xmrig | 4cd267764cfa8d67991ba2ccceb4fe86571c6f14106963f430461b97758259b1

Analysis

max time kernel
141s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
Size

2.2MB
MD5

67424bc10c617922fdcd4df2acafc000
SHA1

4b81eca2dffbd697a06a8093ed99975fe1ba6a90
SHA256

4cd267764cfa8d67991ba2ccceb4fe86571c6f14106963f430461b97758259b1
SHA512

d8143fac2f228440f1c16bbf0e89a41cd619858ccb3bc077c7297c864daf211cd428ef2c77aed1a5dedeb964a7f17c0a6fb4887b8cd72fa9361934ff04aa858b
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGv4rzq6c2HAaZvvHv:BemTLkNdfE0pZrX

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2344-0-0x00007FF726110000-0x00007FF726464000-memory.dmp	xmrig
C:\Windows\System\ojYaBuc.exe	xmrig
C:\Windows\System\VeLvIJL.exe	xmrig
behavioral2/memory/2044-22-0x00007FF7BEC70000-0x00007FF7BEFC4000-memory.dmp	xmrig
C:\Windows\System\sBQlyeQ.exe	xmrig
behavioral2/memory/4720-38-0x00007FF706350000-0x00007FF7066A4000-memory.dmp	xmrig
C:\Windows\System\MJpdJbB.exe	xmrig
behavioral2/memory/2028-63-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp	xmrig
C:\Windows\System\ctvqycc.exe	xmrig
behavioral2/memory/2496-78-0x00007FF758B00000-0x00007FF758E54000-memory.dmp	xmrig
behavioral2/memory/4948-85-0x00007FF688710000-0x00007FF688A64000-memory.dmp	xmrig
C:\Windows\System\KKbsKNd.exe	xmrig
behavioral2/memory/3460-90-0x00007FF74FF50000-0x00007FF7502A4000-memory.dmp	xmrig
behavioral2/memory/3080-89-0x00007FF69D1A0000-0x00007FF69D4F4000-memory.dmp	xmrig
C:\Windows\System\XsSIlFd.exe	xmrig
behavioral2/memory/4980-80-0x00007FF783A40000-0x00007FF783D94000-memory.dmp	xmrig
C:\Windows\System\GJTtbIY.exe	xmrig
C:\Windows\System\ImIJyUL.exe	xmrig
C:\Windows\System\RbVRUqv.exe	xmrig
behavioral2/memory/4596-67-0x00007FF7406A0000-0x00007FF7409F4000-memory.dmp	xmrig
C:\Windows\System\Djposuv.exe	xmrig
behavioral2/memory/1460-53-0x00007FF6DF0A0000-0x00007FF6DF3F4000-memory.dmp	xmrig
C:\Windows\System\DMeXTUz.exe	xmrig
C:\Windows\System\NbvEybV.exe	xmrig
C:\Windows\System\mIsgUJq.exe	xmrig
behavioral2/memory/2164-44-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp	xmrig
behavioral2/memory/3320-40-0x00007FF7AEE20000-0x00007FF7AF174000-memory.dmp	xmrig
behavioral2/memory/1332-33-0x00007FF616C70000-0x00007FF616FC4000-memory.dmp	xmrig
behavioral2/memory/3912-28-0x00007FF764F60000-0x00007FF7652B4000-memory.dmp	xmrig
behavioral2/memory/3384-10-0x00007FF67E630000-0x00007FF67E984000-memory.dmp	xmrig
C:\Windows\System\EavOcqB.exe	xmrig
C:\Windows\System\xlCjEYd.exe	xmrig
C:\Windows\System\devcXeb.exe	xmrig
C:\Windows\System\uexDVfK.exe	xmrig
C:\Windows\System\VpfgrRG.exe	xmrig
behavioral2/memory/4544-138-0x00007FF709F00000-0x00007FF70A254000-memory.dmp	xmrig
behavioral2/memory/2088-139-0x00007FF636600000-0x00007FF636954000-memory.dmp	xmrig
C:\Windows\System\uRkzTED.exe	xmrig
C:\Windows\System\jdCiQBi.exe	xmrig
behavioral2/memory/3384-151-0x00007FF67E630000-0x00007FF67E984000-memory.dmp	xmrig
behavioral2/memory/2244-152-0x00007FF695770000-0x00007FF695AC4000-memory.dmp	xmrig
behavioral2/memory/2344-150-0x00007FF726110000-0x00007FF726464000-memory.dmp	xmrig
behavioral2/memory/400-149-0x00007FF73FA90000-0x00007FF73FDE4000-memory.dmp	xmrig
behavioral2/memory/1764-146-0x00007FF75D5F0000-0x00007FF75D944000-memory.dmp	xmrig
C:\Windows\System\yRtsheY.exe	xmrig
behavioral2/memory/4208-140-0x00007FF62F160000-0x00007FF62F4B4000-memory.dmp	xmrig
behavioral2/memory/1104-131-0x00007FF604A40000-0x00007FF604D94000-memory.dmp	xmrig
C:\Windows\System\WmnLrFC.exe	xmrig
C:\Windows\System\fmMgamu.exe	xmrig
behavioral2/memory/1008-123-0x00007FF67FE30000-0x00007FF680184000-memory.dmp	xmrig
behavioral2/memory/2724-112-0x00007FF6E9440000-0x00007FF6E9794000-memory.dmp	xmrig
C:\Windows\System\kBBufNo.exe	xmrig
behavioral2/memory/5112-107-0x00007FF7B92A0000-0x00007FF7B95F4000-memory.dmp	xmrig
C:\Windows\System\mpROUUL.exe	xmrig
C:\Windows\System\pLGUtWV.exe	xmrig
C:\Windows\System\XJruJuc.exe	xmrig
C:\Windows\System\nwJvyfD.exe	xmrig
behavioral2/memory/2496-213-0x00007FF758B00000-0x00007FF758E54000-memory.dmp	xmrig
behavioral2/memory/3080-215-0x00007FF69D1A0000-0x00007FF69D4F4000-memory.dmp	xmrig
behavioral2/memory/2008-212-0x00007FF6DB190000-0x00007FF6DB4E4000-memory.dmp	xmrig
behavioral2/memory/3320-203-0x00007FF7AEE20000-0x00007FF7AF174000-memory.dmp	xmrig
behavioral2/memory/4904-200-0x00007FF735DD0000-0x00007FF736124000-memory.dmp	xmrig
behavioral2/memory/2028-199-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp	xmrig
C:\Windows\System\mNbMpxV.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

EavOcqB.exeVeLvIJL.exeojYaBuc.exesBQlyeQ.exemIsgUJq.exeNbvEybV.exeDMeXTUz.exeMJpdJbB.exeDjposuv.exeRbVRUqv.exeImIJyUL.exeGJTtbIY.exeXsSIlFd.exectvqycc.exeKKbsKNd.exexlCjEYd.exedevcXeb.exekBBufNo.exeVpfgrRG.exeuexDVfK.exefmMgamu.exeWmnLrFC.exeyRtsheY.exeuRkzTED.exejdCiQBi.exempROUUL.exepLGUtWV.exeyJlcgTi.exeLpwYnAf.exeXJruJuc.exejPKMMnJ.exenwJvyfD.exemNbMpxV.exeLjDASuF.exeRCfDIUX.exenxdBRqn.exehuZdeww.exenjRudZE.exevownMZP.exedXPEpxw.exeBXVLVAo.exefLvXNza.exeJgpcKWo.exeyuwcgbJ.exegOTEbsz.exeUEDupvU.exeHJSnNbF.exefrLhGey.exexVLEuJa.execuwgCro.exeCxVpjFE.exeKXqBaJK.exeIenTToy.exeVeYaFkU.exegEfoRZL.exeizkinyg.exepigdPmy.exelCQrKpJ.exefqUHztu.exeijMGWgZ.exeLCmQWbd.exeiTEkuGm.exeJVefuwa.exeOgwOMkl.exe

pid	process
3384	EavOcqB.exe
2044	VeLvIJL.exe
4720	ojYaBuc.exe
3912	sBQlyeQ.exe
3320	mIsgUJq.exe
1332	NbvEybV.exe
1460	DMeXTUz.exe
2164	MJpdJbB.exe
2028	Djposuv.exe
4948	RbVRUqv.exe
4596	ImIJyUL.exe
2496	GJTtbIY.exe
3080	XsSIlFd.exe
4980	ctvqycc.exe
3460	KKbsKNd.exe
5112	xlCjEYd.exe
1008	devcXeb.exe
2724	kBBufNo.exe
4208	VpfgrRG.exe
1104	uexDVfK.exe
4544	fmMgamu.exe
1764	WmnLrFC.exe
400	yRtsheY.exe
2088	uRkzTED.exe
2244	jdCiQBi.exe
3360	mpROUUL.exe
1132	pLGUtWV.exe
2008	yJlcgTi.exe
4904	LpwYnAf.exe
1432	XJruJuc.exe
4308	jPKMMnJ.exe
4936	nwJvyfD.exe
564	mNbMpxV.exe
2780	LjDASuF.exe
4848	RCfDIUX.exe
4752	nxdBRqn.exe
4620	huZdeww.exe
1436	njRudZE.exe
3616	vownMZP.exe
2956	dXPEpxw.exe
2208	BXVLVAo.exe
5044	fLvXNza.exe
4540	JgpcKWo.exe
3380	yuwcgbJ.exe
4900	gOTEbsz.exe
2012	UEDupvU.exe
1484	HJSnNbF.exe
2348	frLhGey.exe
2140	xVLEuJa.exe
392	cuwgCro.exe
396	CxVpjFE.exe
1948	KXqBaJK.exe
4080	IenTToy.exe
1220	VeYaFkU.exe
4212	gEfoRZL.exe
1180	izkinyg.exe
4380	pigdPmy.exe
4320	lCQrKpJ.exe
3300	fqUHztu.exe
4560	ijMGWgZ.exe
3532	LCmQWbd.exe
2516	iTEkuGm.exe
3792	JVefuwa.exe
4260	OgwOMkl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2344-0-0x00007FF726110000-0x00007FF726464000-memory.dmp	upx
C:\Windows\System\ojYaBuc.exe	upx
C:\Windows\System\VeLvIJL.exe	upx
behavioral2/memory/2044-22-0x00007FF7BEC70000-0x00007FF7BEFC4000-memory.dmp	upx
C:\Windows\System\sBQlyeQ.exe	upx
behavioral2/memory/4720-38-0x00007FF706350000-0x00007FF7066A4000-memory.dmp	upx
C:\Windows\System\MJpdJbB.exe	upx
behavioral2/memory/2028-63-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp	upx
C:\Windows\System\ctvqycc.exe	upx
behavioral2/memory/2496-78-0x00007FF758B00000-0x00007FF758E54000-memory.dmp	upx
behavioral2/memory/4948-85-0x00007FF688710000-0x00007FF688A64000-memory.dmp	upx
C:\Windows\System\KKbsKNd.exe	upx
behavioral2/memory/3460-90-0x00007FF74FF50000-0x00007FF7502A4000-memory.dmp	upx
behavioral2/memory/3080-89-0x00007FF69D1A0000-0x00007FF69D4F4000-memory.dmp	upx
C:\Windows\System\XsSIlFd.exe	upx
behavioral2/memory/4980-80-0x00007FF783A40000-0x00007FF783D94000-memory.dmp	upx
C:\Windows\System\GJTtbIY.exe	upx
C:\Windows\System\ImIJyUL.exe	upx
C:\Windows\System\RbVRUqv.exe	upx
behavioral2/memory/4596-67-0x00007FF7406A0000-0x00007FF7409F4000-memory.dmp	upx
C:\Windows\System\Djposuv.exe	upx
behavioral2/memory/1460-53-0x00007FF6DF0A0000-0x00007FF6DF3F4000-memory.dmp	upx
C:\Windows\System\DMeXTUz.exe	upx
C:\Windows\System\NbvEybV.exe	upx
C:\Windows\System\mIsgUJq.exe	upx
behavioral2/memory/2164-44-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp	upx
behavioral2/memory/3320-40-0x00007FF7AEE20000-0x00007FF7AF174000-memory.dmp	upx
behavioral2/memory/1332-33-0x00007FF616C70000-0x00007FF616FC4000-memory.dmp	upx
behavioral2/memory/3912-28-0x00007FF764F60000-0x00007FF7652B4000-memory.dmp	upx
behavioral2/memory/3384-10-0x00007FF67E630000-0x00007FF67E984000-memory.dmp	upx
C:\Windows\System\EavOcqB.exe	upx
C:\Windows\System\xlCjEYd.exe	upx
C:\Windows\System\devcXeb.exe	upx
C:\Windows\System\uexDVfK.exe	upx
C:\Windows\System\VpfgrRG.exe	upx
behavioral2/memory/4544-138-0x00007FF709F00000-0x00007FF70A254000-memory.dmp	upx
behavioral2/memory/2088-139-0x00007FF636600000-0x00007FF636954000-memory.dmp	upx
C:\Windows\System\uRkzTED.exe	upx
C:\Windows\System\jdCiQBi.exe	upx
behavioral2/memory/3384-151-0x00007FF67E630000-0x00007FF67E984000-memory.dmp	upx
behavioral2/memory/2244-152-0x00007FF695770000-0x00007FF695AC4000-memory.dmp	upx
behavioral2/memory/2344-150-0x00007FF726110000-0x00007FF726464000-memory.dmp	upx
behavioral2/memory/400-149-0x00007FF73FA90000-0x00007FF73FDE4000-memory.dmp	upx
behavioral2/memory/1764-146-0x00007FF75D5F0000-0x00007FF75D944000-memory.dmp	upx
C:\Windows\System\yRtsheY.exe	upx
behavioral2/memory/4208-140-0x00007FF62F160000-0x00007FF62F4B4000-memory.dmp	upx
behavioral2/memory/1104-131-0x00007FF604A40000-0x00007FF604D94000-memory.dmp	upx
C:\Windows\System\WmnLrFC.exe	upx
C:\Windows\System\fmMgamu.exe	upx
behavioral2/memory/1008-123-0x00007FF67FE30000-0x00007FF680184000-memory.dmp	upx
behavioral2/memory/2724-112-0x00007FF6E9440000-0x00007FF6E9794000-memory.dmp	upx
C:\Windows\System\kBBufNo.exe	upx
behavioral2/memory/5112-107-0x00007FF7B92A0000-0x00007FF7B95F4000-memory.dmp	upx
C:\Windows\System\mpROUUL.exe	upx
C:\Windows\System\pLGUtWV.exe	upx
C:\Windows\System\XJruJuc.exe	upx
C:\Windows\System\nwJvyfD.exe	upx
behavioral2/memory/2496-213-0x00007FF758B00000-0x00007FF758E54000-memory.dmp	upx
behavioral2/memory/3080-215-0x00007FF69D1A0000-0x00007FF69D4F4000-memory.dmp	upx
behavioral2/memory/2008-212-0x00007FF6DB190000-0x00007FF6DB4E4000-memory.dmp	upx
behavioral2/memory/3320-203-0x00007FF7AEE20000-0x00007FF7AF174000-memory.dmp	upx
behavioral2/memory/4904-200-0x00007FF735DD0000-0x00007FF736124000-memory.dmp	upx
behavioral2/memory/2028-199-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp	upx
C:\Windows\System\mNbMpxV.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\AEWzNMj.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\baeNnth.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\mewDOww.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\ImIJyUL.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\eQjdEZN.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\bPVrGqA.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\MSrEUXU.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\ZadBoTb.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\BRgGZxZ.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\nLybHkf.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\iKFfjLc.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\DMeXTUz.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\GJTtbIY.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\AsAzcAe.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\hqvAjWe.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\yuTiMuY.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\TPDMWnx.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\FqpGvEu.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\AMQUUPq.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\lwvlrAZ.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\ijMGWgZ.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\vFiQtWI.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\pKyEoIU.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\wUHpgcm.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\XOCrDMj.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\frLhGey.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\eGxzBbo.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\wOzESZj.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\pAtmsjI.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\qQqsDBZ.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\jZzfZqM.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\WgNVGDt.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\cGOglRe.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\kqFYtVn.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\AXOtcIP.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\vZHzsMN.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\xewcNzW.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\fVgvloL.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\WSSkvGf.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\nTtqTGI.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\taplAPB.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\ZtuEYVM.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\VeLvIJL.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\yuwcgbJ.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\XPyGpBD.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\dgJMzHs.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\QReZltq.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\OkPBXHz.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\JBwhuJd.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\xsjMzwD.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\lqgjeah.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\ANrjUWZ.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\uqBMhJt.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\ZYrRkyl.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\GvTcSfk.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\QqFuwOT.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\XNYRBKZ.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\spzPVET.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\BabOvmb.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\YWeAyQI.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\CfnwrRU.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\GBfCmAO.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\NDYsRBg.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
File created	C:\Windows\System\HECbzdl.exe	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	14412	dwm.exe
Token: SeChangeNotifyPrivilege	14412	dwm.exe
Token: 33	14412	dwm.exe
Token: SeIncBasePriorityPrivilege	14412	dwm.exe
Token: SeShutdownPrivilege	14412	dwm.exe
Token: SeCreatePagefilePrivilege	14412	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe

