wwtQpTr.exe
2⤵
PID:8184

C:\Windows\System\SXbcgyx.exe
C:\Windows\System\SXbcgyx.exe
2⤵
PID:7492

C:\Windows\System\XdqVjRW.exe
C:\Windows\System\XdqVjRW.exe
2⤵
PID:5772

C:\Windows\System\Iijnucq.exe
C:\Windows\System\Iijnucq.exe
2⤵
PID:4592

C:\Windows\System\dvWaxmr.exe
C:\Windows\System\dvWaxmr.exe
2⤵
PID:11356

C:\Windows\System\rNuZaYo.exe
C:\Windows\System\rNuZaYo.exe
2⤵
PID:2140

C:\Windows\System\ohUFOCB.exe
C:\Windows\System\ohUFOCB.exe
2⤵
PID:9032

C:\Windows\System\sDNCVDo.exe
C:\Windows\System\sDNCVDo.exe
2⤵
PID:12116

C:\Windows\System\temuHjB.exe
C:\Windows\System\temuHjB.exe
2⤵
PID:12120

C:\Windows\System\qCbBzED.exe
C:\Windows\System\qCbBzED.exe
2⤵
PID:5740

C:\Windows\System\jgZxkEH.exe
C:\Windows\System\jgZxkEH.exe
2⤵
PID:9300

C:\Windows\System\NxxIUiP.exe
C:\Windows\System\NxxIUiP.exe
2⤵
PID:5136

C:\Windows\System\usoARza.exe
C:\Windows\System\usoARza.exe
2⤵
PID:5324

C:\Windows\System\RcFjrYi.exe
C:\Windows\System\RcFjrYi.exe
2⤵
PID:8320

C:\Windows\System\xxhzLJm.exe
C:\Windows\System\xxhzLJm.exe
2⤵
PID:624

C:\Windows\System\tELZmbK.exe
C:\Windows\System\tELZmbK.exe
2⤵
PID:11620

C:\Windows\System\VOeOFWU.exe
C:\Windows\System\VOeOFWU.exe
2⤵
PID:5348

C:\Windows\System\dNcxgPF.exe
C:\Windows\System\dNcxgPF.exe
2⤵
PID:9344

C:\Windows\System\IlJJIen.exe
C:\Windows\System\IlJJIen.exe
2⤵
PID:12408

C:\Windows\System\CMCgGmf.exe
C:\Windows\System\CMCgGmf.exe
2⤵
PID:12648

C:\Windows\System\DjdjCqr.exe
C:\Windows\System\DjdjCqr.exe
2⤵
PID:12668

C:\Windows\System\kCadQRk.exe
C:\Windows\System\kCadQRk.exe
2⤵
PID:12768

C:\Windows\System\kcaLKdN.exe
C:\Windows\System\kcaLKdN.exe
2⤵
PID:12804

C:\Windows\System\SOYQLTq.exe
C:\Windows\System\SOYQLTq.exe
2⤵
PID:8460

C:\Windows\System\lOkiwde.exe
C:\Windows\System\lOkiwde.exe
2⤵
PID:12932

C:\Windows\System\XJlwmbD.exe
C:\Windows\System\XJlwmbD.exe
2⤵
PID:13016

C:\Windows\System\TSUmgkl.exe
C:\Windows\System\TSUmgkl.exe
2⤵
PID:13084

C:\Windows\System\mipPNzc.exe
C:\Windows\System\mipPNzc.exe
2⤵
PID:13148

C:\Windows\System\KHVTryF.exe
C:\Windows\System\KHVTryF.exe
2⤵
PID:13240

C:\Windows\System\AEOMJjT.exe
C:\Windows\System\AEOMJjT.exe
2⤵
PID:13308

C:\Windows\System\KqNcQnT.exe
C:\Windows\System\KqNcQnT.exe
2⤵
PID:12340

C:\Windows\System\WeVzcsX.exe
C:\Windows\System\WeVzcsX.exe
2⤵
PID:4328

C:\Windows\System\cnsobcD.exe
C:\Windows\System\cnsobcD.exe
2⤵
PID:8672

C:\Windows\System\VkophBQ.exe
C:\Windows\System\VkophBQ.exe
2⤵
PID:5824

C:\Windows\System\vInRBCN.exe
C:\Windows\System\vInRBCN.exe
2⤵
PID:7732

C:\Windows\System\FKdQamq.exe
C:\Windows\System\FKdQamq.exe
2⤵
PID:8080

C:\Windows\System\iWcVdHl.exe
C:\Windows\System\iWcVdHl.exe
2⤵
PID:10160

C:\Windows\System\kpDsyyv.exe
C:\Windows\System\kpDsyyv.exe
2⤵
PID:4320

C:\Windows\System\jAoFUyR.exe
C:\Windows\System\jAoFUyR.exe
2⤵
PID:4408

C:\Windows\System\msRIjVA.exe
C:\Windows\System\msRIjVA.exe
2⤵
PID:9612

C:\Windows\System\etvcoza.exe
C:\Windows\System\etvcoza.exe
2⤵
PID:9860

C:\Windows\System\jXbIcLf.exe
C:\Windows\System\jXbIcLf.exe
2⤵
PID:4308

C:\Windows\System\PzVaOOt.exe
C:\Windows\System\PzVaOOt.exe
2⤵
PID:4280

C:\Windows\System\INwlXsu.exe
C:\Windows\System\INwlXsu.exe
2⤵
PID:2788

C:\Windows\System\WGtrLcv.exe
C:\Windows\System\WGtrLcv.exe
2⤵
PID:4820

C:\Windows\System\HvVFMyk.exe
C:\Windows\System\HvVFMyk.exe
2⤵
PID:4036

C:\Windows\System\ksFCiMB.exe
C:\Windows\System\ksFCiMB.exe
2⤵
PID:9112

C:\Windows\System\huPMRcC.exe
C:\Windows\System\huPMRcC.exe
2⤵
PID:5264

C:\Windows\System\IGKStCH.exe
C:\Windows\System\IGKStCH.exe
2⤵
PID:10364

C:\Windows\System\cTUssVE.exe
C:\Windows\System\cTUssVE.exe
2⤵
PID:10592

C:\Windows\System\XImzdNe.exe
C:\Windows\System\XImzdNe.exe
2⤵
PID:10768

C:\Windows\System\CvDfsOK.exe
C:\Windows\System\CvDfsOK.exe
2⤵
PID:10960

C:\Windows\System\qgnnazm.exe
C:\Windows\System\qgnnazm.exe
2⤵
PID:12460

C:\Windows\System\AsvkTfc.exe
C:\Windows\System\AsvkTfc.exe
2⤵
PID:12664

C:\Windows\System\TjoGeAN.exe
C:\Windows\System\TjoGeAN.exe
2⤵
PID:6956

C:\Windows\System\qiOOZGm.exe
C:\Windows\System\qiOOZGm.exe
2⤵
PID:10680

C:\Windows\System\ivrlfei.exe
C:\Windows\System\ivrlfei.exe
2⤵
PID:8380

C:\Windows\System\fwEIxSz.exe
C:\Windows\System\fwEIxSz.exe
2⤵
PID:4984

C:\Windows\System\NerWXOA.exe
C:\Windows\System\NerWXOA.exe
2⤵
PID:7044

C:\Windows\System\yicDlmZ.exe
C:\Windows\System\yicDlmZ.exe
2⤵
PID:10496

C:\Windows\System\nvTwlLJ.exe
C:\Windows\System\nvTwlLJ.exe
2⤵
PID:2208

C:\Windows\System\fplkmFN.exe
C:\Windows\System\fplkmFN.exe
2⤵
PID:6912

C:\Windows\System\utxtwhX.exe
C:\Windows\System\utxtwhX.exe
2⤵
PID:8592

C:\Windows\System\VZgkBpv.exe
C:\Windows\System\VZgkBpv.exe
2⤵
PID:3208

C:\Windows\System\CMLoVgK.exe
C:\Windows\System\CMLoVgK.exe
2⤵
PID:5520

C:\Windows\System\XhuSTIK.exe
