xmrig | 7aab8019ddb6d6d6b738feaea31d7e66906e96f0a4574b8b979845db1a0f2a5c

Analysis

max time kernel
130s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
Size

2.1MB
MD5

77c891d1b56b3734e21f4cee95e6f550
SHA1

253cff4f5b63bef109866fdaaa4f3462dd1beb35
SHA256

7aab8019ddb6d6d6b738feaea31d7e66906e96f0a4574b8b979845db1a0f2a5c
SHA512

38b88a9c420fbf00340119f496f6b21906a799f3996eb2ba69b127b23b5eba68b3eb515f22b3b3731ce296f9f4dddac5942b8dca8e8b929011a697e7739e5062
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpuzBF6727vrNaT/QoKWgy0:BezaTF8FcNkNdfE0pZ9ozt4wIQW/yK+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3672-0-0x00007FF717FF0000-0x00007FF718344000-memory.dmp	xmrig
C:\Windows\System\UQNyKag.exe	xmrig
behavioral2/memory/1104-12-0x00007FF6FD910000-0x00007FF6FDC64000-memory.dmp	xmrig
behavioral2/memory/212-16-0x00007FF7433F0000-0x00007FF743744000-memory.dmp	xmrig
C:\Windows\System\ZkMZbGf.exe	xmrig
C:\Windows\System\KvIFSdk.exe	xmrig
behavioral2/memory/4468-24-0x00007FF64ECB0000-0x00007FF64F004000-memory.dmp	xmrig
C:\Windows\System\GgCZDUV.exe	xmrig
C:\Windows\System\iqcRnbN.exe	xmrig
C:\Windows\System\XFqtlUN.exe	xmrig
C:\Windows\System\tAnLomF.exe	xmrig
C:\Windows\System\QgkDeMa.exe	xmrig
C:\Windows\System\epbgivm.exe	xmrig
C:\Windows\System\ogAWfWC.exe	xmrig
C:\Windows\System\ioTLAyv.exe	xmrig
C:\Windows\System\rrLfien.exe	xmrig
C:\Windows\System\MFYLCSI.exe	xmrig
C:\Windows\System\JyYcgOJ.exe	xmrig
behavioral2/memory/1380-438-0x00007FF7989F0000-0x00007FF798D44000-memory.dmp	xmrig
behavioral2/memory/3796-439-0x00007FF7FBED0000-0x00007FF7FC224000-memory.dmp	xmrig
behavioral2/memory/1940-444-0x00007FF71CF00000-0x00007FF71D254000-memory.dmp	xmrig
behavioral2/memory/3904-449-0x00007FF7D0260000-0x00007FF7D05B4000-memory.dmp	xmrig
behavioral2/memory/3424-447-0x00007FF73C4E0000-0x00007FF73C834000-memory.dmp	xmrig
behavioral2/memory/2444-443-0x00007FF6EE110000-0x00007FF6EE464000-memory.dmp	xmrig
behavioral2/memory/4520-431-0x00007FF72D1E0000-0x00007FF72D534000-memory.dmp	xmrig
behavioral2/memory/4772-427-0x00007FF7E4B70000-0x00007FF7E4EC4000-memory.dmp	xmrig
behavioral2/memory/1088-426-0x00007FF714E20000-0x00007FF715174000-memory.dmp	xmrig
behavioral2/memory/3036-419-0x00007FF61FC90000-0x00007FF61FFE4000-memory.dmp	xmrig
behavioral2/memory/4524-416-0x00007FF77B060000-0x00007FF77B3B4000-memory.dmp	xmrig
behavioral2/memory/3628-451-0x00007FF785300000-0x00007FF785654000-memory.dmp	xmrig
behavioral2/memory/2200-452-0x00007FF637380000-0x00007FF6376D4000-memory.dmp	xmrig
behavioral2/memory/5116-450-0x00007FF65C4D0000-0x00007FF65C824000-memory.dmp	xmrig
behavioral2/memory/1800-478-0x00007FF705F10000-0x00007FF706264000-memory.dmp	xmrig
behavioral2/memory/2372-488-0x00007FF7E8C70000-0x00007FF7E8FC4000-memory.dmp	xmrig
behavioral2/memory/4416-496-0x00007FF726340000-0x00007FF726694000-memory.dmp	xmrig
behavioral2/memory/3040-491-0x00007FF767310000-0x00007FF767664000-memory.dmp	xmrig
behavioral2/memory/3148-484-0x00007FF724D00000-0x00007FF725054000-memory.dmp	xmrig
behavioral2/memory/4820-475-0x00007FF6EAAC0000-0x00007FF6EAE14000-memory.dmp	xmrig
behavioral2/memory/1628-467-0x00007FF6C03A0000-0x00007FF6C06F4000-memory.dmp	xmrig
behavioral2/memory/852-453-0x00007FF770AF0000-0x00007FF770E44000-memory.dmp	xmrig
C:\Windows\System\Ivmmvet.exe	xmrig
C:\Windows\System\Tqavsve.exe	xmrig
C:\Windows\System\tsYQeEJ.exe	xmrig
C:\Windows\System\aWYlVya.exe	xmrig
C:\Windows\System\ABPJBcT.exe	xmrig
C:\Windows\System\fJnSBwH.exe	xmrig
C:\Windows\System\ZRTMBKG.exe	xmrig
C:\Windows\System\vzGbnNB.exe	xmrig
C:\Windows\System\oJaimZU.exe	xmrig
C:\Windows\System\VHinOtV.exe	xmrig
C:\Windows\System\nJYvaws.exe	xmrig
C:\Windows\System\zGYBcHx.exe	xmrig
C:\Windows\System\ayuhRlE.exe	xmrig
C:\Windows\System\lsWIhpa.exe	xmrig
C:\Windows\System\IlfSYMd.exe	xmrig
C:\Windows\System\VMeWRDK.exe	xmrig
behavioral2/memory/4264-60-0x00007FF7C3220000-0x00007FF7C3574000-memory.dmp	xmrig
behavioral2/memory/652-55-0x00007FF74ED20000-0x00007FF74F074000-memory.dmp	xmrig
C:\Windows\System\EkdwUeF.exe	xmrig
C:\Windows\System\OqpAKec.exe	xmrig
behavioral2/memory/4732-42-0x00007FF6DB980000-0x00007FF6DBCD4000-memory.dmp	xmrig
behavioral2/memory/2756-37-0x00007FF6EF860000-0x00007FF6EFBB4000-memory.dmp	xmrig
C:\Windows\System\xatNCSC.exe	xmrig
behavioral2/memory/1104-2117-0x00007FF6FD910000-0x00007FF6FDC64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

UQNyKag.exeKvIFSdk.exeZkMZbGf.exexatNCSC.exeGgCZDUV.exeiqcRnbN.exeOqpAKec.exeXFqtlUN.exeEkdwUeF.exetAnLomF.exeVMeWRDK.exeQgkDeMa.exeIlfSYMd.exeepbgivm.exeogAWfWC.exelsWIhpa.exeayuhRlE.exeioTLAyv.exerrLfien.exezGYBcHx.exenJYvaws.exeVHinOtV.exeoJaimZU.exeMFYLCSI.exevzGbnNB.exeZRTMBKG.exefJnSBwH.exeABPJBcT.exeaWYlVya.exetsYQeEJ.exeJyYcgOJ.exeTqavsve.exeIvmmvet.exeFwEyVaE.exeqnmqfyz.exeezJCRiP.exerOObRtH.exeBjUaKQY.exePEbhBLi.exeqIsBQbe.exePISgYdg.exeLfRGQky.exeyQsptKl.exeewXMBoE.exekPKvWhJ.execYYutfS.exenBuqjuU.exeZDyPLMP.exexeYjZEX.exespdCSlz.exePboLcBn.exehFBWXIp.exerUphaAl.exeEGGKoEm.exexfGTUjp.exeOfwhsHI.exeRNvxpcB.exekcphaic.exexYGwugY.exeLaZMZEJ.exeZsJEKRp.exePDmfESs.exeocqFLiR.exeaWrSDhG.exe

pid	process
1104	UQNyKag.exe
212	KvIFSdk.exe
4468	ZkMZbGf.exe
2756	xatNCSC.exe
4732	GgCZDUV.exe
652	iqcRnbN.exe
4264	OqpAKec.exe
2372	XFqtlUN.exe
4524	EkdwUeF.exe
3040	tAnLomF.exe
3036	VMeWRDK.exe
4416	QgkDeMa.exe
1088	IlfSYMd.exe
4772	epbgivm.exe
4520	ogAWfWC.exe
1380	lsWIhpa.exe
3796	ayuhRlE.exe
2444	ioTLAyv.exe
1940	rrLfien.exe
3424	zGYBcHx.exe
3904	nJYvaws.exe
5116	VHinOtV.exe
3628	oJaimZU.exe
2200	MFYLCSI.exe
852	vzGbnNB.exe
1628	ZRTMBKG.exe
4820	fJnSBwH.exe
1800	ABPJBcT.exe
3148	aWYlVya.exe
4108	tsYQeEJ.exe
3372	JyYcgOJ.exe
3584	Tqavsve.exe
2052	Ivmmvet.exe
3368	FwEyVaE.exe
1688	qnmqfyz.exe
4224	ezJCRiP.exe
4004	rOObRtH.exe
1828	BjUaKQY.exe
4436	PEbhBLi.exe
4160	qIsBQbe.exe
1900	PISgYdg.exe
552	LfRGQky.exe
4332	yQsptKl.exe
3376	ewXMBoE.exe
4284	kPKvWhJ.exe
3188	cYYutfS.exe
224	nBuqjuU.exe
1216	ZDyPLMP.exe
4252	xeYjZEX.exe
884	spdCSlz.exe
5108	PboLcBn.exe
2648	hFBWXIp.exe
4460	rUphaAl.exe
2916	EGGKoEm.exe
1520	xfGTUjp.exe
4028	OfwhsHI.exe
3356	RNvxpcB.exe
3568	kcphaic.exe
2712	xYGwugY.exe
4744	LaZMZEJ.exe
2140	ZsJEKRp.exe
2720	PDmfESs.exe
4472	ocqFLiR.exe
2888	aWrSDhG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3672-0-0x00007FF717FF0000-0x00007FF718344000-memory.dmp	upx
C:\Windows\System\UQNyKag.exe	upx
behavioral2/memory/1104-12-0x00007FF6FD910000-0x00007FF6FDC64000-memory.dmp	upx
behavioral2/memory/212-16-0x00007FF7433F0000-0x00007FF743744000-memory.dmp	upx
C:\Windows\System\ZkMZbGf.exe	upx
C:\Windows\System\KvIFSdk.exe	upx
behavioral2/memory/4468-24-0x00007FF64ECB0000-0x00007FF64F004000-memory.dmp	upx
C:\Windows\System\GgCZDUV.exe	upx
C:\Windows\System\iqcRnbN.exe	upx
C:\Windows\System\XFqtlUN.exe	upx
C:\Windows\System\tAnLomF.exe	upx
C:\Windows\System\QgkDeMa.exe	upx
C:\Windows\System\epbgivm.exe	upx
C:\Windows\System\ogAWfWC.exe	upx
C:\Windows\System\ioTLAyv.exe	upx
C:\Windows\System\rrLfien.exe	upx
C:\Windows\System\MFYLCSI.exe	upx
C:\Windows\System\JyYcgOJ.exe	upx
behavioral2/memory/1380-438-0x00007FF7989F0000-0x00007FF798D44000-memory.dmp	upx
behavioral2/memory/3796-439-0x00007FF7FBED0000-0x00007FF7FC224000-memory.dmp	upx
behavioral2/memory/1940-444-0x00007FF71CF00000-0x00007FF71D254000-memory.dmp	upx
behavioral2/memory/3904-449-0x00007FF7D0260000-0x00007FF7D05B4000-memory.dmp	upx
behavioral2/memory/3424-447-0x00007FF73C4E0000-0x00007FF73C834000-memory.dmp	upx
behavioral2/memory/2444-443-0x00007FF6EE110000-0x00007FF6EE464000-memory.dmp	upx
behavioral2/memory/4520-431-0x00007FF72D1E0000-0x00007FF72D534000-memory.dmp	upx
behavioral2/memory/4772-427-0x00007FF7E4B70000-0x00007FF7E4EC4000-memory.dmp	upx
behavioral2/memory/1088-426-0x00007FF714E20000-0x00007FF715174000-memory.dmp	upx
behavioral2/memory/3036-419-0x00007FF61FC90000-0x00007FF61FFE4000-memory.dmp	upx
behavioral2/memory/4524-416-0x00007FF77B060000-0x00007FF77B3B4000-memory.dmp	upx
behavioral2/memory/3628-451-0x00007FF785300000-0x00007FF785654000-memory.dmp	upx
behavioral2/memory/2200-452-0x00007FF637380000-0x00007FF6376D4000-memory.dmp	upx
behavioral2/memory/5116-450-0x00007FF65C4D0000-0x00007FF65C824000-memory.dmp	upx
behavioral2/memory/1800-478-0x00007FF705F10000-0x00007FF706264000-memory.dmp	upx
behavioral2/memory/2372-488-0x00007FF7E8C70000-0x00007FF7E8FC4000-memory.dmp	upx
behavioral2/memory/4416-496-0x00007FF726340000-0x00007FF726694000-memory.dmp	upx
behavioral2/memory/3040-491-0x00007FF767310000-0x00007FF767664000-memory.dmp	upx
behavioral2/memory/3148-484-0x00007FF724D00000-0x00007FF725054000-memory.dmp	upx
behavioral2/memory/4820-475-0x00007FF6EAAC0000-0x00007FF6EAE14000-memory.dmp	upx
behavioral2/memory/1628-467-0x00007FF6C03A0000-0x00007FF6C06F4000-memory.dmp	upx
behavioral2/memory/852-453-0x00007FF770AF0000-0x00007FF770E44000-memory.dmp	upx
C:\Windows\System\Ivmmvet.exe	upx
C:\Windows\System\Tqavsve.exe	upx
C:\Windows\System\tsYQeEJ.exe	upx
C:\Windows\System\aWYlVya.exe	upx
C:\Windows\System\ABPJBcT.exe	upx
C:\Windows\System\fJnSBwH.exe	upx
C:\Windows\System\ZRTMBKG.exe	upx
C:\Windows\System\vzGbnNB.exe	upx
C:\Windows\System\oJaimZU.exe	upx
C:\Windows\System\VHinOtV.exe	upx
C:\Windows\System\nJYvaws.exe	upx
C:\Windows\System\zGYBcHx.exe	upx
C:\Windows\System\ayuhRlE.exe	upx
C:\Windows\System\lsWIhpa.exe	upx
C:\Windows\System\IlfSYMd.exe	upx
C:\Windows\System\VMeWRDK.exe	upx
behavioral2/memory/4264-60-0x00007FF7C3220000-0x00007FF7C3574000-memory.dmp	upx
behavioral2/memory/652-55-0x00007FF74ED20000-0x00007FF74F074000-memory.dmp	upx
C:\Windows\System\EkdwUeF.exe	upx
C:\Windows\System\OqpAKec.exe	upx
behavioral2/memory/4732-42-0x00007FF6DB980000-0x00007FF6DBCD4000-memory.dmp	upx
behavioral2/memory/2756-37-0x00007FF6EF860000-0x00007FF6EFBB4000-memory.dmp	upx
C:\Windows\System\xatNCSC.exe	upx
behavioral2/memory/1104-2117-0x00007FF6FD910000-0x00007FF6FDC64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\pqlwRLu.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\YLHhBbG.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\LouLMDT.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\OynlgIK.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\iqcRnbN.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\fJnSBwH.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\GgfgVpS.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\NBRPHoD.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\hKUWdom.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\NNpmygC.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\ayuhRlE.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\dGwyFus.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\imbyEIo.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\uxwqJhU.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\WLUyFRW.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\hwLPsOY.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\RuNEIeM.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\IRsHWKU.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\hfVWEGd.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\kcphaic.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\KnrUoqH.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\mHUCJbc.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\URWGAKl.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\oJaimZU.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\PZNBDcO.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\MIzYbJn.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\QItsiue.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\PTLnVez.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\WlSaAQT.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\YVyxGoF.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\vjxGeUU.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\ULcgonL.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\DzcaWzD.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\msXHChp.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\NpPHggg.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\eZDXleS.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\ByOpPOe.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\HtBbNdg.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\vDtSkTN.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\jsNlCEl.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\uDroGtP.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\qIsBQbe.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\kdpOqpp.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\OLjNApx.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\vrOAwcV.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\YfQYPSn.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\RGPZGjP.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\nSRtTla.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\JFzfhvm.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\rdoiWiL.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\hJgYZNp.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\ClsRUSv.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\AtTrCXd.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\huwkXAY.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\FGYcAUB.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\qJtKkQa.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\vdZbtKy.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\VfdxHey.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\lxlicsY.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\WVjZsuK.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\UxWEtmN.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\ZRTMBKG.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\hbjutzP.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
File created	C:\Windows\System\ycaJcMW.exe	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	15060	dwm.exe
Token: SeChangeNotifyPrivilege	15060	dwm.exe
Token: 33	15060	dwm.exe
Token: SeIncBasePriorityPrivilege	15060	dwm.exe
Token: SeShutdownPrivilege	15060	dwm.exe
Token: SeCreatePagefilePrivilege	15060	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe

description	pid	process	target process
PID 3672 wrote to memory of 1104	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	UQNyKag.exe
PID 3672 wrote to memory of 1104	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	UQNyKag.exe
PID 3672 wrote to memory of 212	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	KvIFSdk.exe
PID 3672 wrote to memory of 212	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	KvIFSdk.exe
PID 3672 wrote to memory of 4468	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ZkMZbGf.exe
PID 3672 wrote to memory of 4468	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ZkMZbGf.exe
PID 3672 wrote to memory of 2756	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	xatNCSC.exe
PID 3672 wrote to memory of 2756	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	xatNCSC.exe
PID 3672 wrote to memory of 4732	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	GgCZDUV.exe
PID 3672 wrote to memory of 4732	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	GgCZDUV.exe
PID 3672 wrote to memory of 652	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	iqcRnbN.exe
PID 3672 wrote to memory of 652	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	iqcRnbN.exe
PID 3672 wrote to memory of 4264	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	OqpAKec.exe
PID 3672 wrote to memory of 4264	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	OqpAKec.exe
PID 3672 wrote to memory of 2372	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	XFqtlUN.exe
PID 3672 wrote to memory of 2372	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	XFqtlUN.exe
PID 3672 wrote to memory of 4524	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	EkdwUeF.exe
PID 3672 wrote to memory of 4524	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	EkdwUeF.exe
PID 3672 wrote to memory of 3040	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	tAnLomF.exe
PID 3672 wrote to memory of 3040	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	tAnLomF.exe
PID 3672 wrote to memory of 3036	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	VMeWRDK.exe
PID 3672 wrote to memory of 3036	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	VMeWRDK.exe
PID 3672 wrote to memory of 4416	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	QgkDeMa.exe
PID 3672 wrote to memory of 4416	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	QgkDeMa.exe
PID 3672 wrote to memory of 1088	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	IlfSYMd.exe
PID 3672 wrote to memory of 1088	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	IlfSYMd.exe
PID 3672 wrote to memory of 4772	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	epbgivm.exe
PID 3672 wrote to memory of 4772	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	epbgivm.exe
PID 3672 wrote to memory of 4520	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ogAWfWC.exe
PID 3672 wrote to memory of 4520	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ogAWfWC.exe
PID 3672 wrote to memory of 1380	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	lsWIhpa.exe
PID 3672 wrote to memory of 1380	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	lsWIhpa.exe
PID 3672 wrote to memory of 3796	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ayuhRlE.exe
PID 3672 wrote to memory of 3796	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ayuhRlE.exe
PID 3672 wrote to memory of 2444	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ioTLAyv.exe
PID 3672 wrote to memory of 2444	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ioTLAyv.exe
PID 3672 wrote to memory of 1940	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	rrLfien.exe
PID 3672 wrote to memory of 1940	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	rrLfien.exe
PID 3672 wrote to memory of 3424	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	zGYBcHx.exe
PID 3672 wrote to memory of 3424	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	zGYBcHx.exe
PID 3672 wrote to memory of 3904	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	nJYvaws.exe
PID 3672 wrote to memory of 3904	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	nJYvaws.exe
PID 3672 wrote to memory of 5116	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	VHinOtV.exe
PID 3672 wrote to memory of 5116	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	VHinOtV.exe
PID 3672 wrote to memory of 3628	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	oJaimZU.exe
PID 3672 wrote to memory of 3628	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	oJaimZU.exe
PID 3672 wrote to memory of 2200	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	MFYLCSI.exe
PID 3672 wrote to memory of 2200	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	MFYLCSI.exe
PID 3672 wrote to memory of 852	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	vzGbnNB.exe
PID 3672 wrote to memory of 852	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	vzGbnNB.exe
PID 3672 wrote to memory of 1628	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ZRTMBKG.exe
PID 3672 wrote to memory of 1628	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ZRTMBKG.exe
PID 3672 wrote to memory of 4820	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	fJnSBwH.exe
PID 3672 wrote to memory of 4820	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	fJnSBwH.exe
PID 3672 wrote to memory of 1800	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ABPJBcT.exe
PID 3672 wrote to memory of 1800	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	ABPJBcT.exe
PID 3672 wrote to memory of 3148	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	aWYlVya.exe
PID 3672 wrote to memory of 3148	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	aWYlVya.exe
PID 3672 wrote to memory of 4108	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	tsYQeEJ.exe
PID 3672 wrote to memory of 4108	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	tsYQeEJ.exe
PID 3672 wrote to memory of 3372	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	JyYcgOJ.exe
PID 3672 wrote to memory of 3372	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	JyYcgOJ.exe
PID 3672 wrote to memory of 3584	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	Tqavsve.exe
PID 3672 wrote to memory of 3584	3672	77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe	Tqavsve.exe

