xmrig | 0b184ffed08f51aadfa4e57fc881fdb86944f841b07e08a18cf94b6fd89c6f96

Analysis

max time kernel
130s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
Size

2.1MB
MD5

17944c67fd3abf23b23a9c4e0d628b30
SHA1

2d39bdcb78b7082c6092b1c7f59e341205b83cbb
SHA256

0b184ffed08f51aadfa4e57fc881fdb86944f841b07e08a18cf94b6fd89c6f96
SHA512

4c41c14023ba944062de217c3e48300caf86971151ebc4019c0d684afdf3cb1aa5a67137c539dcc99f03f8ae37962f909089a2d8559b34e174c7d4e9997327fd
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQwNGyXGVft:oemTLkNdfE0pZrQH

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2340-0-0x00007FF634DB0000-0x00007FF635104000-memory.dmp	xmrig
C:\Windows\System\SHEXgDm.exe	xmrig
C:\Windows\System\MswRQbg.exe	xmrig
C:\Windows\System\HasbSBg.exe	xmrig
C:\Windows\System\ZTNUBFk.exe	xmrig
behavioral2/memory/4856-18-0x00007FF6FC3C0000-0x00007FF6FC714000-memory.dmp	xmrig
behavioral2/memory/464-15-0x00007FF67C430000-0x00007FF67C784000-memory.dmp	xmrig
C:\Windows\System\xkGhKZw.exe	xmrig
C:\Windows\System\sAhWWta.exe	xmrig
behavioral2/memory/1780-52-0x00007FF6C7B40000-0x00007FF6C7E94000-memory.dmp	xmrig
behavioral2/memory/3636-62-0x00007FF69A6B0000-0x00007FF69AA04000-memory.dmp	xmrig
behavioral2/memory/3464-69-0x00007FF797D40000-0x00007FF798094000-memory.dmp	xmrig
C:\Windows\System\dDhtgRt.exe	xmrig
C:\Windows\System\XQLVnYy.exe	xmrig
C:\Windows\System\AVFsCJz.exe	xmrig
C:\Windows\System\GThDSXR.exe	xmrig
C:\Windows\System\TMznDse.exe	xmrig
C:\Windows\System\yuyvqEj.exe	xmrig
behavioral2/memory/3956-167-0x00007FF6A4CB0000-0x00007FF6A5004000-memory.dmp	xmrig
C:\Windows\System\QDaKFhz.exe	xmrig
behavioral2/memory/2968-186-0x00007FF70AA50000-0x00007FF70ADA4000-memory.dmp	xmrig
behavioral2/memory/4200-197-0x00007FF7C42D0000-0x00007FF7C4624000-memory.dmp	xmrig
behavioral2/memory/3560-196-0x00007FF6E12A0000-0x00007FF6E15F4000-memory.dmp	xmrig
behavioral2/memory/2256-195-0x00007FF714220000-0x00007FF714574000-memory.dmp	xmrig
behavioral2/memory/1760-194-0x00007FF72E630000-0x00007FF72E984000-memory.dmp	xmrig
behavioral2/memory/3932-193-0x00007FF711D20000-0x00007FF712074000-memory.dmp	xmrig
behavioral2/memory/3184-192-0x00007FF65D500000-0x00007FF65D854000-memory.dmp	xmrig
behavioral2/memory/3104-191-0x00007FF623760000-0x00007FF623AB4000-memory.dmp	xmrig
behavioral2/memory/3904-190-0x00007FF60E930000-0x00007FF60EC84000-memory.dmp	xmrig
behavioral2/memory/3608-189-0x00007FF7D94D0000-0x00007FF7D9824000-memory.dmp	xmrig
behavioral2/memory/4336-188-0x00007FF6138B0000-0x00007FF613C04000-memory.dmp	xmrig
behavioral2/memory/5008-187-0x00007FF6D5C50000-0x00007FF6D5FA4000-memory.dmp	xmrig
behavioral2/memory/784-185-0x00007FF6B6620000-0x00007FF6B6974000-memory.dmp	xmrig
behavioral2/memory/3960-183-0x00007FF743410000-0x00007FF743764000-memory.dmp	xmrig
C:\Windows\System\kiucMoO.exe	xmrig
behavioral2/memory/5028-175-0x00007FF796450000-0x00007FF7967A4000-memory.dmp	xmrig
behavioral2/memory/2336-174-0x00007FF789EF0000-0x00007FF78A244000-memory.dmp	xmrig
C:\Windows\System\TGMzget.exe	xmrig
C:\Windows\System\gjDZFzd.exe	xmrig
behavioral2/memory/2112-168-0x00007FF736C60000-0x00007FF736FB4000-memory.dmp	xmrig
C:\Windows\System\KxYXFNr.exe	xmrig
C:\Windows\System\MSVzdFX.exe	xmrig
C:\Windows\System\mJHlFRo.exe	xmrig
C:\Windows\System\KkiHabj.exe	xmrig
C:\Windows\System\xXQyqNC.exe	xmrig
C:\Windows\System\FVuvqdK.exe	xmrig
C:\Windows\System\wvhtezj.exe	xmrig
C:\Windows\System\vryjQoc.exe	xmrig
C:\Windows\System\CnIvkGd.exe	xmrig
C:\Windows\System\lMOQvTj.exe	xmrig
behavioral2/memory/4036-112-0x00007FF781870000-0x00007FF781BC4000-memory.dmp	xmrig
C:\Windows\System\MqoBxSo.exe	xmrig
C:\Windows\System\vhEDZLC.exe	xmrig
C:\Windows\System\UMJjtHu.exe	xmrig
C:\Windows\System\pddYiFx.exe	xmrig
C:\Windows\System\JSioJCo.exe	xmrig
behavioral2/memory/3508-61-0x00007FF6FAFD0000-0x00007FF6FB324000-memory.dmp	xmrig
behavioral2/memory/1856-59-0x00007FF7154A0000-0x00007FF7157F4000-memory.dmp	xmrig
C:\Windows\System\xymmOjJ.exe	xmrig
behavioral2/memory/3824-49-0x00007FF6775D0000-0x00007FF677924000-memory.dmp	xmrig
behavioral2/memory/2204-44-0x00007FF71BDE0000-0x00007FF71C134000-memory.dmp	xmrig
C:\Windows\System\qJIbtfF.exe	xmrig
C:\Windows\System\PlkFWah.exe	xmrig
behavioral2/memory/5004-29-0x00007FF733A00000-0x00007FF733D54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

SHEXgDm.exeMswRQbg.exeHasbSBg.exeZTNUBFk.exePlkFWah.exeqJIbtfF.exexkGhKZw.exesAhWWta.exexymmOjJ.exeJSioJCo.exepddYiFx.exedDhtgRt.exeUMJjtHu.exevhEDZLC.exeAVFsCJz.exeMqoBxSo.exeXQLVnYy.exelMOQvTj.exeGThDSXR.exeCnIvkGd.exevryjQoc.exewvhtezj.exeFVuvqdK.exexXQyqNC.exeTMznDse.exeKkiHabj.exeyuyvqEj.exeTGMzget.exekiucMoO.exeQDaKFhz.exemJHlFRo.exeMSVzdFX.exeKxYXFNr.exegjDZFzd.exeDkubNUR.exesAOGrzz.exeqXdKWUw.exeEOYpJDk.exeDePRsVI.exeeLRurUJ.exeUwWHXSw.exexSPiZlq.exeiOpTGyY.exepSCfQfL.exexIlReKL.exeNGCVDDl.exeHNPCBkL.exeMLSJxdP.exeweJqNwu.exeLmadIYN.exeFqftkYn.exeXfwztiX.exeFzcTnAU.exeWTzeirB.exemSDcRAC.exeCZyFARa.exeDvRfkJn.exeRRREvaE.exebhAIHMU.exeUbuBnqo.exeEhTNCTe.exeRLvJwwZ.exeCLvofzi.exeBnqleXY.exe

pid	process
464	SHEXgDm.exe
4856	MswRQbg.exe
5004	HasbSBg.exe
2204	ZTNUBFk.exe
1856	PlkFWah.exe
3824	qJIbtfF.exe
3508	xkGhKZw.exe
1780	sAhWWta.exe
3636	xymmOjJ.exe
3464	JSioJCo.exe
3932	pddYiFx.exe
1760	dDhtgRt.exe
2256	UMJjtHu.exe
4036	vhEDZLC.exe
3560	AVFsCJz.exe
3956	MqoBxSo.exe
2112	XQLVnYy.exe
2336	lMOQvTj.exe
5028	GThDSXR.exe
4200	CnIvkGd.exe
3960	vryjQoc.exe
784	wvhtezj.exe
2968	FVuvqdK.exe
5008	xXQyqNC.exe
4336	TMznDse.exe
3608	KkiHabj.exe
3904	yuyvqEj.exe
3104	TGMzget.exe
3184	kiucMoO.exe
3900	QDaKFhz.exe
1956	mJHlFRo.exe
4932	MSVzdFX.exe
2272	KxYXFNr.exe
3112	gjDZFzd.exe
1312	DkubNUR.exe
4624	sAOGrzz.exe
1276	qXdKWUw.exe
4712	EOYpJDk.exe
4828	DePRsVI.exe
4672	eLRurUJ.exe
1948	UwWHXSw.exe
4808	xSPiZlq.exe
4244	iOpTGyY.exe
4564	pSCfQfL.exe
4804	xIlReKL.exe
4416	NGCVDDl.exe
5024	HNPCBkL.exe
3204	MLSJxdP.exe
5104	weJqNwu.exe
2136	LmadIYN.exe
1316	FqftkYn.exe
408	XfwztiX.exe
2120	FzcTnAU.exe
1020	WTzeirB.exe
2600	mSDcRAC.exe
4180	CZyFARa.exe
5056	DvRfkJn.exe
3252	RRREvaE.exe
5032	bhAIHMU.exe
3472	UbuBnqo.exe
4716	EhTNCTe.exe
2356	RLvJwwZ.exe
3736	CLvofzi.exe
3296	BnqleXY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2340-0-0x00007FF634DB0000-0x00007FF635104000-memory.dmp	upx
C:\Windows\System\SHEXgDm.exe	upx
C:\Windows\System\MswRQbg.exe	upx
C:\Windows\System\HasbSBg.exe	upx
C:\Windows\System\ZTNUBFk.exe	upx
behavioral2/memory/4856-18-0x00007FF6FC3C0000-0x00007FF6FC714000-memory.dmp	upx
behavioral2/memory/464-15-0x00007FF67C430000-0x00007FF67C784000-memory.dmp	upx
C:\Windows\System\xkGhKZw.exe	upx
C:\Windows\System\sAhWWta.exe	upx
behavioral2/memory/1780-52-0x00007FF6C7B40000-0x00007FF6C7E94000-memory.dmp	upx
behavioral2/memory/3636-62-0x00007FF69A6B0000-0x00007FF69AA04000-memory.dmp	upx
behavioral2/memory/3464-69-0x00007FF797D40000-0x00007FF798094000-memory.dmp	upx
C:\Windows\System\dDhtgRt.exe	upx
C:\Windows\System\XQLVnYy.exe	upx
C:\Windows\System\AVFsCJz.exe	upx
C:\Windows\System\GThDSXR.exe	upx
C:\Windows\System\TMznDse.exe	upx
C:\Windows\System\yuyvqEj.exe	upx
behavioral2/memory/3956-167-0x00007FF6A4CB0000-0x00007FF6A5004000-memory.dmp	upx
C:\Windows\System\QDaKFhz.exe	upx
behavioral2/memory/2968-186-0x00007FF70AA50000-0x00007FF70ADA4000-memory.dmp	upx
behavioral2/memory/4200-197-0x00007FF7C42D0000-0x00007FF7C4624000-memory.dmp	upx
behavioral2/memory/3560-196-0x00007FF6E12A0000-0x00007FF6E15F4000-memory.dmp	upx
behavioral2/memory/2256-195-0x00007FF714220000-0x00007FF714574000-memory.dmp	upx
behavioral2/memory/1760-194-0x00007FF72E630000-0x00007FF72E984000-memory.dmp	upx
behavioral2/memory/3932-193-0x00007FF711D20000-0x00007FF712074000-memory.dmp	upx
behavioral2/memory/3184-192-0x00007FF65D500000-0x00007FF65D854000-memory.dmp	upx
behavioral2/memory/3104-191-0x00007FF623760000-0x00007FF623AB4000-memory.dmp	upx
behavioral2/memory/3904-190-0x00007FF60E930000-0x00007FF60EC84000-memory.dmp	upx
behavioral2/memory/3608-189-0x00007FF7D94D0000-0x00007FF7D9824000-memory.dmp	upx
behavioral2/memory/4336-188-0x00007FF6138B0000-0x00007FF613C04000-memory.dmp	upx
behavioral2/memory/5008-187-0x00007FF6D5C50000-0x00007FF6D5FA4000-memory.dmp	upx
behavioral2/memory/784-185-0x00007FF6B6620000-0x00007FF6B6974000-memory.dmp	upx
behavioral2/memory/3960-183-0x00007FF743410000-0x00007FF743764000-memory.dmp	upx
C:\Windows\System\kiucMoO.exe	upx
behavioral2/memory/5028-175-0x00007FF796450000-0x00007FF7967A4000-memory.dmp	upx
behavioral2/memory/2336-174-0x00007FF789EF0000-0x00007FF78A244000-memory.dmp	upx
C:\Windows\System\TGMzget.exe	upx
C:\Windows\System\gjDZFzd.exe	upx
behavioral2/memory/2112-168-0x00007FF736C60000-0x00007FF736FB4000-memory.dmp	upx
C:\Windows\System\KxYXFNr.exe	upx
C:\Windows\System\MSVzdFX.exe	upx
C:\Windows\System\mJHlFRo.exe	upx
C:\Windows\System\KkiHabj.exe	upx
C:\Windows\System\xXQyqNC.exe	upx
C:\Windows\System\FVuvqdK.exe	upx
C:\Windows\System\wvhtezj.exe	upx
C:\Windows\System\vryjQoc.exe	upx
C:\Windows\System\CnIvkGd.exe	upx
C:\Windows\System\lMOQvTj.exe	upx
behavioral2/memory/4036-112-0x00007FF781870000-0x00007FF781BC4000-memory.dmp	upx
C:\Windows\System\MqoBxSo.exe	upx
C:\Windows\System\vhEDZLC.exe	upx
C:\Windows\System\UMJjtHu.exe	upx
C:\Windows\System\pddYiFx.exe	upx
C:\Windows\System\JSioJCo.exe	upx
behavioral2/memory/3508-61-0x00007FF6FAFD0000-0x00007FF6FB324000-memory.dmp	upx
behavioral2/memory/1856-59-0x00007FF7154A0000-0x00007FF7157F4000-memory.dmp	upx
C:\Windows\System\xymmOjJ.exe	upx
behavioral2/memory/3824-49-0x00007FF6775D0000-0x00007FF677924000-memory.dmp	upx
behavioral2/memory/2204-44-0x00007FF71BDE0000-0x00007FF71C134000-memory.dmp	upx
C:\Windows\System\qJIbtfF.exe	upx
C:\Windows\System\PlkFWah.exe	upx
behavioral2/memory/5004-29-0x00007FF733A00000-0x00007FF733D54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\HNPCBkL.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\VuKVbFJ.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\EIzkcha.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\OSkCFhF.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\BoEqyVD.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\qXdKWUw.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\ETzbDEE.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\UDEkRhS.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\KUOdHxe.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\pQauous.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\dVCYIuM.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\EhTNCTe.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\tJNyMSi.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\kGVCdFj.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\iuluMgi.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\YVfIOEa.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\tQGhYSm.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\DvRfkJn.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\INxSTGD.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\GTtXBRR.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\kuzIswG.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\dlSISOq.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\OJMqBPq.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\robPmhA.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\xpRUtyj.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\NAhaivV.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\PaUjTMo.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\fOHvuXE.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\gokvqWN.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\WyqWRar.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\UNCfRJR.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\mWfvDyg.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\PIvyBGj.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\kupOkPy.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\qKqADMr.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\SgwhDsi.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\NwnDKZE.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\cKAFCII.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\cakktzc.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\QoYBAnx.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\iOpTGyY.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\hmUeUlh.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\ATzYCWS.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\PbbCaSg.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\VdeEsvP.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\GOQEErc.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\rfqgwRY.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\ycaHITb.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\IicpJJY.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\iEtUiVI.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\QxrnpMY.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\KLFvmny.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\TlpSIDB.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\ObELyqV.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\iUSbTnm.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\GTuJeln.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\yFCttTF.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\VuMIlnT.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\uDrwzyV.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\zxtaeuV.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\CqFWzAQ.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\NgQbceS.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\kiMscdn.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
File created	C:\Windows\System\tawyRMg.exe	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	13456	dwm.exe
Token: SeChangeNotifyPrivilege	13456	dwm.exe
Token: 33	13456	dwm.exe
Token: SeIncBasePriorityPrivilege	13456	dwm.exe
Token: SeShutdownPrivilege	13456	dwm.exe
Token: SeCreatePagefilePrivilege	13456	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe

description	pid	process	target process
PID 2340 wrote to memory of 464	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	SHEXgDm.exe
PID 2340 wrote to memory of 464	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	SHEXgDm.exe
PID 2340 wrote to memory of 4856	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	MswRQbg.exe
PID 2340 wrote to memory of 4856	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	MswRQbg.exe
PID 2340 wrote to memory of 5004	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	HasbSBg.exe
PID 2340 wrote to memory of 5004	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	HasbSBg.exe
PID 2340 wrote to memory of 2204	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	ZTNUBFk.exe
PID 2340 wrote to memory of 2204	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	ZTNUBFk.exe
PID 2340 wrote to memory of 1856	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	PlkFWah.exe
PID 2340 wrote to memory of 1856	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	PlkFWah.exe
PID 2340 wrote to memory of 3824	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	qJIbtfF.exe
PID 2340 wrote to memory of 3824	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	qJIbtfF.exe
PID 2340 wrote to memory of 3508	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	xkGhKZw.exe
PID 2340 wrote to memory of 3508	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	xkGhKZw.exe
PID 2340 wrote to memory of 1780	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	sAhWWta.exe
PID 2340 wrote to memory of 1780	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	sAhWWta.exe
PID 2340 wrote to memory of 3636	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	xymmOjJ.exe
PID 2340 wrote to memory of 3636	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	xymmOjJ.exe
PID 2340 wrote to memory of 3464	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	JSioJCo.exe
PID 2340 wrote to memory of 3464	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	JSioJCo.exe
PID 2340 wrote to memory of 3932	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	pddYiFx.exe
PID 2340 wrote to memory of 3932	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	pddYiFx.exe
PID 2340 wrote to memory of 1760	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	dDhtgRt.exe
PID 2340 wrote to memory of 1760	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	dDhtgRt.exe
PID 2340 wrote to memory of 2256	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	UMJjtHu.exe
PID 2340 wrote to memory of 2256	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	UMJjtHu.exe
PID 2340 wrote to memory of 4036	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	vhEDZLC.exe
PID 2340 wrote to memory of 4036	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	vhEDZLC.exe
PID 2340 wrote to memory of 3560	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	AVFsCJz.exe
PID 2340 wrote to memory of 3560	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	AVFsCJz.exe
PID 2340 wrote to memory of 2112	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	XQLVnYy.exe
PID 2340 wrote to memory of 2112	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	XQLVnYy.exe
PID 2340 wrote to memory of 3956	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	MqoBxSo.exe
PID 2340 wrote to memory of 3956	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	MqoBxSo.exe
PID 2340 wrote to memory of 784	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	wvhtezj.exe
PID 2340 wrote to memory of 784	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	wvhtezj.exe
PID 2340 wrote to memory of 2336	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	lMOQvTj.exe
PID 2340 wrote to memory of 2336	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	lMOQvTj.exe
PID 2340 wrote to memory of 5028	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	GThDSXR.exe
PID 2340 wrote to memory of 5028	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	GThDSXR.exe
PID 2340 wrote to memory of 4200	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	CnIvkGd.exe
PID 2340 wrote to memory of 4200	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	CnIvkGd.exe
PID 2340 wrote to memory of 3960	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	vryjQoc.exe
PID 2340 wrote to memory of 3960	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	vryjQoc.exe
PID 2340 wrote to memory of 2968	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	FVuvqdK.exe
PID 2340 wrote to memory of 2968	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	FVuvqdK.exe
PID 2340 wrote to memory of 5008	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	xXQyqNC.exe
PID 2340 wrote to memory of 5008	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	xXQyqNC.exe
PID 2340 wrote to memory of 4336	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	TMznDse.exe
PID 2340 wrote to memory of 4336	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	TMznDse.exe
PID 2340 wrote to memory of 3608	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	KkiHabj.exe
PID 2340 wrote to memory of 3608	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	KkiHabj.exe
PID 2340 wrote to memory of 3904	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	yuyvqEj.exe
PID 2340 wrote to memory of 3904	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	yuyvqEj.exe
PID 2340 wrote to memory of 3104	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	TGMzget.exe
PID 2340 wrote to memory of 3104	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	TGMzget.exe
PID 2340 wrote to memory of 3184	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	kiucMoO.exe
PID 2340 wrote to memory of 3184	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	kiucMoO.exe
PID 2340 wrote to memory of 3900	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	QDaKFhz.exe
PID 2340 wrote to memory of 3900	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	QDaKFhz.exe
PID 2340 wrote to memory of 1956	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	mJHlFRo.exe
PID 2340 wrote to memory of 1956	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	mJHlFRo.exe
PID 2340 wrote to memory of 4932	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	MSVzdFX.exe
PID 2340 wrote to memory of 4932	2340	17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe	MSVzdFX.exe