C:\Windows\System\XhuSTIK.exe
2⤵
PID:5592

C:\Windows\System\ALueXPo.exe
C:\Windows\System\ALueXPo.exe
2⤵
PID:7348

C:\Windows\System\xetngcO.exe
C:\Windows\System\xetngcO.exe
2⤵
PID:11844

C:\Windows\System\QdCkIwG.exe
C:\Windows\System\QdCkIwG.exe
2⤵
PID:10208

C:\Windows\System\FpcBSpA.exe
C:\Windows\System\FpcBSpA.exe
2⤵
PID:5628

C:\Windows\System\FrsbSjw.exe
C:\Windows\System\FrsbSjw.exe
2⤵
PID:5720

C:\Windows\System\BAXXszV.exe
C:\Windows\System\BAXXszV.exe
2⤵
PID:7148

C:\Windows\System\vqFmPfW.exe
C:\Windows\System\vqFmPfW.exe
2⤵
PID:9260

C:\Windows\System\eTrnpgG.exe
C:\Windows\System\eTrnpgG.exe
2⤵
PID:9136

C:\Windows\System\PMvkCHD.exe
C:\Windows\System\PMvkCHD.exe
2⤵
PID:12180

C:\Windows\System\eikZdCd.exe
C:\Windows\System\eikZdCd.exe
2⤵
PID:1932

C:\Windows\System\gNCoqWY.exe
C:\Windows\System\gNCoqWY.exe
2⤵
PID:9484

C:\Windows\System\iAMDQEQ.exe
C:\Windows\System\iAMDQEQ.exe
2⤵
PID:5368

C:\Windows\System\tmJxqnK.exe
C:\Windows\System\tmJxqnK.exe
2⤵
PID:7304

C:\Windows\System\ncqUhFp.exe
C:\Windows\System\ncqUhFp.exe
2⤵
PID:9724

C:\Windows\System\uuJLLPT.exe
C:\Windows\System\uuJLLPT.exe
2⤵
PID:9904

C:\Windows\System\zazXjMM.exe
C:\Windows\System\zazXjMM.exe
2⤵
PID:12784

C:\Windows\System\AMHOKTc.exe
C:\Windows\System\AMHOKTc.exe
2⤵
PID:12848

C:\Windows\System\PEnpSYv.exe
C:\Windows\System\PEnpSYv.exe
2⤵
PID:5624

C:\Windows\System\BLSfdqV.exe
C:\Windows\System\BLSfdqV.exe
2⤵
PID:13152

C:\Windows\System\HMHSzoF.exe
C:\Windows\System\HMHSzoF.exe
2⤵
PID:11504

C:\Windows\System\PNmFqKa.exe
C:\Windows\System\PNmFqKa.exe
2⤵
PID:9916

C:\Windows\System\QfZbhfs.exe
C:\Windows\System\QfZbhfs.exe
2⤵
PID:4028

C:\Windows\System\PihoKGk.exe
C:\Windows\System\PihoKGk.exe
2⤵
PID:3112

C:\Windows\System\cAJtnOg.exe
C:\Windows\System\cAJtnOg.exe
2⤵
PID:9552

C:\Windows\System\NDivnVd.exe
C:\Windows\System\NDivnVd.exe
2⤵
PID:10380

C:\Windows\System\wYbrShf.exe
C:\Windows\System\wYbrShf.exe
2⤵
PID:8096

C:\Windows\System\ADAWZUz.exe
C:\Windows\System\ADAWZUz.exe
2⤵
PID:1376

C:\Windows\System\MnDjTNe.exe
C:\Windows\System\MnDjTNe.exe
2⤵
PID:9432

C:\Windows\System\bRvoCkk.exe
C:\Windows\System\bRvoCkk.exe
2⤵
PID:10684

C:\Windows\System\vLAtHUc.exe
C:\Windows\System\vLAtHUc.exe
2⤵
PID:11024

C:\Windows\System\CQyoUQL.exe
C:\Windows\System\CQyoUQL.exe
2⤵
PID:10776

C:\Windows\System\jZlVOcs.exe
C:\Windows\System\jZlVOcs.exe
2⤵
PID:3120

C:\Windows\System\ZIUjnUs.exe
C:\Windows\System\ZIUjnUs.exe
2⤵
PID:12944

C:\Windows\System\EpCezPN.exe
C:\Windows\System\EpCezPN.exe
2⤵
PID:6756

C:\Windows\System\kZnhHaY.exe
C:\Windows\System\kZnhHaY.exe
2⤵
PID:7300

C:\Windows\System\cVsnVoz.exe
C:\Windows\System\cVsnVoz.exe
2⤵
PID:11332

C:\Windows\System\KqpSaAH.exe
C:\Windows\System\KqpSaAH.exe
2⤵
PID:11396

C:\Windows\System\LLkOzsP.exe
C:\Windows\System\LLkOzsP.exe
2⤵
PID:11468

C:\Windows\System\aAAeSnu.exe
C:\Windows\System\aAAeSnu.exe
2⤵
PID:3212

C:\Windows\System\DiruaRL.exe
C:\Windows\System\DiruaRL.exe
2⤵
PID:11812

C:\Windows\System\CYyYPDC.exe
C:\Windows\System\CYyYPDC.exe
2⤵
PID:9108

C:\Windows\System\UXPmZuU.exe
C:\Windows\System\UXPmZuU.exe
2⤵
PID:5880

C:\Windows\System\RiMLlCj.exe
C:\Windows\System\RiMLlCj.exe
2⤵
PID:11568

C:\Windows\System\RVOFvlB.exe
C:\Windows\System\RVOFvlB.exe
2⤵
PID:12264

C:\Windows\System\oHdgpRq.exe
C:\Windows\System\oHdgpRq.exe
2⤵
PID:11428

C:\Windows\System\CfQiYLV.exe
C:\Windows\System\CfQiYLV.exe
2⤵
PID:11588

C:\Windows\System\AjlCHSS.exe
C:\Windows\System\AjlCHSS.exe
2⤵
PID:11768

C:\Windows\System\XnBEmLG.exe
C:\Windows\System\XnBEmLG.exe
2⤵
PID:9116

C:\Windows\System\oVgEEZx.exe
C:\Windows\System\oVgEEZx.exe
2⤵
PID:10912

C:\Windows\System\QHyuTsd.exe
C:\Windows\System\QHyuTsd.exe
2⤵
PID:11692

C:\Windows\System\PgeWJnH.exe
C:\Windows\System\PgeWJnH.exe
2⤵
PID:4432

C:\Windows\System\BLfXcIV.exe
C:\Windows\System\BLfXcIV.exe
2⤵
PID:8840

C:\Windows\System\AMmXVhJ.exe
C:\Windows\System\AMmXVhJ.exe
2⤵
PID:4480

C:\Windows\System\ctVNRGa.exe
C:\Windows\System\ctVNRGa.exe
2⤵
PID:12328

C:\Windows\System\prmBDDH.exe
C:\Windows\System\prmBDDH.exe
2⤵
PID:12364

C:\Windows\System\QEjxPXR.exe
C:\Windows\System\QEjxPXR.exe
2⤵
PID:12476

C:\Windows\System\jgdmeBo.exe
C:\Windows\System\jgdmeBo.exe
2⤵
PID:12540

C:\Windows\System\zpuLurB.exe
C:\Windows\System\zpuLurB.exe
2⤵
PID:12596

C:\Windows\System\laMMxEV.exe
C:\Windows\System\laMMxEV.exe
2⤵
PID:12952

C:\Windows\System\zOXQGSh.exe
C:\Windows\System\zOXQGSh.exe
2⤵
PID:12396

C:\Windows\System\rewxWcm.exe
C:\Windows\System\rewxWcm.exe
2⤵
PID:10068

C:\Windows\System\wYCpEaV.exe
C:\Windows\System\wYCpEaV.exe
2⤵
PID:7852

C:\Windows\System\frxHyLv.exe
C:\Windows\System\frxHyLv.exe
2⤵
PID:9880

C:\Windows\System\iRVcnQl.exe
C:\Windows\System\iRVcnQl.exe
2⤵
PID:6716