description	pid	process	target process
PID 2344 wrote to memory of 3384	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	EavOcqB.exe
PID 2344 wrote to memory of 3384	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	EavOcqB.exe
PID 2344 wrote to memory of 2044	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	VeLvIJL.exe
PID 2344 wrote to memory of 2044	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	VeLvIJL.exe
PID 2344 wrote to memory of 4720	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	ojYaBuc.exe
PID 2344 wrote to memory of 4720	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	ojYaBuc.exe
PID 2344 wrote to memory of 3912	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	sBQlyeQ.exe
PID 2344 wrote to memory of 3912	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	sBQlyeQ.exe
PID 2344 wrote to memory of 3320	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	mIsgUJq.exe
PID 2344 wrote to memory of 3320	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	mIsgUJq.exe
PID 2344 wrote to memory of 1332	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	NbvEybV.exe
PID 2344 wrote to memory of 1332	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	NbvEybV.exe
PID 2344 wrote to memory of 1460	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	DMeXTUz.exe
PID 2344 wrote to memory of 1460	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	DMeXTUz.exe
PID 2344 wrote to memory of 2164	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	MJpdJbB.exe
PID 2344 wrote to memory of 2164	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	MJpdJbB.exe
PID 2344 wrote to memory of 2028	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	Djposuv.exe
PID 2344 wrote to memory of 2028	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	Djposuv.exe
PID 2344 wrote to memory of 4948	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	RbVRUqv.exe
PID 2344 wrote to memory of 4948	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	RbVRUqv.exe
PID 2344 wrote to memory of 4596	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	ImIJyUL.exe
PID 2344 wrote to memory of 4596	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	ImIJyUL.exe
PID 2344 wrote to memory of 2496	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	GJTtbIY.exe
PID 2344 wrote to memory of 2496	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	GJTtbIY.exe
PID 2344 wrote to memory of 3080	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	XsSIlFd.exe
PID 2344 wrote to memory of 3080	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	XsSIlFd.exe
PID 2344 wrote to memory of 4980	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	ctvqycc.exe
PID 2344 wrote to memory of 4980	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	ctvqycc.exe
PID 2344 wrote to memory of 3460	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	KKbsKNd.exe
PID 2344 wrote to memory of 3460	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	KKbsKNd.exe
PID 2344 wrote to memory of 5112	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	xlCjEYd.exe
PID 2344 wrote to memory of 5112	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	xlCjEYd.exe
PID 2344 wrote to memory of 1008	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	devcXeb.exe
PID 2344 wrote to memory of 1008	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	devcXeb.exe
PID 2344 wrote to memory of 2724	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	kBBufNo.exe
PID 2344 wrote to memory of 2724	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	kBBufNo.exe
PID 2344 wrote to memory of 4208	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	VpfgrRG.exe
PID 2344 wrote to memory of 4208	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	VpfgrRG.exe
PID 2344 wrote to memory of 1104	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	uexDVfK.exe
PID 2344 wrote to memory of 1104	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	uexDVfK.exe
PID 2344 wrote to memory of 4544	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	fmMgamu.exe
PID 2344 wrote to memory of 4544	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	fmMgamu.exe
PID 2344 wrote to memory of 1764	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	WmnLrFC.exe
PID 2344 wrote to memory of 1764	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	WmnLrFC.exe
PID 2344 wrote to memory of 400	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	yRtsheY.exe
PID 2344 wrote to memory of 400	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	yRtsheY.exe
PID 2344 wrote to memory of 2088	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	uRkzTED.exe
PID 2344 wrote to memory of 2088	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	uRkzTED.exe
PID 2344 wrote to memory of 2244	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	jdCiQBi.exe
PID 2344 wrote to memory of 2244	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	jdCiQBi.exe
PID 2344 wrote to memory of 3360	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	mpROUUL.exe
PID 2344 wrote to memory of 3360	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	mpROUUL.exe
PID 2344 wrote to memory of 1132	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	pLGUtWV.exe
PID 2344 wrote to memory of 1132	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	pLGUtWV.exe
PID 2344 wrote to memory of 2008	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	yJlcgTi.exe
PID 2344 wrote to memory of 2008	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	yJlcgTi.exe
PID 2344 wrote to memory of 4308	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	jPKMMnJ.exe
PID 2344 wrote to memory of 4308	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	jPKMMnJ.exe
PID 2344 wrote to memory of 4904	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	LpwYnAf.exe
PID 2344 wrote to memory of 4904	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	LpwYnAf.exe
PID 2344 wrote to memory of 1432	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	XJruJuc.exe
PID 2344 wrote to memory of 1432	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	XJruJuc.exe
PID 2344 wrote to memory of 4936	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	nwJvyfD.exe
PID 2344 wrote to memory of 4936	2344	67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe	nwJvyfD.exe

C:\Users\Admin\AppData\Local\Temp\67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\67424bc10c617922fdcd4df2acafc000_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2344

C:\Windows\System\EavOcqB.exe
C:\Windows\System\EavOcqB.exe
2⤵
- Executes dropped EXE
PID:3384

C:\Windows\System\VeLvIJL.exe
C:\Windows\System\VeLvIJL.exe
2⤵
- Executes dropped EXE
PID:2044

C:\Windows\System\ojYaBuc.exe
C:\Windows\System\ojYaBuc.exe
2⤵
- Executes dropped EXE
PID:4720

C:\Windows\System\sBQlyeQ.exe
C:\Windows\System\sBQlyeQ.exe
2⤵
- Executes dropped EXE
PID:3912

C:\Windows\System\mIsgUJq.exe
C:\Windows\System\mIsgUJq.exe
2⤵
- Executes dropped EXE
PID:3320

C:\Windows\System\NbvEybV.exe
C:\Windows\System\NbvEybV.exe
2⤵
- Executes dropped EXE
PID:1332

C:\Windows\System\DMeXTUz.exe
C:\Windows\System\DMeXTUz.exe
2⤵
- Executes dropped EXE
PID:1460

C:\Windows\System\MJpdJbB.exe
C:\Windows\System\MJpdJbB.exe
2⤵
- Executes dropped EXE
PID:2164

C:\Windows\System\Djposuv.exe
C:\Windows\System\Djposuv.exe
2⤵
- Executes dropped EXE
PID:2028

C:\Windows\System\RbVRUqv.exe
C:\Windows\System\RbVRUqv.exe
2⤵
- Executes dropped EXE
PID:4948

C:\Windows\System\ImIJyUL.exe
C:\Windows\System\ImIJyUL.exe
2⤵
- Executes dropped EXE
PID:4596

C:\Windows\System\GJTtbIY.exe
C:\Windows\System\GJTtbIY.exe
2⤵
- Executes dropped EXE
PID:2496

C:\Windows\System\XsSIlFd.exe
C:\Windows\System\XsSIlFd.exe
2⤵
- Executes dropped EXE
PID:3080

C:\Windows\System\ctvqycc.exe
C:\Windows\System\ctvqycc.exe
2⤵
- Executes dropped EXE
PID:4980

C:\Windows\System\KKbsKNd.exe
C:\Windows\System\KKbsKNd.exe
2⤵
- Executes dropped EXE
PID:3460

C:\Windows\System\xlCjEYd.exe
C:\Windows\System\xlCjEYd.exe
2⤵
- Executes dropped EXE
PID:5112

C:\Windows\System\devcXeb.exe
C:\Windows\System\devcXeb.exe
2⤵
- Executes dropped EXE
PID:1008

C:\Windows\System\kBBufNo.exe
C:\Windows\System\kBBufNo.exe
2⤵
- Executes dropped EXE
PID:2724

C:\Windows\System\VpfgrRG.exe
C:\Windows\System\VpfgrRG.exe
2⤵
- Executes dropped EXE
PID:4208

C:\Windows\System\uexDVfK.exe
C:\Windows\System\uexDVfK.exe
2⤵
- Executes dropped EXE
PID:1104

C:\Windows\System\fmMgamu.exe
C:\Windows\System\fmMgamu.exe
2⤵
- Executes dropped EXE
PID:4544

C:\Windows\System\WmnLrFC.exe
C:\Windows\System\WmnLrFC.exe
2⤵
- Executes dropped EXE
PID:1764

C:\Windows\System\yRtsheY.exe
C:\Windows\System\yRtsheY.exe
2⤵
- Executes dropped EXE
PID:400

C:\Windows\System\uRkzTED.exe
C:\Windows\System\uRkzTED.exe
2⤵
- Executes dropped EXE
PID:2088

C:\Windows\System\jdCiQBi.exe
C:\Windows\System\jdCiQBi.exe
2⤵
- Executes dropped EXE
PID:2244

C:\Windows\System\mpROUUL.exe
C:\Windows\System\mpROUUL.exe
2⤵
- Executes dropped EXE
PID:3360

C:\Windows\System\pLGUtWV.exe
C:\Windows\System\pLGUtWV.exe
2⤵
- Executes dropped EXE
PID:1132

C:\Windows\System\yJlcgTi.exe
C:\Windows\System\yJlcgTi.exe
2⤵
- Executes dropped EXE
PID:2008

C:\Windows\System\jPKMMnJ.exe
C:\Windows\System\jPKMMnJ.exe
2⤵
- Executes dropped EXE
PID:4308

C:\Windows\System\LpwYnAf.exe
C:\Windows\System\LpwYnAf.exe
2⤵
- Executes dropped EXE
PID:4904

C:\Windows\System\XJruJuc.exe
C:\Windows\System\XJruJuc.exe
2⤵
- Executes dropped EXE
PID:1432

C:\Windows\System\nwJvyfD.exe
C:\Windows\System\nwJvyfD.exe
2⤵
- Executes dropped EXE
PID:4936

C:\Windows\System\mNbMpxV.exe
C:\Windows\System\mNbMpxV.exe
2⤵
- Executes dropped EXE
PID:564

C:\Windows\System\LjDASuF.exe
C:\Windows\System\LjDASuF.exe
2⤵
- Executes dropped EXE
PID:2780

C:\Windows\System\RCfDIUX.exe
C:\Windows\System\RCfDIUX.exe
2⤵
- Executes dropped EXE
PID:4848

C:\Windows\System\nxdBRqn.exe
C:\Windows\System\nxdBRqn.exe
2⤵
- Executes dropped EXE
PID:4752

C:\Windows\System\huZdeww.exe
C:\Windows\System\huZdeww.exe
2⤵
- Executes dropped EXE
PID:4620

C:\Windows\System\njRudZE.exe
C:\Windows\System\njRudZE.exe
2⤵
- Executes dropped EXE
PID:1436

C:\Windows\System\vownMZP.exe
C:\Windows\System\vownMZP.exe
2⤵
- Executes dropped EXE
PID:3616

C:\Windows\System\dXPEpxw.exe
C:\Windows\System\dXPEpxw.exe
2⤵
- Executes dropped EXE
PID:2956

C:\Windows\System\BXVLVAo.exe
C:\Windows\System\BXVLVAo.exe
2⤵
- Executes dropped EXE
PID:2208

C:\Windows\System\fLvXNza.exe
C:\Windows\System\fLvXNza.exe
2⤵
- Executes dropped EXE
PID:5044

C:\Windows\System\JgpcKWo.exe
C:\Windows\System\JgpcKWo.exe
2⤵
- Executes dropped EXE
PID:4540

C:\Windows\System\yuwcgbJ.exe
C:\Windows\System\yuwcgbJ.exe
2⤵
- Executes dropped EXE
PID:3380

C:\Windows\System\gOTEbsz.exe
C:\Windows\System\gOTEbsz.exe
2⤵
- Executes dropped EXE
PID:4900

C:\Windows\System\UEDupvU.exe
C:\Windows\System\UEDupvU.exe
2⤵
- Executes dropped EXE
PID:2012

C:\Windows\System\HJSnNbF.exe
C:\Windows\System\HJSnNbF.exe
2⤵
- Executes dropped EXE
PID:1484

C:\Windows\System\frLhGey.exe
C:\Windows\System\frLhGey.exe
2⤵
- Executes dropped EXE
PID:2348

C:\Windows\System\xVLEuJa.exe
C:\Windows\System\xVLEuJa.exe
2⤵
- Executes dropped EXE
PID:2140

C:\Windows\System\cuwgCro.exe
C:\Windows\System\cuwgCro.exe
2⤵
- Executes dropped EXE
PID:392

C:\Windows\System\CxVpjFE.exe
C:\Windows\System\CxVpjFE.exe
2⤵
- Executes dropped EXE
PID:396

C:\Windows\System\KXqBaJK.exe
C:\Windows\System\KXqBaJK.exe
2⤵
- Executes dropped EXE
PID:1948

C:\Windows\System\IenTToy.exe
C:\Windows\System\IenTToy.exe
2⤵
- Executes dropped EXE
PID:4080

C:\Windows\System\VeYaFkU.exe
C:\Windows\System\VeYaFkU.exe
2⤵
- Executes dropped EXE
PID:1220

C:\Windows\System\gEfoRZL.exe
C:\Windows\System\gEfoRZL.exe
2⤵
- Executes dropped EXE
PID:4212

C:\Windows\System\izkinyg.exe
C:\Windows\System\izkinyg.exe
2⤵
- Executes dropped EXE
PID:1180

C:\Windows\System\lCQrKpJ.exe
C:\Windows\System\lCQrKpJ.exe
2⤵
- Executes dropped EXE
PID:4320

C:\Windows\System\pigdPmy.exe
C:\Windows\System\pigdPmy.exe
2⤵
- Executes dropped EXE
PID:4380

C:\Windows\System\fqUHztu.exe
C:\Windows\System\fqUHztu.exe
2⤵
- Executes dropped EXE
PID:3300

C:\Windows\System\ijMGWgZ.exe
C:\Windows\System\ijMGWgZ.exe
2⤵
- Executes dropped EXE
PID:4560

C:\Windows\System\LCmQWbd.exe
C:\Windows\System\LCmQWbd.exe
2⤵
- Executes dropped EXE
PID:3532

C:\Windows\System\iTEkuGm.exe
C:\Windows\System\iTEkuGm.exe
2⤵
- Executes dropped EXE
PID:2516

C:\Windows\System\JVefuwa.exe
C:\Windows\System\JVefuwa.exe
2⤵
- Executes dropped EXE
PID:3792

C:\Windows\System\OgwOMkl.exe
C:\Windows\System\OgwOMkl.exe
2⤵
- Executes dropped EXE
PID:4260