C:\Users\Admin\AppData\Local\Temp\17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\17944c67fd3abf23b23a9c4e0d628b30_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\System\SHEXgDm.exe
  C:\Windows\System\SHEXgDm.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\MswRQbg.exe
  C:\Windows\System\MswRQbg.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\HasbSBg.exe
  C:\Windows\System\HasbSBg.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\ZTNUBFk.exe
  C:\Windows\System\ZTNUBFk.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\PlkFWah.exe
  C:\Windows\System\PlkFWah.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\qJIbtfF.exe
  C:\Windows\System\qJIbtfF.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\xkGhKZw.exe
  C:\Windows\System\xkGhKZw.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\sAhWWta.exe
  C:\Windows\System\sAhWWta.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\xymmOjJ.exe
  C:\Windows\System\xymmOjJ.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\JSioJCo.exe
  C:\Windows\System\JSioJCo.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\pddYiFx.exe
  C:\Windows\System\pddYiFx.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\dDhtgRt.exe
  C:\Windows\System\dDhtgRt.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\UMJjtHu.exe
  C:\Windows\System\UMJjtHu.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\vhEDZLC.exe
  C:\Windows\System\vhEDZLC.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\AVFsCJz.exe
  C:\Windows\System\AVFsCJz.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\XQLVnYy.exe
  C:\Windows\System\XQLVnYy.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\MqoBxSo.exe
  C:\Windows\System\MqoBxSo.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\wvhtezj.exe
  C:\Windows\System\wvhtezj.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\lMOQvTj.exe
  C:\Windows\System\lMOQvTj.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\GThDSXR.exe
  C:\Windows\System\GThDSXR.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\CnIvkGd.exe
  C:\Windows\System\CnIvkGd.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\vryjQoc.exe
  C:\Windows\System\vryjQoc.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\FVuvqdK.exe
  C:\Windows\System\FVuvqdK.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\xXQyqNC.exe
  C:\Windows\System\xXQyqNC.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\TMznDse.exe
  C:\Windows\System\TMznDse.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\KkiHabj.exe
  C:\Windows\System\KkiHabj.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\yuyvqEj.exe
  C:\Windows\System\yuyvqEj.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\TGMzget.exe
  C:\Windows\System\TGMzget.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\kiucMoO.exe
  C:\Windows\System\kiucMoO.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\QDaKFhz.exe
  C:\Windows\System\QDaKFhz.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\mJHlFRo.exe
  C:\Windows\System\mJHlFRo.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\MSVzdFX.exe
  C:\Windows\System\MSVzdFX.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\KxYXFNr.exe
  C:\Windows\System\KxYXFNr.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\gjDZFzd.exe
  C:\Windows\System\gjDZFzd.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\DkubNUR.exe
  C:\Windows\System\DkubNUR.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\sAOGrzz.exe
  C:\Windows\System\sAOGrzz.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\qXdKWUw.exe
  C:\Windows\System\qXdKWUw.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\EOYpJDk.exe
  C:\Windows\System\EOYpJDk.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\DePRsVI.exe
  C:\Windows\System\DePRsVI.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\eLRurUJ.exe
  C:\Windows\System\eLRurUJ.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\UwWHXSw.exe
  C:\Windows\System\UwWHXSw.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\xSPiZlq.exe
  C:\Windows\System\xSPiZlq.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\iOpTGyY.exe
  C:\Windows\System\iOpTGyY.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\pSCfQfL.exe
  C:\Windows\System\pSCfQfL.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\xIlReKL.exe
  C:\Windows\System\xIlReKL.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\NGCVDDl.exe
  C:\Windows\System\NGCVDDl.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\HNPCBkL.exe
  C:\Windows\System\HNPCBkL.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\MLSJxdP.exe
  C:\Windows\System\MLSJxdP.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\weJqNwu.exe
  C:\Windows\System\weJqNwu.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\LmadIYN.exe
  C:\Windows\System\LmadIYN.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\FqftkYn.exe
  C:\Windows\System\FqftkYn.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\XfwztiX.exe
  C:\Windows\System\XfwztiX.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\FzcTnAU.exe
  C:\Windows\System\FzcTnAU.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\WTzeirB.exe
  C:\Windows\System\WTzeirB.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\mSDcRAC.exe
  C:\Windows\System\mSDcRAC.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\CZyFARa.exe
  C:\Windows\System\CZyFARa.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\DvRfkJn.exe
  C:\Windows\System\DvRfkJn.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\RRREvaE.exe
  C:\Windows\System\RRREvaE.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\bhAIHMU.exe
  C:\Windows\System\bhAIHMU.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\UbuBnqo.exe
  C:\Windows\System\UbuBnqo.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\EhTNCTe.exe
  C:\Windows\System\EhTNCTe.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\RLvJwwZ.exe
  C:\Windows\System\RLvJwwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\CLvofzi.exe
  C:\Windows\System\CLvofzi.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\BnqleXY.exe
  C:\Windows\System\BnqleXY.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\Ftruhws.exe
  C:\Windows\System\Ftruhws.exe
  2⤵
  PID:4320
- C:\Windows\System\LKKWNui.exe
  C:\Windows\System\LKKWNui.exe
  2⤵
  PID:5080
- C:\Windows\System\VevZLSO.exe
  C:\Windows\System\VevZLSO.exe
  2⤵
  PID:4636
- C:\Windows\System\lGiCUeL.exe
  C:\Windows\System\lGiCUeL.exe
  2⤵
  PID:4440
- C:\Windows\System\TTheoED.exe
  C:\Windows\System\TTheoED.exe
  2⤵
  PID:5436
- C:\Windows\System\Utrpoyj.exe
  C:\Windows\System\Utrpoyj.exe
  2⤵
  PID:5468
- C:\Windows\System\SVeKXUo.exe
  C:\Windows\System\SVeKXUo.exe
  2⤵
  PID:5496
- C:\Windows\System\BTLkxLm.exe
  C:\Windows\System\BTLkxLm.exe
  2⤵
  PID:5532
- C:\Windows\System\mYmjgqd.exe
  C:\Windows\System\mYmjgqd.exe
  2⤵
  PID:5564
- C:\Windows\System\RjJROMW.exe
  C:\Windows\System\RjJROMW.exe
  2⤵
  PID:5592
- C:\Windows\System\NesNgRq.exe
  C:\Windows\System\NesNgRq.exe
  2⤵
  PID:5644
- C:\Windows\System\dagDdIz.exe
  C:\Windows\System\dagDdIz.exe
  2⤵
  PID:5684
- C:\Windows\System\dzsfufp.exe
  C:\Windows\System\dzsfufp.exe
  2⤵
  PID:5708
- C:\Windows\System\CCrNEvY.exe
  C:\Windows\System\CCrNEvY.exe
  2⤵
  PID:5756
- C:\Windows\System\CZMARoi.exe
  C:\Windows\System\CZMARoi.exe
  2⤵
  PID:5784
- C:\Windows\System\BCmBMji.exe
  C:\Windows\System\BCmBMji.exe
  2⤵
  PID:5812
- C:\Windows\System\NVXPdhP.exe
  C:\Windows\System\NVXPdhP.exe
  2⤵
  PID:5840
- C:\Windows\System\LjUIzFx.exe
  C:\Windows\System\LjUIzFx.exe
  2⤵
  PID:5864
- C:\Windows\System\BvhVaSR.exe
  C:\Windows\System\BvhVaSR.exe
  2⤵
  PID:5896
- C:\Windows\System\ULACQzj.exe
  C:\Windows\System\ULACQzj.exe
  2⤵
  PID:5924
- C:\Windows\System\sVVpeOX.exe
  C:\Windows\System\sVVpeOX.exe
  2⤵
  PID:5952
- C:\Windows\System\FvVYGIr.exe
  C:\Windows\System\FvVYGIr.exe
  2⤵
  PID:5972
- C:\Windows\System\zqYwANI.exe
  C:\Windows\System\zqYwANI.exe
  2⤵
  PID:5992
- C:\Windows\System\qrjdBnj.exe
  C:\Windows\System\qrjdBnj.exe
  2⤵
  PID:6008
- C:\Windows\System\sCBDWmf.exe
  C:\Windows\System\sCBDWmf.exe
  2⤵
  PID:6028
- C:\Windows\System\mWfvDyg.exe
  C:\Windows\System\mWfvDyg.exe
  2⤵
  PID:6044
- C:\Windows\System\fJiHloG.exe
  C:\Windows\System\fJiHloG.exe
  2⤵
  PID:6072
- C:\Windows\System\LtJWmXl.exe
  C:\Windows\System\LtJWmXl.exe
  2⤵
  PID:6100
- C:\Windows\System\Yppdinj.exe
  C:\Windows\System\Yppdinj.exe
  2⤵
  PID:6136
- C:\Windows\System\YXHkojO.exe
  C:\Windows\System\YXHkojO.exe
  2⤵
  PID:4928
- C:\Windows\System\rfqgwRY.exe
  C:\Windows\System\rfqgwRY.exe
  2⤵
  PID:1592
- C:\Windows\System\kwDbOSc.exe
  C:\Windows\System\kwDbOSc.exe
  2⤵
  PID:4136
- C:\Windows\System\NBemoHJ.exe
  C:\Windows\System\NBemoHJ.exe
  2⤵
  PID:4324
- C:\Windows\System\JdJHlvz.exe
  C:\Windows\System\JdJHlvz.exe
  2⤵
  PID:456
- C:\Windows\System\yAVKkno.exe
  C:\Windows\System\yAVKkno.exe
  2⤵
  PID:4916
- C:\Windows\System\wetHMIm.exe
  C:\Windows\System\wetHMIm.exe
  2⤵
  PID:1504
- C:\Windows\System\hmUeUlh.exe
  C:\Windows\System\hmUeUlh.exe
  2⤵
  PID:5360
- C:\Windows\System\faSrlKZ.exe
  C:\Windows\System\faSrlKZ.exe
  2⤵
  PID:5384
- C:\Windows\System\jYQzIxO.exe
  C:\Windows\System\jYQzIxO.exe
  2⤵
  PID:2848
- C:\Windows\System\hJKhsXF.exe
  C:\Windows\System\hJKhsXF.exe
  2⤵
  PID:4480
- C:\Windows\System\PTPRkYG.exe
  C:\Windows\System\PTPRkYG.exe
  2⤵
  PID:2684
- C:\Windows\System\spQSubg.exe
  C:\Windows\System\spQSubg.exe
  2⤵
  PID:2624
- C:\Windows\System\tydHMWc.exe
  C:\Windows\System\tydHMWc.exe
  2⤵
  PID:1220
- C:\Windows\System\XjNYwXq.exe
  C:\Windows\System\XjNYwXq.exe
  2⤵
  PID:5176
- C:\Windows\System\TOTCOXw.exe
  C:\Windows\System\TOTCOXw.exe
  2⤵
  PID:5116
- C:\Windows\System\vYSNJdc.exe
  C:\Windows\System\vYSNJdc.exe
  2⤵
  PID:5244
- C:\Windows\System\pMhFuem.exe
  C:\Windows\System\pMhFuem.exe
  2⤵
  PID:3524
- C:\Windows\System\xLKvLju.exe
  C:\Windows\System\xLKvLju.exe
  2⤵
  PID:5508
- C:\Windows\System\mVfAvvi.exe
  C:\Windows\System\mVfAvvi.exe
  2⤵
  PID:5584
- C:\Windows\System\PWsFovw.exe
  C:\Windows\System\PWsFovw.exe
  2⤵
  PID:5604
- C:\Windows\System\VBdfuoZ.exe
  C:\Windows\System\VBdfuoZ.exe
  2⤵
  PID:5696
- C:\Windows\System\VuKVbFJ.exe
  C:\Windows\System\VuKVbFJ.exe
  2⤵
  PID:5704
- C:\Windows\System\yjTkIDo.exe
  C:\Windows\System\yjTkIDo.exe
  2⤵
  PID:5768
- C:\Windows\System\AKFKeKL.exe
  C:\Windows\System\AKFKeKL.exe
  2⤵
  PID:5796
- C:\Windows\System\SkhSeDK.exe
  C:\Windows\System\SkhSeDK.exe
  2⤵
  PID:5636
- C:\Windows\System\FgYBqjM.exe
  C:\Windows\System\FgYBqjM.exe
  2⤵
  PID:5808
- C:\Windows\System\CBjgpBL.exe
  C:\Windows\System\CBjgpBL.exe
  2⤵
  PID:5836
- C:\Windows\System\tawyRMg.exe
  C:\Windows\System\tawyRMg.exe
  2⤵
  PID:3324
- C:\Windows\System\GrKiacG.exe
  C:\Windows\System\GrKiacG.exe
  2⤵
  PID:2220
- C:\Windows\System\KTUNxdi.exe
  C:\Windows\System\KTUNxdi.exe
  2⤵
  PID:5948
- C:\Windows\System\RUmIHYD.exe
  C:\Windows\System\RUmIHYD.exe
  2⤵
  PID:6000
- C:\Windows\System\nchBWEH.exe
  C:\Windows\System\nchBWEH.exe
  2⤵
  PID:6068
- C:\Windows\System\PZBOLeB.exe
  C:\Windows\System\PZBOLeB.exe
  2⤵
  PID:4960
- C:\Windows\System\BoLErzc.exe
  C:\Windows\System\BoLErzc.exe
  2⤵
  PID:1708
- C:\Windows\System\QkIkdhq.exe
  C:\Windows\System\QkIkdhq.exe
  2⤵
  PID:4560
- C:\Windows\System\xlwsLvJ.exe
  C:\Windows\System\xlwsLvJ.exe
  2⤵
  PID:5368
- C:\Windows\System\hyynwee.exe
  C:\Windows\System\hyynwee.exe
  2⤵
  PID:4704
- C:\Windows\System\KLkLrep.exe
  C:\Windows\System\KLkLrep.exe
  2⤵
  PID:1804
- C:\Windows\System\xVyBvbm.exe
  C:\Windows\System\xVyBvbm.exe
  2⤵
  PID:5452
- C:\Windows\System\nkUXqtw.exe
  C:\Windows\System\nkUXqtw.exe
  2⤵
  PID:3152
- C:\Windows\System\wgIdaef.exe
  C:\Windows\System\wgIdaef.exe
  2⤵
  PID:3444
- C:\Windows\System\VuMIlnT.exe
  C:\Windows\System\VuMIlnT.exe
  2⤵
  PID:5824
- C:\Windows\System\sBMigmA.exe
  C:\Windows\System\sBMigmA.exe
  2⤵
  PID:5728
- C:\Windows\System\XscAXhT.exe
  C:\Windows\System\XscAXhT.exe
  2⤵
  PID:6024
- C:\Windows\System\HYpEyER.exe
  C:\Windows\System\HYpEyER.exe
  2⤵
  PID:5988
- C:\Windows\System\yoRpFGh.exe
  C:\Windows\System\yoRpFGh.exe
  2⤵
  PID:6128
- C:\Windows\System\UeSZZJn.exe
  C:\Windows\System\UeSZZJn.exe
  2⤵
  PID:4760
- C:\Windows\System\iJkbxvB.exe
  C:\Windows\System\iJkbxvB.exe
  2⤵
  PID:5424
- C:\Windows\System\AbgafLU.exe
  C:\Windows\System\AbgafLU.exe
  2⤵
  PID:5752
- C:\Windows\System\ZpcqaoQ.exe
  C:\Windows\System\ZpcqaoQ.exe
  2⤵
  PID:5620
- C:\Windows\System\XXIYJLO.exe
  C:\Windows\System\XXIYJLO.exe
  2⤵
  PID:5748
- C:\Windows\System\ATzYCWS.exe
  C:\Windows\System\ATzYCWS.exe
  2⤵
  PID:1208
- C:\Windows\System\fOHvuXE.exe
  C:\Windows\System\fOHvuXE.exe
  2⤵
  PID:4040
- C:\Windows\System\KpNIQaB.exe
  C:\Windows\System\KpNIQaB.exe
  2⤵
  PID:3992
- C:\Windows\System\RLdcEsD.exe
  C:\Windows\System\RLdcEsD.exe
  2⤵
  PID:5936
- C:\Windows\System\boqwrrl.exe
  C:\Windows\System\boqwrrl.exe
  2⤵
  PID:4800
- C:\Windows\System\ZcjrMJx.exe
  C:\Windows\System\ZcjrMJx.exe
  2⤵
  PID:4988
- C:\Windows\System\WahqRHq.exe
  C:\Windows\System\WahqRHq.exe
  2⤵
  PID:6168
- C:\Windows\System\qqseKHx.exe
  C:\Windows\System\qqseKHx.exe
  2⤵
  PID:6192
- C:\Windows\System\lJgVJLr.exe
  C:\Windows\System\lJgVJLr.exe