C:\Windows\System\vshxuUd.exe
C:\Windows\System\vshxuUd.exe
2⤵
PID:10456

C:\Windows\System\FUTSHVn.exe
C:\Windows\System\FUTSHVn.exe
2⤵
PID:3472

C:\Windows\System\xQAblsU.exe
C:\Windows\System\xQAblsU.exe
2⤵
PID:10820

C:\Windows\System\FRMvIcs.exe
C:\Windows\System\FRMvIcs.exe
2⤵
PID:6704

C:\Windows\System\dgQJjqt.exe
C:\Windows\System\dgQJjqt.exe
2⤵
PID:10972

C:\Windows\System\SFHFJKa.exe
C:\Windows\System\SFHFJKa.exe
2⤵
PID:10344

C:\Windows\System\AhoinDZ.exe
C:\Windows\System\AhoinDZ.exe
2⤵
PID:11424

C:\Windows\System\hzbpoJY.exe
C:\Windows\System\hzbpoJY.exe
2⤵
PID:3456

C:\Windows\System\BhPpHSs.exe
C:\Windows\System\BhPpHSs.exe
2⤵
PID:7320

C:\Windows\System\OpUiXqs.exe
C:\Windows\System\OpUiXqs.exe
2⤵
PID:7328

C:\Windows\System\sojlZox.exe
C:\Windows\System\sojlZox.exe
2⤵
PID:4908

C:\Windows\System\EJWwUWL.exe
C:\Windows\System\EJWwUWL.exe
2⤵
PID:12112

C:\Windows\System\sKFrJas.exe
C:\Windows\System\sKFrJas.exe
2⤵
PID:12280

C:\Windows\System\qWepfiP.exe
C:\Windows\System\qWepfiP.exe
2⤵
PID:5312

C:\Windows\System\ZxUDpWP.exe
C:\Windows\System\ZxUDpWP.exe
2⤵
PID:9592

C:\Windows\System\AJycTbq.exe
C:\Windows\System\AJycTbq.exe
2⤵
PID:12508

C:\Windows\System\GITkCqq.exe
C:\Windows\System\GITkCqq.exe
2⤵
PID:10116

C:\Windows\System\rvzOUuF.exe
C:\Windows\System\rvzOUuF.exe
2⤵
PID:9848

C:\Windows\System\oncEMwC.exe
C:\Windows\System\oncEMwC.exe
2⤵
PID:13208

C:\Windows\System\XAZscbu.exe
C:\Windows\System\XAZscbu.exe
2⤵
PID:12592

C:\Windows\System\dpqbcPJ.exe
C:\Windows\System\dpqbcPJ.exe
2⤵
PID:12828

C:\Windows\System\bsVKSDP.exe
C:\Windows\System\bsVKSDP.exe
2⤵
PID:536

C:\Windows\System\oyylgvw.exe
C:\Windows\System\oyylgvw.exe
2⤵
PID:13244

C:\Windows\System\QmEOKdH.exe
C:\Windows\System\QmEOKdH.exe
2⤵
PID:5376

C:\Windows\System\BCPDIhh.exe
C:\Windows\System\BCPDIhh.exe
2⤵
PID:11472

C:\Windows\System\QBxmzjc.exe
C:\Windows\System\QBxmzjc.exe
2⤵
PID:11724

C:\Windows\System\DnyqnxA.exe
C:\Windows\System\DnyqnxA.exe
2⤵
PID:12444

C:\Windows\System\VKbohNM.exe
C:\Windows\System\VKbohNM.exe
2⤵
PID:7468

C:\Windows\System\TnLZRdc.exe
C:\Windows\System\TnLZRdc.exe
2⤵
PID:10732

C:\Windows\System\MuZsuqO.exe
C:\Windows\System\MuZsuqO.exe
2⤵
PID:11432

C:\Windows\System\ilUXNoR.exe
C:\Windows\System\ilUXNoR.exe
2⤵
PID:11672

C:\Windows\System\UpukRDq.exe
C:\Windows\System\UpukRDq.exe
2⤵
PID:4540

C:\Windows\System\kYkHvsg.exe
C:\Windows\System\kYkHvsg.exe
2⤵
PID:6764

C:\Windows\System\FWmrZsS.exe
C:\Windows\System\FWmrZsS.exe
2⤵
PID:12300

C:\Windows\System\bwAzIku.exe
C:\Windows\System\bwAzIku.exe
2⤵
PID:9000

C:\Windows\System\GJTcHQj.exe
C:\Windows\System\GJTcHQj.exe
2⤵
PID:4712

C:\Windows\System\XrPKufi.exe
C:\Windows\System\XrPKufi.exe
2⤵
PID:13340

C:\Windows\System\RXVJSSp.exe
C:\Windows\System\RXVJSSp.exe
2⤵
PID:13368

C:\Windows\System\weWfdzY.exe
C:\Windows\System\weWfdzY.exe
2⤵
PID:13396

C:\Windows\System\OnXzelq.exe
C:\Windows\System\OnXzelq.exe
2⤵
PID:13424

C:\Windows\System\GVSQInf.exe
C:\Windows\System\GVSQInf.exe
2⤵
PID:13452

C:\Windows\System\rnOfXMx.exe
C:\Windows\System\rnOfXMx.exe
2⤵
PID:13480

C:\Windows\System\FrJhqoP.exe
C:\Windows\System\FrJhqoP.exe
2⤵
PID:13508

C:\Windows\System\LJQwZuq.exe
C:\Windows\System\LJQwZuq.exe
2⤵
PID:13536

C:\Windows\System\mYhFdDp.exe
C:\Windows\System\mYhFdDp.exe
2⤵
PID:13564

C:\Windows\System\gJwCJVf.exe
C:\Windows\System\gJwCJVf.exe
2⤵
PID:13592

C:\Windows\System\jjoyibs.exe
C:\Windows\System\jjoyibs.exe
2⤵
PID:13620

C:\Windows\System\ixyDEdX.exe
C:\Windows\System\ixyDEdX.exe
2⤵
PID:13648

C:\Windows\System\DEVbawV.exe
C:\Windows\System\DEVbawV.exe
2⤵
PID:13676

C:\Windows\System\mpoFzeC.exe
C:\Windows\System\mpoFzeC.exe
2⤵
PID:13704

C:\Windows\System\sxIqHTx.exe
C:\Windows\System\sxIqHTx.exe
2⤵
PID:13732

C:\Windows\System\EmxQhMm.exe
C:\Windows\System\EmxQhMm.exe
2⤵
PID:13760

C:\Windows\System\DbsOFTr.exe
C:\Windows\System\DbsOFTr.exe
2⤵
PID:13788

C:\Windows\System\cRtGDNH.exe
C:\Windows\System\cRtGDNH.exe
2⤵
PID:13816

C:\Windows\System\TOVoxNS.exe
C:\Windows\System\TOVoxNS.exe
2⤵
PID:13844

C:\Windows\System\MrPFaAq.exe
C:\Windows\System\MrPFaAq.exe
2⤵
PID:13872

C:\Windows\System\hfJwvSw.exe
C:\Windows\System\hfJwvSw.exe
2⤵
PID:13900

C:\Windows\System\PjsCALX.exe
C:\Windows\System\PjsCALX.exe
2⤵
PID:13928

C:\Windows\System\hpaVwAp.exe
C:\Windows\System\hpaVwAp.exe
2⤵
PID:13956

C:\Windows\System\NTHeJie.exe
C:\Windows\System\NTHeJie.exe
2⤵
PID:13984

C:\Windows\System\akjyusT.exe
C:\Windows\System\akjyusT.exe
2⤵
PID:14012

C:\Windows\System\vKGPmCX.exe
C:\Windows\System\vKGPmCX.exe
2⤵
PID:14040

C:\Windows\System\HRjKRFa.exe
C:\Windows\System\HRjKRFa.exe
2⤵
PID:14068

C:\Windows\System\MlQlgbO.exe
C:\Windows\System\MlQlgbO.exe
2⤵
PID:14096

C:\Windows\System\ifNFoHj.exe