C:\Windows\System\IFbesNf.exe
C:\Windows\System\IFbesNf.exe
2⤵
PID:216

C:\Windows\System\elSLxKQ.exe
C:\Windows\System\elSLxKQ.exe
2⤵
PID:3596

C:\Windows\System\VCsEPpv.exe
C:\Windows\System\VCsEPpv.exe
2⤵
PID:2248

C:\Windows\System\wyButIZ.exe
C:\Windows\System\wyButIZ.exe
2⤵
PID:2988

C:\Windows\System\iOvDkty.exe
C:\Windows\System\iOvDkty.exe
2⤵
PID:4368

C:\Windows\System\UNeoXtC.exe
C:\Windows\System\UNeoXtC.exe
2⤵
PID:1320

C:\Windows\System\NokumGt.exe
C:\Windows\System\NokumGt.exe
2⤵
PID:232

C:\Windows\System\bNtGcvl.exe
C:\Windows\System\bNtGcvl.exe
2⤵
PID:4820

C:\Windows\System\vFiQtWI.exe
C:\Windows\System\vFiQtWI.exe
2⤵
PID:1140

C:\Windows\System\UyEoIbv.exe
C:\Windows\System\UyEoIbv.exe
2⤵
PID:5128

C:\Windows\System\CPvjaRV.exe
C:\Windows\System\CPvjaRV.exe
2⤵
PID:5156

C:\Windows\System\JvzDmbQ.exe
C:\Windows\System\JvzDmbQ.exe
2⤵
PID:5192

C:\Windows\System\DDqWueS.exe
C:\Windows\System\DDqWueS.exe
2⤵
PID:5212

C:\Windows\System\xFdkDBP.exe
C:\Windows\System\xFdkDBP.exe
2⤵
PID:5248

C:\Windows\System\eQjdEZN.exe
C:\Windows\System\eQjdEZN.exe
2⤵
PID:5272

C:\Windows\System\PZrmPgl.exe
C:\Windows\System\PZrmPgl.exe
2⤵
PID:5296

C:\Windows\System\mPpmhUc.exe
C:\Windows\System\mPpmhUc.exe
2⤵
PID:5348

C:\Windows\System\YLYdGpH.exe
C:\Windows\System\YLYdGpH.exe
2⤵
PID:5376

C:\Windows\System\gtUihWV.exe
C:\Windows\System\gtUihWV.exe
2⤵
PID:5400

C:\Windows\System\kAIXoCp.exe
C:\Windows\System\kAIXoCp.exe
2⤵
PID:5428

C:\Windows\System\ZSVoClL.exe
C:\Windows\System\ZSVoClL.exe
2⤵
PID:5456

C:\Windows\System\hqvAjWe.exe
C:\Windows\System\hqvAjWe.exe
2⤵
PID:5484

C:\Windows\System\iBtBQce.exe
C:\Windows\System\iBtBQce.exe
2⤵
PID:5512

C:\Windows\System\kfXLvbh.exe
C:\Windows\System\kfXLvbh.exe
2⤵
PID:5540

C:\Windows\System\NDYsRBg.exe
C:\Windows\System\NDYsRBg.exe
2⤵
PID:5556

C:\Windows\System\wMYjOhC.exe
C:\Windows\System\wMYjOhC.exe
2⤵
PID:5584

C:\Windows\System\TYyUUER.exe
C:\Windows\System\TYyUUER.exe
2⤵
PID:5616

C:\Windows\System\nTnsDLa.exe
C:\Windows\System\nTnsDLa.exe
2⤵
PID:5640

C:\Windows\System\CFuoKMM.exe
C:\Windows\System\CFuoKMM.exe
2⤵
PID:5672

C:\Windows\System\ilolhdu.exe
C:\Windows\System\ilolhdu.exe
2⤵
PID:5704

C:\Windows\System\fSUYyNn.exe
C:\Windows\System\fSUYyNn.exe
2⤵
PID:5744

C:\Windows\System\PxASBOb.exe
C:\Windows\System\PxASBOb.exe
2⤵
PID:5776

C:\Windows\System\hCPpUoD.exe
C:\Windows\System\hCPpUoD.exe
2⤵
PID:5800

C:\Windows\System\ktbnxMY.exe
C:\Windows\System\ktbnxMY.exe
2⤵
PID:5828

C:\Windows\System\CkkXLcs.exe
C:\Windows\System\CkkXLcs.exe
2⤵
PID:5848

C:\Windows\System\iZYXTot.exe
C:\Windows\System\iZYXTot.exe
2⤵
PID:5872

C:\Windows\System\IyiJZXs.exe
C:\Windows\System\IyiJZXs.exe
2⤵
PID:5900

C:\Windows\System\kLQSSrC.exe
C:\Windows\System\kLQSSrC.exe
2⤵
PID:5944

C:\Windows\System\ixEtVNQ.exe
C:\Windows\System\ixEtVNQ.exe
2⤵
PID:5972

C:\Windows\System\lqgjeah.exe
C:\Windows\System\lqgjeah.exe
2⤵
PID:6000

C:\Windows\System\yuTiMuY.exe
C:\Windows\System\yuTiMuY.exe
2⤵
PID:6024

C:\Windows\System\XYEmoDm.exe
C:\Windows\System\XYEmoDm.exe
2⤵
PID:6056

C:\Windows\System\NuHVqOR.exe
C:\Windows\System\NuHVqOR.exe
2⤵
PID:6084

C:\Windows\System\PFZtFNI.exe
C:\Windows\System\PFZtFNI.exe
2⤵
PID:6116

C:\Windows\System\cFggZKG.exe
C:\Windows\System\cFggZKG.exe
2⤵
PID:6140

C:\Windows\System\TVDjBeK.exe
C:\Windows\System\TVDjBeK.exe
2⤵
PID:5144

C:\Windows\System\erSZcLB.exe
C:\Windows\System\erSZcLB.exe
2⤵
PID:5224

C:\Windows\System\zlnIhRN.exe
C:\Windows\System\zlnIhRN.exe
2⤵
PID:5288

C:\Windows\System\IcUrhXc.exe
C:\Windows\System\IcUrhXc.exe
2⤵
PID:5364

C:\Windows\System\ssnlOsJ.exe
C:\Windows\System\ssnlOsJ.exe
2⤵
PID:5424

C:\Windows\System\ldbKqGR.exe
C:\Windows\System\ldbKqGR.exe
2⤵
PID:5480

C:\Windows\System\oUNLGIA.exe
C:\Windows\System\oUNLGIA.exe
2⤵
PID:5548

C:\Windows\System\JEDUCZb.exe
C:\Windows\System\JEDUCZb.exe
2⤵
PID:5612

C:\Windows\System\jRgQJxw.exe
C:\Windows\System\jRgQJxw.exe
2⤵
PID:5656

C:\Windows\System\gdNlexh.exe
C:\Windows\System\gdNlexh.exe
2⤵
PID:5728

C:\Windows\System\xewcNzW.exe
C:\Windows\System\xewcNzW.exe
2⤵
PID:5792

C:\Windows\System\XNYRBKZ.exe
C:\Windows\System\XNYRBKZ.exe
2⤵
PID:5836

C:\Windows\System\NztPxGt.exe
C:\Windows\System\NztPxGt.exe
2⤵
PID:5920

C:\Windows\System\rkKoRBu.exe
C:\Windows\System\rkKoRBu.exe
2⤵
PID:6008

C:\Windows\System\FWDlHBb.exe
C:\Windows\System\FWDlHBb.exe
2⤵
PID:6068

C:\Windows\System\SvuuNJi.exe
C:\Windows\System\SvuuNJi.exe
2⤵
PID:6136

C:\Windows\System\aDSEFVk.exe
C:\Windows\System\aDSEFVk.exe
2⤵
PID:5260

C:\Windows\System\JNTbjvu.exe
C:\Windows\System\JNTbjvu.exe
2⤵
PID:5412

C:\Windows\System\sntDGZF.exe
C:\Windows\System\sntDGZF.exe
2⤵
PID:5504

C:\Windows\System\SdXpPNS.exe
C:\Windows\System\SdXpPNS.exe
2⤵
PID:5688

C:\Windows\System\DoCsNIx.exe
C:\Windows\System\DoCsNIx.exe
2⤵
PID:5924

C:\Windows\System\OUuTEiW.exe
C:\Windows\System\OUuTEiW.exe
2⤵
PID:6040

C:\Windows\System\PtgwTCL.exe
C:\Windows\System\PtgwTCL.exe
2⤵
PID:5148

C:\Windows\System\WYWyhLy.exe
C:\Windows\System\WYWyhLy.exe
2⤵
PID:5468

C:\Windows\System\pAtmsjI.exe
C:\Windows\System\pAtmsjI.exe
2⤵
PID:5888

C:\Windows\System\FHespgJ.exe
C:\Windows\System\FHespgJ.exe
2⤵
PID:5320

C:\Windows\System\qIeQWlb.exe
C:\Windows\System\qIeQWlb.exe
2⤵
PID:6124

C:\Windows\System\pKWiSNX.exe
C:\Windows\System\pKWiSNX.exe
2⤵
PID:6148

C:\Windows\System\SBjremv.exe
C:\Windows\System\SBjremv.exe
2⤵
PID:6176

C:\Windows\System\QPHJVku.exe
C:\Windows\System\QPHJVku.exe
2⤵
PID:6204

C:\Windows\System\vfWDtXh.exe
C:\Windows\System\vfWDtXh.exe
2⤵
PID:6228

C:\Windows\System\fVgvloL.exe
C:\Windows\System\fVgvloL.exe
2⤵
PID:6260

C:\Windows\System\NXLoRmX.exe
C:\Windows\System\NXLoRmX.exe
2⤵
PID:6288

C:\Windows\System\IJjoHFi.exe
C:\Windows\System\IJjoHFi.exe
2⤵
PID:6316

C:\Windows\System\tsdZMND.exe
C:\Windows\System\tsdZMND.exe
2⤵
PID:6340

C:\Windows\System\cRxLIib.exe
C:\Windows\System\cRxLIib.exe
2⤵
PID:6368

C:\Windows\System\QATwQrF.exe
C:\Windows\System\QATwQrF.exe
2⤵
PID:6396

C:\Windows\System\KUXRhYz.exe
C:\Windows\System\KUXRhYz.exe
2⤵
PID:6428

C:\Windows\System\NTDBsJk.exe
C:\Windows\System\NTDBsJk.exe
2⤵
PID:6456

C:\Windows\System\vRbdQRE.exe
C:\Windows\System\vRbdQRE.exe
2⤵
PID:6484

C:\Windows\System\fvSzvDz.exe
C:\Windows\System\fvSzvDz.exe
2⤵
PID:6512

C:\Windows\System\XLZevRC.exe
C:\Windows\System\XLZevRC.exe
2⤵
PID:6536

C:\Windows\System\TacXmwB.exe
C:\Windows\System\TacXmwB.exe
2⤵
PID:6564

C:\Windows\System\YfSJeMT.exe
C:\Windows\System\YfSJeMT.exe
2⤵
PID:6596

C:\Windows\System\HHHqzos.exe
C:\Windows\System\HHHqzos.exe
2⤵
PID:6624

C:\Windows\System\NwqNZDo.exe
C:\Windows\System\NwqNZDo.exe
2⤵
PID:6648

C:\Windows\System\SzwPHHI.exe
C:\Windows\System\SzwPHHI.exe
2⤵
PID:6680

C:\Windows\System\xOLQSaj.exe
C:\Windows\System\xOLQSaj.exe
2⤵
PID:6708

C:\Windows\System\MGbECSn.exe
C:\Windows\System\MGbECSn.exe
2⤵
PID:6736

C:\Windows\System\mNVmXkT.exe
C:\Windows\System\mNVmXkT.exe
2⤵
PID:6764

C:\Windows\System\PagfDWq.exe
C:\Windows\System\PagfDWq.exe
2⤵
PID:6784

C:\Windows\System\jhjOUvj.exe
C:\Windows\System\jhjOUvj.exe
2⤵
PID:6820

C:\Windows\System\BgXPCXr.exe
C:\Windows\System\BgXPCXr.exe
2⤵
PID:6848

C:\Windows\System\cqWwVSM.exe
C:\Windows\System\cqWwVSM.exe
2⤵
PID:6880

C:\Windows\System\TPQjmuo.exe
C:\Windows\System\TPQjmuo.exe
2⤵
PID:6904

C:\Windows\System\eKAElEL.exe
C:\Windows\System\eKAElEL.exe
2⤵
PID:6932

C:\Windows\System\MZKmIdA.exe
C:\Windows\System\MZKmIdA.exe
2⤵
PID:6948

C:\Windows\System\DJLKuYC.exe
C:\Windows\System\DJLKuYC.exe
2⤵
PID:6980

C:\Windows\System\QqBoAgV.exe
C:\Windows\System\QqBoAgV.exe
2⤵
PID:7004

C:\Windows\System\ZnBAjrl.exe
C:\Windows\System\ZnBAjrl.exe
2⤵
PID:7032

C:\Windows\System\cIuqpIt.exe
C:\Windows\System\cIuqpIt.exe
2⤵
PID:7080

C:\Windows\System\tYRUErW.exe
C:\Windows\System\tYRUErW.exe
2⤵
PID:7100

C:\Windows\System\WSSkvGf.exe
C:\Windows\System\WSSkvGf.exe
2⤵
PID:7140

C:\Windows\System\QjCUZdJ.exe
C:\Windows\System\QjCUZdJ.exe
2⤵
PID:7164

C:\Windows\System\EMvrcRE.exe
C:\Windows\System\EMvrcRE.exe
2⤵
PID:5968

C:\Windows\System\fOGCqjn.exe
C:\Windows\System\fOGCqjn.exe
2⤵
PID:6360

C:\Windows\System\fGLstZf.exe
C:\Windows\System\fGLstZf.exe
2⤵
PID:6408

C:\Windows\System\KaMhAZq.exe
C:\Windows\System\KaMhAZq.exe
2⤵
PID:6476

C:\Windows\System\ANrjUWZ.exe
C:\Windows\System\ANrjUWZ.exe
2⤵
PID:6616

C:\Windows\System\HECbzdl.exe
C:\Windows\System\HECbzdl.exe
2⤵
PID:6704

C:\Windows\System\AiiXVWZ.exe
C:\Windows\System\AiiXVWZ.exe
2⤵
PID:6756

C:\Windows\System\NZPpbQG.exe
C:\Windows\System\NZPpbQG.exe
2⤵
PID:6844

C:\Windows\System\QReZltq.exe
C:\Windows\System\QReZltq.exe
2⤵
PID:6916

C:\Windows\System\znJFPMf.exe
C:\Windows\System\znJFPMf.exe
2⤵
PID:6996

C:\Windows\System\DsJvQFc.exe
C:\Windows\System\DsJvQFc.exe
2⤵
PID:7056

C:\Windows\System\IhTZobO.exe
C:\Windows\System\IhTZobO.exe
2⤵
PID:7096

C:\Windows\System\FInZlEf.exe
C:\Windows\System\FInZlEf.exe
2⤵
PID:3788

C:\Windows\System\nSZhSfd.exe
C:\Windows\System\nSZhSfd.exe
2⤵
PID:6296

C:\Windows\System\VeBvVDz.exe
C:\Windows\System\VeBvVDz.exe
2⤵
PID:6508

C:\Windows\System\JxopyDa.exe
C:\Windows\System\JxopyDa.exe
2⤵
PID:6748

C:\Windows\System\spzPVET.exe
C:\Windows\System\spzPVET.exe
2⤵
PID:6900

C:\Windows\System\qGDpBaH.exe
C:\Windows\System\qGDpBaH.exe
2⤵
PID:7048

C:\Windows\System\bqEATAE.exe
C:\Windows\System\bqEATAE.exe
2⤵
PID:6956

C:\Windows\System\KjqPvXe.exe
C:\Windows\System\KjqPvXe.exe
2⤵
PID:6588

C:\Windows\System\ISnSHsB.exe
C:\Windows\System\ISnSHsB.exe
2⤵
PID:7020

C:\Windows\System\IecSTYg.exe
C:\Windows\System\IecSTYg.exe
2⤵
PID:6832

C:\Windows\System\jNbeyUv.exe
C:\Windows\System\jNbeyUv.exe
2⤵
PID:6700

C:\Windows\System\jZzfZqM.exe
C:\Windows\System\jZzfZqM.exe
2⤵
PID:7200

C:\Windows\System\QcnWpJf.exe
C:\Windows\System\QcnWpJf.exe
2⤵
PID:7228

C:\Windows\System\EzeAYVN.exe
C:\Windows\System\EzeAYVN.exe
2⤵
PID:7256

C:\Windows\System\OjpbdkR.exe
C:\Windows\System\OjpbdkR.exe
2⤵
PID:7288

C:\Windows\System\mftvLgj.exe
C:\Windows\System\mftvLgj.exe
2⤵
PID:7312

C:\Windows\System\ALMbCWt.exe
C:\Windows\System\ALMbCWt.exe
2⤵
PID:7340

C:\Windows\System\bLhzukS.exe
C:\Windows\System\bLhzukS.exe
2⤵
PID:7368

C:\Windows\System\fZplleP.exe
C:\Windows\System\fZplleP.exe
2⤵
PID:7396