  2⤵
  PID:6220
- C:\Windows\System\qlaQcAP.exe
  C:\Windows\System\qlaQcAP.exe
  2⤵
  PID:6248
- C:\Windows\System\ETzbDEE.exe
  C:\Windows\System\ETzbDEE.exe
  2⤵
  PID:6292
- C:\Windows\System\jppIscm.exe
  C:\Windows\System\jppIscm.exe
  2⤵
  PID:6320
- C:\Windows\System\QZRWSZC.exe
  C:\Windows\System\QZRWSZC.exe
  2⤵
  PID:6348
- C:\Windows\System\swfxVIL.exe
  C:\Windows\System\swfxVIL.exe
  2⤵
  PID:6376
- C:\Windows\System\zXFUDiD.exe
  C:\Windows\System\zXFUDiD.exe
  2⤵
  PID:6404
- C:\Windows\System\MAuAlwD.exe
  C:\Windows\System\MAuAlwD.exe
  2⤵
  PID:6432
- C:\Windows\System\QAfGFxb.exe
  C:\Windows\System\QAfGFxb.exe
  2⤵
  PID:6460
- C:\Windows\System\XgIpwjc.exe
  C:\Windows\System\XgIpwjc.exe
  2⤵
  PID:6488
- C:\Windows\System\BemUMBZ.exe
  C:\Windows\System\BemUMBZ.exe
  2⤵
  PID:6516
- C:\Windows\System\WKajLob.exe
  C:\Windows\System\WKajLob.exe
  2⤵
  PID:6536
- C:\Windows\System\qsJQEcy.exe
  C:\Windows\System\qsJQEcy.exe
  2⤵
  PID:6560
- C:\Windows\System\PsSQGar.exe
  C:\Windows\System\PsSQGar.exe
  2⤵
  PID:6584
- C:\Windows\System\jEIxOwL.exe
  C:\Windows\System\jEIxOwL.exe
  2⤵
  PID:6608
- C:\Windows\System\zVhKQlX.exe
  C:\Windows\System\zVhKQlX.exe
  2⤵
  PID:6632
- C:\Windows\System\pgRgriX.exe
  C:\Windows\System\pgRgriX.exe
  2⤵
  PID:6656
- C:\Windows\System\fpRgWPW.exe
  C:\Windows\System\fpRgWPW.exe
  2⤵
  PID:6676
- C:\Windows\System\amjjAsm.exe
  C:\Windows\System\amjjAsm.exe
  2⤵
  PID:6696
- C:\Windows\System\DNdsyJO.exe
  C:\Windows\System\DNdsyJO.exe
  2⤵
  PID:6720
- C:\Windows\System\pQjAZjb.exe
  C:\Windows\System\pQjAZjb.exe
  2⤵
  PID:6748
- C:\Windows\System\PxNgBxR.exe
  C:\Windows\System\PxNgBxR.exe
  2⤵
  PID:6780
- C:\Windows\System\hfqHeYr.exe
  C:\Windows\System\hfqHeYr.exe
  2⤵
  PID:6820
- C:\Windows\System\pRfkvpB.exe
  C:\Windows\System\pRfkvpB.exe
  2⤵
  PID:6852
- C:\Windows\System\alDdJZu.exe
  C:\Windows\System\alDdJZu.exe
  2⤵
  PID:6888
- C:\Windows\System\UAHKgid.exe
  C:\Windows\System\UAHKgid.exe
  2⤵
  PID:6924
- C:\Windows\System\TPFTQpi.exe
  C:\Windows\System\TPFTQpi.exe
  2⤵
  PID:6964
- C:\Windows\System\XrdBPsL.exe
  C:\Windows\System\XrdBPsL.exe
  2⤵
  PID:6992
- C:\Windows\System\emtCdax.exe
  C:\Windows\System\emtCdax.exe
  2⤵
  PID:7020
- C:\Windows\System\GTtXBRR.exe
  C:\Windows\System\GTtXBRR.exe
  2⤵
  PID:7036
- C:\Windows\System\iIWyMMX.exe
  C:\Windows\System\iIWyMMX.exe
  2⤵
  PID:7076
- C:\Windows\System\GSXFBVC.exe
  C:\Windows\System\GSXFBVC.exe
  2⤵
  PID:7104
- C:\Windows\System\jvDusHe.exe
  C:\Windows\System\jvDusHe.exe
  2⤵
  PID:7132
- C:\Windows\System\lEfyCiO.exe
  C:\Windows\System\lEfyCiO.exe
  2⤵
  PID:7148
- C:\Windows\System\JVaQJEH.exe
  C:\Windows\System\JVaQJEH.exe
  2⤵
  PID:3980
- C:\Windows\System\ZsFvXqn.exe
  C:\Windows\System\ZsFvXqn.exe
  2⤵
  PID:6204
- C:\Windows\System\infvDYY.exe
  C:\Windows\System\infvDYY.exe
  2⤵
  PID:6260
- C:\Windows\System\gokvqWN.exe
  C:\Windows\System\gokvqWN.exe
  2⤵
  PID:6312
- C:\Windows\System\TojYJKh.exe
  C:\Windows\System\TojYJKh.exe
  2⤵
  PID:6368
- C:\Windows\System\bdLZjnY.exe
  C:\Windows\System\bdLZjnY.exe
  2⤵
  PID:6424
- C:\Windows\System\pTtEyCh.exe
  C:\Windows\System\pTtEyCh.exe
  2⤵
  PID:6500
- C:\Windows\System\ISBMPPr.exe
  C:\Windows\System\ISBMPPr.exe
  2⤵
  PID:6576
- C:\Windows\System\PaUjTMo.exe
  C:\Windows\System\PaUjTMo.exe
  2⤵
  PID:6600
- C:\Windows\System\OjyoCdT.exe
  C:\Windows\System\OjyoCdT.exe
  2⤵
  PID:6688
- C:\Windows\System\XViPeIx.exe
  C:\Windows\System\XViPeIx.exe
  2⤵
  PID:6844
- C:\Windows\System\fpnMcRq.exe
  C:\Windows\System\fpnMcRq.exe
  2⤵
  PID:6920
- C:\Windows\System\AABsldm.exe
  C:\Windows\System\AABsldm.exe
  2⤵
  PID:7016
- C:\Windows\System\mvrVvqL.exe
  C:\Windows\System\mvrVvqL.exe
  2⤵
  PID:7028
- C:\Windows\System\cxDIAvJ.exe
  C:\Windows\System\cxDIAvJ.exe
  2⤵
  PID:7116
- C:\Windows\System\kuzIswG.exe
  C:\Windows\System\kuzIswG.exe
  2⤵
  PID:4824
- C:\Windows\System\jADeEdO.exe
  C:\Windows\System\jADeEdO.exe
  2⤵
  PID:6216
- C:\Windows\System\SBUHfJp.exe
  C:\Windows\System\SBUHfJp.exe
  2⤵
  PID:6400
- C:\Windows\System\faqjpoG.exe
  C:\Windows\System\faqjpoG.exe
  2⤵
  PID:6524
- C:\Windows\System\vLeAYpf.exe
  C:\Windows\System\vLeAYpf.exe
  2⤵
  PID:6812
- C:\Windows\System\ozypZvo.exe
  C:\Windows\System\ozypZvo.exe
  2⤵
  PID:6804
- C:\Windows\System\uDrwzyV.exe
  C:\Windows\System\uDrwzyV.exe
  2⤵
  PID:7048
- C:\Windows\System\AylsBEc.exe
  C:\Windows\System\AylsBEc.exe
  2⤵
  PID:6416
- C:\Windows\System\zxtaeuV.exe
  C:\Windows\System\zxtaeuV.exe
  2⤵
  PID:6616
- C:\Windows\System\sgfZWze.exe
  C:\Windows\System\sgfZWze.exe
  2⤵
  PID:7164
- C:\Windows\System\MtykiUw.exe
  C:\Windows\System\MtykiUw.exe
  2⤵
  PID:7144
- C:\Windows\System\RIBnvXS.exe
  C:\Windows\System\RIBnvXS.exe
  2⤵
  PID:7200
- C:\Windows\System\jRbuqyq.exe
  C:\Windows\System\jRbuqyq.exe
  2⤵
  PID:7220
- C:\Windows\System\divrWcG.exe
  C:\Windows\System\divrWcG.exe
  2⤵
  PID:7248
- C:\Windows\System\wfNpGZq.exe
  C:\Windows\System\wfNpGZq.exe
  2⤵
  PID:7272
- C:\Windows\System\mgsDsyD.exe
  C:\Windows\System\mgsDsyD.exe
  2⤵
  PID:7300
- C:\Windows\System\bhZCgBq.exe
  C:\Windows\System\bhZCgBq.exe
  2⤵
  PID:7336
- C:\Windows\System\qKqADMr.exe
  C:\Windows\System\qKqADMr.exe
  2⤵
  PID:7356
- C:\Windows\System\VNgcPMG.exe
  C:\Windows\System\VNgcPMG.exe
  2⤵
  PID:7392
- C:\Windows\System\pqdGKrY.exe
  C:\Windows\System\pqdGKrY.exe
  2⤵
  PID:7412
- C:\Windows\System\qKpadUq.exe
  C:\Windows\System\qKpadUq.exe
  2⤵
  PID:7432
- C:\Windows\System\dpbHRcb.exe
  C:\Windows\System\dpbHRcb.exe
  2⤵
  PID:7464
- C:\Windows\System\QIbxQap.exe
  C:\Windows\System\QIbxQap.exe
  2⤵
  PID:7496
- C:\Windows\System\ZfEquBQ.exe
  C:\Windows\System\ZfEquBQ.exe
  2⤵
  PID:7524
- C:\Windows\System\PIvyBGj.exe
  C:\Windows\System\PIvyBGj.exe
  2⤵
  PID:7548
- C:\Windows\System\boFkGqH.exe
  C:\Windows\System\boFkGqH.exe
  2⤵
  PID:7576
- C:\Windows\System\nfRBnlW.exe
  C:\Windows\System\nfRBnlW.exe
  2⤵
  PID:7608
- C:\Windows\System\yoKISfv.exe
  C:\Windows\System\yoKISfv.exe
  2⤵
  PID:7644
- C:\Windows\System\sqaFYiI.exe
  C:\Windows\System\sqaFYiI.exe
  2⤵
  PID:7672
- C:\Windows\System\PbpqJHL.exe
  C:\Windows\System\PbpqJHL.exe
  2⤵
  PID:7708
- C:\Windows\System\HgKGSvI.exe
  C:\Windows\System\HgKGSvI.exe
  2⤵
  PID:7728
- C:\Windows\System\yLJSFEc.exe
  C:\Windows\System\yLJSFEc.exe
  2⤵
  PID:7768
- C:\Windows\System\nRYfVfJ.exe
  C:\Windows\System\nRYfVfJ.exe
  2⤵
  PID:7784
- C:\Windows\System\GzSZiRV.exe
  C:\Windows\System\GzSZiRV.exe
  2⤵
  PID:7804
- C:\Windows\System\rYzrciN.exe
  C:\Windows\System\rYzrciN.exe
  2⤵
  PID:7840
- C:\Windows\System\wmKyEhy.exe
  C:\Windows\System\wmKyEhy.exe
  2⤵
  PID:7856
- C:\Windows\System\mMiFTUn.exe
  C:\Windows\System\mMiFTUn.exe
  2⤵
  PID:7888
- C:\Windows\System\DwWINmO.exe
  C:\Windows\System\DwWINmO.exe
  2⤵
  PID:7924
- C:\Windows\System\QMpUnUX.exe
  C:\Windows\System\QMpUnUX.exe
  2⤵
  PID:7952
- C:\Windows\System\HBlyKgs.exe
  C:\Windows\System\HBlyKgs.exe
  2⤵
  PID:7992
- C:\Windows\System\aPkaWqH.exe
  C:\Windows\System\aPkaWqH.exe
  2⤵
  PID:8020
- C:\Windows\System\yCGjkGE.exe
  C:\Windows\System\yCGjkGE.exe
  2⤵
  PID:8048
- C:\Windows\System\FvTMugL.exe
  C:\Windows\System\FvTMugL.exe
  2⤵
  PID:8076
- C:\Windows\System\dlSISOq.exe
  C:\Windows\System\dlSISOq.exe
  2⤵
  PID:8104
- C:\Windows\System\nZObzkA.exe
  C:\Windows\System\nZObzkA.exe
  2⤵
  PID:8120
- C:\Windows\System\ywAArLw.exe
  C:\Windows\System\ywAArLw.exe
  2⤵
  PID:8156
- C:\Windows\System\vtBBEFQ.exe
  C:\Windows\System\vtBBEFQ.exe
  2⤵
  PID:8176
- C:\Windows\System\MkBHjaB.exe
  C:\Windows\System\MkBHjaB.exe
  2⤵
  PID:7184
- C:\Windows\System\iCYTOfY.exe
  C:\Windows\System\iCYTOfY.exe
  2⤵
  PID:7240
- C:\Windows\System\VJDSoio.exe
  C:\Windows\System\VJDSoio.exe
  2⤵
  PID:7284
- C:\Windows\System\EwUHdes.exe
  C:\Windows\System\EwUHdes.exe
  2⤵
  PID:7348
- C:\Windows\System\xxQxDdw.exe
  C:\Windows\System\xxQxDdw.exe
  2⤵
  PID:7420
- C:\Windows\System\muSTIiM.exe
  C:\Windows\System\muSTIiM.exe
  2⤵
  PID:7476
- C:\Windows\System\Ehetvng.exe
  C:\Windows\System\Ehetvng.exe
  2⤵
  PID:7536
- C:\Windows\System\gpHuQNm.exe
  C:\Windows\System\gpHuQNm.exe
  2⤵
  PID:7632
- C:\Windows\System\IKGFiLH.exe
  C:\Windows\System\IKGFiLH.exe
  2⤵
  PID:7700
- C:\Windows\System\FyIhaPz.exe
  C:\Windows\System\FyIhaPz.exe
  2⤵
  PID:7748
- C:\Windows\System\JARazpa.exe
  C:\Windows\System\JARazpa.exe
  2⤵
  PID:7796
- C:\Windows\System\FJGRGZV.exe
  C:\Windows\System\FJGRGZV.exe
  2⤵
  PID:7912
- C:\Windows\System\LAqThfR.exe
  C:\Windows\System\LAqThfR.exe
  2⤵
  PID:7944
- C:\Windows\System\WQgWFnR.exe
  C:\Windows\System\WQgWFnR.exe
  2⤵
  PID:7976
- C:\Windows\System\uTSReme.exe
  C:\Windows\System\uTSReme.exe
  2⤵
  PID:8088
- C:\Windows\System\YUkesKW.exe
  C:\Windows\System\YUkesKW.exe
  2⤵
  PID:8164
- C:\Windows\System\DqhljUs.exe
  C:\Windows\System\DqhljUs.exe
  2⤵
  PID:7088
- C:\Windows\System\MTIxojc.exe
  C:\Windows\System\MTIxojc.exe
  2⤵
  PID:7344
- C:\Windows\System\ZqLaqkK.exe
  C:\Windows\System\ZqLaqkK.exe
  2⤵
  PID:7448
- C:\Windows\System\iUSbTnm.exe
  C:\Windows\System\iUSbTnm.exe
  2⤵
  PID:7660
- C:\Windows\System\JZuTfMP.exe
  C:\Windows\System\JZuTfMP.exe
  2⤵
  PID:6684
- C:\Windows\System\ixmWfMR.exe
  C:\Windows\System\ixmWfMR.exe
  2⤵
  PID:7880
- C:\Windows\System\iOXUsER.exe
  C:\Windows\System\iOXUsER.exe
  2⤵
  PID:8040
- C:\Windows\System\Ohfbjwn.exe
  C:\Windows\System\Ohfbjwn.exe
  2⤵
  PID:7264
- C:\Windows\System\HqbWYlz.exe
  C:\Windows\System\HqbWYlz.exe
  2⤵
  PID:7624
- C:\Windows\System\ycaHITb.exe
  C:\Windows\System\ycaHITb.exe
  2⤵
  PID:7720
- C:\Windows\System\rSLxDDr.exe
  C:\Windows\System\rSLxDDr.exe
  2⤵
  PID:7560
- C:\Windows\System\ebBNePv.exe
  C:\Windows\System\ebBNePv.exe
  2⤵
  PID:8216
- C:\Windows\System\RlJOmHE.exe
  C:\Windows\System\RlJOmHE.exe
  2⤵
  PID:8244
- C:\Windows\System\DAGXgyr.exe
  C:\Windows\System\DAGXgyr.exe
  2⤵
  PID:8264
- C:\Windows\System\CqFWzAQ.exe
  C:\Windows\System\CqFWzAQ.exe
  2⤵
  PID:8300
- C:\Windows\System\DYvScLy.exe
  C:\Windows\System\DYvScLy.exe
  2⤵
  PID:8332
- C:\Windows\System\OvsuwTe.exe
  C:\Windows\System\OvsuwTe.exe
  2⤵
  PID:8360
- C:\Windows\System\IUMJMwX.exe
  C:\Windows\System\IUMJMwX.exe
  2⤵
  PID:8384
- C:\Windows\System\UDEkRhS.exe
  C:\Windows\System\UDEkRhS.exe
  2⤵
  PID:8420
- C:\Windows\System\pNatTRQ.exe
  C:\Windows\System\pNatTRQ.exe
  2⤵
  PID:8452
- C:\Windows\System\rNyuxBr.exe
  C:\Windows\System\rNyuxBr.exe
  2⤵
  PID:8476
- C:\Windows\System\FDuCoAB.exe
  C:\Windows\System\FDuCoAB.exe
  2⤵
  PID:8496
- C:\Windows\System\VQECAUh.exe
  C:\Windows\System\VQECAUh.exe
  2⤵
  PID:8524
- C:\Windows\System\ZTChHYi.exe
  C:\Windows\System\ZTChHYi.exe
  2⤵
  PID:8560
- C:\Windows\System\tKZbMTr.exe
  C:\Windows\System\tKZbMTr.exe
  2⤵
  PID:8580
- C:\Windows\System\uUBEuzX.exe
  C:\Windows\System\uUBEuzX.exe
  2⤵
  PID:8608
- C:\Windows\System\uJdvTXB.exe
  C:\Windows\System\uJdvTXB.exe
  2⤵
  PID:8636
- C:\Windows\System\drStcMs.exe
  C:\Windows\System\drStcMs.exe
  2⤵
  PID:8656
- C:\Windows\System\CqJnquD.exe
  C:\Windows\System\CqJnquD.exe
  2⤵
  PID:8684
- C:\Windows\System\JaAMoXF.exe
  C:\Windows\System\JaAMoXF.exe
  2⤵
  PID:8720
- C:\Windows\System\KatQYpE.exe
  C:\Windows\System\KatQYpE.exe
  2⤵
  PID:8748
- C:\Windows\System\wKjhTdQ.exe
  C:\Windows\System\wKjhTdQ.exe
  2⤵
  PID:8784
- C:\Windows\System\QWRmorC.exe
  C:\Windows\System\QWRmorC.exe
  2⤵
  PID:8816
- C:\Windows\System\qlrTMBi.exe
  C:\Windows\System\qlrTMBi.exe
  2⤵
  PID:8832
- C:\Windows\System\OpGHLyb.exe
  C:\Windows\System\OpGHLyb.exe
  2⤵
  PID:8848
- C:\Windows\System\ofZndNS.exe
  C:\Windows\System\ofZndNS.exe
  2⤵
  PID:8888
- C:\Windows\System\kaXvaEJ.exe
  C:\Windows\System\kaXvaEJ.exe
  2⤵
  PID:8920
- C:\Windows\System\elwuvbU.exe
  C:\Windows\System\elwuvbU.exe
  2⤵
  PID:8956
- C:\Windows\System\UtlCASa.exe
  C:\Windows\System\UtlCASa.exe
  2⤵
  PID:8972
- C:\Windows\System\QmsLJvZ.exe
  C:\Windows\System\QmsLJvZ.exe
  2⤵
  PID:9000
- C:\Windows\System\bVbtkyt.exe
  C:\Windows\System\bVbtkyt.exe
  2⤵
  PID:9016
- C:\Windows\System\XuODupq.exe
  C:\Windows\System\XuODupq.exe
  2⤵
  PID:9048
- C:\Windows\System\prdDHaY.exe
  C:\Windows\System\prdDHaY.exe
  2⤵
  PID:9068
- C:\Windows\System\TApfFCo.exe
  C:\Windows\System\TApfFCo.exe
  2⤵
  PID:9100
- C:\Windows\System\MKSyyyj.exe
  C:\Windows\System\MKSyyyj.exe
  2⤵
  PID:9132
- C:\Windows\System\tJNyMSi.exe
  C:\Windows\System\tJNyMSi.exe
  2⤵
  PID:9168
- C:\Windows\System\ooioicv.exe
  C:\Windows\System\ooioicv.exe
  2⤵
  PID:9200
- C:\Windows\System\oeAcyFT.exe
  C:\Windows\System\oeAcyFT.exe
  2⤵
  PID:8196
- C:\Windows\System\HCPNnaq.exe
  C:\Windows\System\HCPNnaq.exe
  2⤵
  PID:8212
- C:\Windows\System\tANNeJL.exe
  C:\Windows\System\tANNeJL.exe
  2⤵
  PID:8284
- C:\Windows\System\xcZwqFg.exe
  C:\Windows\System\xcZwqFg.exe
  2⤵
  PID:8348
- C:\Windows\System\KUOdHxe.exe
  C:\Windows\System\KUOdHxe.exe
  2⤵
  PID:8408
- C:\Windows\System\htmKVht.exe
  C:\Windows\System\htmKVht.exe
  2⤵
  PID:8468
- C:\Windows\System\NGRjwCW.exe
  C:\Windows\System\NGRjwCW.exe
  2⤵
  PID:8548
- C:\Windows\System\bmhLWuR.exe
  C:\Windows\System\bmhLWuR.exe
  2⤵
  PID:8592
- C:\Windows\System\JGsCkbb.exe