C:\Users\Admin\AppData\Local\Temp\77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\77c891d1b56b3734e21f4cee95e6f550_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Windows\System\UQNyKag.exe
  C:\Windows\System\UQNyKag.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\KvIFSdk.exe
  C:\Windows\System\KvIFSdk.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\ZkMZbGf.exe
  C:\Windows\System\ZkMZbGf.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\xatNCSC.exe
  C:\Windows\System\xatNCSC.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\GgCZDUV.exe
  C:\Windows\System\GgCZDUV.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\iqcRnbN.exe
  C:\Windows\System\iqcRnbN.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\OqpAKec.exe
  C:\Windows\System\OqpAKec.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\XFqtlUN.exe
  C:\Windows\System\XFqtlUN.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\EkdwUeF.exe
  C:\Windows\System\EkdwUeF.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\tAnLomF.exe
  C:\Windows\System\tAnLomF.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\VMeWRDK.exe
  C:\Windows\System\VMeWRDK.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\QgkDeMa.exe
  C:\Windows\System\QgkDeMa.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\IlfSYMd.exe
  C:\Windows\System\IlfSYMd.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\epbgivm.exe
  C:\Windows\System\epbgivm.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\ogAWfWC.exe
  C:\Windows\System\ogAWfWC.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\lsWIhpa.exe
  C:\Windows\System\lsWIhpa.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\ayuhRlE.exe
  C:\Windows\System\ayuhRlE.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\ioTLAyv.exe
  C:\Windows\System\ioTLAyv.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\rrLfien.exe
  C:\Windows\System\rrLfien.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\zGYBcHx.exe
  C:\Windows\System\zGYBcHx.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\nJYvaws.exe
  C:\Windows\System\nJYvaws.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\VHinOtV.exe
  C:\Windows\System\VHinOtV.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\oJaimZU.exe
  C:\Windows\System\oJaimZU.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\MFYLCSI.exe
  C:\Windows\System\MFYLCSI.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\vzGbnNB.exe
  C:\Windows\System\vzGbnNB.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\ZRTMBKG.exe
  C:\Windows\System\ZRTMBKG.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\fJnSBwH.exe
  C:\Windows\System\fJnSBwH.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\ABPJBcT.exe
  C:\Windows\System\ABPJBcT.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\aWYlVya.exe
  C:\Windows\System\aWYlVya.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\tsYQeEJ.exe
  C:\Windows\System\tsYQeEJ.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\JyYcgOJ.exe
  C:\Windows\System\JyYcgOJ.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\Tqavsve.exe
  C:\Windows\System\Tqavsve.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\Ivmmvet.exe
  C:\Windows\System\Ivmmvet.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\FwEyVaE.exe
  C:\Windows\System\FwEyVaE.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\qnmqfyz.exe
  C:\Windows\System\qnmqfyz.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\ezJCRiP.exe
  C:\Windows\System\ezJCRiP.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\rOObRtH.exe
  C:\Windows\System\rOObRtH.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\BjUaKQY.exe
  C:\Windows\System\BjUaKQY.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\PEbhBLi.exe
  C:\Windows\System\PEbhBLi.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\qIsBQbe.exe
  C:\Windows\System\qIsBQbe.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\PISgYdg.exe
  C:\Windows\System\PISgYdg.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\LfRGQky.exe
  C:\Windows\System\LfRGQky.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\yQsptKl.exe
  C:\Windows\System\yQsptKl.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\ewXMBoE.exe
  C:\Windows\System\ewXMBoE.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\kPKvWhJ.exe
  C:\Windows\System\kPKvWhJ.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\cYYutfS.exe
  C:\Windows\System\cYYutfS.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\nBuqjuU.exe
  C:\Windows\System\nBuqjuU.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\ZDyPLMP.exe
  C:\Windows\System\ZDyPLMP.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\xeYjZEX.exe
  C:\Windows\System\xeYjZEX.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\spdCSlz.exe
  C:\Windows\System\spdCSlz.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\PboLcBn.exe
  C:\Windows\System\PboLcBn.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\hFBWXIp.exe
  C:\Windows\System\hFBWXIp.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\rUphaAl.exe
  C:\Windows\System\rUphaAl.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\EGGKoEm.exe
  C:\Windows\System\EGGKoEm.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\xfGTUjp.exe
  C:\Windows\System\xfGTUjp.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\OfwhsHI.exe
  C:\Windows\System\OfwhsHI.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\RNvxpcB.exe
  C:\Windows\System\RNvxpcB.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\kcphaic.exe
  C:\Windows\System\kcphaic.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\xYGwugY.exe
  C:\Windows\System\xYGwugY.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\LaZMZEJ.exe
  C:\Windows\System\LaZMZEJ.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\ZsJEKRp.exe
  C:\Windows\System\ZsJEKRp.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\PDmfESs.exe
  C:\Windows\System\PDmfESs.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\ocqFLiR.exe
  C:\Windows\System\ocqFLiR.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\aWrSDhG.exe
  C:\Windows\System\aWrSDhG.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\FOJejqv.exe
  C:\Windows\System\FOJejqv.exe
  2⤵
  PID:1156
- C:\Windows\System\DVRAGIM.exe
  C:\Windows\System\DVRAGIM.exe
  2⤵
  PID:3488
- C:\Windows\System\dmJMrCP.exe
  C:\Windows\System\dmJMrCP.exe
  2⤵
  PID:3648
- C:\Windows\System\gzqQOeW.exe
  C:\Windows\System\gzqQOeW.exe
  2⤵
  PID:2308
- C:\Windows\System\jzBJzSs.exe
  C:\Windows\System\jzBJzSs.exe
  2⤵
  PID:380
- C:\Windows\System\xUvjpHg.exe
  C:\Windows\System\xUvjpHg.exe
  2⤵
  PID:4960
- C:\Windows\System\Ppjdyyl.exe
  C:\Windows\System\Ppjdyyl.exe
  2⤵
  PID:5140
- C:\Windows\System\yceQzAN.exe
  C:\Windows\System\yceQzAN.exe
  2⤵
  PID:5164
- C:\Windows\System\EoExkgN.exe
  C:\Windows\System\EoExkgN.exe
  2⤵
  PID:5196
- C:\Windows\System\NrRTKTb.exe
  C:\Windows\System\NrRTKTb.exe
  2⤵
  PID:5224
- C:\Windows\System\QNTgnQI.exe
  C:\Windows\System\QNTgnQI.exe
  2⤵
  PID:5252
- C:\Windows\System\bRoyOXd.exe
  C:\Windows\System\bRoyOXd.exe
  2⤵
  PID:5280
- C:\Windows\System\rSGcaqQ.exe
  C:\Windows\System\rSGcaqQ.exe
  2⤵
  PID:5308
- C:\Windows\System\scwmnnV.exe
  C:\Windows\System\scwmnnV.exe
  2⤵
  PID:5336
- C:\Windows\System\kvbfsZh.exe
  C:\Windows\System\kvbfsZh.exe
  2⤵
  PID:5360
- C:\Windows\System\xzIAjsl.exe
  C:\Windows\System\xzIAjsl.exe
  2⤵
  PID:5388
- C:\Windows\System\rstOpGJ.exe
  C:\Windows\System\rstOpGJ.exe
  2⤵
  PID:5420
- C:\Windows\System\bvqDCaI.exe
  C:\Windows\System\bvqDCaI.exe
  2⤵
  PID:5448
- C:\Windows\System\koYuOad.exe
  C:\Windows\System\koYuOad.exe
  2⤵
  PID:5476
- C:\Windows\System\BRnMCqE.exe
  C:\Windows\System\BRnMCqE.exe
  2⤵
  PID:5500
- C:\Windows\System\bENUoCK.exe
  C:\Windows\System\bENUoCK.exe
  2⤵
  PID:5532
- C:\Windows\System\ZFMvDym.exe
  C:\Windows\System\ZFMvDym.exe
  2⤵
  PID:5560
- C:\Windows\System\rdoiWiL.exe
  C:\Windows\System\rdoiWiL.exe
  2⤵
  PID:5588
- C:\Windows\System\zBecCLk.exe
  C:\Windows\System\zBecCLk.exe
  2⤵
  PID:5616
- C:\Windows\System\KFljEls.exe
  C:\Windows\System\KFljEls.exe
  2⤵
  PID:5644
- C:\Windows\System\OObPLSV.exe
  C:\Windows\System\OObPLSV.exe
  2⤵
  PID:5672
- C:\Windows\System\LcbHSna.exe
  C:\Windows\System\LcbHSna.exe
  2⤵
  PID:5700
- C:\Windows\System\hHTaysx.exe
  C:\Windows\System\hHTaysx.exe
  2⤵
  PID:5728
- C:\Windows\System\hMplBFS.exe
  C:\Windows\System\hMplBFS.exe
  2⤵
  PID:5752
- C:\Windows\System\VBWVfqX.exe
  C:\Windows\System\VBWVfqX.exe
  2⤵
  PID:5780
- C:\Windows\System\eZDXleS.exe
  C:\Windows\System\eZDXleS.exe
  2⤵
  PID:5812
- C:\Windows\System\KxRhrKh.exe
  C:\Windows\System\KxRhrKh.exe
  2⤵
  PID:5840
- C:\Windows\System\FjaWdya.exe
  C:\Windows\System\FjaWdya.exe
  2⤵
  PID:5868
- C:\Windows\System\EVLLoRf.exe
  C:\Windows\System\EVLLoRf.exe
  2⤵
  PID:5896
- C:\Windows\System\vdZbtKy.exe
  C:\Windows\System\vdZbtKy.exe
  2⤵
  PID:5924
- C:\Windows\System\CLCDHKR.exe
  C:\Windows\System\CLCDHKR.exe
  2⤵
  PID:5952
- C:\Windows\System\UHlvOiD.exe
  C:\Windows\System\UHlvOiD.exe
  2⤵
  PID:5976
- C:\Windows\System\hHAxGTa.exe
  C:\Windows\System\hHAxGTa.exe
  2⤵
  PID:6004
- C:\Windows\System\fHUxUQX.exe
  C:\Windows\System\fHUxUQX.exe
  2⤵
  PID:6036
- C:\Windows\System\TKSCZcF.exe
  C:\Windows\System\TKSCZcF.exe
  2⤵
  PID:6064
- C:\Windows\System\blwwQIn.exe
  C:\Windows\System\blwwQIn.exe
  2⤵
  PID:6092
- C:\Windows\System\DwqWXUd.exe
  C:\Windows\System\DwqWXUd.exe
  2⤵
  PID:6116
- C:\Windows\System\BWKLgNw.exe
  C:\Windows\System\BWKLgNw.exe
  2⤵
  PID:2944
- C:\Windows\System\XZeKQEb.exe
  C:\Windows\System\XZeKQEb.exe
  2⤵
  PID:1528
- C:\Windows\System\JTvLGfz.exe
  C:\Windows\System\JTvLGfz.exe
  2⤵
  PID:2336
- C:\Windows\System\NAQztkV.exe
  C:\Windows\System\NAQztkV.exe
  2⤵
  PID:4308
- C:\Windows\System\oWmbuFu.exe
  C:\Windows\System\oWmbuFu.exe
  2⤵
  PID:3104
- C:\Windows\System\xcMjhFT.exe
  C:\Windows\System\xcMjhFT.exe
  2⤵
  PID:4496
- C:\Windows\System\fSYFfJe.exe
  C:\Windows\System\fSYFfJe.exe
  2⤵
  PID:5156
- C:\Windows\System\ajiAiRK.exe
  C:\Windows\System\ajiAiRK.exe
  2⤵
  PID:5216
- C:\Windows\System\unLcbgt.exe
  C:\Windows\System\unLcbgt.exe
  2⤵
  PID:5292
- C:\Windows\System\MakNfaG.exe
  C:\Windows\System\MakNfaG.exe
  2⤵
  PID:5356
- C:\Windows\System\WECqkBE.exe
  C:\Windows\System\WECqkBE.exe
  2⤵
  PID:5432
- C:\Windows\System\VSdWjQV.exe
  C:\Windows\System\VSdWjQV.exe
  2⤵
  PID:5516
- C:\Windows\System\bHbOYWY.exe
  C:\Windows\System\bHbOYWY.exe
  2⤵
  PID:5572
- C:\Windows\System\HuQsqUw.exe
  C:\Windows\System\HuQsqUw.exe
  2⤵
  PID:5636
- C:\Windows\System\WTNodMf.exe
  C:\Windows\System\WTNodMf.exe
  2⤵
  PID:5720
- C:\Windows\System\yvOcAZd.exe
  C:\Windows\System\yvOcAZd.exe
  2⤵
  PID:5768
- C:\Windows\System\FUvBAGl.exe
  C:\Windows\System\FUvBAGl.exe
  2⤵
  PID:5856
- C:\Windows\System\ntQoJFX.exe
  C:\Windows\System\ntQoJFX.exe
  2⤵
  PID:5936
- C:\Windows\System\ipQOkss.exe
  C:\Windows\System\ipQOkss.exe
  2⤵
  PID:6112
- C:\Windows\System\yQjWlNC.exe
  C:\Windows\System\yQjWlNC.exe
  2⤵
  PID:4480
- C:\Windows\System\xmKhtJQ.exe
  C:\Windows\System\xmKhtJQ.exe
  2⤵
  PID:5092
- C:\Windows\System\pqOfzGa.exe
  C:\Windows\System\pqOfzGa.exe
  2⤵
  PID:5184
- C:\Windows\System\qoWPaRC.exe
  C:\Windows\System\qoWPaRC.exe
  2⤵
  PID:5032
- C:\Windows\System\XyaiDvC.exe
  C:\Windows\System\XyaiDvC.exe
  2⤵
  PID:5496
- C:\Windows\System\grerbOZ.exe
  C:\Windows\System\grerbOZ.exe
  2⤵
  PID:5712
- C:\Windows\System\kdpOqpp.exe
  C:\Windows\System\kdpOqpp.exe
  2⤵
  PID:5796
- C:\Windows\System\nxZBAkw.exe
  C:\Windows\System\nxZBAkw.exe
  2⤵
  PID:2668
- C:\Windows\System\BarjmWI.exe
  C:\Windows\System\BarjmWI.exe
  2⤵
  PID:4996
- C:\Windows\System\OLjNApx.exe
  C:\Windows\System\OLjNApx.exe
  2⤵
  PID:2512
- C:\Windows\System\dBdTmVK.exe
  C:\Windows\System\dBdTmVK.exe
  2⤵
  PID:4848
- C:\Windows\System\qdxMEIw.exe
  C:\Windows\System\qdxMEIw.exe
  2⤵
  PID:1936
- C:\Windows\System\NdyTSmr.exe
  C:\Windows\System\NdyTSmr.exe
  2⤵
  PID:6108
- C:\Windows\System\PlluGuz.exe
  C:\Windows\System\PlluGuz.exe
  2⤵
  PID:2356
- C:\Windows\System\bzdyFUV.exe
  C:\Windows\System\bzdyFUV.exe
  2⤵
  PID:4852
- C:\Windows\System\qJtKkQa.exe
  C:\Windows\System\qJtKkQa.exe
  2⤵
  PID:5488
- C:\Windows\System\XkEGqSE.exe
  C:\Windows\System\XkEGqSE.exe
  2⤵
  PID:2028
- C:\Windows\System\xfdiMrV.exe
  C:\Windows\System\xfdiMrV.exe
  2⤵
  PID:2928
- C:\Windows\System\VpKoWMe.exe
  C:\Windows\System\VpKoWMe.exe
  2⤵
  PID:4592
- C:\Windows\System\yeSptOa.exe
  C:\Windows\System\yeSptOa.exe
  2⤵
  PID:2184
- C:\Windows\System\bUtshCi.exe
  C:\Windows\System\bUtshCi.exe
  2⤵
  PID:3468
- C:\Windows\System\FYdZjSi.exe
  C:\Windows\System\FYdZjSi.exe
  2⤵
  PID:5544
- C:\Windows\System\BBDNckU.exe
  C:\Windows\System\BBDNckU.exe
  2⤵
  PID:4580
- C:\Windows\System\qNFtedO.exe
  C:\Windows\System\qNFtedO.exe
  2⤵
  PID:4296
- C:\Windows\System\uckPEVX.exe
  C:\Windows\System\uckPEVX.exe
  2⤵
  PID:3932
- C:\Windows\System\INZYiXz.exe
  C:\Windows\System\INZYiXz.exe
  2⤵
  PID:3608
- C:\Windows\System\azfwwFX.exe
  C:\Windows\System\azfwwFX.exe
  2⤵
  PID:972
- C:\Windows\System\KnrUoqH.exe
  C:\Windows\System\KnrUoqH.exe
  2⤵
  PID:6152
- C:\Windows\System\TeMequf.exe