C:\Windows\System\XPyGpBD.exe
C:\Windows\System\XPyGpBD.exe
2⤵
PID:7424

C:\Windows\System\TPDMWnx.exe
C:\Windows\System\TPDMWnx.exe
2⤵
PID:7452

C:\Windows\System\cuyWNso.exe
C:\Windows\System\cuyWNso.exe
2⤵
PID:7480

C:\Windows\System\cDhJjhF.exe
C:\Windows\System\cDhJjhF.exe
2⤵
PID:7504

C:\Windows\System\FqpGvEu.exe
C:\Windows\System\FqpGvEu.exe
2⤵
PID:7536

C:\Windows\System\llrgnCD.exe
C:\Windows\System\llrgnCD.exe
2⤵
PID:7568

C:\Windows\System\dXOEHvp.exe
C:\Windows\System\dXOEHvp.exe
2⤵
PID:7600

C:\Windows\System\IYsrnDl.exe
C:\Windows\System\IYsrnDl.exe
2⤵
PID:7648

C:\Windows\System\agizMmz.exe
C:\Windows\System\agizMmz.exe
2⤵
PID:7664

C:\Windows\System\ayxiLwZ.exe
C:\Windows\System\ayxiLwZ.exe
2⤵
PID:7692

C:\Windows\System\TCLZWij.exe
C:\Windows\System\TCLZWij.exe
2⤵
PID:7720

C:\Windows\System\dgJMzHs.exe
C:\Windows\System\dgJMzHs.exe
2⤵
PID:7756

C:\Windows\System\OkPBXHz.exe
C:\Windows\System\OkPBXHz.exe
2⤵
PID:7780

C:\Windows\System\JBwhuJd.exe
C:\Windows\System\JBwhuJd.exe
2⤵
PID:7804

C:\Windows\System\vbsPUnL.exe
C:\Windows\System\vbsPUnL.exe
2⤵
PID:7832

C:\Windows\System\sgYJeCO.exe
C:\Windows\System\sgYJeCO.exe
2⤵
PID:7860

C:\Windows\System\pXhhNys.exe
C:\Windows\System\pXhhNys.exe
2⤵
PID:7888

C:\Windows\System\rtKmgHE.exe
C:\Windows\System\rtKmgHE.exe
2⤵
PID:7920

C:\Windows\System\HBYlQKU.exe
C:\Windows\System\HBYlQKU.exe
2⤵
PID:7944

C:\Windows\System\XzGgrzZ.exe
C:\Windows\System\XzGgrzZ.exe
2⤵
PID:7972

C:\Windows\System\CatEUqU.exe
C:\Windows\System\CatEUqU.exe
2⤵
PID:7992

C:\Windows\System\eGxzBbo.exe
C:\Windows\System\eGxzBbo.exe
2⤵
PID:8024

C:\Windows\System\pkNalRs.exe
C:\Windows\System\pkNalRs.exe
2⤵
PID:8056

C:\Windows\System\LuSyJLA.exe
C:\Windows\System\LuSyJLA.exe
2⤵
PID:8084

C:\Windows\System\wljJMOl.exe
C:\Windows\System\wljJMOl.exe
2⤵
PID:8112

C:\Windows\System\CJDopSr.exe
C:\Windows\System\CJDopSr.exe
2⤵
PID:8140

C:\Windows\System\CFtiHXy.exe
C:\Windows\System\CFtiHXy.exe
2⤵
PID:8168

C:\Windows\System\ARoxoJE.exe
C:\Windows\System\ARoxoJE.exe
2⤵
PID:7184

C:\Windows\System\uayIKQL.exe
C:\Windows\System\uayIKQL.exe
2⤵
PID:7252

C:\Windows\System\EMlCpfb.exe
C:\Windows\System\EMlCpfb.exe
2⤵
PID:7308

C:\Windows\System\BKdbIGh.exe
C:\Windows\System\BKdbIGh.exe
2⤵
PID:7364

C:\Windows\System\rRWKQDY.exe
C:\Windows\System\rRWKQDY.exe
2⤵
PID:7420

C:\Windows\System\INNVTaa.exe
C:\Windows\System\INNVTaa.exe
2⤵
PID:7512

C:\Windows\System\vcpKEIU.exe
C:\Windows\System\vcpKEIU.exe
2⤵
PID:7580

C:\Windows\System\jzQFgaN.exe
C:\Windows\System\jzQFgaN.exe
2⤵
PID:7588

C:\Windows\System\DSpUnft.exe
C:\Windows\System\DSpUnft.exe
2⤵
PID:7704

C:\Windows\System\aJwBDXr.exe
C:\Windows\System\aJwBDXr.exe
2⤵
PID:7768

C:\Windows\System\BCAlRiI.exe
C:\Windows\System\BCAlRiI.exe
2⤵
PID:7828

C:\Windows\System\WfXEOGA.exe
C:\Windows\System\WfXEOGA.exe
2⤵
PID:7900

C:\Windows\System\SBTpJAa.exe
C:\Windows\System\SBTpJAa.exe
2⤵
PID:7960

C:\Windows\System\dORLPkB.exe
C:\Windows\System\dORLPkB.exe
2⤵
PID:8080

C:\Windows\System\SHoZBmd.exe
C:\Windows\System\SHoZBmd.exe
2⤵
PID:8128

C:\Windows\System\gUlPYze.exe
C:\Windows\System\gUlPYze.exe
2⤵
PID:6464

C:\Windows\System\eWnSuUB.exe
C:\Windows\System\eWnSuUB.exe
2⤵
PID:7304

C:\Windows\System\DjiILEl.exe
C:\Windows\System\DjiILEl.exe
2⤵
PID:7392

C:\Windows\System\CEvUTYk.exe
C:\Windows\System\CEvUTYk.exe
2⤵
PID:7548

C:\Windows\System\rwFHkzz.exe
C:\Windows\System\rwFHkzz.exe
2⤵
PID:7764

C:\Windows\System\rAbQzzY.exe
C:\Windows\System\rAbQzzY.exe
2⤵
PID:7928

C:\Windows\System\wlugesN.exe
C:\Windows\System\wlugesN.exe
2⤵
PID:8104

C:\Windows\System\xdzAMGv.exe
C:\Windows\System\xdzAMGv.exe
2⤵
PID:7244

C:\Windows\System\qqaqScE.exe
C:\Windows\System\qqaqScE.exe
2⤵
PID:7732

C:\Windows\System\lUUdOYe.exe
C:\Windows\System\lUUdOYe.exe
2⤵
PID:8048

C:\Windows\System\hOonXOY.exe
C:\Windows\System\hOonXOY.exe
2⤵
PID:7628

C:\Windows\System\xztNXRU.exe
C:\Windows\System\xztNXRU.exe
2⤵
PID:8000

C:\Windows\System\FkMmgYc.exe
C:\Windows\System\FkMmgYc.exe
2⤵
PID:8212

C:\Windows\System\yLEGBtD.exe
C:\Windows\System\yLEGBtD.exe
2⤵
PID:8240

C:\Windows\System\nmBMXfS.exe
C:\Windows\System\nmBMXfS.exe
2⤵
PID:8268

C:\Windows\System\BabOvmb.exe
C:\Windows\System\BabOvmb.exe
2⤵
PID:8296

C:\Windows\System\Ucmzvuj.exe
C:\Windows\System\Ucmzvuj.exe
2⤵
PID:8324

C:\Windows\System\RmouuFW.exe
C:\Windows\System\RmouuFW.exe
2⤵
PID:8352

C:\Windows\System\ovHPQiD.exe
C:\Windows\System\ovHPQiD.exe
2⤵
PID:8380

C:\Windows\System\vtpHNcj.exe
C:\Windows\System\vtpHNcj.exe
2⤵
PID:8408

C:\Windows\System\FODeBiR.exe
C:\Windows\System\FODeBiR.exe
2⤵
PID:8436

C:\Windows\System\hAavplj.exe
C:\Windows\System\hAavplj.exe
2⤵
PID:8464

C:\Windows\System\fhKBYvW.exe
C:\Windows\System\fhKBYvW.exe
2⤵
PID:8492

C:\Windows\System\XAHGQrH.exe
C:\Windows\System\XAHGQrH.exe
2⤵
PID:8520

C:\Windows\System\vKITnLL.exe
C:\Windows\System\vKITnLL.exe
2⤵
PID:8548

C:\Windows\System\SxpGlNC.exe
C:\Windows\System\SxpGlNC.exe
2⤵
PID:8576

C:\Windows\System\MsMMGtX.exe
C:\Windows\System\MsMMGtX.exe
2⤵
PID:8604

C:\Windows\System\VOJtlvs.exe
C:\Windows\System\VOJtlvs.exe
2⤵
PID:8620

C:\Windows\System\POXUMJp.exe
C:\Windows\System\POXUMJp.exe
2⤵
PID:8636

C:\Windows\System\dupHvtf.exe
C:\Windows\System\dupHvtf.exe
2⤵
PID:8680

C:\Windows\System\gfWFPeu.exe
C:\Windows\System\gfWFPeu.exe
2⤵
PID:8716

C:\Windows\System\kPOnUwo.exe
C:\Windows\System\kPOnUwo.exe
2⤵
PID:8744

C:\Windows\System\pDtTlnJ.exe
C:\Windows\System\pDtTlnJ.exe
2⤵
PID:8764

C:\Windows\System\ANwtSfL.exe
C:\Windows\System\ANwtSfL.exe
2⤵
PID:8800

C:\Windows\System\KvvTpOM.exe
C:\Windows\System\KvvTpOM.exe
2⤵
PID:8816

C:\Windows\System\oLOYrfi.exe
C:\Windows\System\oLOYrfi.exe
2⤵
PID:8856

C:\Windows\System\OrGhJuh.exe
C:\Windows\System\OrGhJuh.exe
2⤵
PID:8884

C:\Windows\System\EnPEmEO.exe
C:\Windows\System\EnPEmEO.exe
2⤵
PID:8900

C:\Windows\System\QbcmFXF.exe
C:\Windows\System\QbcmFXF.exe
2⤵
PID:8928

C:\Windows\System\JODuyrP.exe
C:\Windows\System\JODuyrP.exe
2⤵
PID:8960

C:\Windows\System\tDbcOob.exe
C:\Windows\System\tDbcOob.exe
2⤵
PID:8984

C:\Windows\System\ALwaRvr.exe
C:\Windows\System\ALwaRvr.exe
2⤵
PID:9024

C:\Windows\System\fArCwYK.exe
C:\Windows\System\fArCwYK.exe
2⤵
PID:9052

C:\Windows\System\jLIMmGl.exe
C:\Windows\System\jLIMmGl.exe
2⤵
PID:9080

C:\Windows\System\zmJsnxG.exe
C:\Windows\System\zmJsnxG.exe
2⤵
PID:9108

C:\Windows\System\MevjroZ.exe
C:\Windows\System\MevjroZ.exe
2⤵
PID:9136

C:\Windows\System\DjYSVFH.exe
C:\Windows\System\DjYSVFH.exe
2⤵
PID:9164

C:\Windows\System\uqHZvHs.exe
C:\Windows\System\uqHZvHs.exe
2⤵
PID:9192

C:\Windows\System\oAKVsqG.exe
C:\Windows\System\oAKVsqG.exe
2⤵
PID:8200

C:\Windows\System\nnkLLWe.exe
C:\Windows\System\nnkLLWe.exe
2⤵
PID:8252

C:\Windows\System\mGJrBYz.exe
C:\Windows\System\mGJrBYz.exe
2⤵
PID:8336

C:\Windows\System\RUZKqYJ.exe
C:\Windows\System\RUZKqYJ.exe
2⤵
PID:8404

C:\Windows\System\SzqSank.exe
C:\Windows\System\SzqSank.exe
2⤵
PID:8476

C:\Windows\System\aFRbeju.exe
C:\Windows\System\aFRbeju.exe
2⤵
PID:8544

C:\Windows\System\xKpDKtq.exe
C:\Windows\System\xKpDKtq.exe
2⤵
PID:8596

C:\Windows\System\oOenDmN.exe
C:\Windows\System\oOenDmN.exe
2⤵
PID:8664

C:\Windows\System\YtZbLJZ.exe
C:\Windows\System\YtZbLJZ.exe
2⤵
PID:8728

C:\Windows\System\sqctgbh.exe
C:\Windows\System\sqctgbh.exe
2⤵
PID:8840

C:\Windows\System\YWeAyQI.exe
C:\Windows\System\YWeAyQI.exe
2⤵
PID:8876

C:\Windows\System\duKgXca.exe
C:\Windows\System\duKgXca.exe
2⤵
PID:8940

C:\Windows\System\pNkTokC.exe
C:\Windows\System\pNkTokC.exe
2⤵
PID:9020

C:\Windows\System\Kajapqk.exe
C:\Windows\System\Kajapqk.exe
2⤵
PID:9120

C:\Windows\System\qfvZoOv.exe
C:\Windows\System\qfvZoOv.exe
2⤵
PID:8256

C:\Windows\System\bPVrGqA.exe
C:\Windows\System\bPVrGqA.exe
2⤵
PID:8364

C:\Windows\System\LFZYRar.exe
C:\Windows\System\LFZYRar.exe
2⤵
PID:8592

C:\Windows\System\QTDinNV.exe
C:\Windows\System\QTDinNV.exe
2⤵
PID:8700

C:\Windows\System\QLDivwQ.exe
C:\Windows\System\QLDivwQ.exe
2⤵
PID:8844

C:\Windows\System\CfnwrRU.exe
C:\Windows\System\CfnwrRU.exe
2⤵
PID:8016

C:\Windows\System\AhzSAoF.exe
C:\Windows\System\AhzSAoF.exe
2⤵
PID:8308

C:\Windows\System\sgYrwIz.exe
C:\Windows\System\sgYrwIz.exe
2⤵
PID:8668

C:\Windows\System\UhKTjWc.exe
C:\Windows\System\UhKTjWc.exe
2⤵
PID:8808

C:\Windows\System\UDysoEw.exe
C:\Windows\System\UDysoEw.exe
2⤵
PID:8532

C:\Windows\System\MucWsSn.exe
C:\Windows\System\MucWsSn.exe
2⤵
PID:9232

C:\Windows\System\ffNnHGf.exe
C:\Windows\System\ffNnHGf.exe
2⤵
PID:9260

C:\Windows\System\JnSSvYq.exe
C:\Windows\System\JnSSvYq.exe
2⤵
PID:9312

C:\Windows\System\jBJwtoW.exe
C:\Windows\System\jBJwtoW.exe
2⤵
PID:9368

C:\Windows\System\TNkTPZM.exe
C:\Windows\System\TNkTPZM.exe
2⤵
PID:9396

C:\Windows\System\eDVBINh.exe
C:\Windows\System\eDVBINh.exe
2⤵
PID:9412

C:\Windows\System\YWMNHhX.exe
C:\Windows\System\YWMNHhX.exe
2⤵
PID:9436

C:\Windows\System\MSrEUXU.exe
C:\Windows\System\MSrEUXU.exe
2⤵
PID:9464

C:\Windows\System\GMBRife.exe
C:\Windows\System\GMBRife.exe
2⤵
PID:9504

C:\Windows\System\BINOaQK.exe
C:\Windows\System\BINOaQK.exe
2⤵
PID:9544

C:\Windows\System\YUFZWFV.exe
C:\Windows\System\YUFZWFV.exe
2⤵
PID:9572

C:\Windows\System\VCQcJgo.exe
C:\Windows\System\VCQcJgo.exe
2⤵
PID:9604

C:\Windows\System\bpryShH.exe
C:\Windows\System\bpryShH.exe
2⤵
PID:9620

C:\Windows\System\tBLLsHz.exe
C:\Windows\System\tBLLsHz.exe
2⤵
PID:9648

C:\Windows\System\IOnlBiw.exe
C:\Windows\System\IOnlBiw.exe
2⤵
PID:9668

C:\Windows\System\uzOGWDn.exe
C:\Windows\System\uzOGWDn.exe
2⤵
PID:9696

C:\Windows\System\nnRaqaX.exe
C:\Windows\System\nnRaqaX.exe
2⤵
PID:9724

C:\Windows\System\krOzhIm.exe
C:\Windows\System\krOzhIm.exe
2⤵
PID:9752

C:\Windows\System\lPKoeSZ.exe
C:\Windows\System\lPKoeSZ.exe
2⤵
PID:9784

C:\Windows\System\xGEWkFY.exe
C:\Windows\System\xGEWkFY.exe
2⤵
PID:9812

C:\Windows\System\WgNVGDt.exe
C:\Windows\System\WgNVGDt.exe
2⤵
PID:9848

C:\Windows\System\MCEdHfy.exe
C:\Windows\System\MCEdHfy.exe
2⤵
PID:9884

C:\Windows\System\niwTnXz.exe
C:\Windows\System\niwTnXz.exe
2⤵
PID:9912

C:\Windows\System\IRjGQjl.exe
C:\Windows\System\IRjGQjl.exe
2⤵
PID:9940

C:\Windows\System\ROBvUsc.exe
C:\Windows\System\ROBvUsc.exe
2⤵
PID:9972

C:\Windows\System\bzUrjpw.exe
C:\Windows\System\bzUrjpw.exe
2⤵
PID:10008

C:\Windows\System\kTykiAC.exe