  C:\Windows\System\JGsCkbb.exe
  2⤵
  PID:8692
- C:\Windows\System\xFHzWir.exe
  C:\Windows\System\xFHzWir.exe
  2⤵
  PID:8740
- C:\Windows\System\SOufZFX.exe
  C:\Windows\System\SOufZFX.exe
  2⤵
  PID:8776
- C:\Windows\System\sDIZhCT.exe
  C:\Windows\System\sDIZhCT.exe
  2⤵
  PID:8844
- C:\Windows\System\fXRDHrR.exe
  C:\Windows\System\fXRDHrR.exe
  2⤵
  PID:8948
- C:\Windows\System\gCcFmql.exe
  C:\Windows\System\gCcFmql.exe
  2⤵
  PID:8996
- C:\Windows\System\uVaDAeL.exe
  C:\Windows\System\uVaDAeL.exe
  2⤵
  PID:9088
- C:\Windows\System\iGWMwQI.exe
  C:\Windows\System\iGWMwQI.exe
  2⤵
  PID:9116
- C:\Windows\System\PmTfIyU.exe
  C:\Windows\System\PmTfIyU.exe
  2⤵
  PID:9156
- C:\Windows\System\dHXTOTm.exe
  C:\Windows\System\dHXTOTm.exe
  2⤵
  PID:8252
- C:\Windows\System\iVdXzkw.exe
  C:\Windows\System\iVdXzkw.exe
  2⤵
  PID:8376
- C:\Windows\System\wKAxezb.exe
  C:\Windows\System\wKAxezb.exe
  2⤵
  PID:8540
- C:\Windows\System\VLjYbTM.exe
  C:\Windows\System\VLjYbTM.exe
  2⤵
  PID:8624
- C:\Windows\System\LKYiEoX.exe
  C:\Windows\System\LKYiEoX.exe
  2⤵
  PID:8840
- C:\Windows\System\OJMqBPq.exe
  C:\Windows\System\OJMqBPq.exe
  2⤵
  PID:9032
- C:\Windows\System\ixgJQso.exe
  C:\Windows\System\ixgJQso.exe
  2⤵
  PID:9196
- C:\Windows\System\WRBKXzh.exe
  C:\Windows\System\WRBKXzh.exe
  2⤵
  PID:9180
- C:\Windows\System\oactFwF.exe
  C:\Windows\System\oactFwF.exe
  2⤵
  PID:8600
- C:\Windows\System\gXbpxfw.exe
  C:\Windows\System\gXbpxfw.exe
  2⤵
  PID:9124
- C:\Windows\System\vSwInjn.exe
  C:\Windows\System\vSwInjn.exe
  2⤵
  PID:8464
- C:\Windows\System\DVtHugz.exe
  C:\Windows\System\DVtHugz.exe
  2⤵
  PID:9224
- C:\Windows\System\QxrvXAl.exe
  C:\Windows\System\QxrvXAl.exe
  2⤵
  PID:9252
- C:\Windows\System\aRGkgPn.exe
  C:\Windows\System\aRGkgPn.exe
  2⤵
  PID:9268
- C:\Windows\System\WyqWRar.exe
  C:\Windows\System\WyqWRar.exe
  2⤵
  PID:9300
- C:\Windows\System\iObXFtG.exe
  C:\Windows\System\iObXFtG.exe
  2⤵
  PID:9328
- C:\Windows\System\xzgXUKh.exe
  C:\Windows\System\xzgXUKh.exe
  2⤵
  PID:9356
- C:\Windows\System\egPylGJ.exe
  C:\Windows\System\egPylGJ.exe
  2⤵
  PID:9380
- C:\Windows\System\ePjGGXU.exe
  C:\Windows\System\ePjGGXU.exe
  2⤵
  PID:9412
- C:\Windows\System\AlQDHxv.exe
  C:\Windows\System\AlQDHxv.exe
  2⤵
  PID:9436
- C:\Windows\System\tKlUPoR.exe
  C:\Windows\System\tKlUPoR.exe
  2⤵
  PID:9468
- C:\Windows\System\cKAFCII.exe
  C:\Windows\System\cKAFCII.exe
  2⤵
  PID:9504
- C:\Windows\System\gPVjbOk.exe
  C:\Windows\System\gPVjbOk.exe
  2⤵
  PID:9520
- C:\Windows\System\KfSgfiX.exe
  C:\Windows\System\KfSgfiX.exe
  2⤵
  PID:9560
- C:\Windows\System\oRdWPLo.exe
  C:\Windows\System\oRdWPLo.exe
  2⤵
  PID:9588
- C:\Windows\System\AUjTYqU.exe
  C:\Windows\System\AUjTYqU.exe
  2⤵
  PID:9616
- C:\Windows\System\MLXteBG.exe
  C:\Windows\System\MLXteBG.exe
  2⤵
  PID:9636
- C:\Windows\System\vTolRBr.exe
  C:\Windows\System\vTolRBr.exe
  2⤵
  PID:9664
- C:\Windows\System\HDmhFqv.exe
  C:\Windows\System\HDmhFqv.exe
  2⤵
  PID:9700
- C:\Windows\System\LxPPmUR.exe
  C:\Windows\System\LxPPmUR.exe
  2⤵
  PID:9728
- C:\Windows\System\vhxfAIz.exe
  C:\Windows\System\vhxfAIz.exe
  2⤵
  PID:9744
- C:\Windows\System\yNHQCQM.exe
  C:\Windows\System\yNHQCQM.exe
  2⤵
  PID:9776
- C:\Windows\System\uVRmfxD.exe
  C:\Windows\System\uVRmfxD.exe
  2⤵
  PID:9796
- C:\Windows\System\UNCfRJR.exe
  C:\Windows\System\UNCfRJR.exe
  2⤵
  PID:9828
- C:\Windows\System\vDBsXXB.exe
  C:\Windows\System\vDBsXXB.exe
  2⤵
  PID:9860
- C:\Windows\System\hmKlkDJ.exe
  C:\Windows\System\hmKlkDJ.exe
  2⤵
  PID:9884
- C:\Windows\System\pFFEayP.exe
  C:\Windows\System\pFFEayP.exe
  2⤵
  PID:9908
- C:\Windows\System\KtQOXuC.exe
  C:\Windows\System\KtQOXuC.exe
  2⤵
  PID:9928
- C:\Windows\System\IicpJJY.exe
  C:\Windows\System\IicpJJY.exe
  2⤵
  PID:9964
- C:\Windows\System\ghBpdyb.exe
  C:\Windows\System\ghBpdyb.exe
  2⤵
  PID:10000
- C:\Windows\System\RtgkKej.exe
  C:\Windows\System\RtgkKej.exe
  2⤵
  PID:10036
- C:\Windows\System\KxuxClX.exe
  C:\Windows\System\KxuxClX.exe
  2⤵
  PID:10064
- C:\Windows\System\huhacuZ.exe
  C:\Windows\System\huhacuZ.exe
  2⤵
  PID:10092
- C:\Windows\System\nciAqBU.exe
  C:\Windows\System\nciAqBU.exe
  2⤵
  PID:10108
- C:\Windows\System\tZXHsXU.exe
  C:\Windows\System\tZXHsXU.exe
  2⤵
  PID:10128
- C:\Windows\System\zzKNfNs.exe
  C:\Windows\System\zzKNfNs.exe
  2⤵
  PID:10144
- C:\Windows\System\OUXQCrX.exe
  C:\Windows\System\OUXQCrX.exe
  2⤵
  PID:10160
- C:\Windows\System\FKdaGRl.exe
  C:\Windows\System\FKdaGRl.exe
  2⤵
  PID:10200
- C:\Windows\System\tHcgjsk.exe
  C:\Windows\System\tHcgjsk.exe
  2⤵
  PID:10232
- C:\Windows\System\fKekwCA.exe
  C:\Windows\System\fKekwCA.exe
  2⤵
  PID:9244
- C:\Windows\System\iEtUiVI.exe
  C:\Windows\System\iEtUiVI.exe
  2⤵
  PID:9284
- C:\Windows\System\OAQXZKz.exe
  C:\Windows\System\OAQXZKz.exe
  2⤵
  PID:9392
- C:\Windows\System\KLKjuiE.exe
  C:\Windows\System\KLKjuiE.exe
  2⤵
  PID:9456
- C:\Windows\System\lAeVfaR.exe
  C:\Windows\System\lAeVfaR.exe
  2⤵
  PID:9512
- C:\Windows\System\yHsvqjL.exe
  C:\Windows\System\yHsvqjL.exe
  2⤵
  PID:9572
- C:\Windows\System\qeHMCUb.exe
  C:\Windows\System\qeHMCUb.exe
  2⤵
  PID:9612
- C:\Windows\System\WkrReLh.exe
  C:\Windows\System\WkrReLh.exe
  2⤵
  PID:9688
- C:\Windows\System\sOXbBNm.exe
  C:\Windows\System\sOXbBNm.exe
  2⤵
  PID:9756
- C:\Windows\System\DllCKrl.exe
  C:\Windows\System\DllCKrl.exe
  2⤵
  PID:9812
- C:\Windows\System\QKtGRYL.exe
  C:\Windows\System\QKtGRYL.exe
  2⤵
  PID:9900
- C:\Windows\System\FxbXGpV.exe
  C:\Windows\System\FxbXGpV.exe
  2⤵
  PID:9948
- C:\Windows\System\CdKHStN.exe
  C:\Windows\System\CdKHStN.exe
  2⤵
  PID:10048
- C:\Windows\System\JOiEOxA.exe
  C:\Windows\System\JOiEOxA.exe
  2⤵
  PID:10104
- C:\Windows\System\nvvzjOy.exe
  C:\Windows\System\nvvzjOy.exe
  2⤵
  PID:10140
- C:\Windows\System\ScMjpnZ.exe
  C:\Windows\System\ScMjpnZ.exe
  2⤵
  PID:10212
- C:\Windows\System\PfRnsTJ.exe
  C:\Windows\System\PfRnsTJ.exe
  2⤵
  PID:9220
- C:\Windows\System\zYgjpSH.exe
  C:\Windows\System\zYgjpSH.exe
  2⤵
  PID:9368
- C:\Windows\System\vmUmEtP.exe
  C:\Windows\System\vmUmEtP.exe
  2⤵
  PID:9644
- C:\Windows\System\BeLgwFj.exe
  C:\Windows\System\BeLgwFj.exe
  2⤵
  PID:9788
- C:\Windows\System\LwLBNWr.exe
  C:\Windows\System\LwLBNWr.exe
  2⤵
  PID:10008
- C:\Windows\System\RIBmZKt.exe
  C:\Windows\System\RIBmZKt.exe
  2⤵
  PID:10028
- C:\Windows\System\rEtPcuv.exe
  C:\Windows\System\rEtPcuv.exe
  2⤵
  PID:10184
- C:\Windows\System\kGVCdFj.exe
  C:\Windows\System\kGVCdFj.exe
  2⤵
  PID:9492
- C:\Windows\System\kmYHEAh.exe
  C:\Windows\System\kmYHEAh.exe
  2⤵
  PID:10088
- C:\Windows\System\QxrnpMY.exe
  C:\Windows\System\QxrnpMY.exe
  2⤵
  PID:9952
- C:\Windows\System\GUkaumx.exe
  C:\Windows\System\GUkaumx.exe
  2⤵
  PID:10244
- C:\Windows\System\pHrwPwV.exe
  C:\Windows\System\pHrwPwV.exe
  2⤵
  PID:10272
- C:\Windows\System\DYXoCcb.exe
  C:\Windows\System\DYXoCcb.exe
  2⤵
  PID:10292
- C:\Windows\System\YiHPvmQ.exe
  C:\Windows\System\YiHPvmQ.exe
  2⤵
  PID:10328
- C:\Windows\System\iuluMgi.exe
  C:\Windows\System\iuluMgi.exe
  2⤵
  PID:10364
- C:\Windows\System\DWTYoEb.exe
  C:\Windows\System\DWTYoEb.exe
  2⤵
  PID:10388
- C:\Windows\System\wkNzDNF.exe
  C:\Windows\System\wkNzDNF.exe
  2⤵
  PID:10412
- C:\Windows\System\RFXsFIG.exe
  C:\Windows\System\RFXsFIG.exe
  2⤵
  PID:10436
- C:\Windows\System\pFCOwrs.exe
  C:\Windows\System\pFCOwrs.exe
  2⤵
  PID:10464
- C:\Windows\System\INxSTGD.exe
  C:\Windows\System\INxSTGD.exe
  2⤵
  PID:10488
- C:\Windows\System\EPXDOEq.exe
  C:\Windows\System\EPXDOEq.exe
  2⤵
  PID:10528
- C:\Windows\System\pKCtGeR.exe
  C:\Windows\System\pKCtGeR.exe
  2⤵
  PID:10560
- C:\Windows\System\kWwqDMM.exe
  C:\Windows\System\kWwqDMM.exe
  2⤵
  PID:10588
- C:\Windows\System\mAllSeO.exe
  C:\Windows\System\mAllSeO.exe
  2⤵
  PID:10616
- C:\Windows\System\cAEPSXs.exe
  C:\Windows\System\cAEPSXs.exe
  2⤵
  PID:10640
- C:\Windows\System\kgGGQGT.exe
  C:\Windows\System\kgGGQGT.exe
  2⤵
  PID:10668
- C:\Windows\System\rstbHwH.exe
  C:\Windows\System\rstbHwH.exe
  2⤵
  PID:10704
- C:\Windows\System\FxwHSpe.exe
  C:\Windows\System\FxwHSpe.exe
  2⤵
  PID:10724
- C:\Windows\System\atQFrxB.exe
  C:\Windows\System\atQFrxB.exe
  2⤵
  PID:10752
- C:\Windows\System\DolfRiz.exe
  C:\Windows\System\DolfRiz.exe
  2⤵
  PID:10780
- C:\Windows\System\kjURkiY.exe
  C:\Windows\System\kjURkiY.exe
  2⤵
  PID:10816
- C:\Windows\System\ahIYTNM.exe
  C:\Windows\System\ahIYTNM.exe
  2⤵
  PID:10848
- C:\Windows\System\wtwFdrB.exe
  C:\Windows\System\wtwFdrB.exe
  2⤵
  PID:10876
- C:\Windows\System\gyxLdwb.exe
  C:\Windows\System\gyxLdwb.exe
  2⤵
  PID:10892
- C:\Windows\System\QyurPyq.exe
  C:\Windows\System\QyurPyq.exe
  2⤵
  PID:10912
- C:\Windows\System\OlljpdI.exe
  C:\Windows\System\OlljpdI.exe
  2⤵
  PID:10952
- C:\Windows\System\fSCsgdn.exe
  C:\Windows\System\fSCsgdn.exe
  2⤵
  PID:10976
- C:\Windows\System\eTSJqeD.exe
  C:\Windows\System\eTSJqeD.exe
  2⤵
  PID:11004
- C:\Windows\System\BGDyYRc.exe
  C:\Windows\System\BGDyYRc.exe
  2⤵
  PID:11040
- C:\Windows\System\uudFOAr.exe
  C:\Windows\System\uudFOAr.exe
  2⤵
  PID:11060
- C:\Windows\System\YVfIOEa.exe
  C:\Windows\System\YVfIOEa.exe
  2⤵
  PID:11088
- C:\Windows\System\KfPMPPw.exe
  C:\Windows\System\KfPMPPw.exe
  2⤵
  PID:11104
- C:\Windows\System\eAvWnjp.exe
  C:\Windows\System\eAvWnjp.exe
  2⤵
  PID:11120
- C:\Windows\System\deVsdTE.exe
  C:\Windows\System\deVsdTE.exe
  2⤵
  PID:11136
- C:\Windows\System\OjIadUW.exe
  C:\Windows\System\OjIadUW.exe
  2⤵
  PID:11160
- C:\Windows\System\hRXqjIl.exe
  C:\Windows\System\hRXqjIl.exe
  2⤵
  PID:11188
- C:\Windows\System\EjDXJJW.exe
  C:\Windows\System\EjDXJJW.exe
  2⤵
  PID:11208
- C:\Windows\System\moVcMBM.exe
  C:\Windows\System\moVcMBM.exe
  2⤵
  PID:11248
- C:\Windows\System\gkeIaML.exe
  C:\Windows\System\gkeIaML.exe
  2⤵
  PID:10268
- C:\Windows\System\srOQAIw.exe
  C:\Windows\System\srOQAIw.exe
  2⤵
  PID:10448
- C:\Windows\System\JdyLoBA.exe
  C:\Windows\System\JdyLoBA.exe
  2⤵
  PID:10516
- C:\Windows\System\PbbCaSg.exe
  C:\Windows\System\PbbCaSg.exe
  2⤵
  PID:10552
- C:\Windows\System\NgQbceS.exe
  C:\Windows\System\NgQbceS.exe
  2⤵
  PID:10604
- C:\Windows\System\SMyjSSv.exe
  C:\Windows\System\SMyjSSv.exe
  2⤵
  PID:10680
- C:\Windows\System\YgsivrA.exe
  C:\Windows\System\YgsivrA.exe
  2⤵
  PID:10736
- C:\Windows\System\QcbRAnc.exe
  C:\Windows\System\QcbRAnc.exe
  2⤵
  PID:10808
- C:\Windows\System\KLFvmny.exe
  C:\Windows\System\KLFvmny.exe
  2⤵
  PID:10868
- C:\Windows\System\nBvzNFJ.exe
  C:\Windows\System\nBvzNFJ.exe
  2⤵
  PID:10968
- C:\Windows\System\zxLenmO.exe
  C:\Windows\System\zxLenmO.exe
  2⤵
  PID:11000
- C:\Windows\System\vDgoFhc.exe
  C:\Windows\System\vDgoFhc.exe
  2⤵
  PID:11052
- C:\Windows\System\LWYjyMD.exe
  C:\Windows\System\LWYjyMD.exe
  2⤵
  PID:11116
- C:\Windows\System\yFCttTF.exe
  C:\Windows\System\yFCttTF.exe
  2⤵
  PID:11176
- C:\Windows\System\AmRitub.exe
  C:\Windows\System\AmRitub.exe
  2⤵
  PID:10260
- C:\Windows\System\pqtbhiN.exe
  C:\Windows\System\pqtbhiN.exe
  2⤵
  PID:9260
- C:\Windows\System\ellnBAg.exe
  C:\Windows\System\ellnBAg.exe
  2⤵
  PID:9580
- C:\Windows\System\iIkhaqC.exe
  C:\Windows\System\iIkhaqC.exe
  2⤵
  PID:10608
- C:\Windows\System\bldlVFN.exe
  C:\Windows\System\bldlVFN.exe
  2⤵
  PID:10716
- C:\Windows\System\tnkFSym.exe
  C:\Windows\System\tnkFSym.exe
  2⤵
  PID:10944
- C:\Windows\System\IcjoISI.exe
  C:\Windows\System\IcjoISI.exe
  2⤵
  PID:11148
- C:\Windows\System\GTtRiRr.exe
  C:\Windows\System\GTtRiRr.exe
  2⤵
  PID:11240
- C:\Windows\System\MAmwxJg.exe
  C:\Windows\System\MAmwxJg.exe
  2⤵
  PID:10456
- C:\Windows\System\qLGjPwQ.exe
  C:\Windows\System\qLGjPwQ.exe
  2⤵
  PID:10900
- C:\Windows\System\zmoHuMl.exe
  C:\Windows\System\zmoHuMl.exe
  2⤵
  PID:10764
- C:\Windows\System\lRcQqAr.exe
  C:\Windows\System\lRcQqAr.exe
  2⤵
  PID:10792
- C:\Windows\System\MqbHPfl.exe
  C:\Windows\System\MqbHPfl.exe
  2⤵
  PID:11292
- C:\Windows\System\WjkTxwl.exe
  C:\Windows\System\WjkTxwl.exe
  2⤵
  PID:11328
- C:\Windows\System\QNiHLNW.exe
  C:\Windows\System\QNiHLNW.exe
  2⤵
  PID:11364
- C:\Windows\System\RXflyVj.exe
  C:\Windows\System\RXflyVj.exe
  2⤵
  PID:11384
- C:\Windows\System\roYNCaR.exe
  C:\Windows\System\roYNCaR.exe
  2⤵
  PID:11420
- C:\Windows\System\vqyzijK.exe
  C:\Windows\System\vqyzijK.exe
  2⤵
  PID:11440
- C:\Windows\System\wBTONTu.exe
  C:\Windows\System\wBTONTu.exe
  2⤵
  PID:11456
- C:\Windows\System\lgNGPpf.exe
  C:\Windows\System\lgNGPpf.exe
  2⤵
  PID:11484
- C:\Windows\System\puHyOLb.exe
  C:\Windows\System\puHyOLb.exe
  2⤵
  PID:11516
- C:\Windows\System\TOcLWFo.exe
  C:\Windows\System\TOcLWFo.exe
  2⤵
  PID:11556
- C:\Windows\System\cqwMREz.exe
  C:\Windows\System\cqwMREz.exe
  2⤵
  PID:11576
- C:\Windows\System\FtSsDMQ.exe
  C:\Windows\System\FtSsDMQ.exe
  2⤵
  PID:11596
- C:\Windows\System\vrAgNmk.exe
  C:\Windows\System\vrAgNmk.exe
  2⤵
  PID:11620
- C:\Windows\System\uHlCxmu.exe
  C:\Windows\System\uHlCxmu.exe
  2⤵
  PID:11656
- C:\Windows\System\yFVUJSI.exe
  C:\Windows\System\yFVUJSI.exe
  2⤵
  PID:11680
- C:\Windows\System\QbTCFkU.exe
  C:\Windows\System\QbTCFkU.exe
  2⤵
  PID:11708
- C:\Windows\System\FktRZKh.exe
  C:\Windows\System\FktRZKh.exe
  2⤵
  PID:11724
- C:\Windows\System\bavTCtl.exe
  C:\Windows\System\bavTCtl.exe
  2⤵
  PID:11748