  C:\Windows\System\TeMequf.exe
  2⤵
  PID:6180
- C:\Windows\System\ClskcOo.exe
  C:\Windows\System\ClskcOo.exe
  2⤵
  PID:6216
- C:\Windows\System\LaNoVbg.exe
  C:\Windows\System\LaNoVbg.exe
  2⤵
  PID:6248
- C:\Windows\System\HEuJKVX.exe
  C:\Windows\System\HEuJKVX.exe
  2⤵
  PID:6264
- C:\Windows\System\XqpXILp.exe
  C:\Windows\System\XqpXILp.exe
  2⤵
  PID:6308
- C:\Windows\System\xRsTNIg.exe
  C:\Windows\System\xRsTNIg.exe
  2⤵
  PID:6340
- C:\Windows\System\ZzcWsRJ.exe
  C:\Windows\System\ZzcWsRJ.exe
  2⤵
  PID:6360
- C:\Windows\System\rsBlTUT.exe
  C:\Windows\System\rsBlTUT.exe
  2⤵
  PID:6376
- C:\Windows\System\NiyLTRg.exe
  C:\Windows\System\NiyLTRg.exe
  2⤵
  PID:6396
- C:\Windows\System\QyMTYrX.exe
  C:\Windows\System\QyMTYrX.exe
  2⤵
  PID:6504
- C:\Windows\System\aqKhcUy.exe
  C:\Windows\System\aqKhcUy.exe
  2⤵
  PID:6528
- C:\Windows\System\wqtbYvo.exe
  C:\Windows\System\wqtbYvo.exe
  2⤵
  PID:6564
- C:\Windows\System\dYdpIlX.exe
  C:\Windows\System\dYdpIlX.exe
  2⤵
  PID:6620
- C:\Windows\System\UifvKYL.exe
  C:\Windows\System\UifvKYL.exe
  2⤵
  PID:6652
- C:\Windows\System\rSEDiES.exe
  C:\Windows\System\rSEDiES.exe
  2⤵
  PID:6680
- C:\Windows\System\japKndv.exe
  C:\Windows\System\japKndv.exe
  2⤵
  PID:6712
- C:\Windows\System\TrsqThy.exe
  C:\Windows\System\TrsqThy.exe
  2⤵
  PID:6744
- C:\Windows\System\DDgVrVF.exe
  C:\Windows\System\DDgVrVF.exe
  2⤵
  PID:6780
- C:\Windows\System\SbPpjzj.exe
  C:\Windows\System\SbPpjzj.exe
  2⤵
  PID:6804
- C:\Windows\System\RGobQic.exe
  C:\Windows\System\RGobQic.exe
  2⤵
  PID:6856
- C:\Windows\System\rtuyAAc.exe
  C:\Windows\System\rtuyAAc.exe
  2⤵
  PID:6876
- C:\Windows\System\FowjYWb.exe
  C:\Windows\System\FowjYWb.exe
  2⤵
  PID:6904
- C:\Windows\System\NvaXRvt.exe
  C:\Windows\System\NvaXRvt.exe
  2⤵
  PID:6932
- C:\Windows\System\vrOAwcV.exe
  C:\Windows\System\vrOAwcV.exe
  2⤵
  PID:6960
- C:\Windows\System\MgbmwVE.exe
  C:\Windows\System\MgbmwVE.exe
  2⤵
  PID:6988
- C:\Windows\System\lubgqZd.exe
  C:\Windows\System\lubgqZd.exe
  2⤵
  PID:7004
- C:\Windows\System\sMiPGHY.exe
  C:\Windows\System\sMiPGHY.exe
  2⤵
  PID:7044
- C:\Windows\System\BzTyTuR.exe
  C:\Windows\System\BzTyTuR.exe
  2⤵
  PID:7072
- C:\Windows\System\mfLMZbt.exe
  C:\Windows\System\mfLMZbt.exe
  2⤵
  PID:7100
- C:\Windows\System\PTWrfks.exe
  C:\Windows\System\PTWrfks.exe
  2⤵
  PID:7144
- C:\Windows\System\bbIyOSF.exe
  C:\Windows\System\bbIyOSF.exe
  2⤵
  PID:1592
- C:\Windows\System\lpWAdHG.exe
  C:\Windows\System\lpWAdHG.exe
  2⤵
  PID:6208
- C:\Windows\System\SHXDjnA.exe
  C:\Windows\System\SHXDjnA.exe
  2⤵
  PID:6256
- C:\Windows\System\jTXtDAz.exe
  C:\Windows\System\jTXtDAz.exe
  2⤵
  PID:6324
- C:\Windows\System\ssBaglm.exe
  C:\Windows\System\ssBaglm.exe
  2⤵
  PID:6384
- C:\Windows\System\hoPboMp.exe
  C:\Windows\System\hoPboMp.exe
  2⤵
  PID:6520
- C:\Windows\System\KiBgNXM.exe
  C:\Windows\System\KiBgNXM.exe
  2⤵
  PID:5380
- C:\Windows\System\wIMWDLs.exe
  C:\Windows\System\wIMWDLs.exe
  2⤵
  PID:6692
- C:\Windows\System\PlVQUgz.exe
  C:\Windows\System\PlVQUgz.exe
  2⤵
  PID:6768
- C:\Windows\System\RXeLBLN.exe
  C:\Windows\System\RXeLBLN.exe
  2⤵
  PID:6836
- C:\Windows\System\WFDUlju.exe
  C:\Windows\System\WFDUlju.exe
  2⤵
  PID:6468
- C:\Windows\System\PrQlVAZ.exe
  C:\Windows\System\PrQlVAZ.exe
  2⤵
  PID:5884
- C:\Windows\System\hLuRtWc.exe
  C:\Windows\System\hLuRtWc.exe
  2⤵
  PID:6900
- C:\Windows\System\HBdsbon.exe
  C:\Windows\System\HBdsbon.exe
  2⤵
  PID:5460
- C:\Windows\System\BlyIygf.exe
  C:\Windows\System\BlyIygf.exe
  2⤵
  PID:5664
- C:\Windows\System\BHQOaGR.exe
  C:\Windows\System\BHQOaGR.exe
  2⤵
  PID:7064
- C:\Windows\System\bFpaWmS.exe
  C:\Windows\System\bFpaWmS.exe
  2⤵
  PID:7120
- C:\Windows\System\JXQtmjo.exe
  C:\Windows\System\JXQtmjo.exe
  2⤵
  PID:6000
- C:\Windows\System\kSkvvFJ.exe
  C:\Windows\System\kSkvvFJ.exe
  2⤵
  PID:6300
- C:\Windows\System\AnGfGkV.exe
  C:\Windows\System\AnGfGkV.exe
  2⤵
  PID:6496
- C:\Windows\System\ISRIysh.exe
  C:\Windows\System\ISRIysh.exe
  2⤵
  PID:6664
- C:\Windows\System\LfEgQLJ.exe
  C:\Windows\System\LfEgQLJ.exe
  2⤵
  PID:6444
- C:\Windows\System\zZFMNjv.exe
  C:\Windows\System\zZFMNjv.exe
  2⤵
  PID:6872
- C:\Windows\System\TXsmQDQ.exe
  C:\Windows\System\TXsmQDQ.exe
  2⤵
  PID:7032
- C:\Windows\System\UVwIHkx.exe
  C:\Windows\System\UVwIHkx.exe
  2⤵
  PID:6172
- C:\Windows\System\WlSaAQT.exe
  C:\Windows\System\WlSaAQT.exe
  2⤵
  PID:6424
- C:\Windows\System\qstXufz.exe
  C:\Windows\System\qstXufz.exe
  2⤵
  PID:6816
- C:\Windows\System\BmLTVil.exe
  C:\Windows\System\BmLTVil.exe
  2⤵
  PID:7084
- C:\Windows\System\FJVfIgf.exe
  C:\Windows\System\FJVfIgf.exe
  2⤵
  PID:6548
- C:\Windows\System\YVyxGoF.exe
  C:\Windows\System\YVyxGoF.exe
  2⤵
  PID:5492
- C:\Windows\System\ZbOOEjp.exe
  C:\Windows\System\ZbOOEjp.exe
  2⤵
  PID:7176
- C:\Windows\System\eNDjcOC.exe
  C:\Windows\System\eNDjcOC.exe
  2⤵
  PID:7204
- C:\Windows\System\bDVZGUf.exe
  C:\Windows\System\bDVZGUf.exe
  2⤵
  PID:7232
- C:\Windows\System\bSfbgvW.exe
  C:\Windows\System\bSfbgvW.exe
  2⤵
  PID:7260
- C:\Windows\System\jYZcGUf.exe
  C:\Windows\System\jYZcGUf.exe
  2⤵
  PID:7288
- C:\Windows\System\ANxoobj.exe
  C:\Windows\System\ANxoobj.exe
  2⤵
  PID:7316
- C:\Windows\System\yaVskJC.exe
  C:\Windows\System\yaVskJC.exe
  2⤵
  PID:7344
- C:\Windows\System\ECvBgtf.exe
  C:\Windows\System\ECvBgtf.exe
  2⤵
  PID:7372
- C:\Windows\System\VArvHKb.exe
  C:\Windows\System\VArvHKb.exe
  2⤵
  PID:7400
- C:\Windows\System\QqfVsxF.exe
  C:\Windows\System\QqfVsxF.exe
  2⤵
  PID:7428
- C:\Windows\System\XLHutqU.exe
  C:\Windows\System\XLHutqU.exe
  2⤵
  PID:7460
- C:\Windows\System\eRSZHNs.exe
  C:\Windows\System\eRSZHNs.exe
  2⤵
  PID:7496
- C:\Windows\System\ewZeTtT.exe
  C:\Windows\System\ewZeTtT.exe
  2⤵
  PID:7524
- C:\Windows\System\YRMjYln.exe
  C:\Windows\System\YRMjYln.exe
  2⤵
  PID:7552
- C:\Windows\System\ofwVccU.exe
  C:\Windows\System\ofwVccU.exe
  2⤵
  PID:7580
- C:\Windows\System\vjxGeUU.exe
  C:\Windows\System\vjxGeUU.exe
  2⤵
  PID:7608
- C:\Windows\System\GBlbGSk.exe
  C:\Windows\System\GBlbGSk.exe
  2⤵
  PID:7636
- C:\Windows\System\CyIvvPE.exe
  C:\Windows\System\CyIvvPE.exe
  2⤵
  PID:7664
- C:\Windows\System\HptLluw.exe
  C:\Windows\System\HptLluw.exe
  2⤵
  PID:7692
- C:\Windows\System\gkjVtNv.exe
  C:\Windows\System\gkjVtNv.exe
  2⤵
  PID:7720
- C:\Windows\System\lJmaJGp.exe
  C:\Windows\System\lJmaJGp.exe
  2⤵
  PID:7748
- C:\Windows\System\IKxWgKA.exe
  C:\Windows\System\IKxWgKA.exe
  2⤵
  PID:7776
- C:\Windows\System\lKFWAsa.exe
  C:\Windows\System\lKFWAsa.exe
  2⤵
  PID:7804
- C:\Windows\System\wjJWmFq.exe
  C:\Windows\System\wjJWmFq.exe
  2⤵
  PID:7832
- C:\Windows\System\imPnqDn.exe
  C:\Windows\System\imPnqDn.exe
  2⤵
  PID:7864
- C:\Windows\System\QjFABio.exe
  C:\Windows\System\QjFABio.exe
  2⤵
  PID:7892
- C:\Windows\System\DtwbiJi.exe
  C:\Windows\System\DtwbiJi.exe
  2⤵
  PID:7924
- C:\Windows\System\LUyekWs.exe
  C:\Windows\System\LUyekWs.exe
  2⤵
  PID:7952
- C:\Windows\System\EzBYHPI.exe
  C:\Windows\System\EzBYHPI.exe
  2⤵
  PID:7980
- C:\Windows\System\WAConqj.exe
  C:\Windows\System\WAConqj.exe
  2⤵
  PID:8012
- C:\Windows\System\hfVWEGd.exe
  C:\Windows\System\hfVWEGd.exe
  2⤵
  PID:8040
- C:\Windows\System\XYLyHcB.exe
  C:\Windows\System\XYLyHcB.exe
  2⤵
  PID:8068
- C:\Windows\System\FQaPfYg.exe
  C:\Windows\System\FQaPfYg.exe
  2⤵
  PID:8096
- C:\Windows\System\ngopxAP.exe
  C:\Windows\System\ngopxAP.exe
  2⤵
  PID:8124
- C:\Windows\System\qTXcrNQ.exe
  C:\Windows\System\qTXcrNQ.exe
  2⤵
  PID:8152
- C:\Windows\System\JAJOcdZ.exe
  C:\Windows\System\JAJOcdZ.exe
  2⤵
  PID:8180
- C:\Windows\System\NjIJMPs.exe
  C:\Windows\System\NjIJMPs.exe
  2⤵
  PID:7196
- C:\Windows\System\NMspvDA.exe
  C:\Windows\System\NMspvDA.exe
  2⤵
  PID:7252
- C:\Windows\System\qotBHIF.exe
  C:\Windows\System\qotBHIF.exe
  2⤵
  PID:7328
- C:\Windows\System\kyqhIkn.exe
  C:\Windows\System\kyqhIkn.exe
  2⤵
  PID:7396
- C:\Windows\System\TAiOobW.exe
  C:\Windows\System\TAiOobW.exe
  2⤵
  PID:7444
- C:\Windows\System\ULcgonL.exe
  C:\Windows\System\ULcgonL.exe
  2⤵
  PID:7492
- C:\Windows\System\YfQYPSn.exe
  C:\Windows\System\YfQYPSn.exe
  2⤵
  PID:7572
- C:\Windows\System\cqUnrTw.exe
  C:\Windows\System\cqUnrTw.exe
  2⤵
  PID:7628
- C:\Windows\System\FTcOkjQ.exe
  C:\Windows\System\FTcOkjQ.exe
  2⤵
  PID:7688
- C:\Windows\System\kuZzgmo.exe
  C:\Windows\System\kuZzgmo.exe
  2⤵
  PID:7772
- C:\Windows\System\DCxhLug.exe
  C:\Windows\System\DCxhLug.exe
  2⤵
  PID:7844
- C:\Windows\System\hsxTaEk.exe
  C:\Windows\System\hsxTaEk.exe
  2⤵
  PID:7948
- C:\Windows\System\XofTJgH.exe
  C:\Windows\System\XofTJgH.exe
  2⤵
  PID:8024
- C:\Windows\System\KXckTqi.exe
  C:\Windows\System\KXckTqi.exe
  2⤵
  PID:8088
- C:\Windows\System\wUpYvcE.exe
  C:\Windows\System\wUpYvcE.exe
  2⤵
  PID:8148
- C:\Windows\System\xxVzYEk.exe
  C:\Windows\System\xxVzYEk.exe
  2⤵
  PID:7244
- C:\Windows\System\GtOyFVF.exe
  C:\Windows\System\GtOyFVF.exe
  2⤵
  PID:7388
- C:\Windows\System\BMIErLN.exe
  C:\Windows\System\BMIErLN.exe
  2⤵
  PID:7520
- C:\Windows\System\ipfrrrY.exe
  C:\Windows\System\ipfrrrY.exe
  2⤵
  PID:7656
- C:\Windows\System\AbjdZTO.exe
  C:\Windows\System\AbjdZTO.exe
  2⤵
  PID:7824
- C:\Windows\System\pnAHnLe.exe
  C:\Windows\System\pnAHnLe.exe
  2⤵
  PID:8060
- C:\Windows\System\qwWkSen.exe
  C:\Windows\System\qwWkSen.exe
  2⤵
  PID:7300
- C:\Windows\System\SNmzgMT.exe
  C:\Windows\System\SNmzgMT.exe
  2⤵
  PID:7548
- C:\Windows\System\nxXMhRI.exe
  C:\Windows\System\nxXMhRI.exe
  2⤵
  PID:8004
- C:\Windows\System\QncnTYG.exe
  C:\Windows\System\QncnTYG.exe
  2⤵
  PID:7480
- C:\Windows\System\sfIhMjm.exe
  C:\Windows\System\sfIhMjm.exe
  2⤵
  PID:8176
- C:\Windows\System\yyuvomr.exe
  C:\Windows\System\yyuvomr.exe
  2⤵
  PID:8212
- C:\Windows\System\tgvlzEJ.exe
  C:\Windows\System\tgvlzEJ.exe
  2⤵
  PID:8240
- C:\Windows\System\EePOrAW.exe
  C:\Windows\System\EePOrAW.exe
  2⤵
  PID:8268
- C:\Windows\System\lTMEOvi.exe
  C:\Windows\System\lTMEOvi.exe
  2⤵
  PID:8296
- C:\Windows\System\wmXdard.exe
  C:\Windows\System\wmXdard.exe
  2⤵
  PID:8324
- C:\Windows\System\GVxYCOB.exe
  C:\Windows\System\GVxYCOB.exe
  2⤵
  PID:8352
- C:\Windows\System\RRXujiR.exe
  C:\Windows\System\RRXujiR.exe
  2⤵
  PID:8380
- C:\Windows\System\OsRwUAB.exe
  C:\Windows\System\OsRwUAB.exe
  2⤵
  PID:8416
- C:\Windows\System\uKkqFJl.exe
  C:\Windows\System\uKkqFJl.exe
  2⤵
  PID:8444
- C:\Windows\System\JTEYPOB.exe
  C:\Windows\System\JTEYPOB.exe
  2⤵
  PID:8472
- C:\Windows\System\xePFyop.exe
  C:\Windows\System\xePFyop.exe
  2⤵
  PID:8500
- C:\Windows\System\cHoQudm.exe
  C:\Windows\System\cHoQudm.exe
  2⤵
  PID:8528
- C:\Windows\System\EqeHMed.exe
  C:\Windows\System\EqeHMed.exe
  2⤵
  PID:8556
- C:\Windows\System\ybhCrlN.exe
  C:\Windows\System\ybhCrlN.exe
  2⤵
  PID:8584
- C:\Windows\System\qmsCRZd.exe
  C:\Windows\System\qmsCRZd.exe
  2⤵
  PID:8612
- C:\Windows\System\LGbnhbp.exe
  C:\Windows\System\LGbnhbp.exe
  2⤵
  PID:8640
- C:\Windows\System\yQoaQsh.exe
  C:\Windows\System\yQoaQsh.exe
  2⤵
  PID:8668
- C:\Windows\System\VfdxHey.exe
  C:\Windows\System\VfdxHey.exe
  2⤵
  PID:8704
- C:\Windows\System\xrHPvRS.exe
  C:\Windows\System\xrHPvRS.exe
  2⤵
  PID:8732
- C:\Windows\System\GeDsYkY.exe
  C:\Windows\System\GeDsYkY.exe
  2⤵
  PID:8760
- C:\Windows\System\pvXDlQK.exe
  C:\Windows\System\pvXDlQK.exe
  2⤵
  PID:8788
- C:\Windows\System\DLHSnYM.exe
  C:\Windows\System\DLHSnYM.exe
  2⤵
  PID:8816
- C:\Windows\System\PZNBDcO.exe
  C:\Windows\System\PZNBDcO.exe
  2⤵
  PID:8844
- C:\Windows\System\AtTrCXd.exe
  C:\Windows\System\AtTrCXd.exe
  2⤵
  PID:8872
- C:\Windows\System\COLQVUi.exe
  C:\Windows\System\COLQVUi.exe
  2⤵
  PID:8888
- C:\Windows\System\KvKlqRi.exe
  C:\Windows\System\KvKlqRi.exe
  2⤵
  PID:8904
- C:\Windows\System\VDhFPAP.exe
  C:\Windows\System\VDhFPAP.exe
  2⤵
  PID:8932
- C:\Windows\System\janXFwx.exe
  C:\Windows\System\janXFwx.exe
  2⤵
  PID:8952
- C:\Windows\System\VhiGNcU.exe
  C:\Windows\System\VhiGNcU.exe
  2⤵
  PID:8988
- C:\Windows\System\EulhYGE.exe
  C:\Windows\System\EulhYGE.exe
  2⤵
  PID:9032
- C:\Windows\System\IJyhboe.exe
  C:\Windows\System\IJyhboe.exe
  2⤵
  PID:9068
- C:\Windows\System\zsKsszb.exe
  C:\Windows\System\zsKsszb.exe
  2⤵
  PID:9084
- C:\Windows\System\HufzNkP.exe
  C:\Windows\System\HufzNkP.exe
  2⤵
  PID:9128
- C:\Windows\System\rIIyFya.exe
  C:\Windows\System\rIIyFya.exe
  2⤵
  PID:9156
- C:\Windows\System\huwkXAY.exe
  C:\Windows\System\huwkXAY.exe
  2⤵
  PID:9188
- C:\Windows\System\RGPZGjP.exe
  C:\Windows\System\RGPZGjP.exe
  2⤵
  PID:8200
- C:\Windows\System\Jibqdkm.exe
  C:\Windows\System\Jibqdkm.exe
  2⤵
  PID:8260
- C:\Windows\System\SEuNqOl.exe
  C:\Windows\System\SEuNqOl.exe
  2⤵
  PID:8320
- C:\Windows\System\otlzubf.exe
  C:\Windows\System\otlzubf.exe
  2⤵
  PID:8396
- C:\Windows\System\mExdgCu.exe
  C:\Windows\System\mExdgCu.exe
  2⤵
  PID:8436
- C:\Windows\System\EFqBkSs.exe
  C:\Windows\System\EFqBkSs.exe
  2⤵
  PID:8524
- C:\Windows\System\GeVymBY.exe
  C:\Windows\System\GeVymBY.exe
  2⤵
  PID:8596
- C:\Windows\System\aHxfymJ.exe
  C:\Windows\System\aHxfymJ.exe
  2⤵
  PID:8412
- C:\Windows\System\ByOpPOe.exe
  C:\Windows\System\ByOpPOe.exe
  2⤵
  PID:8688
- C:\Windows\System\BzbcuyG.exe
  C:\Windows\System\BzbcuyG.exe
  2⤵
  PID:8800