C:\Windows\System\kTykiAC.exe
2⤵
PID:10036

C:\Windows\System\KERIqPp.exe
C:\Windows\System\KERIqPp.exe
2⤵
PID:10052

C:\Windows\System\cGOglRe.exe
C:\Windows\System\cGOglRe.exe
2⤵
PID:10080

C:\Windows\System\pDhPCqT.exe
C:\Windows\System\pDhPCqT.exe
2⤵
PID:10104

C:\Windows\System\fooYIOh.exe
C:\Windows\System\fooYIOh.exe
2⤵
PID:10128

C:\Windows\System\FkgmoTD.exe
C:\Windows\System\FkgmoTD.exe
2⤵
PID:10152

C:\Windows\System\uLZxvOK.exe
C:\Windows\System\uLZxvOK.exe
2⤵
PID:10176

C:\Windows\System\QbIAtzD.exe
C:\Windows\System\QbIAtzD.exe
2⤵
PID:10204

C:\Windows\System\nMYatWp.exe
C:\Windows\System\nMYatWp.exe
2⤵
PID:9252

C:\Windows\System\ZkYNRCk.exe
C:\Windows\System\ZkYNRCk.exe
2⤵
PID:9356

C:\Windows\System\dvmzPgU.exe
C:\Windows\System\dvmzPgU.exe
2⤵
PID:9404

C:\Windows\System\gdzMbUf.exe
C:\Windows\System\gdzMbUf.exe
2⤵
PID:9492

C:\Windows\System\yuZwkHX.exe
C:\Windows\System\yuZwkHX.exe
2⤵
PID:9540

C:\Windows\System\xofQwIa.exe
C:\Windows\System\xofQwIa.exe
2⤵
PID:9632

C:\Windows\System\nwTKdUf.exe
C:\Windows\System\nwTKdUf.exe
2⤵
PID:9688

C:\Windows\System\nhtFsSw.exe
C:\Windows\System\nhtFsSw.exe
2⤵
PID:9764

C:\Windows\System\rskBJsj.exe
C:\Windows\System\rskBJsj.exe
2⤵
PID:9824

C:\Windows\System\VErUGLJ.exe
C:\Windows\System\VErUGLJ.exe
2⤵
PID:9900

C:\Windows\System\WUcamVx.exe
C:\Windows\System\WUcamVx.exe
2⤵
PID:9952

C:\Windows\System\nXLWczJ.exe
C:\Windows\System\nXLWczJ.exe
2⤵
PID:10020

C:\Windows\System\tTrdVNa.exe
C:\Windows\System\tTrdVNa.exe
2⤵
PID:10088

C:\Windows\System\sGnDrwf.exe
C:\Windows\System\sGnDrwf.exe
2⤵
PID:10100

C:\Windows\System\MdOsJzu.exe
C:\Windows\System\MdOsJzu.exe
2⤵
PID:10220

C:\Windows\System\weInbMR.exe
C:\Windows\System\weInbMR.exe
2⤵
PID:9292

C:\Windows\System\MgouhQG.exe
C:\Windows\System\MgouhQG.exe
2⤵
PID:9528

C:\Windows\System\dGmQYzY.exe
C:\Windows\System\dGmQYzY.exe
2⤵
PID:9656

C:\Windows\System\vruSjcD.exe
C:\Windows\System\vruSjcD.exe
2⤵
PID:9804

C:\Windows\System\sRfeBXk.exe
C:\Windows\System\sRfeBXk.exe
2⤵
PID:10000

C:\Windows\System\rLXkYyB.exe
C:\Windows\System\rLXkYyB.exe
2⤵
PID:10144

C:\Windows\System\qQqsDBZ.exe
C:\Windows\System\qQqsDBZ.exe
2⤵
PID:8980

C:\Windows\System\YxLALwV.exe
C:\Windows\System\YxLALwV.exe
2⤵
PID:9488

C:\Windows\System\jwvShkI.exe
C:\Windows\System\jwvShkI.exe
2⤵
PID:10044

C:\Windows\System\jQEOOIF.exe
C:\Windows\System\jQEOOIF.exe
2⤵
PID:9768

C:\Windows\System\niBsZkH.exe
C:\Windows\System\niBsZkH.exe
2⤵
PID:10244

C:\Windows\System\oJNJTKB.exe
C:\Windows\System\oJNJTKB.exe
2⤵
PID:10268

C:\Windows\System\bdglmYy.exe
C:\Windows\System\bdglmYy.exe
2⤵
PID:10300

C:\Windows\System\XxCIXaJ.exe
C:\Windows\System\XxCIXaJ.exe
2⤵
PID:10332

C:\Windows\System\YGljUyT.exe
C:\Windows\System\YGljUyT.exe
2⤵
PID:10348

C:\Windows\System\kJqklXv.exe
C:\Windows\System\kJqklXv.exe
2⤵
PID:10388

C:\Windows\System\iwcqzqv.exe
C:\Windows\System\iwcqzqv.exe
2⤵
PID:10408

C:\Windows\System\AmCTwBS.exe
C:\Windows\System\AmCTwBS.exe
2⤵
PID:10444

C:\Windows\System\kqFYtVn.exe
C:\Windows\System\kqFYtVn.exe
2⤵
PID:10464

C:\Windows\System\pKyEoIU.exe
C:\Windows\System\pKyEoIU.exe
2⤵
PID:10500

C:\Windows\System\FQdLXBj.exe
C:\Windows\System\FQdLXBj.exe
2⤵
PID:10516

C:\Windows\System\NewDZpv.exe
C:\Windows\System\NewDZpv.exe
2⤵
PID:10560

C:\Windows\System\NUeMaTy.exe
C:\Windows\System\NUeMaTy.exe
2⤵
PID:10584

C:\Windows\System\XwvSqfO.exe
C:\Windows\System\XwvSqfO.exe
2⤵
PID:10604

C:\Windows\System\hiSnkQp.exe
C:\Windows\System\hiSnkQp.exe
2⤵
PID:10628

C:\Windows\System\nTtqTGI.exe
C:\Windows\System\nTtqTGI.exe
2⤵
PID:10648

C:\Windows\System\kYgVYVo.exe
C:\Windows\System\kYgVYVo.exe
2⤵
PID:10684

C:\Windows\System\uAjPBqo.exe
C:\Windows\System\uAjPBqo.exe
2⤵
PID:10712

C:\Windows\System\MoKdQVR.exe
C:\Windows\System\MoKdQVR.exe
2⤵
PID:10740

C:\Windows\System\YTpqozx.exe
C:\Windows\System\YTpqozx.exe
2⤵
PID:10784

C:\Windows\System\mYoBYvf.exe
C:\Windows\System\mYoBYvf.exe
2⤵
PID:10804

C:\Windows\System\uqBMhJt.exe
C:\Windows\System\uqBMhJt.exe
2⤵
PID:10828

C:\Windows\System\rJdJKgV.exe
C:\Windows\System\rJdJKgV.exe
2⤵
PID:10860

C:\Windows\System\UEXXhjI.exe
C:\Windows\System\UEXXhjI.exe
2⤵
PID:10896

C:\Windows\System\uCgEeqz.exe
C:\Windows\System\uCgEeqz.exe
2⤵
PID:10924

C:\Windows\System\RmAGTso.exe
C:\Windows\System\RmAGTso.exe
2⤵
PID:10952

C:\Windows\System\mrrKTIW.exe
C:\Windows\System\mrrKTIW.exe
2⤵
PID:10976

C:\Windows\System\qwGzqdo.exe
C:\Windows\System\qwGzqdo.exe
2⤵
PID:11008

C:\Windows\System\FdaldjC.exe
C:\Windows\System\FdaldjC.exe
2⤵
PID:11036

C:\Windows\System\PKxuwQd.exe
C:\Windows\System\PKxuwQd.exe
2⤵
PID:11068

C:\Windows\System\aHMSbpN.exe
C:\Windows\System\aHMSbpN.exe
2⤵
PID:11084

C:\Windows\System\IxgowZt.exe
C:\Windows\System\IxgowZt.exe
2⤵
PID:11124

C:\Windows\System\xxaVolE.exe
C:\Windows\System\xxaVolE.exe
2⤵
PID:11152

C:\Windows\System\HwXEzzy.exe
C:\Windows\System\HwXEzzy.exe
2⤵
PID:11176

C:\Windows\System\lZPARIh.exe
C:\Windows\System\lZPARIh.exe
2⤵
PID:11208

C:\Windows\System\XrlnoKo.exe
C:\Windows\System\XrlnoKo.exe
2⤵
PID:11224

C:\Windows\System\vAwIOKc.exe
C:\Windows\System\vAwIOKc.exe
2⤵
PID:11244

C:\Windows\System\asKIFjL.exe
C:\Windows\System\asKIFjL.exe
2⤵
PID:11260

C:\Windows\System\JjpAQyT.exe
C:\Windows\System\JjpAQyT.exe
2⤵
PID:10328

C:\Windows\System\ApkJVPJ.exe
C:\Windows\System\ApkJVPJ.exe
2⤵
PID:10432

C:\Windows\System\uVxXGnD.exe
C:\Windows\System\uVxXGnD.exe
2⤵
PID:10476

C:\Windows\System\nYsOlgk.exe
C:\Windows\System\nYsOlgk.exe
2⤵
PID:10512

C:\Windows\System\GBfCmAO.exe
C:\Windows\System\GBfCmAO.exe
2⤵
PID:10596

C:\Windows\System\BUMmBCH.exe
C:\Windows\System\BUMmBCH.exe
2⤵
PID:10672

C:\Windows\System\tRNaWYB.exe
C:\Windows\System\tRNaWYB.exe
2⤵
PID:10724

C:\Windows\System\FFGtviO.exe
C:\Windows\System\FFGtviO.exe
2⤵
PID:10772

C:\Windows\System\zXzULrU.exe
C:\Windows\System\zXzULrU.exe
2⤵
PID:10840

C:\Windows\System\nXatAwt.exe
C:\Windows\System\nXatAwt.exe
2⤵
PID:10888

C:\Windows\System\KzNRUfo.exe
C:\Windows\System\KzNRUfo.exe
2⤵
PID:10992

C:\Windows\System\TAcTMVu.exe
C:\Windows\System\TAcTMVu.exe
2⤵
PID:11060

C:\Windows\System\zCckOLJ.exe
C:\Windows\System\zCckOLJ.exe
2⤵
PID:11120

C:\Windows\System\KMmEBPF.exe
C:\Windows\System\KMmEBPF.exe
2⤵
PID:11168

C:\Windows\System\xrnOnNr.exe
C:\Windows\System\xrnOnNr.exe
2⤵
PID:11236

C:\Windows\System\VSGncOI.exe
C:\Windows\System\VSGncOI.exe
2⤵
PID:10316

C:\Windows\System\ZadBoTb.exe
C:\Windows\System\ZadBoTb.exe
2⤵
PID:10508

C:\Windows\System\uUgfpxu.exe
C:\Windows\System\uUgfpxu.exe
2⤵
PID:10612

C:\Windows\System\iWeMbcN.exe
C:\Windows\System\iWeMbcN.exe
2⤵
PID:10760

C:\Windows\System\qJyJJVs.exe
C:\Windows\System\qJyJJVs.exe
2⤵
PID:10844

C:\Windows\System\NFxRFYw.exe
C:\Windows\System\NFxRFYw.exe
2⤵
PID:11028

C:\Windows\System\ITcXZQJ.exe
C:\Windows\System\ITcXZQJ.exe
2⤵
PID:11252

C:\Windows\System\rGpYHcf.exe
C:\Windows\System\rGpYHcf.exe
2⤵
PID:10460

C:\Windows\System\HGQecOI.exe
C:\Windows\System\HGQecOI.exe
2⤵
PID:11232

C:\Windows\System\SpcjJsb.exe
C:\Windows\System\SpcjJsb.exe
2⤵
PID:10984

C:\Windows\System\IfAFeoX.exe
C:\Windows\System\IfAFeoX.exe
2⤵
PID:10572

C:\Windows\System\gpoGCIZ.exe
C:\Windows\System\gpoGCIZ.exe
2⤵
PID:10944

C:\Windows\System\taplAPB.exe
C:\Windows\System\taplAPB.exe
2⤵
PID:11284

C:\Windows\System\AsDZYsf.exe
C:\Windows\System\AsDZYsf.exe
2⤵
PID:11300

C:\Windows\System\vZElsfi.exe
C:\Windows\System\vZElsfi.exe
2⤵
PID:11332

C:\Windows\System\XOOYAHO.exe
C:\Windows\System\XOOYAHO.exe
2⤵
PID:11380

C:\Windows\System\CpeJvcJ.exe
C:\Windows\System\CpeJvcJ.exe
2⤵
PID:11396

C:\Windows\System\dWbZwbv.exe
C:\Windows\System\dWbZwbv.exe
2⤵
PID:11424

C:\Windows\System\pSBnsTC.exe
C:\Windows\System\pSBnsTC.exe
2⤵
PID:11444

C:\Windows\System\CKDEEUc.exe
C:\Windows\System\CKDEEUc.exe
2⤵
PID:11468

C:\Windows\System\jndFPRK.exe
C:\Windows\System\jndFPRK.exe
2⤵
PID:11500

C:\Windows\System\iDRvCtP.exe
C:\Windows\System\iDRvCtP.exe
2⤵
PID:11532

C:\Windows\System\maByNnW.exe
C:\Windows\System\maByNnW.exe
2⤵
PID:11552

C:\Windows\System\BvIYcXZ.exe
C:\Windows\System\BvIYcXZ.exe
2⤵
PID:11580

C:\Windows\System\KDgNRrz.exe
C:\Windows\System\KDgNRrz.exe
2⤵
PID:11608

C:\Windows\System\lcRgUeP.exe
C:\Windows\System\lcRgUeP.exe
2⤵
PID:11628

C:\Windows\System\ADRmRME.exe
C:\Windows\System\ADRmRME.exe
2⤵
PID:11676

C:\Windows\System\DQNolID.exe
C:\Windows\System\DQNolID.exe
2⤵
PID:11708

C:\Windows\System\NmZESxY.exe
C:\Windows\System\NmZESxY.exe
2⤵
PID:11728

C:\Windows\System\cshCgfv.exe
C:\Windows\System\cshCgfv.exe
2⤵
PID:11760

C:\Windows\System\pToPemh.exe
C:\Windows\System\pToPemh.exe
2⤵
PID:11792

C:\Windows\System\YSebaqJ.exe
C:\Windows\System\YSebaqJ.exe
2⤵
PID:11820

C:\Windows\System\OKEBkTj.exe
C:\Windows\System\OKEBkTj.exe
2⤵
PID:11840

C:\Windows\System\aCczuWf.exe
C:\Windows\System\aCczuWf.exe
2⤵
PID:11864

C:\Windows\System\VrvFYDw.exe
C:\Windows\System\VrvFYDw.exe
2⤵
PID:11888

C:\Windows\System\KtNPiLl.exe
C:\Windows\System\KtNPiLl.exe
2⤵
PID:11928

C:\Windows\System\ongsOKG.exe
C:\Windows\System\ongsOKG.exe
2⤵
PID:11944

C:\Windows\System\hvpOoRP.exe
C:\Windows\System\hvpOoRP.exe
2⤵
PID:11964

C:\Windows\System\Flqqvhg.exe
C:\Windows\System\Flqqvhg.exe
2⤵
PID:11996

C:\Windows\System\JzJmSKd.exe
C:\Windows\System\JzJmSKd.exe
2⤵
PID:12024

C:\Windows\System\vUAkAwy.exe
C:\Windows\System\vUAkAwy.exe
2⤵
PID:12056

C:\Windows\System\ZYrRkyl.exe
C:\Windows\System\ZYrRkyl.exe
2⤵
PID:12076

C:\Windows\System\vBaSRna.exe
C:\Windows\System\vBaSRna.exe
2⤵
PID:12128

C:\Windows\System\MmTCPwG.exe
C:\Windows\System\MmTCPwG.exe
2⤵
PID:12148

C:\Windows\System\uOtkWOh.exe
C:\Windows\System\uOtkWOh.exe
2⤵
PID:12184

C:\Windows\System\PhrMFeA.exe
C:\Windows\System\PhrMFeA.exe
2⤵
PID:12216

C:\Windows\System\XvwunAO.exe
C:\Windows\System\XvwunAO.exe
2⤵
PID:12244

C:\Windows\System\DlTAgxK.exe
C:\Windows\System\DlTAgxK.exe
2⤵
PID:12272

C:\Windows\System\DLSKbMZ.exe
C:\Windows\System\DLSKbMZ.exe
2⤵
PID:11272

C:\Windows\System\ymnzgOy.exe
C:\Windows\System\ymnzgOy.exe
2⤵
PID:2176

C:\Windows\System\QMzudMm.exe
C:\Windows\System\QMzudMm.exe
2⤵
PID:1196

C:\Windows\System\AivmKix.exe
C:\Windows\System\AivmKix.exe
2⤵
PID:11064

C:\Windows\System\pUcOdtk.exe
C:\Windows\System\pUcOdtk.exe