C:\Windows\System\ifNFoHj.exe
2⤵
PID:14124

C:\Windows\System\QsacffD.exe
C:\Windows\System\QsacffD.exe
2⤵
PID:14152

C:\Windows\System\jMcoCDv.exe
C:\Windows\System\jMcoCDv.exe
2⤵
PID:14180

C:\Windows\System\RZSDSBs.exe
C:\Windows\System\RZSDSBs.exe
2⤵
PID:14208

C:\Windows\System\AAsbVlw.exe
C:\Windows\System\AAsbVlw.exe
2⤵
PID:14236

C:\Windows\System\JThJRDC.exe
C:\Windows\System\JThJRDC.exe
2⤵
PID:14264

C:\Windows\System\kfIRZoT.exe
C:\Windows\System\kfIRZoT.exe
2⤵
PID:14292

C:\Windows\System\wGLaAzX.exe
C:\Windows\System\wGLaAzX.exe
2⤵
PID:14320

C:\Windows\System\zrurjqp.exe
C:\Windows\System\zrurjqp.exe
2⤵
PID:13348

C:\Windows\System\tvDWKje.exe
C:\Windows\System\tvDWKje.exe
2⤵
PID:13412

C:\Windows\System\lvlskpn.exe
C:\Windows\System\lvlskpn.exe
2⤵
PID:9544

C:\Windows\System\XbizIGB.exe
C:\Windows\System\XbizIGB.exe
2⤵
PID:13524

C:\Windows\System\qBZPCys.exe
C:\Windows\System\qBZPCys.exe
2⤵
PID:13588

C:\Windows\System\qoFEUJm.exe
C:\Windows\System\qoFEUJm.exe
2⤵
PID:13656

C:\Windows\System\cKvflhJ.exe
C:\Windows\System\cKvflhJ.exe
2⤵
PID:13720

C:\Windows\System\APJxgaJ.exe
C:\Windows\System\APJxgaJ.exe
2⤵
PID:13784

C:\Windows\System\JBwYuoH.exe
C:\Windows\System\JBwYuoH.exe
2⤵
PID:13852

C:\Windows\System\KAoPWRd.exe
C:\Windows\System\KAoPWRd.exe
2⤵
PID:13916

C:\Windows\System\EsdMhkA.exe
C:\Windows\System\EsdMhkA.exe
2⤵
PID:13980

C:\Windows\System\MXiwcoz.exe
C:\Windows\System\MXiwcoz.exe
2⤵
PID:14048

C:\Windows\System\ejtpaRz.exe
C:\Windows\System\ejtpaRz.exe
2⤵
PID:14104

C:\Windows\System\ffyQmBm.exe
C:\Windows\System\ffyQmBm.exe
2⤵
PID:14176

C:\Windows\System\oQoSwpS.exe
C:\Windows\System\oQoSwpS.exe
2⤵
PID:14244

C:\Windows\System\EiLytVI.exe
C:\Windows\System\EiLytVI.exe
2⤵
PID:14308

C:\Windows\System\ygaPVgF.exe
C:\Windows\System\ygaPVgF.exe
2⤵
PID:13404

C:\Windows\System\sMbiNnU.exe
C:\Windows\System\sMbiNnU.exe
2⤵
PID:1568

C:\Windows\System\rxxswUW.exe
C:\Windows\System\rxxswUW.exe
2⤵
PID:1400

C:\Windows\System\jFsqmoz.exe
C:\Windows\System\jFsqmoz.exe
2⤵
PID:13756

C:\Windows\System\KPyIhza.exe
C:\Windows\System\KPyIhza.exe
2⤵
PID:13908

C:\Windows\System\StwpEfr.exe
C:\Windows\System\StwpEfr.exe
2⤵
PID:14064

C:\Windows\System\VwGSUeF.exe
C:\Windows\System\VwGSUeF.exe
2⤵
PID:12316

C:\Windows\System\AMHrgIa.exe
C:\Windows\System\AMHrgIa.exe
2⤵
PID:14280

C:\Windows\System\dxBszSH.exe
C:\Windows\System\dxBszSH.exe
2⤵
PID:12980

C:\Windows\System\qiDjcKw.exe
C:\Windows\System\qiDjcKw.exe
2⤵
PID:13804

C:\Windows\System\sIbnIAh.exe
C:\Windows\System\sIbnIAh.exe
2⤵
PID:14112

C:\Windows\System\CKYiMrn.exe
C:\Windows\System\CKYiMrn.exe
2⤵
PID:13476

C:\Windows\System\UehRiKk.exe
C:\Windows\System\UehRiKk.exe
2⤵
PID:14160

C:\Windows\System\lHgawzg.exe
C:\Windows\System\lHgawzg.exe
2⤵
PID:13888

C:\Windows\System\aXPAFEF.exe
C:\Windows\System\aXPAFEF.exe
2⤵
PID:14364

C:\Windows\System\MjURnBL.exe
C:\Windows\System\MjURnBL.exe
2⤵
PID:14392

C:\Windows\System\vrjNYtI.exe
C:\Windows\System\vrjNYtI.exe
2⤵
PID:14420

C:\Windows\System\muaXfss.exe
C:\Windows\System\muaXfss.exe
2⤵
PID:14448

C:\Windows\System\XolVvIr.exe
C:\Windows\System\XolVvIr.exe
2⤵
PID:14476

C:\Windows\System\Dkxkxeu.exe
C:\Windows\System\Dkxkxeu.exe
2⤵
PID:14504

C:\Windows\System\ckReOty.exe
C:\Windows\System\ckReOty.exe
2⤵
PID:14532

C:\Windows\System\GTmPWdS.exe
C:\Windows\System\GTmPWdS.exe
2⤵
PID:14560

C:\Windows\System\hWoaaIb.exe
C:\Windows\System\hWoaaIb.exe
2⤵
PID:14588

C:\Windows\System\EWrqQEZ.exe
C:\Windows\System\EWrqQEZ.exe
2⤵
PID:14616

C:\Windows\System\GvcYjNZ.exe
C:\Windows\System\GvcYjNZ.exe
2⤵
PID:14644

C:\Windows\System\SVPgoxB.exe
C:\Windows\System\SVPgoxB.exe
2⤵
PID:14672

C:\Windows\System\viAURFn.exe
C:\Windows\System\viAURFn.exe
2⤵
PID:14700

C:\Windows\System\IlYNuAt.exe
C:\Windows\System\IlYNuAt.exe
2⤵
PID:15008

C:\Windows\System\prguXuu.exe
C:\Windows\System\prguXuu.exe
2⤵
PID:15040

C:\Windows\System\uNPavxx.exe
C:\Windows\System\uNPavxx.exe
2⤵
PID:15068

C:\Windows\System\idweMcj.exe
C:\Windows\System\idweMcj.exe
2⤵
PID:15096

C:\Windows\System\vKXtMfZ.exe
C:\Windows\System\vKXtMfZ.exe
2⤵
PID:15124

C:\Windows\System\eONTlJz.exe
C:\Windows\System\eONTlJz.exe
2⤵
PID:15152

C:\Windows\System\YVNljZW.exe
C:\Windows\System\YVNljZW.exe
2⤵
PID:15180

C:\Windows\System\ZXuACUv.exe
C:\Windows\System\ZXuACUv.exe
2⤵
PID:15200

C:\Windows\System\IsHbgEX.exe
C:\Windows\System\IsHbgEX.exe
2⤵
PID:15248

C:\Windows\System\aZKyFTU.exe
C:\Windows\System\aZKyFTU.exe
2⤵
PID:14520

C:\Windows\System\KhseiwL.exe
C:\Windows\System\KhseiwL.exe
2⤵
PID:14632

C:\Windows\System\ltxMuXS.exe
C:\Windows\System\ltxMuXS.exe
2⤵
PID:14728

C:\Windows\System\jNUdkBO.exe
C:\Windows\System\jNUdkBO.exe
2⤵
PID:8056

C:\Windows\System\weWsTSo.exe