- C:\Windows\System\dGwyFus.exe
  C:\Windows\System\dGwyFus.exe
  2⤵
  PID:8864
- C:\Windows\System\XIGHYYB.exe
  C:\Windows\System\XIGHYYB.exe
  2⤵
  PID:9004
- C:\Windows\System\FavwMYF.exe
  C:\Windows\System\FavwMYF.exe
  2⤵
  PID:9048
- C:\Windows\System\ypmvnVT.exe
  C:\Windows\System\ypmvnVT.exe
  2⤵
  PID:9140
- C:\Windows\System\DOpKDkb.exe
  C:\Windows\System\DOpKDkb.exe
  2⤵
  PID:9208
- C:\Windows\System\LMWjjqm.exe
  C:\Windows\System\LMWjjqm.exe
  2⤵
  PID:8316
- C:\Windows\System\MIzYbJn.exe
  C:\Windows\System\MIzYbJn.exe
  2⤵
  PID:8520
- C:\Windows\System\YJVhJmw.exe
  C:\Windows\System\YJVhJmw.exe
  2⤵
  PID:8632
- C:\Windows\System\eEVfRpB.exe
  C:\Windows\System\eEVfRpB.exe
  2⤵
  PID:8780
- C:\Windows\System\QqRpMFU.exe
  C:\Windows\System\QqRpMFU.exe
  2⤵
  PID:8920
- C:\Windows\System\wQedlKs.exe
  C:\Windows\System\wQedlKs.exe
  2⤵
  PID:9168
- C:\Windows\System\dRPsXsM.exe
  C:\Windows\System\dRPsXsM.exe
  2⤵
  PID:8428
- C:\Windows\System\IWCiPbe.exe
  C:\Windows\System\IWCiPbe.exe
  2⤵
  PID:8772
- C:\Windows\System\vlmQYyu.exe
  C:\Windows\System\vlmQYyu.exe
  2⤵
  PID:8308
- C:\Windows\System\nahcAAj.exe
  C:\Windows\System\nahcAAj.exe
  2⤵
  PID:8256
- C:\Windows\System\ISsujOi.exe
  C:\Windows\System\ISsujOi.exe
  2⤵
  PID:9232
- C:\Windows\System\RNTUGda.exe
  C:\Windows\System\RNTUGda.exe
  2⤵
  PID:9260
- C:\Windows\System\pNzSVLL.exe
  C:\Windows\System\pNzSVLL.exe
  2⤵
  PID:9288
- C:\Windows\System\bvmGYhJ.exe
  C:\Windows\System\bvmGYhJ.exe
  2⤵
  PID:9316
- C:\Windows\System\pIoJTji.exe
  C:\Windows\System\pIoJTji.exe
  2⤵
  PID:9344
- C:\Windows\System\eJkdJNw.exe
  C:\Windows\System\eJkdJNw.exe
  2⤵
  PID:9372
- C:\Windows\System\ArtgljM.exe
  C:\Windows\System\ArtgljM.exe
  2⤵
  PID:9400
- C:\Windows\System\BxKzfUq.exe
  C:\Windows\System\BxKzfUq.exe
  2⤵
  PID:9428
- C:\Windows\System\QItsiue.exe
  C:\Windows\System\QItsiue.exe
  2⤵
  PID:9456
- C:\Windows\System\lxlicsY.exe
  C:\Windows\System\lxlicsY.exe
  2⤵
  PID:9484
- C:\Windows\System\vMcwxER.exe
  C:\Windows\System\vMcwxER.exe
  2⤵
  PID:9512
- C:\Windows\System\KluYKNQ.exe
  C:\Windows\System\KluYKNQ.exe
  2⤵
  PID:9540
- C:\Windows\System\EnVeiwQ.exe
  C:\Windows\System\EnVeiwQ.exe
  2⤵
  PID:9572
- C:\Windows\System\svFCgDJ.exe
  C:\Windows\System\svFCgDJ.exe
  2⤵
  PID:9600
- C:\Windows\System\WBtsQIk.exe
  C:\Windows\System\WBtsQIk.exe
  2⤵
  PID:9636
- C:\Windows\System\SRDJvvQ.exe
  C:\Windows\System\SRDJvvQ.exe
  2⤵
  PID:9656
- C:\Windows\System\QrBiwEk.exe
  C:\Windows\System\QrBiwEk.exe
  2⤵
  PID:9684
- C:\Windows\System\wNSyxDT.exe
  C:\Windows\System\wNSyxDT.exe
  2⤵
  PID:9716
- C:\Windows\System\hSAtAfA.exe
  C:\Windows\System\hSAtAfA.exe
  2⤵
  PID:9744
- C:\Windows\System\ROPmQGY.exe
  C:\Windows\System\ROPmQGY.exe
  2⤵
  PID:9776
- C:\Windows\System\eSeJKCv.exe
  C:\Windows\System\eSeJKCv.exe
  2⤵
  PID:9808
- C:\Windows\System\mepbYBe.exe
  C:\Windows\System\mepbYBe.exe
  2⤵
  PID:9836
- C:\Windows\System\whDcCbs.exe
  C:\Windows\System\whDcCbs.exe
  2⤵
  PID:9864
- C:\Windows\System\OsEjDsx.exe
  C:\Windows\System\OsEjDsx.exe
  2⤵
  PID:9892
- C:\Windows\System\rYJjZjF.exe
  C:\Windows\System\rYJjZjF.exe
  2⤵
  PID:9920
- C:\Windows\System\bOGhPuU.exe
  C:\Windows\System\bOGhPuU.exe
  2⤵
  PID:9948
- C:\Windows\System\YgfHnXO.exe
  C:\Windows\System\YgfHnXO.exe
  2⤵
  PID:9976
- C:\Windows\System\HtBbNdg.exe
  C:\Windows\System\HtBbNdg.exe
  2⤵
  PID:10004
- C:\Windows\System\oaGEAnG.exe
  C:\Windows\System\oaGEAnG.exe
  2⤵
  PID:10032
- C:\Windows\System\gloYyqx.exe
  C:\Windows\System\gloYyqx.exe
  2⤵
  PID:10060
- C:\Windows\System\fOGYYEm.exe
  C:\Windows\System\fOGYYEm.exe
  2⤵
  PID:10088
- C:\Windows\System\AeAnMBX.exe
  C:\Windows\System\AeAnMBX.exe
  2⤵
  PID:10116
- C:\Windows\System\aAIgIIh.exe
  C:\Windows\System\aAIgIIh.exe
  2⤵
  PID:10144
- C:\Windows\System\nxlyOxT.exe
  C:\Windows\System\nxlyOxT.exe
  2⤵
  PID:10172
- C:\Windows\System\nOcKsfy.exe
  C:\Windows\System\nOcKsfy.exe
  2⤵
  PID:10200
- C:\Windows\System\rLqrDFl.exe
  C:\Windows\System\rLqrDFl.exe
  2⤵
  PID:10228
- C:\Windows\System\KCfxNtd.exe
  C:\Windows\System\KCfxNtd.exe
  2⤵
  PID:9252
- C:\Windows\System\nSRtTla.exe
  C:\Windows\System\nSRtTla.exe
  2⤵
  PID:9308
- C:\Windows\System\GRHjTnj.exe
  C:\Windows\System\GRHjTnj.exe
  2⤵
  PID:9340
- C:\Windows\System\HsdSnNz.exe
  C:\Windows\System\HsdSnNz.exe
  2⤵
  PID:9440
- C:\Windows\System\yHTEQca.exe
  C:\Windows\System\yHTEQca.exe
  2⤵
  PID:9536
- C:\Windows\System\ENlSjZM.exe
  C:\Windows\System\ENlSjZM.exe
  2⤵
  PID:9616
- C:\Windows\System\BiCRNok.exe
  C:\Windows\System\BiCRNok.exe
  2⤵
  PID:9652
- C:\Windows\System\GXmtqWP.exe
  C:\Windows\System\GXmtqWP.exe
  2⤵
  PID:9756
- C:\Windows\System\JCqwoOf.exe
  C:\Windows\System\JCqwoOf.exe
  2⤵
  PID:9832
- C:\Windows\System\jlYiFDo.exe
  C:\Windows\System\jlYiFDo.exe
  2⤵
  PID:9888
- C:\Windows\System\tqadrkj.exe
  C:\Windows\System\tqadrkj.exe
  2⤵
  PID:9988
- C:\Windows\System\zqiCegK.exe
  C:\Windows\System\zqiCegK.exe
  2⤵
  PID:10080
- C:\Windows\System\wiHsTNu.exe
  C:\Windows\System\wiHsTNu.exe
  2⤵
  PID:10112
- C:\Windows\System\zLiKFQT.exe
  C:\Windows\System\zLiKFQT.exe
  2⤵
  PID:10184
- C:\Windows\System\PTLnVez.exe
  C:\Windows\System\PTLnVez.exe
  2⤵
  PID:9420
- C:\Windows\System\MeRpZYj.exe
  C:\Windows\System\MeRpZYj.exe
  2⤵
  PID:9680
- C:\Windows\System\rKxbYGX.exe
  C:\Windows\System\rKxbYGX.exe
  2⤵
  PID:9788
- C:\Windows\System\oqxoJFI.exe
  C:\Windows\System\oqxoJFI.exe
  2⤵
  PID:9972
- C:\Windows\System\TNDBxTS.exe
  C:\Windows\System\TNDBxTS.exe
  2⤵
  PID:9596
- C:\Windows\System\TJziiKA.exe
  C:\Windows\System\TJziiKA.exe
  2⤵
  PID:10024
- C:\Windows\System\LBBXpqr.exe
  C:\Windows\System\LBBXpqr.exe
  2⤵
  PID:9884
- C:\Windows\System\BILgNXZ.exe
  C:\Windows\System\BILgNXZ.exe
  2⤵
  PID:10260
- C:\Windows\System\UnbbQih.exe
  C:\Windows\System\UnbbQih.exe
  2⤵
  PID:10332
- C:\Windows\System\nacthGw.exe
  C:\Windows\System\nacthGw.exe
  2⤵
  PID:10364
- C:\Windows\System\WpyPHUI.exe
  C:\Windows\System\WpyPHUI.exe
  2⤵
  PID:10384
- C:\Windows\System\OAqmeQA.exe
  C:\Windows\System\OAqmeQA.exe
  2⤵
  PID:10404
- C:\Windows\System\vDtSkTN.exe
  C:\Windows\System\vDtSkTN.exe
  2⤵
  PID:10436
- C:\Windows\System\oIPpJcK.exe
  C:\Windows\System\oIPpJcK.exe
  2⤵
  PID:10456
- C:\Windows\System\MDSZHkE.exe
  C:\Windows\System\MDSZHkE.exe
  2⤵
  PID:10484
- C:\Windows\System\wWkmWbI.exe
  C:\Windows\System\wWkmWbI.exe
  2⤵
  PID:10500
- C:\Windows\System\GgfgVpS.exe
  C:\Windows\System\GgfgVpS.exe
  2⤵
  PID:10564
- C:\Windows\System\sBQfxXH.exe
  C:\Windows\System\sBQfxXH.exe
  2⤵
  PID:10580
- C:\Windows\System\pqlwRLu.exe
  C:\Windows\System\pqlwRLu.exe
  2⤵
  PID:10612
- C:\Windows\System\ZxNQIek.exe
  C:\Windows\System\ZxNQIek.exe
  2⤵
  PID:10652
- C:\Windows\System\agGPGhy.exe
  C:\Windows\System\agGPGhy.exe
  2⤵
  PID:10680
- C:\Windows\System\DnfjmPi.exe
  C:\Windows\System\DnfjmPi.exe
  2⤵
  PID:10708
- C:\Windows\System\bdTkAGt.exe
  C:\Windows\System\bdTkAGt.exe
  2⤵
  PID:10740
- C:\Windows\System\imbyEIo.exe
  C:\Windows\System\imbyEIo.exe
  2⤵
  PID:10768
- C:\Windows\System\hOttdLf.exe
  C:\Windows\System\hOttdLf.exe
  2⤵
  PID:10800
- C:\Windows\System\uFvfYrW.exe
  C:\Windows\System\uFvfYrW.exe
  2⤵
  PID:10828
- C:\Windows\System\vJvrqNH.exe
  C:\Windows\System\vJvrqNH.exe
  2⤵
  PID:10872
- C:\Windows\System\rRSxlFH.exe
  C:\Windows\System\rRSxlFH.exe
  2⤵
  PID:10900
- C:\Windows\System\DJFRQnG.exe
  C:\Windows\System\DJFRQnG.exe
  2⤵
  PID:10928
- C:\Windows\System\RXcQEAx.exe
  C:\Windows\System\RXcQEAx.exe
  2⤵
  PID:10956
- C:\Windows\System\jDgSGuy.exe
  C:\Windows\System\jDgSGuy.exe
  2⤵
  PID:10984
- C:\Windows\System\KUZPfoJ.exe
  C:\Windows\System\KUZPfoJ.exe
  2⤵
  PID:11012
- C:\Windows\System\YwoHkVu.exe
  C:\Windows\System\YwoHkVu.exe
  2⤵
  PID:11040
- C:\Windows\System\WVjZsuK.exe
  C:\Windows\System\WVjZsuK.exe
  2⤵
  PID:11068
- C:\Windows\System\XMuSUup.exe
  C:\Windows\System\XMuSUup.exe
  2⤵
  PID:11100
- C:\Windows\System\jsNlCEl.exe
  C:\Windows\System\jsNlCEl.exe
  2⤵
  PID:11124
- C:\Windows\System\pYWHFcl.exe
  C:\Windows\System\pYWHFcl.exe
  2⤵
  PID:11152
- C:\Windows\System\AFjAWqe.exe
  C:\Windows\System\AFjAWqe.exe
  2⤵
  PID:11168
- C:\Windows\System\wvfmjOy.exe
  C:\Windows\System\wvfmjOy.exe
  2⤵
  PID:11196
- C:\Windows\System\cOjhqKk.exe
  C:\Windows\System\cOjhqKk.exe
  2⤵
  PID:11224
- C:\Windows\System\AGJFLCQ.exe
  C:\Windows\System\AGJFLCQ.exe
  2⤵
  PID:10244
- C:\Windows\System\JFzfhvm.exe
  C:\Windows\System\JFzfhvm.exe
  2⤵
  PID:10348
- C:\Windows\System\DPbOnUK.exe
  C:\Windows\System\DPbOnUK.exe
  2⤵
  PID:10420
- C:\Windows\System\UWhSgzS.exe
  C:\Windows\System\UWhSgzS.exe
  2⤵
  PID:10472
- C:\Windows\System\hhhaTzO.exe
  C:\Windows\System\hhhaTzO.exe
  2⤵
  PID:10556
- C:\Windows\System\uHPemhJ.exe
  C:\Windows\System\uHPemhJ.exe
  2⤵
  PID:10576
- C:\Windows\System\SqOLckw.exe
  C:\Windows\System\SqOLckw.exe
  2⤵
  PID:10664
- C:\Windows\System\HIksMrn.exe
  C:\Windows\System\HIksMrn.exe
  2⤵
  PID:10736
- C:\Windows\System\VhZOGeE.exe
  C:\Windows\System\VhZOGeE.exe
  2⤵
  PID:10788
- C:\Windows\System\qVRyjMS.exe
  C:\Windows\System\qVRyjMS.exe
  2⤵
  PID:10892
- C:\Windows\System\SPkVBgn.exe
  C:\Windows\System\SPkVBgn.exe
  2⤵
  PID:10952
- C:\Windows\System\TIHQDlD.exe
  C:\Windows\System\TIHQDlD.exe
  2⤵
  PID:11008
- C:\Windows\System\YkxXOEj.exe
  C:\Windows\System\YkxXOEj.exe
  2⤵
  PID:11084
- C:\Windows\System\TnNlSln.exe
  C:\Windows\System\TnNlSln.exe
  2⤵
  PID:11144
- C:\Windows\System\nyrZBBg.exe
  C:\Windows\System\nyrZBBg.exe
  2⤵
  PID:11208
- C:\Windows\System\fumtPWn.exe
  C:\Windows\System\fumtPWn.exe
  2⤵
  PID:10280
- C:\Windows\System\uxwqJhU.exe
  C:\Windows\System\uxwqJhU.exe
  2⤵
  PID:10468
- C:\Windows\System\NUjoRSO.exe
  C:\Windows\System\NUjoRSO.exe
  2⤵
  PID:10572
- C:\Windows\System\KAkgEpa.exe
  C:\Windows\System\KAkgEpa.exe
  2⤵
  PID:10732
- C:\Windows\System\kbUepaJ.exe
  C:\Windows\System\kbUepaJ.exe
  2⤵
  PID:10940
- C:\Windows\System\xCSJMYO.exe
  C:\Windows\System\xCSJMYO.exe
  2⤵
  PID:11064
- C:\Windows\System\uvoiswq.exe
  C:\Windows\System\uvoiswq.exe
  2⤵
  PID:11220
- C:\Windows\System\nDufZiE.exe
  C:\Windows\System\nDufZiE.exe
  2⤵
  PID:10524
- C:\Windows\System\Oliosgz.exe
  C:\Windows\System\Oliosgz.exe
  2⤵
  PID:10864
- C:\Windows\System\fVRAXos.exe
  C:\Windows\System\fVRAXos.exe
  2⤵
  PID:10444
- C:\Windows\System\fgPOLcU.exe
  C:\Windows\System\fgPOLcU.exe
  2⤵
  PID:11184
- C:\Windows\System\Yuuhfuv.exe
  C:\Windows\System\Yuuhfuv.exe
  2⤵
  PID:11276
- C:\Windows\System\MUhKYzU.exe
  C:\Windows\System\MUhKYzU.exe
  2⤵
  PID:11304
- C:\Windows\System\YLHhBbG.exe
  C:\Windows\System\YLHhBbG.exe
  2⤵
  PID:11332
- C:\Windows\System\znxlgCR.exe
  C:\Windows\System\znxlgCR.exe
  2⤵
  PID:11348
- C:\Windows\System\tbtsdFr.exe
  C:\Windows\System\tbtsdFr.exe
  2⤵
  PID:11372
- C:\Windows\System\UwqUcNy.exe
  C:\Windows\System\UwqUcNy.exe
  2⤵
  PID:11400
- C:\Windows\System\vSWFdUv.exe
  C:\Windows\System\vSWFdUv.exe
  2⤵
  PID:11424
- C:\Windows\System\BrWFxzW.exe
  C:\Windows\System\BrWFxzW.exe
  2⤵
  PID:11452
- C:\Windows\System\zyCvhCN.exe
  C:\Windows\System\zyCvhCN.exe
  2⤵
  PID:11488
- C:\Windows\System\NQlKrOz.exe
  C:\Windows\System\NQlKrOz.exe
  2⤵
  PID:11532
- C:\Windows\System\YePebzd.exe
  C:\Windows\System\YePebzd.exe
  2⤵
  PID:11548
- C:\Windows\System\HTbIwLm.exe
  C:\Windows\System\HTbIwLm.exe
  2⤵
  PID:11576
- C:\Windows\System\ICJrgqI.exe
  C:\Windows\System\ICJrgqI.exe
  2⤵
  PID:11612
- C:\Windows\System\wMUpeMV.exe
  C:\Windows\System\wMUpeMV.exe
  2⤵
  PID:11632
- C:\Windows\System\inbLqpH.exe
  C:\Windows\System\inbLqpH.exe
  2⤵
  PID:11664
- C:\Windows\System\dqGoYKa.exe
  C:\Windows\System\dqGoYKa.exe
  2⤵
  PID:11700
- C:\Windows\System\qRUxiCq.exe
  C:\Windows\System\qRUxiCq.exe
  2⤵
  PID:11716
- C:\Windows\System\IzuHYgf.exe
  C:\Windows\System\IzuHYgf.exe
  2⤵
  PID:11756
- C:\Windows\System\QNpZSlw.exe
  C:\Windows\System\QNpZSlw.exe
  2⤵
  PID:11772
- C:\Windows\System\BDORxQy.exe
  C:\Windows\System\BDORxQy.exe
  2⤵
  PID:11812
- C:\Windows\System\dkxjrXK.exe
  C:\Windows\System\dkxjrXK.exe
  2⤵
  PID:11828
- C:\Windows\System\TMDfAfH.exe
  C:\Windows\System\TMDfAfH.exe
  2⤵
  PID:11860
- C:\Windows\System\hbjutzP.exe
  C:\Windows\System\hbjutzP.exe
  2⤵
  PID:11888
- C:\Windows\System\YLtigyS.exe
  C:\Windows\System\YLtigyS.exe
  2⤵
  PID:11912
- C:\Windows\System\WLUyFRW.exe
  C:\Windows\System\WLUyFRW.exe
  2⤵
  PID:11948
- C:\Windows\System\NewPUYM.exe
  C:\Windows\System\NewPUYM.exe
  2⤵
  PID:11968
- C:\Windows\System\nKgMQYF.exe
  C:\Windows\System\nKgMQYF.exe
  2⤵
  PID:12004
- C:\Windows\System\ESrYcov.exe
  C:\Windows\System\ESrYcov.exe
  2⤵
  PID:12024
- C:\Windows\System\FaEZIBt.exe
  C:\Windows\System\FaEZIBt.exe
  2⤵
  PID:12040
- C:\Windows\System\ycaJcMW.exe
  C:\Windows\System\ycaJcMW.exe
  2⤵
  PID:12088
- C:\Windows\System\BazJFHG.exe
  C:\Windows\System\BazJFHG.exe
  2⤵
  PID:12120
- C:\Windows\System\TzrIAKy.exe
  C:\Windows\System\TzrIAKy.exe
  2⤵
  PID:12148
- C:\Windows\System\mzNAxFH.exe
  C:\Windows\System\mzNAxFH.exe
  2⤵
  PID:12164
- C:\Windows\System\KcdjGpN.exe
  C:\Windows\System\KcdjGpN.exe
  2⤵
  PID:12204
- C:\Windows\System\LouLMDT.exe