- C:\Windows\System\hEjyzeU.exe
  C:\Windows\System\hEjyzeU.exe
  2⤵
  PID:11784
- C:\Windows\System\SwAsCyB.exe
  C:\Windows\System\SwAsCyB.exe
  2⤵
  PID:11812
- C:\Windows\System\jXKqxoL.exe
  C:\Windows\System\jXKqxoL.exe
  2⤵
  PID:11848
- C:\Windows\System\kQTLUDk.exe
  C:\Windows\System\kQTLUDk.exe
  2⤵
  PID:11876
- C:\Windows\System\nhyQvDL.exe
  C:\Windows\System\nhyQvDL.exe
  2⤵
  PID:11904
- C:\Windows\System\GTKSFOc.exe
  C:\Windows\System\GTKSFOc.exe
  2⤵
  PID:11932
- C:\Windows\System\GRjDfno.exe
  C:\Windows\System\GRjDfno.exe
  2⤵
  PID:11972
- C:\Windows\System\jQbmbfi.exe
  C:\Windows\System\jQbmbfi.exe
  2⤵
  PID:12004
- C:\Windows\System\tyCDpsH.exe
  C:\Windows\System\tyCDpsH.exe
  2⤵
  PID:12032
- C:\Windows\System\bMECzNQ.exe
  C:\Windows\System\bMECzNQ.exe
  2⤵
  PID:12052
- C:\Windows\System\PmrCuYt.exe
  C:\Windows\System\PmrCuYt.exe
  2⤵
  PID:12072
- C:\Windows\System\emRHNEo.exe
  C:\Windows\System\emRHNEo.exe
  2⤵
  PID:12108
- C:\Windows\System\EIzkcha.exe
  C:\Windows\System\EIzkcha.exe
  2⤵
  PID:12140
- C:\Windows\System\PmqxynU.exe
  C:\Windows\System\PmqxynU.exe
  2⤵
  PID:12196
- C:\Windows\System\jtHFcDD.exe
  C:\Windows\System\jtHFcDD.exe
  2⤵
  PID:12212
- C:\Windows\System\HdlrlUQ.exe
  C:\Windows\System\HdlrlUQ.exe
  2⤵
  PID:12228
- C:\Windows\System\FtUbpPv.exe
  C:\Windows\System\FtUbpPv.exe
  2⤵
  PID:12256
- C:\Windows\System\IxkAxst.exe
  C:\Windows\System\IxkAxst.exe
  2⤵
  PID:12284
- C:\Windows\System\rGHMaOr.exe
  C:\Windows\System\rGHMaOr.exe
  2⤵
  PID:10308
- C:\Windows\System\diOtmHC.exe
  C:\Windows\System\diOtmHC.exe
  2⤵
  PID:11348
- C:\Windows\System\caCBEtz.exe
  C:\Windows\System\caCBEtz.exe
  2⤵
  PID:11412
- C:\Windows\System\iMtCKLP.exe
  C:\Windows\System\iMtCKLP.exe
  2⤵
  PID:11472
- C:\Windows\System\yJrAUOY.exe
  C:\Windows\System\yJrAUOY.exe
  2⤵
  PID:11512
- C:\Windows\System\VdeEsvP.exe
  C:\Windows\System\VdeEsvP.exe
  2⤵
  PID:11616
- C:\Windows\System\GOQEErc.exe
  C:\Windows\System\GOQEErc.exe
  2⤵
  PID:11612
- C:\Windows\System\WxYxeAo.exe
  C:\Windows\System\WxYxeAo.exe
  2⤵
  PID:11768
- C:\Windows\System\robPmhA.exe
  C:\Windows\System\robPmhA.exe
  2⤵
  PID:11792
- C:\Windows\System\WPqTasA.exe
  C:\Windows\System\WPqTasA.exe
  2⤵
  PID:11868
- C:\Windows\System\KreFDTf.exe
  C:\Windows\System\KreFDTf.exe
  2⤵
  PID:11928
- C:\Windows\System\YjbXXTS.exe
  C:\Windows\System\YjbXXTS.exe
  2⤵
  PID:11956
- C:\Windows\System\pnmQdDT.exe
  C:\Windows\System\pnmQdDT.exe
  2⤵
  PID:12020
- C:\Windows\System\KuuYewn.exe
  C:\Windows\System\KuuYewn.exe
  2⤵
  PID:12084
- C:\Windows\System\QGnxiLM.exe
  C:\Windows\System\QGnxiLM.exe
  2⤵
  PID:12164
- C:\Windows\System\aQtzJUo.exe
  C:\Windows\System\aQtzJUo.exe
  2⤵
  PID:12268
- C:\Windows\System\RHQsRrk.exe
  C:\Windows\System\RHQsRrk.exe
  2⤵
  PID:11340
- C:\Windows\System\vsqxKvP.exe
  C:\Windows\System\vsqxKvP.exe
  2⤵
  PID:11552
- C:\Windows\System\kIdRjoB.exe
  C:\Windows\System\kIdRjoB.exe
  2⤵
  PID:11700
- C:\Windows\System\ffTlWFh.exe
  C:\Windows\System\ffTlWFh.exe
  2⤵
  PID:11828
- C:\Windows\System\jVVtHwk.exe
  C:\Windows\System\jVVtHwk.exe
  2⤵
  PID:12040
- C:\Windows\System\lXGFLyu.exe
  C:\Windows\System\lXGFLyu.exe
  2⤵
  PID:12224
- C:\Windows\System\WbaZqNd.exe
  C:\Windows\System\WbaZqNd.exe
  2⤵
  PID:11132
- C:\Windows\System\CWRxEzj.exe
  C:\Windows\System\CWRxEzj.exe
  2⤵
  PID:11940
- C:\Windows\System\WfJskZd.exe
  C:\Windows\System\WfJskZd.exe
  2⤵
  PID:12064
- C:\Windows\System\DXypZda.exe
  C:\Windows\System\DXypZda.exe
  2⤵
  PID:12296
- C:\Windows\System\xVcMCSu.exe
  C:\Windows\System\xVcMCSu.exe
  2⤵
  PID:12324
- C:\Windows\System\GTuJeln.exe
  C:\Windows\System\GTuJeln.exe
  2⤵
  PID:12360
- C:\Windows\System\xpRUtyj.exe
  C:\Windows\System\xpRUtyj.exe
  2⤵
  PID:12400
- C:\Windows\System\karGiNR.exe
  C:\Windows\System\karGiNR.exe
  2⤵
  PID:12428
- C:\Windows\System\GYTCniV.exe
  C:\Windows\System\GYTCniV.exe
  2⤵
  PID:12456
- C:\Windows\System\dbMAOtX.exe
  C:\Windows\System\dbMAOtX.exe
  2⤵
  PID:12492
- C:\Windows\System\AhRDfcI.exe
  C:\Windows\System\AhRDfcI.exe
  2⤵
  PID:12520
- C:\Windows\System\RxJjcVe.exe
  C:\Windows\System\RxJjcVe.exe
  2⤵
  PID:12536
- C:\Windows\System\TlpSIDB.exe
  C:\Windows\System\TlpSIDB.exe
  2⤵
  PID:12560
- C:\Windows\System\WytOsfE.exe
  C:\Windows\System\WytOsfE.exe
  2⤵
  PID:12580
- C:\Windows\System\kiMscdn.exe
  C:\Windows\System\kiMscdn.exe
  2⤵
  PID:12600
- C:\Windows\System\nxPXgsF.exe
  C:\Windows\System\nxPXgsF.exe
  2⤵
  PID:12636
- C:\Windows\System\lnXxiRt.exe
  C:\Windows\System\lnXxiRt.exe
  2⤵
  PID:12660
- C:\Windows\System\ggpQoBI.exe
  C:\Windows\System\ggpQoBI.exe
  2⤵
  PID:12708
- C:\Windows\System\imxgmQL.exe
  C:\Windows\System\imxgmQL.exe
  2⤵
  PID:12732
- C:\Windows\System\wLYkGJX.exe
  C:\Windows\System\wLYkGJX.exe
  2⤵
  PID:12768
- C:\Windows\System\EFeKVzL.exe
  C:\Windows\System\EFeKVzL.exe
  2⤵
  PID:12792
- C:\Windows\System\pQauous.exe
  C:\Windows\System\pQauous.exe
  2⤵
  PID:12824
- C:\Windows\System\PFdpQRJ.exe
  C:\Windows\System\PFdpQRJ.exe
  2⤵
  PID:12852
- C:\Windows\System\GhJXlUI.exe
  C:\Windows\System\GhJXlUI.exe
  2⤵
  PID:12892
- C:\Windows\System\tNraqbH.exe
  C:\Windows\System\tNraqbH.exe
  2⤵
  PID:12920
- C:\Windows\System\XvfHYoh.exe
  C:\Windows\System\XvfHYoh.exe
  2⤵
  PID:12948
- C:\Windows\System\OFDhUDq.exe
  C:\Windows\System\OFDhUDq.exe
  2⤵
  PID:12976
- C:\Windows\System\CciANPp.exe
  C:\Windows\System\CciANPp.exe
  2⤵
  PID:13004
- C:\Windows\System\sxbxNmy.exe
  C:\Windows\System\sxbxNmy.exe
  2⤵
  PID:13024
- C:\Windows\System\xvhkpXR.exe
  C:\Windows\System\xvhkpXR.exe
  2⤵
  PID:13052
- C:\Windows\System\monLvLE.exe
  C:\Windows\System\monLvLE.exe
  2⤵
  PID:13076
- C:\Windows\System\pBCbTOe.exe
  C:\Windows\System\pBCbTOe.exe
  2⤵
  PID:13116
- C:\Windows\System\rIvMYos.exe
  C:\Windows\System\rIvMYos.exe
  2⤵
  PID:13136
- C:\Windows\System\yBiBlWf.exe
  C:\Windows\System\yBiBlWf.exe
  2⤵
  PID:13172
- C:\Windows\System\hfldGzW.exe
  C:\Windows\System\hfldGzW.exe
  2⤵
  PID:13196
- C:\Windows\System\ciBKWyD.exe
  C:\Windows\System\ciBKWyD.exe
  2⤵
  PID:13220
- C:\Windows\System\Xouamog.exe
  C:\Windows\System\Xouamog.exe
  2⤵
  PID:13256
- C:\Windows\System\qsXtrAX.exe
  C:\Windows\System\qsXtrAX.exe
  2⤵
  PID:13276
- C:\Windows\System\PGnZeFn.exe
  C:\Windows\System\PGnZeFn.exe
  2⤵
  PID:13308
- C:\Windows\System\VCrlbog.exe
  C:\Windows\System\VCrlbog.exe
  2⤵
  PID:12152
- C:\Windows\System\hFirZmk.exe
  C:\Windows\System\hFirZmk.exe
  2⤵
  PID:12336
- C:\Windows\System\hqrwPZS.exe
  C:\Windows\System\hqrwPZS.exe
  2⤵
  PID:12412
- C:\Windows\System\zkNLaGo.exe
  C:\Windows\System\zkNLaGo.exe
  2⤵
  PID:12500
- C:\Windows\System\rgOsgQR.exe
  C:\Windows\System\rgOsgQR.exe
  2⤵
  PID:12608
- C:\Windows\System\OpZkfgN.exe
  C:\Windows\System\OpZkfgN.exe
  2⤵
  PID:12624
- C:\Windows\System\BrRcaDm.exe
  C:\Windows\System\BrRcaDm.exe
  2⤵
  PID:12696
- C:\Windows\System\OSkCFhF.exe
  C:\Windows\System\OSkCFhF.exe
  2⤵
  PID:12756
- C:\Windows\System\fRLeRsy.exe
  C:\Windows\System\fRLeRsy.exe
  2⤵
  PID:12836
- C:\Windows\System\XiZoHjB.exe
  C:\Windows\System\XiZoHjB.exe
  2⤵
  PID:12888
- C:\Windows\System\MKuzoDL.exe
  C:\Windows\System\MKuzoDL.exe
  2⤵
  PID:12964
- C:\Windows\System\nifrcXL.exe
  C:\Windows\System\nifrcXL.exe
  2⤵
  PID:13048
- C:\Windows\System\ayVBwQv.exe
  C:\Windows\System\ayVBwQv.exe
  2⤵
  PID:13072
- C:\Windows\System\MAGwaeL.exe
  C:\Windows\System\MAGwaeL.exe
  2⤵
  PID:13168
- C:\Windows\System\tXUuzwS.exe
  C:\Windows\System\tXUuzwS.exe
  2⤵
  PID:13216
- C:\Windows\System\eucCJxi.exe
  C:\Windows\System\eucCJxi.exe
  2⤵
  PID:13288
- C:\Windows\System\BUCjusl.exe
  C:\Windows\System\BUCjusl.exe
  2⤵
  PID:12388
- C:\Windows\System\vMcnvKF.exe
  C:\Windows\System\vMcnvKF.exe
  2⤵
  PID:12568
- C:\Windows\System\FwoWBzg.exe
  C:\Windows\System\FwoWBzg.exe
  2⤵
  PID:12688
- C:\Windows\System\biFZXMx.exe
  C:\Windows\System\biFZXMx.exe
  2⤵
  PID:12936
- C:\Windows\System\oRefATv.exe
  C:\Windows\System\oRefATv.exe
  2⤵
  PID:13044
- C:\Windows\System\hmozRVD.exe
  C:\Windows\System\hmozRVD.exe
  2⤵
  PID:13208
- C:\Windows\System\krDdtNI.exe
  C:\Windows\System\krDdtNI.exe
  2⤵
  PID:12320
- C:\Windows\System\YUQWOBU.exe
  C:\Windows\System\YUQWOBU.exe
  2⤵
  PID:12720
- C:\Windows\System\xdmxHzM.exe
  C:\Windows\System\xdmxHzM.exe
  2⤵
  PID:12988
- C:\Windows\System\VQayugR.exe
  C:\Windows\System\VQayugR.exe
  2⤵
  PID:12452
- C:\Windows\System\ZJcqzTU.exe
  C:\Windows\System\ZJcqzTU.exe
  2⤵
  PID:13324
- C:\Windows\System\FjGHSAN.exe
  C:\Windows\System\FjGHSAN.exe
  2⤵
  PID:13348
- C:\Windows\System\nIiVkIK.exe
  C:\Windows\System\nIiVkIK.exe
  2⤵
  PID:13380
- C:\Windows\System\JdvqmeJ.exe
  C:\Windows\System\JdvqmeJ.exe
  2⤵
  PID:13396
- C:\Windows\System\tQGhYSm.exe
  C:\Windows\System\tQGhYSm.exe
  2⤵
  PID:13432
- C:\Windows\System\IkfDUoa.exe
  C:\Windows\System\IkfDUoa.exe
  2⤵
  PID:13448
- C:\Windows\System\amgQpyw.exe
  C:\Windows\System\amgQpyw.exe
  2⤵
  PID:13484
- C:\Windows\System\odhrqTo.exe
  C:\Windows\System\odhrqTo.exe
  2⤵
  PID:13500
- C:\Windows\System\DYzdGsJ.exe
  C:\Windows\System\DYzdGsJ.exe
  2⤵
  PID:13528
- C:\Windows\System\mgDsmbj.exe
  C:\Windows\System\mgDsmbj.exe
  2⤵
  PID:13556
- C:\Windows\System\alzYqUc.exe
  C:\Windows\System\alzYqUc.exe
  2⤵
  PID:13588
- C:\Windows\System\kpmrfFK.exe
  C:\Windows\System\kpmrfFK.exe
  2⤵
  PID:13620
- C:\Windows\System\fyeNTUd.exe
  C:\Windows\System\fyeNTUd.exe
  2⤵
  PID:13652
- C:\Windows\System\BndjDhd.exe
  C:\Windows\System\BndjDhd.exe
  2⤵
  PID:13684
- C:\Windows\System\kupOkPy.exe
  C:\Windows\System\kupOkPy.exe
  2⤵
  PID:13716
- C:\Windows\System\rbrwGBm.exe
  C:\Windows\System\rbrwGBm.exe
  2⤵
  PID:13752
- C:\Windows\System\FAVCqrW.exe
  C:\Windows\System\FAVCqrW.exe
  2⤵
  PID:13784
- C:\Windows\System\yHEwBCn.exe
  C:\Windows\System\yHEwBCn.exe
  2⤵
  PID:13816
- C:\Windows\System\OuXnaGT.exe
  C:\Windows\System\OuXnaGT.exe
  2⤵
  PID:13852
- C:\Windows\System\IaOBRXL.exe
  C:\Windows\System\IaOBRXL.exe
  2⤵
  PID:13884
- C:\Windows\System\rzCIqXI.exe
  C:\Windows\System\rzCIqXI.exe
  2⤵
  PID:13916
- C:\Windows\System\uKpGofC.exe
  C:\Windows\System\uKpGofC.exe
  2⤵
  PID:13952
- C:\Windows\System\aFHOGku.exe
  C:\Windows\System\aFHOGku.exe
  2⤵
  PID:13976
- C:\Windows\System\SgwhDsi.exe
  C:\Windows\System\SgwhDsi.exe
  2⤵
  PID:14000
- C:\Windows\System\HfOjHQq.exe
  C:\Windows\System\HfOjHQq.exe
  2⤵
  PID:14028
- C:\Windows\System\jhYEmZF.exe
  C:\Windows\System\jhYEmZF.exe
  2⤵
  PID:14060
- C:\Windows\System\KAMBGKH.exe
  C:\Windows\System\KAMBGKH.exe
  2⤵
  PID:14084
- C:\Windows\System\cyEKUaf.exe
  C:\Windows\System\cyEKUaf.exe
  2⤵
  PID:14116
- C:\Windows\System\UMaKLli.exe
  C:\Windows\System\UMaKLli.exe
  2⤵
  PID:14140
- C:\Windows\System\VwqFMxl.exe
  C:\Windows\System\VwqFMxl.exe
  2⤵
  PID:14156
- C:\Windows\System\kkLUKxT.exe
  C:\Windows\System\kkLUKxT.exe
  2⤵
  PID:14184
- C:\Windows\System\GwecxTX.exe
  C:\Windows\System\GwecxTX.exe
  2⤵
  PID:14216
- C:\Windows\System\srfQAZb.exe
  C:\Windows\System\srfQAZb.exe
  2⤵
  PID:14252
- C:\Windows\System\orgUxvy.exe
  C:\Windows\System\orgUxvy.exe
  2⤵
  PID:14276
- C:\Windows\System\tvZGzOz.exe
  C:\Windows\System\tvZGzOz.exe
  2⤵
  PID:14316
- C:\Windows\System\wwilotM.exe
  C:\Windows\System\wwilotM.exe
  2⤵
  PID:14332
- C:\Windows\System\gDWEKZO.exe
  C:\Windows\System\gDWEKZO.exe
  2⤵
  PID:12804
- C:\Windows\System\JLfCFFt.exe
  C:\Windows\System\JLfCFFt.exe
  2⤵
  PID:13364
- C:\Windows\System\IlmvApT.exe
  C:\Windows\System\IlmvApT.exe
  2⤵
  PID:13416
- C:\Windows\System\qQlqGCR.exe
  C:\Windows\System\qQlqGCR.exe
  2⤵
  PID:13492
- C:\Windows\System\wqjRNNU.exe
  C:\Windows\System\wqjRNNU.exe
  2⤵
  PID:13608
- C:\Windows\System\nsgqJvR.exe
  C:\Windows\System\nsgqJvR.exe
  2⤵
  PID:13660
- C:\Windows\System\EyiDLfO.exe
  C:\Windows\System\EyiDLfO.exe
  2⤵
  PID:3040
- C:\Windows\System\yrcPbZA.exe
  C:\Windows\System\yrcPbZA.exe
  2⤵
  PID:13740
- C:\Windows\System\QoYBAnx.exe
  C:\Windows\System\QoYBAnx.exe
  2⤵
  PID:13776
- C:\Windows\System\FaEBCqY.exe
  C:\Windows\System\FaEBCqY.exe
  2⤵
  PID:13864
- C:\Windows\System\KMpnNhA.exe
  C:\Windows\System\KMpnNhA.exe
  2⤵
  PID:13896
- C:\Windows\System\RtYnsIq.exe
  C:\Windows\System\RtYnsIq.exe
  2⤵
  PID:13972
- C:\Windows\System\NwnDKZE.exe
  C:\Windows\System\NwnDKZE.exe
  2⤵
  PID:14044
- C:\Windows\System\baVzVqK.exe
  C:\Windows\System\baVzVqK.exe
  2⤵
  PID:14076
- C:\Windows\System\sCMgsKb.exe
  C:\Windows\System\sCMgsKb.exe
  2⤵
  PID:14128
- C:\Windows\System\dVCYIuM.exe
  C:\Windows\System\dVCYIuM.exe
  2⤵
  PID:14208
- C:\Windows\System\zloYXSS.exe
  C:\Windows\System\zloYXSS.exe
  2⤵
  PID:14300
- C:\Windows\System\xlVqpae.exe
  C:\Windows\System\xlVqpae.exe
  2⤵
  PID:11604
- C:\Windows\System\NkAupgX.exe
  C:\Windows\System\NkAupgX.exe
  2⤵
  PID:13408
- C:\Windows\System\CorPUZN.exe
  C:\Windows\System\CorPUZN.exe
  2⤵
  PID:13676
- C:\Windows\System\yQiGawf.exe
  C:\Windows\System\yQiGawf.exe
  2⤵
  PID:516
- C:\Windows\System\xDsaYER.exe
  C:\Windows\System\xDsaYER.exe
  2⤵
  PID:13780
- C:\Windows\System\LHaXOQl.exe
  C:\Windows\System\LHaXOQl.exe
  2⤵
  PID:14016
- C:\Windows\System\cRLbcJT.exe
  C:\Windows\System\cRLbcJT.exe
  2⤵
  PID:14168