C:\Windows\System\weWsTSo.exe
2⤵
PID:5648

C:\Windows\System\JUbDPKe.exe
C:\Windows\System\JUbDPKe.exe
2⤵
PID:836

C:\Windows\System\fftBIeA.exe
C:\Windows\System\fftBIeA.exe
2⤵
PID:9492

C:\Windows\System\LyIHmRw.exe
C:\Windows\System\LyIHmRw.exe
2⤵
PID:32

C:\Windows\System\zxqSaMq.exe
C:\Windows\System\zxqSaMq.exe
2⤵
PID:15240

C:\Windows\System\OqHVkSM.exe
C:\Windows\System\OqHVkSM.exe
2⤵
PID:15264

C:\Windows\System\HqJmpDw.exe
C:\Windows\System\HqJmpDw.exe
2⤵
PID:15288

C:\Windows\System\lFxhEIm.exe
C:\Windows\System\lFxhEIm.exe
2⤵
PID:15312

C:\Windows\System\DYotvZq.exe
C:\Windows\System\DYotvZq.exe
2⤵
PID:15340

C:\Windows\System\KpfqjCF.exe
C:\Windows\System\KpfqjCF.exe
2⤵
PID:14344

C:\Windows\System\QUGvkhI.exe
C:\Windows\System\QUGvkhI.exe
2⤵
PID:14388

C:\Windows\System\RVkefHw.exe
C:\Windows\System\RVkefHw.exe
2⤵
PID:14624

C:\Windows\System\KwGKNuV.exe
C:\Windows\System\KwGKNuV.exe
2⤵
PID:14764

C:\Windows\System\VlxAvRx.exe
C:\Windows\System\VlxAvRx.exe
2⤵
PID:3144

C:\Windows\System\hzPrdcL.exe
C:\Windows\System\hzPrdcL.exe
2⤵
PID:14820

C:\Windows\System\jdXKZwL.exe
C:\Windows\System\jdXKZwL.exe
2⤵
PID:14844

C:\Windows\System\xKCyhIw.exe
C:\Windows\System\xKCyhIw.exe
2⤵
PID:6596

C:\Windows\System\OWaKCvJ.exe
C:\Windows\System\OWaKCvJ.exe
2⤵
PID:14972

C:\Windows\System\qLKQtLW.exe
C:\Windows\System\qLKQtLW.exe
2⤵
PID:3624

C:\Windows\System\UUoTGjl.exe
C:\Windows\System\UUoTGjl.exe
2⤵
PID:15056

C:\Windows\System\BypuMqe.exe
C:\Windows\System\BypuMqe.exe
2⤵
PID:6272

C:\Windows\System\GATgeQj.exe
C:\Windows\System\GATgeQj.exe
2⤵
PID:9020

C:\Windows\System\hGMYRPF.exe
C:\Windows\System\hGMYRPF.exe
2⤵
PID:6844

C:\Windows\System\EWqGIpI.exe
C:\Windows\System\EWqGIpI.exe
2⤵
PID:10016

C:\Windows\System\acFRZEf.exe
C:\Windows\System\acFRZEf.exe
2⤵
PID:2032

C:\Windows\System\YLBNqAG.exe
C:\Windows\System\YLBNqAG.exe
2⤵
PID:7832

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12632

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6972

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3216

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:8772

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:6768

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iilhijpk.cza.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AXYExcc.exe
Filesize
2.8MB

MD5
ca07c3319a14c3bcbc0202f32bdcf5fa

SHA1
586e6bdf99783d3b8aa8949b329a583d766b121a

SHA256
4f5cac5982ccc22f4fbc5641eb3308a4574ddc9c10e363708874181adee484c0

SHA512
5515f4e27d80ab7e04cf6633b4489e1b8089fb44871ebdfaee444639debcda294f21a6c23a7d22a3d4d2df64b77658614fbdd195e90d390a830f484fa21f9100

Download Submit
C:\Windows\System\FZRnRVt.exe
Filesize
2.8MB

MD5
4b39c555febc5b59eaf67f567660cfbc

SHA1
c20e67157f67148951da87581162a5f66fe6f432

SHA256
53a205b0d86d6ec765e9bb1fe87f60c37def1f1927525f9432053d419ab4101f

SHA512
6b831dd660a8b8e917bacc98764b2c942506b5ca9f91ffa38ac6172902c8c2344fd883adf6bac7dd1fb15f6ff4fa2007b109182ddfaa2f8e86714b7e991a5016

Download Submit
C:\Windows\System\HCJAWWk.exe
Filesize
2.8MB

MD5
150a036e9206f4c89ec1a25cc415a395

SHA1
879059a2cb191a868eb7545813434e07972c09d4

SHA256
7fc486e33fd5f5fd4214f549ca30977a14867c3242de0e812ae8ead4bd93671b

SHA512
28f17d48ade8b1f214918d9f8305b5848c5e4e08c49b852eb73b47673b3a6fd72db30b844173eadd393c3973868effdf97371bac349498ca6a2991e51f886015

Download Submit
C:\Windows\System\IVbkugq.exe
Filesize
2.8MB

MD5
99e6d3e1588e1f3b860fd9ab036028eb

SHA1
a9d250a9d039045b754082b527589507bd343856

SHA256
63544319e75cf7aee0e2048596b4258c02d611d7997ce41a2190e9545e4f1c69

SHA512
e205104fdb2d9be0c20c7c6eb9acfa6b3472199969b3e8caaedf963e034ecaf5c8ad51b4803f15c1109bb2b2e469d74baa1b62fecbd3f23add6fdfa66721e2f1

Download Submit
C:\Windows\System\InjzHkf.exe
Filesize
2.8MB

MD5
4639e037dc49da0cf302c43cecf5d5ec

SHA1
924acf9b81ca693ca51c24d67c6aa7ca71f7ffe7

SHA256
a4548bd9d967ff8a11fb1cb6f138fc277a8aeb58ccce0d769fea71f52a751f6f

SHA512
95db0e768602263df549e3cd25cebcbf1082452dc762be35d3917645b39dc260d59d2eba6fac0014624da560c9d9cdda5bfbb11032377d47135f1d4aa006b7e1

Download Submit
C:\Windows\System\LCNxijB.exe
Filesize
2.8MB

MD5
0e5f26f3ca8e84a12bed57d6adf6b128

SHA1
4436ac66f568f3d06f9d9ffb884b36e60ba79082

SHA256
cbdac18a35dfa69d2e438c5ba3fec12923858dcdc1d566f9a59207c517597d7b

SHA512
fd39bd1553f1d220cdf511bc66d7f1fa48248046c543554a71b42419e0a0034a60a45431237a5c2870c0dda31e27a58d9ea42ef4cc5d91ecf5296507fb37d60f

Download Submit
C:\Windows\System\MALZfQm.exe
Filesize
2.8MB

MD5
f00577c47f9a735658656cbc0b7996d5

SHA1
a5718066350ceffb64c123a51cd1982ea4a424d2

SHA256
83eeeecad806e445a75819e39b809ca19be12b0f23784358696bdd3778d52be3

SHA512
526865baf8a925440f790a1561262316808978960e967f601b8b1a8ab13e5a9b28129b7bd52410f0419716e2e0b1d1af3c47eb9b44394329e29f70606ac217be