  C:\Windows\System\LouLMDT.exe
  2⤵
  PID:12220
- C:\Windows\System\mMtekYr.exe
  C:\Windows\System\mMtekYr.exe
  2⤵
  PID:12260
- C:\Windows\System\EZFljSh.exe
  C:\Windows\System\EZFljSh.exe
  2⤵
  PID:10868
- C:\Windows\System\iKGvVkl.exe
  C:\Windows\System\iKGvVkl.exe
  2⤵
  PID:11324
- C:\Windows\System\TKATNWH.exe
  C:\Windows\System\TKATNWH.exe
  2⤵
  PID:11392
- C:\Windows\System\fvSjGmJ.exe
  C:\Windows\System\fvSjGmJ.exe
  2⤵
  PID:11416
- C:\Windows\System\DIaNhLf.exe
  C:\Windows\System\DIaNhLf.exe
  2⤵
  PID:11508
- C:\Windows\System\UCWUnFV.exe
  C:\Windows\System\UCWUnFV.exe
  2⤵
  PID:11568
- C:\Windows\System\YUxRqoO.exe
  C:\Windows\System\YUxRqoO.exe
  2⤵
  PID:11644
- C:\Windows\System\lQYZEbP.exe
  C:\Windows\System\lQYZEbP.exe
  2⤵
  PID:11712
- C:\Windows\System\lWtBixR.exe
  C:\Windows\System\lWtBixR.exe
  2⤵
  PID:11740
- C:\Windows\System\IgdsUjT.exe
  C:\Windows\System\IgdsUjT.exe
  2⤵
  PID:11840
- C:\Windows\System\LDvSBOQ.exe
  C:\Windows\System\LDvSBOQ.exe
  2⤵
  PID:11896
- C:\Windows\System\IJFcczo.exe
  C:\Windows\System\IJFcczo.exe
  2⤵
  PID:11992
- C:\Windows\System\IQArreJ.exe
  C:\Windows\System\IQArreJ.exe
  2⤵
  PID:12036
- C:\Windows\System\dfErHVX.exe
  C:\Windows\System\dfErHVX.exe
  2⤵
  PID:12112
- C:\Windows\System\DsxhMQj.exe
  C:\Windows\System\DsxhMQj.exe
  2⤵
  PID:12188
- C:\Windows\System\wabWZQb.exe
  C:\Windows\System\wabWZQb.exe
  2⤵
  PID:12248
- C:\Windows\System\mVgxaKD.exe
  C:\Windows\System\mVgxaKD.exe
  2⤵
  PID:11300
- C:\Windows\System\XPGFrzv.exe
  C:\Windows\System\XPGFrzv.exe
  2⤵
  PID:11436
- C:\Windows\System\OrBzmIB.exe
  C:\Windows\System\OrBzmIB.exe
  2⤵
  PID:11540
- C:\Windows\System\DzcaWzD.exe
  C:\Windows\System\DzcaWzD.exe
  2⤵
  PID:11688
- C:\Windows\System\QiwpXaB.exe
  C:\Windows\System\QiwpXaB.exe
  2⤵
  PID:11784
- C:\Windows\System\fbDSONE.exe
  C:\Windows\System\fbDSONE.exe
  2⤵
  PID:12000
- C:\Windows\System\HvrGLLh.exe
  C:\Windows\System\HvrGLLh.exe
  2⤵
  PID:12216
- C:\Windows\System\bwZPine.exe
  C:\Windows\System\bwZPine.exe
  2⤵
  PID:11288
- C:\Windows\System\ZDuSnDd.exe
  C:\Windows\System\ZDuSnDd.exe
  2⤵
  PID:10792
- C:\Windows\System\uLpzDrf.exe
  C:\Windows\System\uLpzDrf.exe
  2⤵
  PID:12140
- C:\Windows\System\iKrQDPT.exe
  C:\Windows\System\iKrQDPT.exe
  2⤵
  PID:11732
- C:\Windows\System\NBRPHoD.exe
  C:\Windows\System\NBRPHoD.exe
  2⤵
  PID:12284
- C:\Windows\System\DEGEhoD.exe
  C:\Windows\System\DEGEhoD.exe
  2⤵
  PID:12296
- C:\Windows\System\jCtHYVh.exe
  C:\Windows\System\jCtHYVh.exe
  2⤵
  PID:12336
- C:\Windows\System\jFQWJWK.exe
  C:\Windows\System\jFQWJWK.exe
  2⤵
  PID:12364
- C:\Windows\System\xqKPVwm.exe
  C:\Windows\System\xqKPVwm.exe
  2⤵
  PID:12380
- C:\Windows\System\vIRInml.exe
  C:\Windows\System\vIRInml.exe
  2⤵
  PID:12420
- C:\Windows\System\JRksyRC.exe
  C:\Windows\System\JRksyRC.exe
  2⤵
  PID:12448
- C:\Windows\System\ibALgOE.exe
  C:\Windows\System\ibALgOE.exe
  2⤵
  PID:12476
- C:\Windows\System\aShFHMn.exe
  C:\Windows\System\aShFHMn.exe
  2⤵
  PID:12492
- C:\Windows\System\aYENzvN.exe
  C:\Windows\System\aYENzvN.exe
  2⤵
  PID:12520
- C:\Windows\System\ajVaswJ.exe
  C:\Windows\System\ajVaswJ.exe
  2⤵
  PID:12560
- C:\Windows\System\mqLIJqd.exe
  C:\Windows\System\mqLIJqd.exe
  2⤵
  PID:12588
- C:\Windows\System\KqlBHEa.exe
  C:\Windows\System\KqlBHEa.exe
  2⤵
  PID:12616
- C:\Windows\System\KTLZaBG.exe
  C:\Windows\System\KTLZaBG.exe
  2⤵
  PID:12640
- C:\Windows\System\OmuVUzL.exe
  C:\Windows\System\OmuVUzL.exe
  2⤵
  PID:12660
- C:\Windows\System\AwfRDlX.exe
  C:\Windows\System\AwfRDlX.exe
  2⤵
  PID:12676
- C:\Windows\System\URAMYaQ.exe
  C:\Windows\System\URAMYaQ.exe
  2⤵
  PID:12728
- C:\Windows\System\wcdTObC.exe
  C:\Windows\System\wcdTObC.exe
  2⤵
  PID:12756
- C:\Windows\System\KgUZNXs.exe
  C:\Windows\System\KgUZNXs.exe
  2⤵
  PID:12772
- C:\Windows\System\QPCrmsi.exe
  C:\Windows\System\QPCrmsi.exe
  2⤵
  PID:12812
- C:\Windows\System\NyfEMES.exe
  C:\Windows\System\NyfEMES.exe
  2⤵
  PID:12840
- C:\Windows\System\HuHlbZZ.exe
  C:\Windows\System\HuHlbZZ.exe
  2⤵
  PID:12868
- C:\Windows\System\KiqbPJH.exe
  C:\Windows\System\KiqbPJH.exe
  2⤵
  PID:12896
- C:\Windows\System\oWYDjvJ.exe
  C:\Windows\System\oWYDjvJ.exe
  2⤵
  PID:12912
- C:\Windows\System\qsqdtmk.exe
  C:\Windows\System\qsqdtmk.exe
  2⤵
  PID:12948
- C:\Windows\System\nqvuUES.exe
  C:\Windows\System\nqvuUES.exe
  2⤵
  PID:12976
- C:\Windows\System\SyuAgnu.exe
  C:\Windows\System\SyuAgnu.exe
  2⤵
  PID:13028
- C:\Windows\System\vXccDds.exe
  C:\Windows\System\vXccDds.exe
  2⤵
  PID:13044
- C:\Windows\System\dipGKux.exe
  C:\Windows\System\dipGKux.exe
  2⤵
  PID:13096
- C:\Windows\System\GbbcTAX.exe
  C:\Windows\System\GbbcTAX.exe
  2⤵
  PID:13124
- C:\Windows\System\rgqRsqk.exe
  C:\Windows\System\rgqRsqk.exe
  2⤵
  PID:13144
- C:\Windows\System\KtzvHfg.exe
  C:\Windows\System\KtzvHfg.exe
  2⤵
  PID:13172
- C:\Windows\System\SXHGOWw.exe
  C:\Windows\System\SXHGOWw.exe
  2⤵
  PID:13192
- C:\Windows\System\NLlAUbd.exe
  C:\Windows\System\NLlAUbd.exe
  2⤵
  PID:13216
- C:\Windows\System\xjJIaNj.exe
  C:\Windows\System\xjJIaNj.exe
  2⤵
  PID:13256
- C:\Windows\System\CMIhBsx.exe
  C:\Windows\System\CMIhBsx.exe
  2⤵
  PID:13284
- C:\Windows\System\mHUCJbc.exe
  C:\Windows\System\mHUCJbc.exe
  2⤵
  PID:12312
- C:\Windows\System\LVYDLbr.exe
  C:\Windows\System\LVYDLbr.exe
  2⤵
  PID:12360
- C:\Windows\System\pUjnDuN.exe
  C:\Windows\System\pUjnDuN.exe
  2⤵
  PID:12432
- C:\Windows\System\xFKJAzN.exe
  C:\Windows\System\xFKJAzN.exe
  2⤵
  PID:12504
- C:\Windows\System\XAwzIOn.exe
  C:\Windows\System\XAwzIOn.exe
  2⤵
  PID:12580
- C:\Windows\System\gWoiOSf.exe
  C:\Windows\System\gWoiOSf.exe
  2⤵
  PID:12656
- C:\Windows\System\qYwlfDS.exe
  C:\Windows\System\qYwlfDS.exe
  2⤵
  PID:12688
- C:\Windows\System\ZcoFIQR.exe
  C:\Windows\System\ZcoFIQR.exe
  2⤵
  PID:12748
- C:\Windows\System\RmnrAoR.exe
  C:\Windows\System\RmnrAoR.exe
  2⤵
  PID:12808
- C:\Windows\System\fhgqILM.exe
  C:\Windows\System\fhgqILM.exe
  2⤵
  PID:12908
- C:\Windows\System\ClsRUSv.exe
  C:\Windows\System\ClsRUSv.exe
  2⤵
  PID:12972
- C:\Windows\System\XXJeRCT.exe
  C:\Windows\System\XXJeRCT.exe
  2⤵
  PID:13064
- C:\Windows\System\RjSbeXt.exe
  C:\Windows\System\RjSbeXt.exe
  2⤵
  PID:13112
- C:\Windows\System\qyiuBab.exe
  C:\Windows\System\qyiuBab.exe
  2⤵
  PID:13168
- C:\Windows\System\autFNKd.exe
  C:\Windows\System\autFNKd.exe
  2⤵
  PID:13244
- C:\Windows\System\ncbQxyr.exe
  C:\Windows\System\ncbQxyr.exe
  2⤵
  PID:11628
- C:\Windows\System\uDroGtP.exe
  C:\Windows\System\uDroGtP.exe
  2⤵
  PID:12400
- C:\Windows\System\hKUWdom.exe
  C:\Windows\System\hKUWdom.exe
  2⤵
  PID:12632
- C:\Windows\System\dinPxev.exe
  C:\Windows\System\dinPxev.exe
  2⤵
  PID:12768
- C:\Windows\System\hwLPsOY.exe
  C:\Windows\System\hwLPsOY.exe
  2⤵
  PID:12888
- C:\Windows\System\tSelbpS.exe
  C:\Windows\System\tSelbpS.exe
  2⤵
  PID:13136
- C:\Windows\System\MKCJtKk.exe
  C:\Windows\System\MKCJtKk.exe
  2⤵
  PID:13240
- C:\Windows\System\OynlgIK.exe
  C:\Windows\System\OynlgIK.exe
  2⤵
  PID:12348
- C:\Windows\System\iwnNetz.exe
  C:\Windows\System\iwnNetz.exe
  2⤵
  PID:12880
- C:\Windows\System\EmfKqNm.exe
  C:\Windows\System\EmfKqNm.exe
  2⤵
  PID:13132
- C:\Windows\System\CelpHgj.exe
  C:\Windows\System\CelpHgj.exe
  2⤵
  PID:12724
- C:\Windows\System\PZFMslb.exe
  C:\Windows\System\PZFMslb.exe
  2⤵
  PID:12572
- C:\Windows\System\ARNLwKo.exe
  C:\Windows\System\ARNLwKo.exe
  2⤵
  PID:13332
- C:\Windows\System\WInbPVJ.exe
  C:\Windows\System\WInbPVJ.exe
  2⤵
  PID:13356
- C:\Windows\System\HavULVz.exe
  C:\Windows\System\HavULVz.exe
  2⤵
  PID:13400
- C:\Windows\System\VGmRpAc.exe
  C:\Windows\System\VGmRpAc.exe
  2⤵
  PID:13428
- C:\Windows\System\OrbBEzi.exe
  C:\Windows\System\OrbBEzi.exe
  2⤵
  PID:13444
- C:\Windows\System\bVcpyJn.exe
  C:\Windows\System\bVcpyJn.exe
  2⤵
  PID:13464
- C:\Windows\System\zgSRCPW.exe
  C:\Windows\System\zgSRCPW.exe
  2⤵
  PID:13500
- C:\Windows\System\SCkPznX.exe
  C:\Windows\System\SCkPznX.exe
  2⤵
  PID:13540
- C:\Windows\System\EkngPRr.exe
  C:\Windows\System\EkngPRr.exe
  2⤵
  PID:13560
- C:\Windows\System\SwjYKCu.exe
  C:\Windows\System\SwjYKCu.exe
  2⤵
  PID:13596
- C:\Windows\System\BqNlfTJ.exe
  C:\Windows\System\BqNlfTJ.exe
  2⤵
  PID:13624
- C:\Windows\System\OFZpPfd.exe
  C:\Windows\System\OFZpPfd.exe
  2⤵
  PID:13652
- C:\Windows\System\JTFcDTA.exe
  C:\Windows\System\JTFcDTA.exe
  2⤵
  PID:13680
- C:\Windows\System\zjxfqJa.exe
  C:\Windows\System\zjxfqJa.exe
  2⤵
  PID:13696
- C:\Windows\System\gMGWFVu.exe
  C:\Windows\System\gMGWFVu.exe
  2⤵
  PID:13712
- C:\Windows\System\UxWEtmN.exe
  C:\Windows\System\UxWEtmN.exe
  2⤵
  PID:13740
- C:\Windows\System\ScnyeGw.exe
  C:\Windows\System\ScnyeGw.exe
  2⤵
  PID:13780
- C:\Windows\System\jHGUwOD.exe
  C:\Windows\System\jHGUwOD.exe
  2⤵
  PID:13812
- C:\Windows\System\rgontze.exe
  C:\Windows\System\rgontze.exe
  2⤵
  PID:13848
- C:\Windows\System\rItXwST.exe
  C:\Windows\System\rItXwST.exe
  2⤵
  PID:13864
- C:\Windows\System\RuNEIeM.exe
  C:\Windows\System\RuNEIeM.exe
  2⤵
  PID:13892
- C:\Windows\System\dfKplza.exe
  C:\Windows\System\dfKplza.exe
  2⤵
  PID:13932
- C:\Windows\System\DKavwna.exe
  C:\Windows\System\DKavwna.exe
  2⤵
  PID:13960
- C:\Windows\System\WsyThZr.exe
  C:\Windows\System\WsyThZr.exe
  2⤵
  PID:13988
- C:\Windows\System\HwOLmgC.exe
  C:\Windows\System\HwOLmgC.exe
  2⤵
  PID:14016
- C:\Windows\System\rMAHUKN.exe
  C:\Windows\System\rMAHUKN.exe
  2⤵
  PID:14036
- C:\Windows\System\hJgYZNp.exe
  C:\Windows\System\hJgYZNp.exe
  2⤵
  PID:14072
- C:\Windows\System\WIPtsjX.exe
  C:\Windows\System\WIPtsjX.exe
  2⤵
  PID:14100
- C:\Windows\System\sEPayoX.exe
  C:\Windows\System\sEPayoX.exe
  2⤵
  PID:14128
- C:\Windows\System\XChWIzT.exe
  C:\Windows\System\XChWIzT.exe
  2⤵
  PID:14156
- C:\Windows\System\DnLWkgC.exe
  C:\Windows\System\DnLWkgC.exe
  2⤵
  PID:14184
- C:\Windows\System\wtjzILm.exe
  C:\Windows\System\wtjzILm.exe
  2⤵
  PID:14212
- C:\Windows\System\ZoTJGio.exe
  C:\Windows\System\ZoTJGio.exe
  2⤵
  PID:14228
- C:\Windows\System\BqbcBcc.exe
  C:\Windows\System\BqbcBcc.exe
  2⤵
  PID:14260
- C:\Windows\System\lTsxHAf.exe
  C:\Windows\System\lTsxHAf.exe
  2⤵
  PID:14312
- C:\Windows\System\eQONYfY.exe
  C:\Windows\System\eQONYfY.exe
  2⤵
  PID:14328
- C:\Windows\System\KBlxNBY.exe
  C:\Windows\System\KBlxNBY.exe
  2⤵
  PID:13324
- C:\Windows\System\DqCcheq.exe
  C:\Windows\System\DqCcheq.exe
  2⤵
  PID:2968
- C:\Windows\System\RkKVMET.exe
  C:\Windows\System\RkKVMET.exe
  2⤵
  PID:13396
- C:\Windows\System\RNaIcxW.exe
  C:\Windows\System\RNaIcxW.exe
  2⤵
  PID:13420
- C:\Windows\System\iDdqQYt.exe
  C:\Windows\System\iDdqQYt.exe
  2⤵
  PID:13512
- C:\Windows\System\zXWaQWT.exe
  C:\Windows\System\zXWaQWT.exe
  2⤵
  PID:13548
- C:\Windows\System\uVMIiPQ.exe
  C:\Windows\System\uVMIiPQ.exe
  2⤵
  PID:13644
- C:\Windows\System\URWGAKl.exe
  C:\Windows\System\URWGAKl.exe
  2⤵
  PID:13708
- C:\Windows\System\StizVDp.exe
  C:\Windows\System\StizVDp.exe
  2⤵
  PID:13820
- C:\Windows\System\fcougHb.exe
  C:\Windows\System\fcougHb.exe
  2⤵
  PID:13856
- C:\Windows\System\QXSkAJd.exe
  C:\Windows\System\QXSkAJd.exe
  2⤵
  PID:13920
- C:\Windows\System\FGJYrbb.exe
  C:\Windows\System\FGJYrbb.exe
  2⤵
  PID:14000
- C:\Windows\System\qfHNLXD.exe
  C:\Windows\System\qfHNLXD.exe
  2⤵
  PID:14064
- C:\Windows\System\SNWkWwo.exe
  C:\Windows\System\SNWkWwo.exe
  2⤵
  PID:14116
- C:\Windows\System\msXHChp.exe
  C:\Windows\System\msXHChp.exe
  2⤵
  PID:14196
- C:\Windows\System\jbfXMPR.exe
  C:\Windows\System\jbfXMPR.exe
  2⤵
  PID:14240
- C:\Windows\System\VZLxVok.exe
  C:\Windows\System\VZLxVok.exe
  2⤵
  PID:14324
- C:\Windows\System\qfNgnRX.exe
  C:\Windows\System\qfNgnRX.exe
  2⤵
  PID:1536
- C:\Windows\System\nileUOy.exe
  C:\Windows\System\nileUOy.exe
  2⤵
  PID:13384
- C:\Windows\System\PlLLjbC.exe
  C:\Windows\System\PlLLjbC.exe
  2⤵
  PID:13612
- C:\Windows\System\rjpHUCu.exe
  C:\Windows\System\rjpHUCu.exe
  2⤵
  PID:13764
- C:\Windows\System\ZLXnyYP.exe
  C:\Windows\System\ZLXnyYP.exe
  2⤵
  PID:13952
- C:\Windows\System\EJaRmxA.exe
  C:\Windows\System\EJaRmxA.exe
  2⤵
  PID:14056
- C:\Windows\System\PATUANd.exe
  C:\Windows\System\PATUANd.exe
  2⤵
  PID:14176
- C:\Windows\System\KmUyjFi.exe
  C:\Windows\System\KmUyjFi.exe
  2⤵
  PID:13316
- C:\Windows\System\XVwehJS.exe
  C:\Windows\System\XVwehJS.exe
  2⤵
  PID:13588
- C:\Windows\System\WDBvIfQ.exe
  C:\Windows\System\WDBvIfQ.exe
  2⤵
  PID:13984
- C:\Windows\System\aFIPhZj.exe
  C:\Windows\System\aFIPhZj.exe
  2⤵
  PID:13424
- C:\Windows\System\JnPvpyv.exe
  C:\Windows\System\JnPvpyv.exe
  2⤵
  PID:14276
- C:\Windows\System\OHtWtbQ.exe
  C:\Windows\System\OHtWtbQ.exe
  2⤵
  PID:14348
- C:\Windows\System\kETvHJU.exe
  C:\Windows\System\kETvHJU.exe
  2⤵
  PID:14376
- C:\Windows\System\KsWtrYe.exe
  C:\Windows\System\KsWtrYe.exe
  2⤵
  PID:14416
- C:\Windows\System\DXNJlDy.exe
  C:\Windows\System\DXNJlDy.exe
  2⤵
  PID:14444
- C:\Windows\System\CBNmJtQ.exe
  C:\Windows\System\CBNmJtQ.exe
  2⤵
  PID:14460
- C:\Windows\System\HqyEKYV.exe
  C:\Windows\System\HqyEKYV.exe
  2⤵
  PID:14488
- C:\Windows\System\SsUEKVJ.exe
  C:\Windows\System\SsUEKVJ.exe
  2⤵
  PID:14676
- C:\Windows\System\amzTHNe.exe
  C:\Windows\System\amzTHNe.exe
  2⤵
  PID:14700