2⤵
PID:11464

C:\Windows\System\WueYFwP.exe
C:\Windows\System\WueYFwP.exe
2⤵
PID:11528

C:\Windows\System\wdcCAyd.exe
C:\Windows\System\wdcCAyd.exe
2⤵
PID:11616

C:\Windows\System\YbDaYAh.exe
C:\Windows\System\YbDaYAh.exe
2⤵
PID:11696

C:\Windows\System\NZlMdYq.exe
C:\Windows\System\NZlMdYq.exe
2⤵
PID:11752

C:\Windows\System\HQbLAds.exe
C:\Windows\System\HQbLAds.exe
2⤵
PID:11812

C:\Windows\System\JFQQUPL.exe
C:\Windows\System\JFQQUPL.exe
2⤵
PID:11856

C:\Windows\System\fxBkYgz.exe
C:\Windows\System\fxBkYgz.exe
2⤵
PID:11920

C:\Windows\System\AMQUUPq.exe
C:\Windows\System\AMQUUPq.exe
2⤵
PID:12016

C:\Windows\System\YHZAgHL.exe
C:\Windows\System\YHZAgHL.exe
2⤵
PID:12008

C:\Windows\System\GMZPrvS.exe
C:\Windows\System\GMZPrvS.exe
2⤵
PID:12104

C:\Windows\System\saZXgGP.exe
C:\Windows\System\saZXgGP.exe
2⤵
PID:12200

C:\Windows\System\BmFZbHz.exe
C:\Windows\System\BmFZbHz.exe
2⤵
PID:12264

C:\Windows\System\atHojsJ.exe
C:\Windows\System\atHojsJ.exe
2⤵
PID:4452

C:\Windows\System\WJcuIRm.exe
C:\Windows\System\WJcuIRm.exe
2⤵
PID:11436

C:\Windows\System\LpsBwzk.exe
C:\Windows\System\LpsBwzk.exe
2⤵
PID:11524

C:\Windows\System\FunlNUT.exe
C:\Windows\System\FunlNUT.exe
2⤵
PID:4424

C:\Windows\System\TznCaVm.exe
C:\Windows\System\TznCaVm.exe
2⤵
PID:440

C:\Windows\System\Rmmwlrt.exe
C:\Windows\System\Rmmwlrt.exe
2⤵
PID:2392

C:\Windows\System\CzPyUzX.exe
C:\Windows\System\CzPyUzX.exe
2⤵
PID:11804

C:\Windows\System\UQZPOkU.exe
C:\Windows\System\UQZPOkU.exe
2⤵
PID:12040

C:\Windows\System\dxbFASw.exe
C:\Windows\System\dxbFASw.exe
2⤵
PID:12164

C:\Windows\System\LwzTqHu.exe
C:\Windows\System\LwzTqHu.exe
2⤵
PID:11408

C:\Windows\System\JYgHoWq.exe
C:\Windows\System\JYgHoWq.exe
2⤵
PID:2976

C:\Windows\System\WGhmXVz.exe
C:\Windows\System\WGhmXVz.exe
2⤵
PID:4232

C:\Windows\System\TcNQyzU.exe
C:\Windows\System\TcNQyzU.exe
2⤵
PID:11876

C:\Windows\System\TkTCwKZ.exe
C:\Windows\System\TkTCwKZ.exe
2⤵
PID:11352

C:\Windows\System\UFTggIj.exe
C:\Windows\System\UFTggIj.exe
2⤵
PID:4884

C:\Windows\System\bCeYVZD.exe
C:\Windows\System\bCeYVZD.exe
2⤵
PID:12292

C:\Windows\System\fDghUuK.exe
C:\Windows\System\fDghUuK.exe
2⤵
PID:12316

C:\Windows\System\TQkuJTQ.exe
C:\Windows\System\TQkuJTQ.exe
2⤵
PID:12372

C:\Windows\System\AXOtcIP.exe
C:\Windows\System\AXOtcIP.exe
2⤵
PID:12388

C:\Windows\System\ZTVAkYz.exe
C:\Windows\System\ZTVAkYz.exe
2⤵
PID:12424

C:\Windows\System\hffxulM.exe
C:\Windows\System\hffxulM.exe
2⤵
PID:12460

C:\Windows\System\bpspnHE.exe
C:\Windows\System\bpspnHE.exe
2⤵
PID:12476

C:\Windows\System\OwVZCfa.exe
C:\Windows\System\OwVZCfa.exe
2⤵
PID:12504

C:\Windows\System\OLNKNSZ.exe
C:\Windows\System\OLNKNSZ.exe
2⤵
PID:12536

C:\Windows\System\NVBuuds.exe
C:\Windows\System\NVBuuds.exe
2⤵
PID:12560

C:\Windows\System\bNHAzNS.exe
C:\Windows\System\bNHAzNS.exe
2⤵
PID:12588

C:\Windows\System\ORAGYQt.exe
C:\Windows\System\ORAGYQt.exe
2⤵
PID:12616

C:\Windows\System\gogRGuI.exe
C:\Windows\System\gogRGuI.exe
2⤵
PID:12644

C:\Windows\System\fyzSksb.exe
C:\Windows\System\fyzSksb.exe
2⤵
PID:12672

C:\Windows\System\KvUkVCN.exe
C:\Windows\System\KvUkVCN.exe
2⤵
PID:12688

C:\Windows\System\ZtuEYVM.exe
C:\Windows\System\ZtuEYVM.exe
2⤵
PID:12728

C:\Windows\System\xsjMzwD.exe
C:\Windows\System\xsjMzwD.exe
2⤵
PID:12768

C:\Windows\System\xjdfshF.exe
C:\Windows\System\xjdfshF.exe
2⤵
PID:12812

C:\Windows\System\RLDtIHZ.exe
C:\Windows\System\RLDtIHZ.exe
2⤵
PID:12828

C:\Windows\System\bVzacba.exe
C:\Windows\System\bVzacba.exe
2⤵
PID:12856

C:\Windows\System\noKyzCf.exe
C:\Windows\System\noKyzCf.exe
2⤵
PID:12884

C:\Windows\System\bneogxt.exe
C:\Windows\System\bneogxt.exe
2⤵
PID:12920

C:\Windows\System\MryzlbT.exe
C:\Windows\System\MryzlbT.exe
2⤵
PID:12940

C:\Windows\System\MmbFPkJ.exe
C:\Windows\System\MmbFPkJ.exe
2⤵
PID:12964

C:\Windows\System\VDKgTnI.exe
C:\Windows\System\VDKgTnI.exe
2⤵
PID:12992

C:\Windows\System\UMSpYJE.exe
C:\Windows\System\UMSpYJE.exe
2⤵
PID:13024

C:\Windows\System\HKePfsv.exe
C:\Windows\System\HKePfsv.exe
2⤵
PID:13040

C:\Windows\System\HWNYxFn.exe
C:\Windows\System\HWNYxFn.exe
2⤵
PID:13068

C:\Windows\System\VUQZAnP.exe
C:\Windows\System\VUQZAnP.exe
2⤵
PID:13120

C:\Windows\System\DKvzunc.exe
C:\Windows\System\DKvzunc.exe
2⤵
PID:13144

C:\Windows\System\LGPeAEz.exe
C:\Windows\System\LGPeAEz.exe
2⤵
PID:13168

C:\Windows\System\FNpvGwx.exe
C:\Windows\System\FNpvGwx.exe
2⤵
PID:13196

C:\Windows\System\irVXpwc.exe
C:\Windows\System\irVXpwc.exe
2⤵
PID:13224

C:\Windows\System\Oxmgjcd.exe
C:\Windows\System\Oxmgjcd.exe
2⤵
PID:13260

C:\Windows\System\SxFOOhR.exe
C:\Windows\System\SxFOOhR.exe
2⤵
PID:13288

C:\Windows\System\aGDtfDG.exe
C:\Windows\System\aGDtfDG.exe
2⤵
PID:3964

C:\Windows\System\LYYLscr.exe
C:\Windows\System\LYYLscr.exe
2⤵
PID:12308

C:\Windows\System\QuYMAzU.exe
C:\Windows\System\QuYMAzU.exe
2⤵
PID:12380

C:\Windows\System\DWlFGlL.exe
C:\Windows\System\DWlFGlL.exe
2⤵
PID:12416

C:\Windows\System\IegliLS.exe
C:\Windows\System\IegliLS.exe
2⤵
PID:1568

C:\Windows\System\fxjoKhy.exe
C:\Windows\System\fxjoKhy.exe
2⤵
PID:12472

C:\Windows\System\LJHzXVP.exe
C:\Windows\System\LJHzXVP.exe
2⤵
PID:12532

C:\Windows\System\BHgGECz.exe
C:\Windows\System\BHgGECz.exe
2⤵
PID:12572

C:\Windows\System\MbeDyDh.exe
C:\Windows\System\MbeDyDh.exe
2⤵
PID:12636

C:\Windows\System\tUyaLCx.exe
C:\Windows\System\tUyaLCx.exe
2⤵
PID:12660

C:\Windows\System\IaQDuex.exe
C:\Windows\System\IaQDuex.exe
2⤵
PID:12780

C:\Windows\System\fQKPnwz.exe
C:\Windows\System\fQKPnwz.exe
2⤵
PID:12912

C:\Windows\System\CLTekLs.exe
C:\Windows\System\CLTekLs.exe
2⤵
PID:12976

C:\Windows\System\HinemRD.exe
C:\Windows\System\HinemRD.exe
2⤵
PID:13064

C:\Windows\System\jAbXcum.exe
C:\Windows\System\jAbXcum.exe
2⤵
PID:13136

C:\Windows\System\pNDfYkU.exe
C:\Windows\System\pNDfYkU.exe
2⤵
PID:13212

C:\Windows\System\ggyynrT.exe
C:\Windows\System\ggyynrT.exe
2⤵
PID:13252

C:\Windows\System\djpqboK.exe
C:\Windows\System\djpqboK.exe
2⤵
PID:13296

C:\Windows\System\IbbxGlN.exe
C:\Windows\System\IbbxGlN.exe
2⤵
PID:12400

C:\Windows\System\mKtRXrn.exe
C:\Windows\System\mKtRXrn.exe
2⤵
PID:12440

C:\Windows\System\HpNHJZD.exe
C:\Windows\System\HpNHJZD.exe
2⤵
PID:12656

C:\Windows\System\nhAzItN.exe
C:\Windows\System\nhAzItN.exe
2⤵
PID:12844

C:\Windows\System\UtnXMyZ.exe
C:\Windows\System\UtnXMyZ.exe
2⤵
PID:13012

C:\Windows\System\laRfKSq.exe
C:\Windows\System\laRfKSq.exe
2⤵
PID:13156

C:\Windows\System\iCNlBqf.exe
C:\Windows\System\iCNlBqf.exe
2⤵
PID:13280

C:\Windows\System\vZHzsMN.exe
C:\Windows\System\vZHzsMN.exe
2⤵
PID:12344

C:\Windows\System\QyiaQeb.exe
C:\Windows\System\QyiaQeb.exe
2⤵
PID:12896

C:\Windows\System\GvTcSfk.exe
C:\Windows\System\GvTcSfk.exe
2⤵
PID:13236

C:\Windows\System\YxyWxVM.exe
C:\Windows\System\YxyWxVM.exe
2⤵
PID:12628

C:\Windows\System\dWlHvRH.exe
C:\Windows\System\dWlHvRH.exe
2⤵
PID:532

C:\Windows\System\KXpyZjH.exe
C:\Windows\System\KXpyZjH.exe
2⤵
PID:9364

C:\Windows\System\AEWzNMj.exe
C:\Windows\System\AEWzNMj.exe
2⤵
PID:13340

C:\Windows\System\aSufjdq.exe
C:\Windows\System\aSufjdq.exe
2⤵
PID:13368

C:\Windows\System\HXqzIEY.exe
C:\Windows\System\HXqzIEY.exe
2⤵
PID:13384

C:\Windows\System\KpsLpAG.exe
C:\Windows\System\KpsLpAG.exe
2⤵
PID:13424

C:\Windows\System\wUHpgcm.exe
C:\Windows\System\wUHpgcm.exe
2⤵
PID:13440

C:\Windows\System\CWSuUOI.exe
C:\Windows\System\CWSuUOI.exe
2⤵
PID:13476

C:\Windows\System\BRgGZxZ.exe
C:\Windows\System\BRgGZxZ.exe
2⤵
PID:13508

C:\Windows\System\xSioaaE.exe
C:\Windows\System\xSioaaE.exe
2⤵
PID:13536

C:\Windows\System\sElBRWc.exe
C:\Windows\System\sElBRWc.exe
2⤵
PID:13564

C:\Windows\System\dpHmFGa.exe
C:\Windows\System\dpHmFGa.exe
2⤵
PID:13592

C:\Windows\System\rFIgTDi.exe
C:\Windows\System\rFIgTDi.exe
2⤵
PID:13620

C:\Windows\System\vqwQsJE.exe
C:\Windows\System\vqwQsJE.exe
2⤵
PID:13648

C:\Windows\System\nLybHkf.exe
C:\Windows\System\nLybHkf.exe
2⤵
PID:13664

C:\Windows\System\AjFDvrs.exe
C:\Windows\System\AjFDvrs.exe
2⤵
PID:13680

C:\Windows\System\asUCuBA.exe
C:\Windows\System\asUCuBA.exe
2⤵
PID:13700

C:\Windows\System\gvTuVid.exe
C:\Windows\System\gvTuVid.exe
2⤵
PID:13760

C:\Windows\System\eRJckmz.exe
C:\Windows\System\eRJckmz.exe
2⤵
PID:13788

C:\Windows\System\YHuCIQf.exe
C:\Windows\System\YHuCIQf.exe
2⤵
PID:13816

C:\Windows\System\OxchWDH.exe
C:\Windows\System\OxchWDH.exe
2⤵
PID:13844

C:\Windows\System\aqydoNR.exe
C:\Windows\System\aqydoNR.exe
2⤵
PID:13864

C:\Windows\System\TPMIWbN.exe
C:\Windows\System\TPMIWbN.exe
2⤵
PID:13888

C:\Windows\System\grsvMSe.exe
C:\Windows\System\grsvMSe.exe
2⤵
PID:13916

C:\Windows\System\qojnjWs.exe
C:\Windows\System\qojnjWs.exe
2⤵
PID:13944

C:\Windows\System\fMqeBVu.exe
C:\Windows\System\fMqeBVu.exe
2⤵
PID:13972

C:\Windows\System\dRuPtUu.exe
C:\Windows\System\dRuPtUu.exe
2⤵
PID:14000

C:\Windows\System\SqdTUsD.exe
C:\Windows\System\SqdTUsD.exe
2⤵
PID:14028

C:\Windows\System\QNFrwtt.exe
C:\Windows\System\QNFrwtt.exe
2⤵
PID:14064

C:\Windows\System\JNOAqoB.exe
C:\Windows\System\JNOAqoB.exe
2⤵
PID:14088

C:\Windows\System\uUUmXWr.exe
C:\Windows\System\uUUmXWr.exe
2⤵
PID:14124

C:\Windows\System\pxSdkPt.exe
C:\Windows\System\pxSdkPt.exe
2⤵
PID:14152

C:\Windows\System\YZIfTkU.exe
C:\Windows\System\YZIfTkU.exe
2⤵
PID:14180

C:\Windows\System\DHSIzzC.exe
C:\Windows\System\DHSIzzC.exe
2⤵
PID:14208

C:\Windows\System\OMKxvdA.exe
C:\Windows\System\OMKxvdA.exe
2⤵
PID:14224

C:\Windows\System\wxXxDCK.exe
C:\Windows\System\wxXxDCK.exe
2⤵
PID:14264

C:\Windows\System\ZLWQANJ.exe
C:\Windows\System\ZLWQANJ.exe
2⤵
PID:14292

C:\Windows\System\QqFuwOT.exe
C:\Windows\System\QqFuwOT.exe
2⤵
PID:14320

C:\Windows\System\azPqhsQ.exe
C:\Windows\System\azPqhsQ.exe
2⤵
PID:12932

C:\Windows\System\bHQrcvI.exe
C:\Windows\System\bHQrcvI.exe
2⤵
PID:13408

C:\Windows\System\bIcsYCM.exe
C:\Windows\System\bIcsYCM.exe
2⤵
PID:13464

C:\Windows\System\fOBwwbV.exe
C:\Windows\System\fOBwwbV.exe
2⤵
PID:13500

C:\Windows\System\zUHqoUU.exe
C:\Windows\System\zUHqoUU.exe
2⤵
PID:13560

C:\Windows\System\ZlonaYy.exe
C:\Windows\System\ZlonaYy.exe
2⤵
PID:13632

C:\Windows\System\WjERzvD.exe
C:\Windows\System\WjERzvD.exe
2⤵
PID:13720

C:\Windows\System\RGftwMN.exe
C:\Windows\System\RGftwMN.exe
2⤵
PID:13756

C:\Windows\System\UAsUmvP.exe
C:\Windows\System\UAsUmvP.exe
2⤵
PID:13804