Download Submit
C:\Windows\System\NDvAwnJ.exe
Filesize
2.8MB

MD5
39cb1a6d0cf2e72c73bedeaadc0550ba

SHA1
63de12929cca0e9cb103b74822a521a26e90501b

SHA256
defbf312ba159e3539f4c369296f7ce578866a6c30acdb474a89ac394e0b5913

SHA512
41e02de43b1036315ed1e7a7ee6c99379df0cf1af14d59929282b8e22f915887764ec3ee571326d129768ca13cafa37dbcd0c2b236b76ab6917004cf26c4c6fa

Download Submit
C:\Windows\System\NYNLrzL.exe
Filesize
2.8MB

MD5
c7f4f920b000fa8d98212b27f97f1eef

SHA1
f65a4d2a2d274e73889ec7829c0bc68ec48cb052

SHA256
3d0040828c8e34729cee226b2299128e6d9148d29427e53db330c9bf323ba2ca

SHA512
6f3fcaef363846eb65c9f6904b601f5062fd6e0d811fc609ad9c3fed2dc026c70d2a8b17fba9bd62d03557e8d6b6448dac0cfcdd92e27729461aff9651ff2e91

Download Submit
C:\Windows\System\SaySApp.exe
Filesize
2.8MB

MD5
58fc6417eaa53a88c4c015523daa9e66

SHA1
100af60c4a4a4e9aef1aa4ebd344d670f577e149

SHA256
5dbb7940325f9e751e5888729631c5263e4b49b17a82a3612a0b10f059070620

SHA512
17080d138c655e6e6a62c559318ad0ee639b5da5bf45c18901b3ee0b656946162312413a062c4c2adf8896f02e4dd2faaa6ab14b5f45d2c6110bb043a0468744

Download Submit
C:\Windows\System\TFWjilp.exe
Filesize
2.8MB

MD5
aaf01ccfe4199faa05e24131d40650d2

SHA1
e98f00ceb5ffae4b72b783fb1df94bb3f16ebdd4

SHA256
bd1856f4f2a21ccf44030a26d5c713580ca526dcf1c4153fdccf508ee62c9911

SHA512
cc8855300e0b52bfa03c83645e4d0a8d95956106321cf1cca2c8d81e0a7dfca078e8d4c864a2ae2430dd8f3af1060449d53add54fd7aae306e8a29a676d682e6

Download Submit
C:\Windows\System\TueRWWA.exe
Filesize
2.8MB

MD5
f4dda76c549e812e4373eb9ef9098d3a

SHA1
128bddf8c6a86697b1b01f207c340218477accca

SHA256
216893c6e61b11383fb99b0eed2f2bb55cc73226f2fa5412e3d7906e1454a003

SHA512
0a51155445a5b3f5aba3d493ec4ad34f9bb3005ce7cb0fbd372be1fb975193f488576117dd36c912d4ca16bcdd3e1a4d9b66d7d02852e0a167fc5a0c050a23ce

Download Submit
C:\Windows\System\UFQoZDU.exe
Filesize
2.8MB

MD5
ece759db058d73d7c1298bb24a7a07ad

SHA1
674130efc70659947ee4f6eb13ec7aaf655d3e57

SHA256
d614793a1237ec4e5be735d1bd7e0de0f83ffcce134201b13f1cc2a6651435b1

SHA512
009e1f33c69ce352a4cb70488cf1a91b9bd474dad616d606f6c262a078d67f714882a17aec258eaf7c3a0e58d48323d559e1a8181095ff49535cb79673e21b05

Download Submit
C:\Windows\System\VIQtZxZ.exe
Filesize
2.8MB

MD5
1324f1e7b58cb903146d3242d59cea03

SHA1
d0c83187e8a5a295870a4b1ce6873e07014e01cd

SHA256
f9b7accd7d65710467cb7c6f87e3f9f264791bc047676261d76d5cfdc2223c66

SHA512
ac03b6b869665e4b08aaa2eb23c42b020823ebf8d0417ddb98d8246a6ac99a03383f97df5526a6b371c0418dde2cce25156fa6f64bb5f8059697674dc4fba1c8

Download Submit
C:\Windows\System\VPWDZpF.exe
Filesize
2.8MB

MD5
2fdeb3b5a7bc535b21de6c2d05606388

SHA1
58f238c6b33ef543ea167665a3e9e7dd70360cad

SHA256
f121bd493008c55083ba453f774f94a4ae16c4cb0356551e5d1e6318337a2e92

SHA512
a11a3c843046a2b495c9b69e1d6375837e72553a41ca1bbc3e36deb9b28ddd4ab2ce21ac0c0a9de5929ed2176e89cc141301821733aa3b0c2ed3c2b4d0788c0a

Download Submit
C:\Windows\System\VYEfXWG.exe
Filesize
2.8MB

MD5
bb8c7a33f58a480b52775e6e94dd17e6

SHA1
cd8e8888161b18ba9d6d4034912bab6a3a7e315f

SHA256
4ad773faf43e02643ea71de5836c71f0e105373bcb882a29f53fe810bb27e984

SHA512
0d6de5b0e5fc7b4522fa7cc20f4eae788b3016c2c3dc395705d007edcca301d8410253a1ace8a5bf38f1a6bbb42de657b731be12667f41f3cf3a602725ac2999

Download Submit
C:\Windows\System\VieJoKl.exe
Filesize
2.8MB

MD5
63b25179e9d2acd59e146154428a48fa

SHA1
ff826239c969cc8ec46f8d5cf305700f381f57b4

SHA256
d32d69f31c84d36e9fc60755b440ce9f5daf7437f06bb58a378707f79ecb0b55

SHA512
61f2d3bb7ccbecfed0983ba80f07e45b75583480e0d26e5fb1b8f221f8d92ed8b0317a8fab6bc366463d5ae952e44dfb044eddc3e224964bb77be37be5a6e88e

Download Submit
C:\Windows\System\XmiZwhp.exe
Filesize
2.8MB

MD5
efb37f57a4694c72ef237797e09833bb

SHA1
63509e5afd1a4a257ecf814f95b8fa20764fe1f9

SHA256
10ca714ddbf977619e1b8387d3ac98defb8702b0ee86faa4fb5b9851f2b87781

SHA512
3faf147b64bbd698d155572b016cc3c1eb93b475614976a23ca8611fa9c05315940e85df1a59854ea371b91054851002dc83dc7ec3eec6f5b011a683b9829cbe

Download Submit
C:\Windows\System\ZCNnWer.exe
Filesize
2.8MB

MD5
8f6cf830488911db2e9be78818a4e822

SHA1
d192f3dfaad3d15d559428921560d4ebe6ae0a28

SHA256
74ede85b6c72d948c1e60099b0431efa34132fed9ed44ca5334d9f1a6ebef443

SHA512
329ebd24a9bfeaa1d572f2b8ac4360a047cc9b05ba169516769acc9bb7247ca443441f5893016139f204d67c3487b969d5f561cd7484bf932da7ea5e3846df4b

Download Submit
C:\Windows\System\aRDTHLw.exe
Filesize
2.8MB

MD5
39f676c8235f3f9a0759aa53a568eeba

SHA1
52673cf8a8f2650534d211ba6b90c1aa90d15d97

SHA256
10cf840bb3041125287c41855a2d98b3d9f801793de4b5c97bed98b243a83a87

SHA512
598b5e0e0538c0cd82feaad73635d8f6f1cb95e9bc2fc829b4f68c04838e73fd8eed32a1c5f4c02c0ee684128cabd17b4059bd67414be37b7193c910d653e447

Download Submit
C:\Windows\System\bunMLVs.exe
Filesize
2.8MB

MD5
fda19948244b316e0c2cb0daf4ff0ae9

SHA1
e8ca49084d51fc40fce6dd54aa31cc6586cee2a3

SHA256
45ae7dd81e80b53acd96a49d9c34f58faadb60cc1b55e06ca33cc456031e4193

SHA512
51447d646274f0e8c318104c017b25a95b90f56a99f04b0ea380760c645aed667b9a77ea5761010a4ff799d97452c53504021f6d50f7a383764fcd373f414acc