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ABPJBcT.exe

Filesize
2.1MB

MD5
e62c7bf12d80e46ebf086da3ec473859

SHA1
8889c8d30ed8339bd230df876eed8a26c6befe1c

SHA256
a5d1d5821d9ff0eca4f403e4aa9c59f970a27300f330d1cdb91465a832e14281

SHA512
2908db6af82544da06edc6c61238bba3330b790c6b9c54f2429c2fa6d4ede6aa8d3fe38808fcdceac98c18fd114ffcc7c64a21859c4cd351594dd83deb8a7507

Download Submit
C:\Windows\System\EkdwUeF.exe

Filesize
2.1MB

MD5
597a2954593f3b2141ecb275b09b68be

SHA1
1903bb6a25d0dfd559ed41e398d3799dcf679c8d

SHA256
165f3f85b2b270f526801c845d7b4d7d2c8be2c9b581b5180beb38cc03cb5e79

SHA512
0640bfb1f784c7ffd29a7a2879645a05e9b6a5cdff7f06a14c2c18c9fd492d542a38425b28640246e17c16991d3d8e4c3d33905e1fab36fb4c6af1053150eb09

Download Submit
C:\Windows\System\GgCZDUV.exe

Filesize
2.1MB

MD5
b03d30208d28c89738a95d18fd66e84f

SHA1
c4fcf93cc262ab9437d5f66b0761dde5abd0bb83

SHA256
8ccd07dbe9681084b74e1804162d0752020f75543f86e3b5a29f41727e1b5acc

SHA512
e51395d397bd286c4f90689ccb57223bd222159160894f5fccf2089463d974ce2ac1961b81fb319c78f3f2067e41065aa793469e069ad0219795568498eb4546

Download Submit
C:\Windows\System\IlfSYMd.exe

Filesize
2.1MB

MD5
5ddb0953d71322ac97a8908e1cbaab5f

SHA1
3b3efad2d70d26c3a1312985a1cb9b9db0c6dccc

SHA256
0bc9db9d225e727ea8c5e65c004610f74618cb1dca3d95fde29ddefae64c02e5

SHA512
ab43ed03f8069476e6f46dea45c482cd806c240633a33666d10bff83527006e80f182f2f67a8b01f69baa600cbc932deee169245227f52dd9cbb5dad7cc3f180

Download Submit
C:\Windows\System\Ivmmvet.exe

Filesize
2.1MB

MD5
5ffbbeed63fe03435738242a8244f0e7

SHA1
c6b2de49d45936aa99ee7abe799429b2962e5b9c

SHA256
edb7c2bef6f6d88d137729cb529539c68259c4e223d6b30087041671f59d1f07

SHA512
a85f6d5937687f3da8110d7accfa5e05d4aff14f6b4129ac37b4f473724a1019f33937c545b7888bc6f4f68c709544a12ff4d7d5e79fd0adbd148af7890356d9

Download Submit
C:\Windows\System\JyYcgOJ.exe

Filesize
2.1MB

MD5
8c5eefbd833da84b8b167003d10ee116

SHA1
73c3a615342ccae0d3cf432759bc88d5e2b237dc

SHA256
2964631a0da695f946ba058595f3a16f2898f71fefe416ed4a2b8bce510aa176

SHA512
387f781780e8529cae8046ec818d079b59c030ad192d1f89744cc2091bd677b744654b39ec04e57ed2f17be6f31fcdc569540118a5a755bc622f6cb1cfddcab4

Download Submit
C:\Windows\System\KvIFSdk.exe

Filesize
2.1MB

MD5
20083e13d9d02c3827d05f6c1a5deae6

SHA1
0bb5ed6f67cd7342fab05a1c0eca24bc3cc4dd7b

SHA256
25b842416d4ee7f58cd536ba533e09b051725edb17566326eaa320a095d58cbc

SHA512
243255b47cfc05e8bf68d174a0468650b35f46bbaf6664bc869693e97e873135245b6c4da0aed8b1c78e1bd6b89ed854b294bd373de8202d7740e8b89eaccd46

Download Submit
C:\Windows\System\MFYLCSI.exe

Filesize
2.1MB

MD5
8cef3f6a8c3b239a7830e05d0a446e1c

SHA1
2915e1f5f1d7e3586c68a03832bc4c272ba6b3a8

SHA256
97fdf35377d2a017fcd79897664ea0f6c7e182b2289ca2f32344f17b4233dd75

SHA512
0170d292cf2c42de7c51bbc45a1d321446d4a9088cf20aaf9abac26164c265043f932e84821b5e1c5d0c25bc8f3b68c445f69624caf9b5ce18d1ad453cca1481

Download Submit
C:\Windows\System\OqpAKec.exe

Filesize
2.1MB

MD5
c6bab64b8224292c703bd76337c5a0ab

SHA1
69c18c24b2da60fe60db01b56ed3de1d3f1f8b20

SHA256
8b4cbc95fafa6d32035b9435476b6fbf3374cf65b4b046431e016c2eea79f448

SHA512
589a53a9ed94d597a468e9201d52e0d03b09321019e50a8fbb3ace53473f3047009ea15edc8d3b56a3852a5e6930fd002a7cb9c2760fe465d9a0fffa62a6ce71

Download Submit
C:\Windows\System\QgkDeMa.exe

Filesize
2.1MB

MD5
03ed649908620816719558666e060b45

SHA1
c14561f2da1ec261899c2e06df3a17fc7a2f2d52

SHA256
f2ea96d0899baa0ae88d3140a77dbe43d7dd0ae1196d751079ef96a3aba1c7c4

SHA512
3c3230fd16acae97c0885fc2bef21d6dfdd99696ea53809fdd18fcf0389a691dda6a23efc0eeba0db4849fb60ce53f86dae30123074bb7fb2e9643514970a6a9

Download Submit
C:\Windows\System\Tqavsve.exe

Filesize
2.1MB

MD5
59ba27085802bde8d057438b63d640b5

SHA1
ae2df7e27ed3b45ec6dbe7033d3a0569c970b305

SHA256
9b0f4e317bfb6095e57f2e922f8fd93a135ddd27385a3b292a03c44f1e1a6e43

SHA512
e11904fb25f9472b3a253731ad92573798e95d418ac752b2e8f800c0ef1e488db34ae7349eadc6f28ff0f13462e1a5b3160b576b2511df8b8b67377359a122a0

Download Submit
C:\Windows\System\UQNyKag.exe

Filesize
2.1MB

MD5
17d9009e4b4004de5ebad2e4fe407409

SHA1
b0aefc7c4dfdc60efd96700295313625ee9d5c8b

SHA256
f4159940f52c6babd4df9ea0e198aedf1adcc399e709b95235e446d614f35604

SHA512
bfe850eaaf5b414a1d7b407f455362516ec1ac50f70ba059e928e250bbd020049fd82c477824b31d770338281bc32532ffafb189edd6ad67c5ca942d375edb2b

Download Submit
C:\Windows\System\VHinOtV.exe

Filesize
2.1MB

MD5
051bb1e34efb043e1aeeab78029e4f18

SHA1
9f934462a05f739a8f523d35a53364332fcddb08

SHA256
81f4cb8f13565925c851eef1c69560db07e28d084977391109efc565af54fc42

SHA512
ca9f5e8cdc5977d99967c0f6763a1691e788e743daea72e37f9b46fa14361c2fe5de5d1758fd2dc1341cb00c13b57d54907f5dec4c88182e19b7d4005c1361ad

Download Submit
C:\Windows\System\VMeWRDK.exe

Filesize
2.1MB

MD5
71a3c67b4f07288f98ef1500013c9ed2

SHA1
272b5ddddd4438f45c8094ac63c3b4bab8249801

SHA256
c7b76b9ac6eed57a7a31001c9aafe12791ed6c8bec1a3fe3577d3c6c7ff5941a

SHA512
ec940fe2156703a085abeabdf1529bcab6ac1b093dba570b34789ae4714278a78bed8739a7fa3742f7f38463308720edf94e92f85a008135b1b09ef6991e7449

Download Submit
C:\Windows\System\XFqtlUN.exe

Filesize
2.1MB

MD5
adfe1d8638430e4a70e75cefb13bcadd

SHA1
25fa7276cf4cedc4361edb65872fb4251493edca

SHA256
f66e126b1f06c30db4bcf39eafbccc92661e3be92a67ce31102d81ae4e725907

SHA512
d2bbd4f55ed90f0ff05f6f2554149bee31ff4ca7a054c8ae900fd6a9e01f2a56c4f5a4cd5978fa954fdf7a87d56fb46b3285367ccf342bb7cd6775ffea9d15b9