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AVFsCJz.exe

Filesize
2.1MB

MD5
39eb6bff35a26d63bef68e3ae1c2e5f3

SHA1
cf3a36d26611b1ef97a84d72360463238d4c454d

SHA256
cdf65b41e221c1650f58da5829d6a19f3f64fa733cd3832bd7059ddf671d1d69

SHA512
2788b9322e1f81f1c049648ef814762e03c12656242ece8d241f116b956d978f44cb72a3dc75f2252cbe86ee767e996b41d1bb8fa3900b9c7a4c504fef0d3c73

Download Submit
C:\Windows\System\CnIvkGd.exe

Filesize
2.1MB

MD5
3e8faab0061dbac1b09393e618c4ba7e

SHA1
a2f84bea3ee17edb0641132212394dae85433741

SHA256
a51fe03bd4d096c3bba91591260a27342a11e1b9f3b08f827295444fbddcfbc3

SHA512
cf24a6f96e4c143f771c357fc39d783ff5ff9ca468eaede13d96930192d95298061b8ed8e1bdcc6a654e306f4adc21b07a26184a472fe849dc205ee732637156

Download Submit
C:\Windows\System\FVuvqdK.exe

Filesize
2.1MB

MD5
dca6882321042a51013f8f4c4b8e36d9

SHA1
4b496bdb10f9e18d65b5966fc48abf2b54d703d8

SHA256
752fdb673e3aeae52ba4cc788a2f03beaabbd689c028030f4fd62f349b0cb8fc

SHA512
3892187a905f81a6b1288d84ffb31e270223eb465d13940427e18da058f11a1ea463ca266a0c5edc15bffe097c968a2f86523f79a7652724bac6b114e82f886d

Download Submit
C:\Windows\System\GThDSXR.exe

Filesize
2.1MB

MD5
bf48ec9e22ed95208c554af636739ee9

SHA1
773d6f61afe4d18eb4b55a924c4a0d0fdaa7e7bf

SHA256
f6695394a3ffe7155ea3aae032d689733d282868ac00b4dd6049c2019f2ed02b

SHA512
a36707683012ea3364af2a558c5b33310008f21331707fbd6b043566624479264f335f0ab9f341edf3157e7e390a4fde45317233cd9569aebeacca4c5984b63d

Download Submit
C:\Windows\System\HasbSBg.exe

Filesize
2.1MB

MD5
dc5220a159b6b85139ac43739e201eef

SHA1
71d3d5654ac34fd7be109994f02c81a7a16c32ed

SHA256
8c8741a7dd5b266dafe00ad1aae64032caba3163ffeb39a83cd73c77e9d139db

SHA512
9bccd9846cc6d8f6ce32553baf8503be44bcc7b41e606e368a4fe44ec0d6dcc4a5abdf3cb0fc978521a2d26d1758398190102bf6b205aa3b3be22e554a9b2f65

Download Submit
C:\Windows\System\JSioJCo.exe

Filesize
2.1MB

MD5
6c63b9e458c7e92f879a31af547d7182

SHA1
426e48f675e02c5d5be1f0710b19841f69809bd4

SHA256
da6974093e0f9e1734e4fa41f31b3a0befc5d9140276a356f7c93746f171475c

SHA512
a48507f76d70787d93e801e8a1d1330a7945b3e08bef779e5dd9221c9b81708b893aca96364abb54182b6590a047a291fee5a8316ebe7fb59994e7a8744e76f6

Download Submit
C:\Windows\System\KkiHabj.exe

Filesize
2.1MB

MD5
b6e24b70bf7b08388b4ffc67fdf3a1c8

SHA1
1fe074e3212960da37b6ec7e83cad8232cb5eb69

SHA256
1fdb67203c4f824e4dc22888e59c97666271ec8843903ceb018516a1cce74572

SHA512
593f87b32c559928e9b72c745487fb009310adee754aadfa6a0898561524da4dfc4fd14904d696787699e316e9ad89cb3d5aa608693b757423c7ad62d4e5266a

Download Submit
C:\Windows\System\KxYXFNr.exe

Filesize
2.1MB

MD5
16e813c561d3b01113043b76762a7336

SHA1
b3e6c074efb1332da61dbf82792bbb9b3a1f256a

SHA256
2bcc6db79dbc9d2bd34502faddfc06b11613ee4e9bc6bba5ffbbdd3897714fdb

SHA512
f78890c467065ee7ecc1b7cf5fd690267a7e1cec82dd7bf84de0503ed1fd26e9b340a96d15f18401274985617145ed2cc3ff7d3c48ba35b55e86ac1b569d23da