Download Submit
C:\Windows\System\ffyeQhs.exe
Filesize
8B

MD5
66bd487d69202ef8b2b1bb2e1931ebf3

SHA1
6297e827d2cc12ba96555851f82fc059665704b0

SHA256
4443ea8760d035c6b4f05df6df4c7e7ad9c5afa8dead954bce57dab5a5afcf1e

SHA512
9e09fc0a19c454ee0cecdc74d2823aed9c4a94ebbcd2ca5a3004beafcda66afd0bc9b7ffcaee69b05991566849eedce2fe3d3b28ecd596511f3194e8d04c5acc

Download Submit
C:\Windows\System\ghGYKWb.exe
Filesize
2.8MB

MD5
6ac2989e22292974d529ab741be478c4

SHA1
641099df91f207ad00ef5c458db671ea4c38c5e9

SHA256
6caa3e7f6d4764dd041e00832912abacc942c3a4e4cb64aa1fe6db23b816686b

SHA512
4fbeb0f2b9331efa64359b965e3fc5e8a3e99f83ce404b2b4579051ff256770b1551c96ecc9ab8fb51f10065e2ec3c00f8220d34110bb62f5a7f31c7004d3153

Download Submit
C:\Windows\System\hNtBuls.exe
Filesize
2.8MB

MD5
aa74fddf3a114c42c588ae3f60e747d5

SHA1
ec6bd4ce0f635b3ed0e541e0dac5a3ced412dd86

SHA256
d750d6d1b958912dfd4086a66365944f0d46f1aaa4d25c21293a0fd6e04cfcca

SHA512
7031d3387e989490b1c596f7e960890c5ee615991b1c07deadf59db11291ba9a2beb3b2b9912d1fbc01336fbffa5593d8aff71e0352167473d1d801de956eb2c

Download Submit
C:\Windows\System\jxpgEmg.exe
Filesize
2.8MB

MD5
10ebc34047bafc12257c69210d5fa044

SHA1
cb70e2fb08a8890687275be4b018fdef2a96d6e6

SHA256
a53239b35bc6e8d0b087c7c9e7aa2021e5e5ed7538da783eedfbab24c7d64f62

SHA512
59ae81e7c19fd9998e93758559db28f84124bd2688b35fe1548b91fb1085735f114daa6c76427e4aa14737aaf73047d923d4eef621b24c45e5132e2c15e3d62a

Download Submit
C:\Windows\System\lTIpkBS.exe
Filesize
2.8MB

MD5
5d7a5ed0468d4cec7d120c9bd90ab610

SHA1
3ee18da6140ce07a932278e01ba0d7c7b19d6846

SHA256
01aed0c0190d1bed189980d7290a8cf35a79ef0d138352f314d1ca41bb1e9ff4

SHA512
dc18c8285a644784309b11e2bb0020d4c0ab7b556e26d53c9b477bdef10f3c0a30c313af237ed986c7323fa6e980209d0170144958a7c216bcddf08da809a4e6

Download Submit
C:\Windows\System\pXGiGpy.exe
Filesize
2.8MB

MD5
6891f466b808c53a6fea075b353c0e2c

SHA1
7ac55c5f1cc17d963ea8d76ef5be7d3ac14ad2d2

SHA256
a26d2fbdef034e5739e1f3262e6618216db8d189cd982922f4a1824124d3e01f

SHA512
90ce505870ebf000a95fe91e1db9edb83ce2830d8ddc200ac31158db62e60d52518c2565d21bd27ecc17ac23093069b6dc4e1bb0ca02da964723a1a7a084b518

Download Submit
C:\Windows\System\qUgKBTj.exe
Filesize
2.8MB

MD5
dae5458cd5c5a89b55e0c1e98a0b5103

SHA1
1061747acb8e00c0cd3cc77c4a3b28e25cb47c7c

SHA256
c04a81ee12768da6b316d45dff9c56c2e18f15b8b32138b9beac410d74eb0e51

SHA512
f54424c7722397b9fad6d5cd07ce7ee49507891a7770a183046f21f898c77b17872d447ad393a765bc10236caee75e25d2e9afbd1fb1937fa977438c30d76d98

Download Submit
C:\Windows\System\rqpilOI.exe
Filesize
2.8MB

MD5
d0c55fd30dea5c4a0dbd8415770c4d95

SHA1
7480f514ee2348dd41c9b8b2ecdc4fa2067651f6

SHA256
7da7faf99319f1c3be78f06b97d2a415edce52c90b58c64b0c00833046127261

SHA512
477dab272e8dfa1f8129681de67182649162326dff0ecf23d01251eb2552dfb152fd1a25fa7387a086ed6ec718c24855a045bd7a00a828b97ae7ded69bb01283

Download Submit
C:\Windows\System\uxSOpfb.exe
Filesize
2.8MB

MD5
108d69894b93c37524fd419c48ea533a

SHA1
51cdfa14ecf0eb34e1cd2059015018dd9c5617ed

SHA256
6a5f926b44e3612b6e70cf4db7102963c7661c1b2e94b699b498d329ca8efb98

SHA512
18c3131f3100bdf929ac641a8a09b6a6335507e0d337b4f1170b2943b90da111b89f7388ff0146d1662b95e9fd75225186a01f2c0d52322dbbdb8e771c21ee8d

Download Submit
C:\Windows\System\vCjTuPT.exe
Filesize
2.8MB

MD5
be6d04e240bfe86c2d4c0443fe851039

SHA1
58a625656d27078f6d361ffc56ce7574b4c575b1

SHA256
7630bae1c61eab70ef490489ea3e8b7eb58e5e76ec98bec2b2bee8304ddd56e2

SHA512
a3070386be8a4ff51774127f1c4d460e3afa47ba74bac2548d45881db7f0151abff916061e93e2b71e7dd6848ceada6419c9f863588553c60c35f79d59f8010f

Download Submit
C:\Windows\System\xBIHgNQ.exe
Filesize
2.8MB

MD5
4ca062e159e10b42f417f78969417fa1

SHA1
49f76590775d9f97e24dbafe8a0adfdcb31a228f

SHA256
1e237fbaa32b9674821a6a7b782f3659443553d22aa5045715f2bb4359bb1980

SHA512
dad5dae5dddaf19ccc1780fe727eb1503e9c0d169e4a52e71cff13325eeaa3ee538398eaa1b518080158baf13bcdc981ef612ca7855dc89338df5ac02973164d

Download Submit
C:\Windows\System\xLQAdFC.exe
Filesize
2.8MB

MD5
6c90c565e68aa37b7d9effd1f64dc469

SHA1
9ec2029b65c3093bccc45e162ccc474be4edf8ba

SHA256
067a57ee73670a6916d2518107b1849f193bf9657f67e94b9b9c7d898779b700

SHA512
000724fa2b8c67be07a7cd4e3f0c4686b68719aba519bf9ecdd0310755c96f5a022d164dd158f08c10faefa6f25bd1b935c44d61cbdb1708a1965c65affdb92e

Download Submit
C:\Windows\System\xSXyJSA.exe
Filesize
2.8MB

MD5
e882e992b7f334ca5509a594c4c5298a

SHA1
f385bb2b1b4e0d305ebabe5933d3103308c48e62

SHA256
4068f646fea74e86e0601561c346519df27235bfdcbf526cdc8f9ee0d26370c5

SHA512
8ef031f269f6e6e3f4fe3831b50d46f982dd73762143243a02d678b709ee07558858eeffdfe0219dceff4ce32933e838e9363275a1b2c247ce681a4dcee0ee71