Download Submit
C:\Windows\System\ZRTMBKG.exe

Filesize
2.1MB

MD5
c57033af00bbf1338962a30617311a54

SHA1
90b7b4c94989b9e25a0342684366da779b01e64d

SHA256
cb461ff111441a8b1f7be0c4c77e69b8606a36ac576ef365e734df3dc2c37b19

SHA512
a8103ba4fa63747d1f7641a565f913d1784822a9dee107a4c773b3ee9643aacb5e0d9625d0e660a8e091457d6d5fe4c603d9c148fe550e9648d5d996feb235ff

Download Submit
C:\Windows\System\ZkMZbGf.exe

Filesize
2.1MB

MD5
c2a4e96847f2ad0f7d52085efc758211

SHA1
3d42e8226159afc7d917fe714cab9a1f23e27622

SHA256
3680d8ca10d6aeea87e5a95841ccca36cb10faf8c377db3c7cce2cfa38d3a841

SHA512
9258b8cb58bd9901b739bfc77317c2a487fcbbb7a6ed25571ec9b50429fb5623d6a5214d343cfd70139c1c023558a7f38a5da7211ace4c219dc402bf9d21e656

Download Submit
C:\Windows\System\aWYlVya.exe

Filesize
2.1MB

MD5
ffa0c891c59497dec40c9491437af5ad

SHA1
b1181fb0dca670514c578ece669092f25471c21a

SHA256
4cd7d43f8efeea462eba5b06b8147149a58c25d1743419610da38700804b7ae0

SHA512
96e33494a023745aa9182fff1f79b5849eb4c4a95578a33f8af0b61642bccdacca2279dbdb190df7ae3a3587a601da1804470a59e165b3651578cdf1a86f23a1

Download Submit
C:\Windows\System\ayuhRlE.exe

Filesize
2.1MB

MD5
f7c85877dd5eaff1f15bee786c437cec

SHA1
cfe1c9616681395f68143187012ffaf9678daaca

SHA256
b3e21c3efc08aed6750ff64b2d72013ca96ee22c4b804cf27b7632a6a95d18b8

SHA512
359b1d63d30b571f9ea71c5d2ed700ed1a6ec9cccc5455ae3f1efd8187cae1b256951cce7958cd1e1efd7102be95b04888d548a6cc578854c94c8fa3c8546ed7

Download Submit
C:\Windows\System\epbgivm.exe

Filesize
2.1MB

MD5
ef04d2ebe97fb2f26293c4f5242c0b1c

SHA1
adc8f30412227f1278f706ea308b77200e5d5215

SHA256
19698456897ed07137545036c19ad4c84ce802f621d49ed4246e71491681ab85

SHA512
be883a6d1dbaa7a5b1bb5f16756d6399a8838db1e29e40cffd873afd1734363e400bd811e953afa7910cb37f29eae9798153cb8ef9fbb6d49895c1bbac42e5ca

Download Submit
C:\Windows\System\fJnSBwH.exe

Filesize
2.1MB

MD5
1133c8202057fb4504ebc695536cc691

SHA1
43ad82a256bcc3ad999091aa9a05a8f965d7d8b9

SHA256
eafb4dcd88de34e388b3b2e57f2613f9fc2ce220ad6668ca40ccdcb6738404ab

SHA512
d3e9eb3bbd332c246051a98efde7f0cbff5cda83fe295ec194df3ec780ec0a157410de81885677485e07173cda306a548932414d089d60cd4707432114a164df

Download Submit
C:\Windows\System\ioTLAyv.exe

Filesize
2.1MB

MD5
b7dae61fe92aaf56e1e68ba27e700b3a

SHA1
6a142c4bf70b9e480107cfc1b702beaf0f12af89

SHA256
c97eb9ebdbf795b7ba769feb4250f9d679b213cfdd34fa162dd0ac618b763680

SHA512
7873e2c4cdfd6a1000d2d550b407170dab0ca69c564d622889b0567422a4ce0fdbe6e3f4c269f65e74640b5197e5f159ba91125de885b99906cc9c56a6556c07

Download Submit
C:\Windows\System\iqcRnbN.exe

Filesize
2.1MB

MD5
1b0cd2f76f9e80d32034b2e45445fb7e

SHA1
f5fc0af198b6adb591c6af32fc99b698a6021db6

SHA256
c0fdf57650456942223e093216ed4c00e02b58b79b20fa09882c9e6f0b6c76d6

SHA512
3d32e39d19c196a77ce1d5d8c32afa96867c4a2003a472300a91c161c7430e0526d03a94b40731313b4e0e7a239606f19a32b49807172af15ce3d45911b3d029

Download Submit
C:\Windows\System\lsWIhpa.exe

Filesize
2.1MB

MD5
ff5409cf03679d613366690b21a2bef2

SHA1
6ad74b838c3eb9477e2081fa1fdd52bdb3294ed7

SHA256
91108df6c321b4729d7ee0b3647e19e5b981f30cbbb455fa91ea0409e6a51d74

SHA512
70fa276c0611f580a52091ada7dee482765f174888d7f6b1033a0b7476c83b94db5c457f7fcaee4d8e12217c1a7ec3c146f1c24d652081d4f2871b4fcc13d324

Download Submit
C:\Windows\System\nJYvaws.exe

Filesize
2.1MB

MD5
af57e35f975126bb57c7d184a7c8ae8d

SHA1
d3ef8e4627826b842be59f04e89017429ec6e893

SHA256
85b4c108e942bd3368654117b3cf649171dd861640c4876af8b9734edb97da7a

SHA512
8b985b59826f8c3788f907bba8fb4e57825222cb86a21e6dc56665ad4a811e92080a454bc59b24f5e8875e36da42ae9b63074ff446fd5999f26423c5c114ad1a

Download Submit
C:\Windows\System\oJaimZU.exe

Filesize
2.1MB

MD5
e924bfe407e553330bf43544b061a0eb

SHA1
7c268af66f9d12372d68651e73792ee75e83d2fc

SHA256
09412bd13cda4671389fd9ba4b5424befea0a5860949f740ce94a7cb4aa8745d

SHA512
ddb9b9f695a5a55715f891df29f733ba53c63ed814f203d487e048244388219a7cf86ea5719aa9ba8761fbfeada4bccf155552aecb283122154e325f7a98edc3

Download Submit
C:\Windows\System\ogAWfWC.exe

Filesize
2.1MB

MD5
4233793e2ce27de378311e32d5f483c6

SHA1
684d12b2ec8746c620526f193b780074f2c5c9cb

SHA256
f90ddd9218d701af7feb22f80d66b6ff5ef348412b90b8058ff4c775946c0ca2

SHA512
c2c6ba3a73c490ca9c3da8acc5fccb769f5afe3b844a6d96517dae23e32ac9c0e6491999a1df34039dfb1bce0a7981782c8a21c26eb5dc8a152abcd0cc02743e

Download Submit
C:\Windows\System\rrLfien.exe

Filesize
2.1MB

MD5
46bf6899b34e724bf6f78fa0d62affd8

SHA1
989f60861d9eb2c1ffd37bbb5365aafa49488f1d

SHA256
f5a1f73d8e3f8bf13d4a3146dc862293de2650a4f8110cfc2a848fc4f308d6d3

SHA512
b8e7e807edd245183954290650e2b7fba1a3954cf482bf79bc7e07a771e0a692e4c500a6c13635bb7e647e4605c085e0c340c75b6e0a500d050439eb6b42fadf

Download Submit
C:\Windows\System\tAnLomF.exe

Filesize
2.1MB

MD5
c8aff4336bef9ff5b1b253ca198f3203

SHA1
77c71c2832468d99dabd257a50d01e55be11c02f

SHA256
f3028d6a708bbccde50c4575898facab9f78f03dba4ca5c09fa6c476859b75d6

SHA512
2266694ac8e8fb456f7eb144199ec60593c02d5ec87c4568ae755b3e3d3b8b7d79480f107adc673ea2e1927e206bed0a74409eb462cb8f5a59106f93e30dd9e7

Download Submit
C:\Windows\System\tsYQeEJ.exe

Filesize
2.1MB

MD5
90dc400da6dd8170332a215cfe8346e6

SHA1
6cc9197ffb0264298bff3097a81c18915b2a7333

SHA256
70037f17de2a2b05111c799f8ae8cb462faa29129875b94baf253058199eeae5

SHA512
064ac1c84fad63b2cabbeb1377a4bc59c532ed09acf40e7a59a934c559af50be533325eefa64df2fd75785a75ad41f7ab9ea7d667714ab8e4ee6e2049324d1ea

Download Submit
C:\Windows\System\vzGbnNB.exe

Filesize
2.1MB

MD5
1d9d597c5ecb91d48d04aa193ffb208a

SHA1
7bb525571d69cc3bed256ad212385edde75bc129

SHA256
a96a8401084c251a4431dbce6090aa98cb1e09eb411345c3d68d8f02ad96931e

SHA512
efb06ec681b28e81ae6aa8f25f80f3df39c8f15feb1ae89e63d813ea2b61da5607889f6e9b0b6663f88d663e0738202e3feccbe876c29e7e50c5d35432e0afff

Download Submit
C:\Windows\System\xatNCSC.exe

Filesize
2.1MB

MD5
235a13130b42a45d2060ab57d9b7d4f4

SHA1
f89798f8ab3976806505994039c06ae8d657b3f9

SHA256
aa6db6b9fbad3706186f335b76ce4a632e138d5c6e4a864041e2a46c994fc291

SHA512
1bd3d6d619ce2a977062331d44786623b534759f199f884cc109e5c40467744df4872d141974f3fca397b139bf7917c3118961774c963513550ab660dc907411

Download Submit
C:\Windows\System\zGYBcHx.exe

Filesize
2.1MB

MD5
ca04c5408a33c06aff467e0d1ba2e44e

SHA1
eb05adc0fd6eedf3b137e3ecd0027b71e35eb9e1

SHA256
763723ff6309ef44d2c318d4ef75ac1a742a7f3d452f3368c62f117c047155f1

SHA512
79d35297e8226192d9706f0f6b6243162a0c9df196fec50b262d24c88c8ff974e90c2895b02c2cc16df01cb800e1fac0fd3436a9ce701450f815e819c89a6753

Download Submit
memory/212-16-0x00007FF7433F0000-0x00007FF743744000-memory.dmp

Filesize
3.3MB

Download
memory/212-2118-0x00007FF7433F0000-0x00007FF743744000-memory.dmp

Filesize
3.3MB

Download
memory/652-55-0x00007FF74ED20000-0x00007FF74F074000-memory.dmp

Filesize
3.3MB

Download
memory/652-2122-0x00007FF74ED20000-0x00007FF74F074000-memory.dmp

Filesize
3.3MB

Download
memory/852-2139-0x00007FF770AF0000-0x00007FF770E44000-memory.dmp

Filesize
3.3MB

Download
memory/852-453-0x00007FF770AF0000-0x00007FF770E44000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2129-0x00007FF714E20000-0x00007FF715174000-memory.dmp

Filesize
3.3MB

Download
memory/1088-426-0x00007FF714E20000-0x00007FF715174000-memory.dmp

Filesize
3.3MB

Download
memory/1104-12-0x00007FF6FD910000-0x00007FF6FDC64000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2117-0x00007FF6FD910000-0x00007FF6FDC64000-memory.dmp

Filesize
3.3MB

Download
memory/1380-2134-0x00007FF7989F0000-0x00007FF798D44000-memory.dmp

Filesize
3.3MB

Download
memory/1380-438-0x00007FF7989F0000-0x00007FF798D44000-memory.dmp

Filesize
3.3MB

Download
memory/1628-467-0x00007FF6C03A0000-0x00007FF6C06F4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2140-0x00007FF6C03A0000-0x00007FF6C06F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2142-0x00007FF705F10000-0x00007FF706264000-memory.dmp

Filesize
3.3MB

Download
memory/1800-478-0x00007FF705F10000-0x00007FF706264000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2136-0x00007FF71CF00000-0x00007FF71D254000-memory.dmp

Filesize
3.3MB

Download
memory/1940-444-0x00007FF71CF00000-0x00007FF71D254000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2145-0x00007FF637380000-0x00007FF6376D4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-452-0x00007FF637380000-0x00007FF6376D4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-488-0x00007FF7E8C70000-0x00007FF7E8FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2125-0x00007FF7E8C70000-0x00007FF7E8FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-443-0x00007FF6EE110000-0x00007FF6EE464000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2137-0x00007FF6EE110000-0x00007FF6EE464000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2120-0x00007FF6EF860000-0x00007FF6EFBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-37-0x00007FF6EF860000-0x00007FF6EFBB4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2127-0x00007FF61FC90000-0x00007FF61FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-419-0x00007FF61FC90000-0x00007FF61FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2128-0x00007FF767310000-0x00007FF767664000-memory.dmp

Filesize
3.3MB

Download
memory/3040-491-0x00007FF767310000-0x00007FF767664000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2143-0x00007FF724D00000-0x00007FF725054000-memory.dmp

Filesize
3.3MB

Download
memory/3148-484-0x00007FF724D00000-0x00007FF725054000-memory.dmp

Filesize
3.3MB

Download
memory/3424-447-0x00007FF73C4E0000-0x00007FF73C834000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2131-0x00007FF73C4E0000-0x00007FF73C834000-memory.dmp

Filesize
3.3MB

Download
memory/3628-451-0x00007FF785300000-0x00007FF785654000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2144-0x00007FF785300000-0x00007FF785654000-memory.dmp

Filesize
3.3MB

Download
memory/3672-0-0x00007FF717FF0000-0x00007FF718344000-memory.dmp

Filesize
3.3MB

Download
memory/3672-1-0x00000240BABC0000-0x00000240BABD0000-memory.dmp

Filesize
64KB

Download
memory/3796-439-0x00007FF7FBED0000-0x00007FF7FC224000-memory.dmp

Filesize
3.3MB

Download
memory/3796-2135-0x00007FF7FBED0000-0x00007FF7FC224000-memory.dmp

Filesize
3.3MB

Download
memory/3904-449-0x00007FF7D0260000-0x00007FF7D05B4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-2130-0x00007FF7D0260000-0x00007FF7D05B4000-memory.dmp

Filesize
3.3MB

Download
memory/4264-60-0x00007FF7C3220000-0x00007FF7C3574000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2123-0x00007FF7C3220000-0x00007FF7C3574000-memory.dmp

Filesize
3.3MB

Download
memory/4416-496-0x00007FF726340000-0x00007FF726694000-memory.dmp

Filesize
3.3MB

Download
memory/4416-2126-0x00007FF726340000-0x00007FF726694000-memory.dmp

Filesize
3.3MB

Download
memory/4468-24-0x00007FF64ECB0000-0x00007FF64F004000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2119-0x00007FF64ECB0000-0x00007FF64F004000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2133-0x00007FF72D1E0000-0x00007FF72D534000-memory.dmp

Filesize
3.3MB

Download
memory/4520-431-0x00007FF72D1E0000-0x00007FF72D534000-memory.dmp

Filesize
3.3MB

Download
memory/4524-416-0x00007FF77B060000-0x00007FF77B3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2124-0x00007FF77B060000-0x00007FF77B3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2121-0x00007FF6DB980000-0x00007FF6DBCD4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-42-0x00007FF6DB980000-0x00007FF6DBCD4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-427-0x00007FF7E4B70000-0x00007FF7E4EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2132-0x00007FF7E4B70000-0x00007FF7E4EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2141-0x00007FF6EAAC0000-0x00007FF6EAE14000-memory.dmp

Filesize
3.3MB

Download
memory/4820-475-0x00007FF6EAAC0000-0x00007FF6EAE14000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2138-0x00007FF65C4D0000-0x00007FF65C824000-memory.dmp

Filesize
3.3MB

Download
memory/5116-450-0x00007FF65C4D0000-0x00007FF65C824000-memory.dmp

Filesize
3.3MB

Download