C:\Windows\System\KVMJcPH.exe
C:\Windows\System\KVMJcPH.exe
2⤵
PID:13936

C:\Windows\System\TZohRyQ.exe
C:\Windows\System\TZohRyQ.exe
2⤵
PID:13992

C:\Windows\System\syvUbKy.exe
C:\Windows\System\syvUbKy.exe
2⤵
PID:14048

C:\Windows\System\RRlPrsr.exe
C:\Windows\System\RRlPrsr.exe
2⤵
PID:14096

C:\Windows\System\JnGUwVR.exe
C:\Windows\System\JnGUwVR.exe
2⤵
PID:14168

C:\Windows\System\UjcILbw.exe
C:\Windows\System\UjcILbw.exe
2⤵
PID:14216

C:\Windows\System\XQzIHVp.exe
C:\Windows\System\XQzIHVp.exe
2⤵
PID:14276

C:\Windows\System\XsKWLxR.exe
C:\Windows\System\XsKWLxR.exe
2⤵
PID:13332

C:\Windows\System\ugKqzvZ.exe
C:\Windows\System\ugKqzvZ.exe
2⤵
PID:13484

C:\Windows\System\RXDxair.exe
C:\Windows\System\RXDxair.exe
2⤵
PID:13604

C:\Windows\System\wQoGDTB.exe
C:\Windows\System\wQoGDTB.exe
2⤵
PID:13780

C:\Windows\System\oNuyecX.exe
C:\Windows\System\oNuyecX.exe
2⤵
PID:13984

C:\Windows\System\DAnsjrr.exe
C:\Windows\System\DAnsjrr.exe
2⤵
PID:14076

C:\Windows\System\EIGhTla.exe
C:\Windows\System\EIGhTla.exe
2⤵
PID:14328

C:\Windows\System\XOCrDMj.exe
C:\Windows\System\XOCrDMj.exe
2⤵
PID:13608

C:\Windows\System\iRJzyBi.exe
C:\Windows\System\iRJzyBi.exe
2⤵
PID:1856

C:\Windows\System\JCNjlpn.exe
C:\Windows\System\JCNjlpn.exe
2⤵
PID:2380

C:\Windows\System\SeOfJhb.exe
C:\Windows\System\SeOfJhb.exe
2⤵
PID:14140

C:\Windows\System\SkYLhNo.exe
C:\Windows\System\SkYLhNo.exe
2⤵
PID:13380

C:\Windows\System\bFnDGYT.exe
C:\Windows\System\bFnDGYT.exe
2⤵
PID:880

C:\Windows\System\YmvtQUU.exe
C:\Windows\System\YmvtQUU.exe
2⤵
PID:13436

C:\Windows\System\uqIOVRj.exe
C:\Windows\System\uqIOVRj.exe
2⤵
PID:14364

C:\Windows\System\xttPdnW.exe
C:\Windows\System\xttPdnW.exe
2⤵
PID:14388

C:\Windows\System\FroeHKy.exe
C:\Windows\System\FroeHKy.exe
2⤵
PID:14424

C:\Windows\System\kGdNuNe.exe
C:\Windows\System\kGdNuNe.exe
2⤵
PID:14440

C:\Windows\System\WAfthUF.exe
C:\Windows\System\WAfthUF.exe
2⤵
PID:14476

C:\Windows\System\KmwvUhs.exe
C:\Windows\System\KmwvUhs.exe
2⤵
PID:14496

C:\Windows\System\zxmJnSk.exe
C:\Windows\System\zxmJnSk.exe
2⤵
PID:14532

C:\Windows\System\JdvOper.exe
C:\Windows\System\JdvOper.exe
2⤵
PID:14572

C:\Windows\System\iKFfjLc.exe
C:\Windows\System\iKFfjLc.exe
2⤵
PID:14600

C:\Windows\System\qrYeJhL.exe
C:\Windows\System\qrYeJhL.exe
2⤵
PID:14620

C:\Windows\System\wysKGox.exe
C:\Windows\System\wysKGox.exe
2⤵
PID:14656

C:\Windows\System\ZSUoBOd.exe
C:\Windows\System\ZSUoBOd.exe
2⤵
PID:14672

C:\Windows\System\VVRiJSN.exe
C:\Windows\System\VVRiJSN.exe
2⤵
PID:14712

C:\Windows\System\XfirbhJ.exe
C:\Windows\System\XfirbhJ.exe
2⤵
PID:14728

C:\Windows\System\GxnKzdH.exe
C:\Windows\System\GxnKzdH.exe
2⤵
PID:14768

C:\Windows\System\NeeKCme.exe
C:\Windows\System\NeeKCme.exe
2⤵
PID:14784

C:\Windows\System\aBMVreT.exe
C:\Windows\System\aBMVreT.exe
2⤵
PID:14812

C:\Windows\System\sKVVdth.exe
C:\Windows\System\sKVVdth.exe
2⤵
PID:14840

C:\Windows\System\qkzuecG.exe
C:\Windows\System\qkzuecG.exe
2⤵
PID:14868

C:\Windows\System\OxZQlAo.exe
C:\Windows\System\OxZQlAo.exe
2⤵
PID:14892

C:\Windows\System\pPMUfst.exe
C:\Windows\System\pPMUfst.exe
2⤵
PID:14916

C:\Windows\System\CTfXZXg.exe
C:\Windows\System\CTfXZXg.exe
2⤵
PID:14948

C:\Windows\System\WqVRrVG.exe
C:\Windows\System\WqVRrVG.exe
2⤵
PID:14972

C:\Windows\System\RmSqaQi.exe
C:\Windows\System\RmSqaQi.exe
2⤵
PID:15000

C:\Windows\System\baeNnth.exe
C:\Windows\System\baeNnth.exe
2⤵
PID:15044

C:\Windows\System\mewDOww.exe
C:\Windows\System\mewDOww.exe
2⤵
PID:15064

C:\Windows\System\zqqHUtL.exe
C:\Windows\System\zqqHUtL.exe
2⤵
PID:15092

C:\Windows\System\XoTNHRj.exe
C:\Windows\System\XoTNHRj.exe
2⤵
PID:15116

C:\Windows\System\PVZVpEJ.exe
C:\Windows\System\PVZVpEJ.exe
2⤵
PID:15160

C:\Windows\System\hZHuGAy.exe
C:\Windows\System\hZHuGAy.exe
2⤵
PID:15188

C:\Windows\System\oEnyUBJ.exe
C:\Windows\System\oEnyUBJ.exe
2⤵
PID:15216

C:\Windows\System\uUdWdmS.exe
C:\Windows\System\uUdWdmS.exe
2⤵
PID:15244

C:\Windows\System\wPtirAq.exe
C:\Windows\System\wPtirAq.exe
2⤵
PID:15272

C:\Windows\System\mZtsnVb.exe
C:\Windows\System\mZtsnVb.exe
2⤵
PID:15288

C:\Windows\System\hAWjnys.exe
C:\Windows\System\hAWjnys.exe
2⤵
PID:15328

C:\Windows\System\wOzESZj.exe
C:\Windows\System\wOzESZj.exe
2⤵
PID:15356

C:\Windows\System\ZkwiaLz.exe
C:\Windows\System\ZkwiaLz.exe
2⤵
PID:14380

C:\Windows\System\sObBbbC.exe
C:\Windows\System\sObBbbC.exe
2⤵
PID:14436

C:\Windows\System\rGONwji.exe
C:\Windows\System\rGONwji.exe
2⤵
PID:14516

C:\Windows\System\LPrDZXN.exe
C:\Windows\System\LPrDZXN.exe
2⤵
PID:14552

C:\Windows\System\POUAatJ.exe
C:\Windows\System\POUAatJ.exe
2⤵
PID:14644

C:\Windows\System\EdXHchd.exe
C:\Windows\System\EdXHchd.exe
2⤵
PID:14904

C:\Windows\System\VHQdTRY.exe
C:\Windows\System\VHQdTRY.exe
2⤵
PID:14992

C:\Windows\System\lwvlrAZ.exe
C:\Windows\System\lwvlrAZ.exe
2⤵
PID:15060

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14412

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DMeXTUz.exe
Filesize
2.2MB

MD5
c9522cf36a82c224d5de3d9334defacc

SHA1
331dfbe70fc916dfa29a0c5e2d179dbb9a266028

SHA256
dbd5f3e28b58b8e0d14d45d98bc5b6717577cc7890866969912dadc047aed58b

SHA512
1b8a81c4b176558f1ae4c03b7d44438f97c9518c540cf430407d3ef57e4f823ca2cdd4e0932a6dd77430b576a7c54c2f285294025a65b5160204761a11173423

Download Submit
C:\Windows\System\Djposuv.exe
Filesize
2.2MB

MD5
22b39720e2b3bb8830df83ad894ab0f5

SHA1
857e7cb5f86a694d7bd4ced02cf73d5d878e780f

SHA256
a471a20ee613d44fa9c232eea76be106ab3649f65a0879a08d481b10d234a40d

SHA512
806d04e57cbc9e78c41c9450341a78894a0814bc95ee6668fafd2897ad2116d6a43a451b2c5d7f50b9986604997ca79192cd37542c54c74a67d66b599c15c083

Download Submit
C:\Windows\System\EavOcqB.exe
Filesize
2.2MB

MD5
438a33f8d1f4a3cb823308f742645409

SHA1
553f8390a17991917f3cd6f43cb6e5adc9cff1a7

SHA256
1ac1f39ad8cb8590f55648cafe769bfbf70646ed1a1d2dfa64e4f8d04861f6d7

SHA512
5e5ed9def6ccc410f17753cd0f6bbf9b9054967e851956a6efb774a611bf6da39f6e3793a3a0178ee03359e03ce60905c3a71e2eb762bb44615e1b670227c2ac

Download Submit
C:\Windows\System\GJTtbIY.exe
Filesize
2.2MB

MD5
8964309e37734b25ca7a1c2738bd1819

SHA1
0353f0651deb268fbab8152bf6e976ee073785f9

SHA256
d72d3fb31a080916a08f0102af85d858f1b4321e0abc60bb5a075fee192b8818

SHA512
a57a339f98ddbd0b3e2ccec7a75f1936a448e85bec93bd9b25d524b23703243b77a8d3e62069a132f9c4a2538b84ccd17690c9ad38f9e42c7c7d0bd9c3da80d6

Download Submit
C:\Windows\System\ImIJyUL.exe
Filesize
2.2MB

MD5
95798e2ecffe2427c311311045727558

SHA1
3e954c955c47c8632e7e16bf3d38a8878bf1c52d

SHA256
702537fc3a72da0981c10fee0aac2ac09218907da272b382b6319d70255d160e

SHA512
a962d94e7e5a283c841495f2f0395f733953f1706e4746c48f67befff4bed94a1ef65eb9d342138283d4aa7ee2930c223c4a231b631bb171c1e615ff6f1724e2

Download Submit
C:\Windows\System\KKbsKNd.exe
Filesize
2.2MB

MD5
aae01c0ef9ffc96df629f59c7ad9973f

SHA1
4c1fa92501028315addc995e146759ef4d54c9bf

SHA256
378876a276c0002b8e2eaf2c4f967c5fa6a0cbbc96224e2caec791cb8b27bad7

SHA512
c5aa22469db3ee4f699b5eb25aa47b021afbe8475c89b65dd5049f997087be0d3e744442dc355aca164d2ca402f55b5063619a04e70d95494864d9d1be16e144

Download Submit
C:\Windows\System\LpwYnAf.exe
Filesize
2.2MB

MD5
07aba64ddff86cb77991daaeca9042aa

SHA1
496374c1319630b0b046d08d27213bfe3385269a

SHA256
6ed215850e8d5e3b468664394f4be49aca5aa77a1b66d5af01fb876f36fd2b15

SHA512
6a0716aba44380fa863cf9249bbf7b6d2f22c0369073f18f6cdbf7818ae215515e42cbe7e45d0686808a627055f3738b7346b864bab8207170e61e946ce57543

Download Submit
C:\Windows\System\MJpdJbB.exe
Filesize
2.2MB

MD5
b948f1a8568df7e2326671fd868da200

SHA1
5a59088b4d577b97cbe8553630d374bf69ec96c1

SHA256
2ea75a1412534980efb24e6db2411b62fc974b7063ad89f95fab373401ab7e6e

SHA512
64e05767e3abd1db4276be05b6e92dad5c3642dd0ff481ab4beed13524b1d9eafee7f9edc57f068905d31793ff617b142257128dc1023d30897a3726e2200f56

Download Submit
C:\Windows\System\NbvEybV.exe
Filesize
2.2MB

MD5
cd6d391ef7d9a1ed191fb18329d08250

SHA1
424aee6f69e44ef22bb4b35bd9e21fbf01919de9

SHA256
6ba70d5c10811c7e0b0fe6471a87981d4f15251b9420e0f0e3363a6ba9deac28

SHA512
f1456f2ae8cf0af279310172caf128fd09b0b84308ff831081da16de06d6e82d8387a09f69f37109c36f4b78af354fff2f2bde5706653a29732099e6b9d38cc9

Download Submit
C:\Windows\System\RbVRUqv.exe
Filesize
2.2MB

MD5
bd8f86d4cf9055ff3438c445bb7e13f4

SHA1
e31635fdaf7c54840787528eb837dc79ba6d8d12

SHA256
428bdb20ba65aa42cc7708ce18ab6ee02e8175c9dbcfade4cb495f1bc49ae18e

SHA512
37f316431b51d95525a228a04abd6a97e158fe35ac1d3577dc9021263bb056f84c93ddec06ca4f94313de20f76c8b1935a0ddd4d8e7969fe1aea251a0b870ebd

Download Submit
C:\Windows\System\VeLvIJL.exe
Filesize
2.2MB

MD5
5e2145059987c9ec4d439b3870dfd127

SHA1
501e7b452e291d7404ce3fe7e1356c954b500cdd

SHA256
e1ad143ff0b9d1dc7c16f161bf055754ddc195a4a5a3902b64005bc8f0789797

SHA512
7b16def8fe15a70733dedc92f106d4666b91735bb4860d4e9601a1ca6213c4434d2457a2a6109c1bca0b684688817ce076ed59b7c4036c0cd73de3e418894020

Download Submit
C:\Windows\System\VpfgrRG.exe
Filesize
2.2MB

MD5
7e01243ea4e451b2a26021bf29bba174

SHA1
b8e49f1f18d119311c44c589b7c3629d6e2d2235

SHA256
197bb72f81d9375a1cbe846a81fed544d8644fa6c126366abe419e49ea83bef8

SHA512
f2ddc8a18d4036c4092464bb920a724565f1b945e1553d0a70f5d538092914b91edc9d8b80fa50b0c016a9df7380ee598d1a02e73158d0e9f5815bfa91979c7e

Download Submit
C:\Windows\System\WmnLrFC.exe
Filesize
2.2MB

MD5
9259102856441a9e8fb4331d0ca75c8f

SHA1
faffca765579c2a6e24b5b3ddc58689ea38acd05

SHA256
5097f3972ebd341a0930cee82b31ae9a082199c2d1dcd2c5785833b443d703d5

SHA512
6295610888444cc07705d26d3542cf71b462fd5ca823a582e3b94c2073af7232b84e3a438322e26e9e2ca876af21796d60b5fb048730f8abc79e25a7f9989882

Download Submit
C:\Windows\System\XJruJuc.exe
Filesize
2.2MB

MD5
81a88a48115940d5d77cba89fefdfd37

SHA1
82c1c5ea8234058fb032ab95313e359482519ee5

SHA256
db3f012be5c4e1ec58f283406d05330b98813e0eae4795c98ca6940d7bb50b16

SHA512
904474772e39c9b32e3ac59c203cbbfd555d55e47b32faa3ec98e99c1a75ff71ffbcd5692c0283cd0440468d8a8e9f9847190c9f59f276982533da85b1df81c4

Download Submit
C:\Windows\System\XsSIlFd.exe
Filesize
2.2MB

MD5
ba56345af3e991d55a0d60b2ec04537c

SHA1
0dac419b48dbb3655724bd38a9355b376e0acd6f

SHA256
4689f52de0f0cb1324bf9adbe521e7c929a069be9900f81810a1938ef47d1b32

SHA512
0d48c9338538a51732ec2e8e73fa2b0f09c4df360e01abed21861e6140d1a6e7a8aa62c1bbfbf75070416c21ab267ca2dcbee0283c930c7d3d5f51d540fe9e40