Download Submit
C:\Windows\System\yvfbDyZ.exe
Filesize
18B

MD5
bde15b2ead8c80bd9adb93196fa26dbd

SHA1
dc2f51a48e5d52847073f853245e5bf80527fa84

SHA256
897a554176d39e9ef1a3494c4af72e02ec36d8ca92881b63e220a966c7aa27fe

SHA512
6a8b4d4b782e0d5eb3f0177188a94042b4c9e59512454c55775a50f9b1a123a2a12f4522c49fed572948865a1b6160bc9ec1d35a4c5a7500be5c6e91edfa9d45

Download Submit
memory/940-0-0x00007FF7F0140000-0x00007FF7F0536000-memory.dmp

Filesize
4.0MB

Download
memory/940-1-0x0000028494740000-0x0000028494750000-memory.dmp

Filesize
64KB

Download
memory/1048-200-0x00007FF6B69F0000-0x00007FF6B6DE6000-memory.dmp

Filesize
4.0MB

Download
memory/1048-3897-0x00007FF6B69F0000-0x00007FF6B6DE6000-memory.dmp

Filesize
4.0MB

Download
memory/1548-35-0x00007FF71B0F0000-0x00007FF71B4E6000-memory.dmp

Filesize
4.0MB

Download
memory/1548-3874-0x00007FF71B0F0000-0x00007FF71B4E6000-memory.dmp

Filesize
4.0MB

Download
memory/1556-3892-0x00007FF795630000-0x00007FF795A26000-memory.dmp

Filesize
4.0MB

Download
memory/1556-222-0x00007FF795630000-0x00007FF795A26000-memory.dmp

Filesize
4.0MB

Download
memory/1788-3901-0x00007FF698040000-0x00007FF698436000-memory.dmp

Filesize
4.0MB

Download
memory/1788-135-0x00007FF698040000-0x00007FF698436000-memory.dmp

Filesize
4.0MB

Download
memory/1920-195-0x00007FF743370000-0x00007FF743766000-memory.dmp

Filesize
4.0MB

Download
memory/2440-3900-0x00007FF6F8F90000-0x00007FF6F9386000-memory.dmp

Filesize
4.0MB

Download
memory/2440-189-0x00007FF6F8F90000-0x00007FF6F9386000-memory.dmp

Filesize
4.0MB

Download
memory/2520-3903-0x00007FF7C48A0000-0x00007FF7C4C96000-memory.dmp

Filesize
4.0MB

Download
memory/2520-175-0x00007FF7C48A0000-0x00007FF7C4C96000-memory.dmp

Filesize
4.0MB

Download
memory/2704-201-0x00007FF6F0080000-0x00007FF6F0476000-memory.dmp

Filesize
4.0MB

Download
memory/2704-3898-0x00007FF6F0080000-0x00007FF6F0476000-memory.dmp

Filesize
4.0MB

Download
memory/3324-3907-0x00007FF75B9E0000-0x00007FF75BDD6000-memory.dmp

Filesize
4.0MB

Download
memory/3324-191-0x00007FF75B9E0000-0x00007FF75BDD6000-memory.dmp

Filesize
4.0MB

Download
memory/3512-197-0x00007FF637300000-0x00007FF6376F6000-memory.dmp

Filesize
4.0MB

Download
memory/3512-3896-0x00007FF637300000-0x00007FF6376F6000-memory.dmp

Filesize
4.0MB

Download
memory/3724-193-0x00007FF6768B0000-0x00007FF676CA6000-memory.dmp

Filesize
4.0MB

Download
memory/3724-3891-0x00007FF6768B0000-0x00007FF676CA6000-memory.dmp

Filesize
4.0MB

Download
memory/3800-116-0x00007FF654AB0000-0x00007FF654EA6000-memory.dmp

Filesize
4.0MB

Download
memory/3800-3880-0x00007FF654AB0000-0x00007FF654EA6000-memory.dmp

Filesize
4.0MB

Download
memory/4032-199-0x00007FF797730000-0x00007FF797B26000-memory.dmp

Filesize
4.0MB

Download
memory/4032-3906-0x00007FF797730000-0x00007FF797B26000-memory.dmp

Filesize
4.0MB

Download
memory/4060-14-0x00007FF7DAD20000-0x00007FF7DB116000-memory.dmp

Filesize
4.0MB

Download
memory/4060-3867-0x00007FF7DAD20000-0x00007FF7DB116000-memory.dmp

Filesize
4.0MB

Download
memory/4148-194-0x00007FF72DBF0000-0x00007FF72DFE6000-memory.dmp

Filesize
4.0MB

Download
memory/4148-3895-0x00007FF72DBF0000-0x00007FF72DFE6000-memory.dmp

Filesize
4.0MB

Download
memory/4180-2612-0x00007FF633030000-0x00007FF633426000-memory.dmp

Filesize
4.0MB

Download
memory/4180-62-0x00007FF633030000-0x00007FF633426000-memory.dmp

Filesize
4.0MB

Download
memory/4180-3893-0x00007FF633030000-0x00007FF633426000-memory.dmp

Filesize
4.0MB

Download
memory/4216-190-0x00007FF6FB300000-0x00007FF6FB6F6000-memory.dmp

Filesize
4.0MB

Download
memory/4216-3905-0x00007FF6FB300000-0x00007FF6FB6F6000-memory.dmp

Filesize
4.0MB

Download
memory/4376-187-0x00007FF7CC580000-0x00007FF7CC976000-memory.dmp

Filesize
4.0MB

Download
memory/4376-3902-0x00007FF7CC580000-0x00007FF7CC976000-memory.dmp

Filesize
4.0MB

Download
memory/4460-3248-0x00007FFE31143000-0x00007FFE31145000-memory.dmp

Filesize
8KB

Download
memory/4460-188-0x0000021C2B8A0000-0x0000021C2B8C2000-memory.dmp

Filesize
136KB

Download
memory/4460-233-0x0000021C2C450000-0x0000021C2CBF6000-memory.dmp

Filesize
7.6MB

Download
memory/4460-28-0x00007FFE31143000-0x00007FFE31145000-memory.dmp

Filesize
8KB

Download
memory/4460-15-0x0000021C296A0000-0x0000021C296B0000-memory.dmp

Filesize
64KB

Download
memory/4460-198-0x00007FFE31140000-0x00007FFE31C01000-memory.dmp

Filesize
10.8MB

Download
memory/4608-3908-0x00007FF7C5F20000-0x00007FF7C6316000-memory.dmp

Filesize
4.0MB

Download
memory/4608-192-0x00007FF7C5F20000-0x00007FF7C6316000-memory.dmp

Filesize
4.0MB

Download
memory/4772-196-0x00007FF673560000-0x00007FF673956000-memory.dmp

Filesize
4.0MB

Download
memory/4772-3878-0x00007FF673560000-0x00007FF673956000-memory.dmp

Filesize
4.0MB

Download
memory/4788-3873-0x00007FF6D8A10000-0x00007FF6D8E06000-memory.dmp

Filesize
4.0MB

Download
memory/4788-78-0x00007FF6D8A10000-0x00007FF6D8E06000-memory.dmp

Filesize
4.0MB

Download
memory/4856-3904-0x00007FF764E40000-0x00007FF765236000-memory.dmp

Filesize
4.0MB

Download
memory/4856-159-0x00007FF764E40000-0x00007FF765236000-memory.dmp

Filesize
4.0MB

Download
memory/4860-47-0x00007FF6C34E0000-0x00007FF6C38D6000-memory.dmp

Filesize
4.0MB

Download
memory/4860-3883-0x00007FF6C34E0000-0x00007FF6C38D6000-memory.dmp

Filesize
4.0MB

Download
memory/4872-3899-0x00007FF6A66D0000-0x00007FF6A6AC6000-memory.dmp

Filesize
4.0MB

Download
memory/4872-180-0x00007FF6A66D0000-0x00007FF6A6AC6000-memory.dmp

Filesize
4.0MB

Download