Download Submit
C:\Windows\System\ctvqycc.exe
Filesize
2.2MB

MD5
0821bec8b772f188b1df84798be6981f

SHA1
c4e017f747d27f0cf1b2ea072cbc5bb743d73ebe

SHA256
e97f01e35b6afc6d57860a406ad5ef17f3d96f1b85fa346d2030a8e7293c4336

SHA512
6b349d50cb33feedb7fa90949cac3a0735a6a0d516cddf5840d440b4c0a6848bcdd2518606dbaad3880449d10660d00001da6b13550a5bcaf69767a04249080a

Download Submit
C:\Windows\System\devcXeb.exe
Filesize
2.2MB

MD5
98c205cba5c423f826dfe0fce05ee1d0

SHA1
163dd9ccc44308b106763d5e74cd8ce6e93da32a

SHA256
b3f96f348a18fcc0766fe73102df359b1d2909fa07779937b91dafd81e06b626

SHA512
6f901fdeabbddcd22df3928c04900d992581a43a62e69b3b12ebe70cfbef48db041acb2953c518d20e804f594ae029d9c386ccd69c826ff52c4095631181a1d7

Download Submit
C:\Windows\System\fmMgamu.exe
Filesize
2.2MB

MD5
534450cbb2800f74685c9b8d3f935fca

SHA1
0514dc0deed97c629b940fdfa018341d58a18744

SHA256
0eb2f44d673e56a54e4bb3605de6b5d698cb3dcc8a58dcc3401c1eaa875e7751

SHA512
b5af0bb1cbbf32a9fae459098be0e125e157d65246c681164e77d132c58966c87fc01ff15e23fb2db2c4cadca4a62da0c577cfe5d2ee21456c138171e2ee83a6

Download Submit
C:\Windows\System\jPKMMnJ.exe
Filesize
2.2MB

MD5
1695944402a1165a0aa45652ada9e342

SHA1
4b73eb032e3dfbb2e59004ab102e8d4f12211fc1

SHA256
aeddf297c4704f29874036a1f96caee827931389baa1c60fea46f2ad23890c94

SHA512
3b508ce0c4863ed7d5e09af60a44cbc223b2c1a9a80b8ce43a36d41661b72d4f3ffc2482672e6247bcaa453c004823e751b08d3a2307dc0d958cc138ac6759b0

Download Submit
C:\Windows\System\jdCiQBi.exe
Filesize
2.2MB

MD5
fec85efdebb1af39c52b9a8150912f5f

SHA1
83880ffaced297612979692c60a4094a086bc619

SHA256
92628956c5527232634d31ceb57ef5545aa7ea2c1bf16c045a506ed3a9d977b9

SHA512
840ef70fd5d91b1d156101eb3b22f47778e0ca29627836b105319dc887d4fde601c74384c1c2edea83f1b7ed716770e259aee79336c9386d0216fd261d65dc9b

Download Submit
C:\Windows\System\kBBufNo.exe
Filesize
2.2MB

MD5
78e76c3815443036f9534088368ae27b

SHA1
af19ebe0af326f23019f56a6105fee2c1704428e

SHA256
376d987f6e624a8a32a44d9c40a0830589cd9974c23058ab8c52f14922430cc5

SHA512
5c022261111ca829e856163daa66e1c7cf14bb651da525bbc31b99bd47ac3f8814c65a6f18ca046e467371e2959b270522b59364e7d354d45e51adcc0acbf2ba

Download Submit
C:\Windows\System\mIsgUJq.exe
Filesize
2.2MB

MD5
40a4167f4affea7d421669a56ecf993f

SHA1
b10ab986c512cd17173ef4c5f8bca30539fb1924

SHA256
0fd1692a7c877733a0030eb07cb59610db5cb1a44693790bcf5b2be2ae5ebe1a

SHA512
b769ae8c0d9f8742af5044365cfa33c6b5482acbbbd31bd364d0dac8bca4054c403c4c22178ca0775d997257e7c75a4966fed670a67cc3bdb70a49756e19a955

Download Submit
C:\Windows\System\mNbMpxV.exe
Filesize
2.2MB

MD5
25f25803d3d54b129108599dcad79aee

SHA1
8ce096a030c7147eab5c7045e741e27debebaa9a

SHA256
19038788c71181eb3045d2d1718d0799f27d57a5333a2cf30c65f8cf08f4bb0d

SHA512
5d5b8fe5251f9ae4bb9c7e1565b305496ab2af754985e35cc855d824a2cf7558fa63f27a1be1cdbf1cf4e6808be15f685a887dbd81162f6bef86f07d50be400c

Download Submit
C:\Windows\System\mpROUUL.exe
Filesize
2.2MB

MD5
2ca3c04c7d8e22ed4b01983c6ab6ccc1

SHA1
e957616634763e35956d34070fc823dd71916b82

SHA256
aa30789a098acbf55fb37e87f16e42b7a154817ccf66c7f61db95d1d0529f208

SHA512
ec08f26d9034438c7fb93772472d26fddc16d2fed5544585b80312995f7b6c77bd641b7f57f728bafecc19d6a0e89a843d3975001308bb2a8e01838d486487e6

Download Submit
C:\Windows\System\nwJvyfD.exe
Filesize
2.2MB

MD5
e825b33122ada55b97729d71f83e5408

SHA1
6f3c660bc98f498e9dfd807bc99dda3072f3deb1

SHA256
6bff51f8214ae716d89c5a84b2f00ec6111ec3b6cd5862ca48bf163500c65848

SHA512
b8b256402c1e8897a75ffd520daf27bc8d9844cdb37f850ce28ed387e789061f32a47ebc51d76d04a4d6bd1a413b63163b0b51d341d14dea1e95116c0b5e7e24

Download Submit
C:\Windows\System\ojYaBuc.exe
Filesize
2.2MB

MD5
3a7c283e7387e358af47a4d1231c9692

SHA1
5330c358bb38a97652ca4785295248a8c7dbbb89

SHA256
3ca0a8c7ff6935ed98d4e40132f8d95a937b886f2ed61a2b419808564d501682

SHA512
bb718997ee6d2158292546bb8cc6eedf94760c58203f45a87e013f5444f9ab3e294fe6639622d349a213179c8f9729bf4079948cd1841615c54f9deb1c10e3f0

Download Submit
C:\Windows\System\pLGUtWV.exe
Filesize
2.2MB

MD5
918b4f8185c7b1ba14e114c65767aa2d

SHA1
e308f433e56aba8571d2f6e6f9b6b9832a0ec9e6

SHA256
94cba9378113a4f60f9b13bed0ecf497e7431ee0f6991c26fbe34cc2e49f9ef0

SHA512
1042596bab736b3f22243dd780bc28032df61984162bccdca40a935b41656ae0ca94f6207c8bb6639cf4cf8eee97d288afcefba63678ca7ba6392f6bafad0290

Download Submit
C:\Windows\System\sBQlyeQ.exe
Filesize
2.2MB

MD5
4aae05cda67a013378ef6d4d78b0c6b5

SHA1
66c84063e79ed850649f5b924a8c9e6ae967291a

SHA256
ac8a3f422903b6f5dc582a7f1bd164399a97f72d3d79917d1a10949727c105da

SHA512
7e2d25ef512dd7e834c5f415d824313f8f9b864faed8b0001de8b771febb6013566c0a6676d179820411693fd90070112f75c124857e3961c4692651c428f188

Download Submit
C:\Windows\System\uRkzTED.exe
Filesize
2.2MB

MD5
6ee9d0f1ed35ada900b8a65daec21e16

SHA1
70044882ec74636d1d6ff2ab42f62d33afc9f7e3

SHA256
676e047a060e6193c3780029252f9b9050af3e5fd2dc4e5a0d818900ee6cd778

SHA512
1e0f806ed8cc5ba89e531c6b2a72e900e14f256b9893b2afee743ae3d67cddd8f9ed501accdc96eaff2afa4f14150afc5918998df1948739823e031a5149eaf1

Download Submit
C:\Windows\System\uexDVfK.exe
Filesize
2.2MB

MD5
ed7d8bf51510421857500895394542be

SHA1
a3a9db45aa53bc5b62f6ba3913bd70c4e7f31685

SHA256
ea4865738325f5b6920cb1f681943c28077cb175e38a32f260b513dc1f35a5fd

SHA512
f7d99ca954a3568db8393d5b41f1502f8f36becf9683797b50a34ba6a40c6d9484dc1af731927b038d73ca180ed6971a14a8285ca71fe805345287f0d38bfaea

Download Submit
C:\Windows\System\xlCjEYd.exe
Filesize
2.2MB

MD5
816db52ee968bf30061b0bd914e6945d

SHA1
7ae39ff54822e12cd26f72f12494b4a82c2e77e8

SHA256
5e61470b6bb7b8863a183f1dae64371373ac307cf6eee176927b94733eb42bba

SHA512
e87e57dffcc1a6a34a22fec0801ee39974be8a4b93630b2c01ba2debf9ba471f21d367caa5b7f8ff6a0418b96e7c9b4e5dd268b9fcbe477db196b754a8fb934d

Download Submit
C:\Windows\System\yJlcgTi.exe
Filesize
2.2MB

MD5
27bc3e7fd9e273c137c9fea3c5465357

SHA1
7e53ea9795ba52f185b2add3f37261fd39ae9514

SHA256
fc5ab7dfa09b1a42833d89658f0ef03e8f831cc46ab038dc855f1ef662e11a59

SHA512
101d71c7f36565a501a423a46260417d038874d3f918686847068ab4bc5356d7d4597f5d72ba0e3a2c1923f288b2bfb497a0c2149170870bb5f861426a043fbe

Download Submit
C:\Windows\System\yRtsheY.exe
Filesize
2.2MB

MD5
03012413c0be779e7a6500468c315c84

SHA1
49f88b9d3fda42e415a5317d4dcda6fd29702ebf

SHA256
6aac8e690febef3bef2c3bf6a50c97529633ad885a7035df5e7bdacee685ca3e

SHA512
d48672c6efc5b2f17b97998e41f0622ca62835eb4e3800d2906321a974ce91a4ab0c265010beeff55969602367bcac397a23ed757d414be6c8e0a7441c3c692f

Download Submit
memory/400-149-0x00007FF73FA90000-0x00007FF73FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/400-2262-0x00007FF73FA90000-0x00007FF73FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2256-0x00007FF67FE30000-0x00007FF680184000-memory.dmp

Filesize
3.3MB

Download
memory/1008-123-0x00007FF67FE30000-0x00007FF680184000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2255-0x00007FF604A40000-0x00007FF604D94000-memory.dmp

Filesize
3.3MB

Download
memory/1104-131-0x00007FF604A40000-0x00007FF604D94000-memory.dmp

Filesize
3.3MB

Download
memory/1132-2264-0x00007FF643200000-0x00007FF643554000-memory.dmp

Filesize
3.3MB

Download
memory/1132-194-0x00007FF643200000-0x00007FF643554000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2249-0x00007FF616C70000-0x00007FF616FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-175-0x00007FF616C70000-0x00007FF616FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-33-0x00007FF616C70000-0x00007FF616FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-53-0x00007FF6DF0A0000-0x00007FF6DF3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-598-0x00007FF6DF0A0000-0x00007FF6DF3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2242-0x00007FF6DF0A0000-0x00007FF6DF3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-146-0x00007FF75D5F0000-0x00007FF75D944000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2258-0x00007FF75D5F0000-0x00007FF75D944000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2266-0x00007FF6DB190000-0x00007FF6DB4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-212-0x00007FF6DB190000-0x00007FF6DB4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-63-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2245-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-199-0x00007FF7E5880000-0x00007FF7E5BD4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-162-0x00007FF7BEC70000-0x00007FF7BEFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-22-0x00007FF7BEC70000-0x00007FF7BEFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2239-0x00007FF7BEC70000-0x00007FF7BEFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-2259-0x00007FF636600000-0x00007FF636954000-memory.dmp

Filesize
3.3MB

Download
memory/2088-139-0x00007FF636600000-0x00007FF636954000-memory.dmp

Filesize
3.3MB

Download
memory/2164-44-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp

Filesize
3.3MB

Download
memory/2164-185-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp

Filesize
3.3MB

Download
memory/2164-2248-0x00007FF7047F0000-0x00007FF704B44000-memory.dmp

Filesize
3.3MB

Download
memory/2244-152-0x00007FF695770000-0x00007FF695AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2237-0x00007FF695770000-0x00007FF695AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2261-0x00007FF695770000-0x00007FF695AC4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-0-0x00007FF726110000-0x00007FF726464000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1-0x0000024D51000000-0x0000024D51010000-memory.dmp

Filesize
64KB

Download
memory/2344-150-0x00007FF726110000-0x00007FF726464000-memory.dmp

Filesize
3.3MB

Download
memory/2496-213-0x00007FF758B00000-0x00007FF758E54000-memory.dmp

Filesize
3.3MB

Download
memory/2496-78-0x00007FF758B00000-0x00007FF758E54000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2246-0x00007FF758B00000-0x00007FF758E54000-memory.dmp

Filesize
3.3MB

Download
memory/2724-112-0x00007FF6E9440000-0x00007FF6E9794000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2254-0x00007FF6E9440000-0x00007FF6E9794000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1756-0x00007FF6E9440000-0x00007FF6E9794000-memory.dmp

Filesize
3.3MB

Download
memory/3080-89-0x00007FF69D1A0000-0x00007FF69D4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3080-215-0x00007FF69D1A0000-0x00007FF69D4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3080-2251-0x00007FF69D1A0000-0x00007FF69D4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2243-0x00007FF7AEE20000-0x00007FF7AF174000-memory.dmp

Filesize
3.3MB

Download
memory/3320-40-0x00007FF7AEE20000-0x00007FF7AF174000-memory.dmp

Filesize
3.3MB

Download
memory/3320-203-0x00007FF7AEE20000-0x00007FF7AF174000-memory.dmp

Filesize
3.3MB

Download
memory/3360-171-0x00007FF7C14A0000-0x00007FF7C17F4000-memory.dmp

Filesize
3.3MB

Download
memory/3360-2263-0x00007FF7C14A0000-0x00007FF7C17F4000-memory.dmp

Filesize
3.3MB

Download
memory/3384-2238-0x00007FF67E630000-0x00007FF67E984000-memory.dmp

Filesize
3.3MB

Download
memory/3384-151-0x00007FF67E630000-0x00007FF67E984000-memory.dmp

Filesize
3.3MB

Download
memory/3384-10-0x00007FF67E630000-0x00007FF67E984000-memory.dmp

Filesize
3.3MB

Download
memory/3460-1342-0x00007FF74FF50000-0x00007FF7502A4000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2252-0x00007FF74FF50000-0x00007FF7502A4000-memory.dmp

Filesize
3.3MB

Download
memory/3460-90-0x00007FF74FF50000-0x00007FF7502A4000-memory.dmp

Filesize
3.3MB

Download
memory/3912-165-0x00007FF764F60000-0x00007FF7652B4000-memory.dmp

Filesize
3.3MB

Download
memory/3912-2240-0x00007FF764F60000-0x00007FF7652B4000-memory.dmp

Filesize
3.3MB

Download
memory/3912-28-0x00007FF764F60000-0x00007FF7652B4000-memory.dmp

Filesize
3.3MB

Download
memory/4208-140-0x00007FF62F160000-0x00007FF62F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4208-2260-0x00007FF62F160000-0x00007FF62F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-138-0x00007FF709F00000-0x00007FF70A254000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2257-0x00007FF709F00000-0x00007FF70A254000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2244-0x00007FF7406A0000-0x00007FF7409F4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-67-0x00007FF7406A0000-0x00007FF7409F4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-601-0x00007FF7406A0000-0x00007FF7409F4000-memory.dmp

Filesize
3.3MB

Download
memory/4720-38-0x00007FF706350000-0x00007FF7066A4000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2241-0x00007FF706350000-0x00007FF7066A4000-memory.dmp

Filesize
3.3MB

Download
memory/4904-200-0x00007FF735DD0000-0x00007FF736124000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2265-0x00007FF735DD0000-0x00007FF736124000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2247-0x00007FF688710000-0x00007FF688A64000-memory.dmp

Filesize
3.3MB

Download
memory/4948-85-0x00007FF688710000-0x00007FF688A64000-memory.dmp

Filesize
3.3MB

Download
memory/4980-603-0x00007FF783A40000-0x00007FF783D94000-memory.dmp

Filesize
3.3MB

Download
memory/4980-80-0x00007FF783A40000-0x00007FF783D94000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2250-0x00007FF783A40000-0x00007FF783D94000-memory.dmp

Filesize
3.3MB

Download
memory/5112-107-0x00007FF7B92A0000-0x00007FF7B95F4000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2253-0x00007FF7B92A0000-0x00007FF7B95F4000-memory.dmp

Filesize
3.3MB

Download