Download Submit
C:\Windows\System\MSVzdFX.exe

Filesize
2.1MB

MD5
5acfae8b93d5e131273e636c0dc08b94

SHA1
8cff01f871985917d95b68292367443018ff07b4

SHA256
de2f6bfac2f16078f91f92e096080336a538c0cb413b967a79a9b5d6a3195a2b

SHA512
2f36a1a17d400f7697ffb9ffefd114dbcbb601d2e41c2f05d0a6e4119b8019b45b6287d23e511eb864934b39bf1b1ae16d3513dd8107cf7fd8816cfcef559f59

Download Submit
C:\Windows\System\MqoBxSo.exe

Filesize
2.1MB

MD5
60f9a2edc45ff7aae790eb5a3bb4a450

SHA1
8d68f316f03745229bd68b80c68525dd2986e55f

SHA256
87be313346dacf4bacb7e53f73a9dfaafaf67034063e9fd2dd32b21bfd64e741

SHA512
9097255e3204e191f90e8c6ec0c7e74c20095f1e7c27e02cedd8580c4602b76734f0c0e441ec3dbb75dabcc41fdb80697b551b0a4d7c2e1bfc558b2307e868bb

Download Submit
C:\Windows\System\MswRQbg.exe

Filesize
2.1MB

MD5
e987279bda9b9e7769f903b0c498e525

SHA1
56db052b025af8b57346adf3dec587ea09b8df06

SHA256
31428efee15946a7f47dc434aacd4a23933eac460ad797163c945593f8415e1a

SHA512
646d9fbc14ebd6b7958cd48052369f43b2b873775cd5a623dd53cc7421ea0760b69ad77fe402d88114a90a46a2d24595d11a5e4c32ff143d3dad69c2675853bf

Download Submit
C:\Windows\System\PlkFWah.exe

Filesize
2.1MB

MD5
433603de909a603da457937130ecf40d

SHA1
7238c4b44e10e0ef335ddcca0965c0e94b5bee2d

SHA256
6a02e84ea4710d5f0d23951a5c126f4140971ba83db543a7e74747e1bf319146

SHA512
97ed54888b99f0b7e4b9b391f2bad7fe53d2a49fe5bff48299bffa5536156d15b25b28e86d84812dd52e3392cd3cba8701eb2d8edf060205c5919a3a59ade190

Download Submit
C:\Windows\System\QDaKFhz.exe

Filesize
2.1MB

MD5
90a487c971030f385c8e34dc18b9f076

SHA1
90b5bc08a68f9a38a0397e2e574228e4eb1b6d47

SHA256
0c3090e145b8305d5d03b8b2891521e6b80e489aa412b48fc410ea32fd3d5914

SHA512
1d13040f4f505168e45a8c67a3e481cd655c88542045efab98f32b1529372a2cec335d85fb464fa1f5199a6f4446e8386256f2f77d87b71714049157bcb603eb

Download Submit
C:\Windows\System\SHEXgDm.exe

Filesize
2.1MB

MD5
498a45545352fda276ead7e02f7e9600

SHA1
ae904f595d223f5a344c66104d9102de3c0e4758

SHA256
0b2bda1dd05983db19fd7a6ebd4e8a288919695f36dcde1b4cbf03fd901a9fdd

SHA512
8867043b83060bb8d81d6e04f8e7df6efa54bb55a4cefcb11a3ec5cf8d6e67a4125a3a61248a64c7fd04075a064c7b5c5bb50a07006a1a2518e928688cb50fba

Download Submit
C:\Windows\System\TGMzget.exe

Filesize
2.1MB

MD5
4f72c1b9756b71d47261afd6514c0de3

SHA1
ba5546966afbe5f288f7e2986caa0a21fbd38a02

SHA256
fd940687a0adad86a84dd6751ca6fbe32a48de7388c716de4484e2a0dadf847c

SHA512
5bc287bc8d3893211d2ecc03cf13a9cd6dfafe82321938c9a422223abd05e0e4bd7a617e5562731c7351ad54de67206b03cfab9443cda8e43fa9b2ea1a1471fc

Download Submit
C:\Windows\System\TMznDse.exe

Filesize
2.1MB

MD5
66127504b6647d384046c23d52d20735

SHA1
9451c9f820e32aac1f5eaa0e88a942cadbc43920

SHA256
b9713c9af2700aaee35b2da935ac2cf4c13d3c65f2dda47882bd43a9895d5ea3

SHA512
2cab71212a18f557e1b089383a36621236af835adfe4980060ec83c3690bfc5e85d39a707375a9d891ede1e1844ce6aeb186b6c0b8426dc54ccd83d1cc75921c

Download Submit
C:\Windows\System\UMJjtHu.exe

Filesize
2.1MB

MD5
3ef06bcad621e4ee1b6034381d988726

SHA1
b92288c416eee99d91bb519bd0b33e2d6b06cd25

SHA256
264028f2bc7af68c205e3290917535ebdb91dba27dc7067bf658a2ff678d5aa8

SHA512
68cdd3bfc553e1d033ec1ce5c800d471dcd73024cd140aedf0796559a2397fe6922c5f3a971bc4dcae5b7683fd6d0047ab3b213199a363155fee21e4be8fe69d

Download Submit
C:\Windows\System\XQLVnYy.exe

Filesize
2.1MB

MD5
3f21992c9676b863b7c8983380aba96e

SHA1
9a855458c7ee16eb15aaa8e305700236fdeb0684

SHA256
a7adc964d54499a964b2fa7a51cd482f7d80267f179ab3ce0d5f0aa9a6eb819e

SHA512
3a5963bda5a132272addd178c92f6ef955def07e5ea9b5818a1543c28d5ce4c4023cc3038f7c41b99dde1de1b7b331bedd279dc0149905bf7f9cf41f0ea05559

Download Submit
C:\Windows\System\ZTNUBFk.exe

Filesize
2.1MB

MD5
c665db2676208c045963a599fdba7002

SHA1
142411435e223141f71cd91b91813fde27b59ed1

SHA256
7c0953312efc1c083d3a90265c2729ad07912bac22042e18553f9cb5cd5ce5bc

SHA512
2acc068f79efcb436eef1cde70294c057a87a517ed4898b8e8956e24a5b06243d96e5e43566f616837eb3ffc1ccc6c5d200cf6bda3b2a4c398f9ebd9d71de5f3

Download Submit
C:\Windows\System\dDhtgRt.exe

Filesize
2.1MB

MD5
9b6f6e37aeab020051d98cfa1b4e231c

SHA1
a20da0c8f890998c99928c308a8cfc5b76e2d665

SHA256
c49bb1397c0dd0d392d02b3026a12cc351b5b4ba0752adda61a3b2c3c20b27bf

SHA512
253d93b37dce9a66584b1c184b5bf0afd6d12239d0b115b57b194fdfc0c5207cde7d2c0964c57edb9ed6abc8502480c2412a78673fde6d22b4433a1525578f62

Download Submit
C:\Windows\System\gjDZFzd.exe

Filesize
2.1MB

MD5
3d00a2793f6bef682fc19d4bf1484691

SHA1
24bfa542aea04fa40d52b0e1ef5da3f37cfcbbc4

SHA256
a98d362fbeb1c1bcaeffd14f3910834a9c142a1511564d69491de598c2e752fc

SHA512
17c41fd08f6d4bbf039c5560db94231586575dea38130a8022fd75e925fce65c20c1ea6195e9f0b89b5cadef068fbdcf727da4d8c96cf463ae39232ce952fd98

Download Submit
C:\Windows\System\kiucMoO.exe

Filesize
2.1MB

MD5
6caad77fb03abb72aca97999ed6fc0a1

SHA1
a06648c95095ec7004ae457dcfc116308e91db9a

SHA256
9c64fa0e85821b56ad6c98fbd29fc5ef6fdbbb192c2d1c0965ca90976b2f8cd8

SHA512
562f2f8b01f2d9b00466516eac2aa44d2f8b167d66180218c0fa08acdc6c34f7c6c0d0ee12711753e4704429a00e28707d4752c82c1728f355cb25320f6bba18

Download Submit
C:\Windows\System\lMOQvTj.exe

Filesize
2.1MB

MD5
6a53b403733f1ecadc22af926cb6b519

SHA1
04600d11e79c6b15685909075f53f9ba7a3365c8

SHA256
4b816c0913fd334ae4a9080612cb16e42c5ce3fb61986a7dfdba5b004bf2d886

SHA512
02a6493b8c19034597d432bf151d14790dc1d4ccc4e98c80588f7fc5886a3e1c08328b899a66ed55a4a3a3d310b82e7bc80b38164c1215c4705bc6e444f47938

Download Submit
C:\Windows\System\mJHlFRo.exe

Filesize
2.1MB

MD5
b43083d5425d7b9fb11b66a9452f680d

SHA1
e23f63050cb054117beda165e68279e9a1976579

SHA256
a37b1a5d75a0d05194da0132443d37968a60e90d1f48fd0b0f22123e6a6c2327

SHA512
a5fda0176f8f7ffdc077c1b26049c911da621586b3c5c4147aea6f19f28af8f13ab19bdf3837033beb677331e5c8bb6b467d570164972160bfc07cd39c05886d

Download Submit
C:\Windows\System\pddYiFx.exe

Filesize
2.1MB

MD5
4ef52110edfed19da1019c7c9d7e680e

SHA1
3c9d87115992f28a1927db81fe554dbfd62e65f4

SHA256
b852281d0ac0a444e5216f4284238e6fcc909021691020ac33eaff4ab7b7db29

SHA512
fb736ed79bba5a0f6c6a2cf3ebcbd84f35bab21964024e785ddad893b8c8e6ce3b94afab448c2e7b10fbab542d563b3eaf350f27843d0072635478bf4bc83645

Download Submit
C:\Windows\System\qJIbtfF.exe

Filesize
2.1MB

MD5
30dcdc164d25d4ac092d1fece43ff8bd

SHA1
bcb60d6acacc62d91fdf5c0ddf9da5e5a5025032

SHA256
6a985f68ebd520949502eb1a9a97e1e0121fe9e55d645c3e74f94a7ca6ad30c9

SHA512
a640458a070e4478c7bfef7754dd3cc705753641f21e3458a62c3b12e3c3e6a3a2e343aa3155d7d2c88f354010df52db834c0fbfd81d08f45a1ede4801915375

Download Submit
C:\Windows\System\sAhWWta.exe

Filesize
2.1MB

MD5
d6ad768869dc03dee0501740184abddd

SHA1
14fb01469fa4cc1c267af9956fdf2de06f0e6f3e

SHA256
eff7df22435bbf0e7c026bc208f57d537d10557cd0feae0575bd373a555bf254

SHA512
a54bf43577b297b68afc32884f1a26774429aed8b8de447738294f997d8e87cca17d27a75a4e4c5c7c8a2b89fea32d92842cb9265531e9649f4ed4c015e0265d

Download Submit
C:\Windows\System\vhEDZLC.exe

Filesize
2.1MB

MD5
963590fcf4139d62b30eb62b348518a4

SHA1
e8020770ac75bbe4fd9c96aef306bb4f9cc4181b

SHA256
196a721a71fd3d61e2b453330b9ca3273b91fa33e499d0a813108a8258a5f67d

SHA512
ab40db06f4dac6bd0e3af7bbc541f0de634f60079ee4bc37bf553268bb496bc11f6d394c9dec816e961feba078b3e058c6ef90b9867fd781b6fdb0f3f41a79b9

Download Submit
C:\Windows\System\vryjQoc.exe

Filesize
2.1MB

MD5
ef186ae51b8bf39547bb8f1145888d50

SHA1
a9828706b6412f1fcfcf22102aec96ac1fa8768a

SHA256
cf2164ad0685e71f576b158fb939e91a3471d4ce5e6e4156fc2a8564966b7008

SHA512
fb89f06f60afb883f8ff879fce952499ad18395a06e4b5530cb77aab55731299c0ced114a7741d4d15fa241595553dd266aeb14dc846a9aadadae795f7e7dd6c

Download Submit
C:\Windows\System\wvhtezj.exe

Filesize
2.1MB

MD5
0b21deeb16a6bacef49d42635a0f23bf

SHA1
998da61f9ac7a32d2199c8f37869d7930fd099ce

SHA256
7400ca6d0fa73fcd3390a2cbcfbc1fb3e287a762d2adfe66041f53469778b3a1

SHA512
281a5e021fe582795aa2209673f993c876fdf549ceaf8f1bdd5dd8a3bcef263b30b29119b43aee346cef86ce43ff0bc1bb9c4872f905c9e6a52e333ab8104979

Download Submit
C:\Windows\System\xXQyqNC.exe

Filesize
2.1MB

MD5
8fc47dabb6cded8b5081865d108613ed

SHA1
4095848ec88c87ab14b1721dbfe9df64b3a0eed2

SHA256
b1384449c1ba8af4392e4701147977711fc79773b343eed42d8204bdd7cf7884

SHA512
47842e540def4fb1d55cd6a15f9e975cf48504278b5130d230164efe9753ecf8c23f60eda7e20024f9bc683fa2a17a2cf10099dd038a991d6daf7516936f2a30

Download Submit
C:\Windows\System\xkGhKZw.exe

Filesize
2.1MB

MD5
af2cb3cd77032e236dc404898e37607e

SHA1
f92ad23fac0dab682f25ca8e99631668e4846b1e

SHA256
83147ddbee94f4bcb8a3c8a781f9f317b77cb83aa204c815190f1a5717a8ca51

SHA512
c675f4d399251c341c3248e235649d4fbcf75cae23187d4ead037f8b18e64d821af95e370fec5b7026743d27912df89eef8682fabb811e52e18a85c7e805b695

Download Submit
C:\Windows\System\xymmOjJ.exe

Filesize
2.1MB

MD5
eb21b2ae8c53215b58f2b4eb1bc250cf

SHA1
4741f14d41e532384f68e3a7b7a3891540fc9b22

SHA256
be90b48cce0d19954f36ff533dac0fb64721173a7249c42bc50f56f125cd93c7

SHA512
e683d348f69bc9895ac4d47deeb7da22a3826e9fa01c27c327541176d7c6f5bfb5e694b6af4e276a38676b14d57a90b42f2038f1c4f6aa1f3fba7d3ffe9d2b1b

Download Submit
C:\Windows\System\yuyvqEj.exe

Filesize
2.1MB

MD5
9a1b30bed19defeab997ea23472f8ab7

SHA1
f7cf21a64a7754c44503acbfbbea477e12ea47b3

SHA256
e00e85e832568c34864f1ff945682fc227bc56fc9833d239dc1896bafb36ee9e

SHA512
287add3fe26b400c348f0fcd39d855606ffb7ebdb93a24176d4f6e78717cb953da864e253b9bc4083e46f132d2a03610b639161684360799fdb94a3cef71b1d8

Download Submit
memory/464-2114-0x00007FF67C430000-0x00007FF67C784000-memory.dmp

Filesize
3.3MB

Download
memory/464-15-0x00007FF67C430000-0x00007FF67C784000-memory.dmp

Filesize
3.3MB

Download
memory/784-185-0x00007FF6B6620000-0x00007FF6B6974000-memory.dmp

Filesize
3.3MB

Download
memory/784-2136-0x00007FF6B6620000-0x00007FF6B6974000-memory.dmp

Filesize
3.3MB

Download
memory/1760-194-0x00007FF72E630000-0x00007FF72E984000-memory.dmp

Filesize
3.3MB

Download
memory/1760-2122-0x00007FF72E630000-0x00007FF72E984000-memory.dmp

Filesize
3.3MB

Download
memory/1780-2118-0x00007FF6C7B40000-0x00007FF6C7E94000-memory.dmp

Filesize
3.3MB

Download
memory/1780-52-0x00007FF6C7B40000-0x00007FF6C7E94000-memory.dmp

Filesize
3.3MB

Download
memory/1856-59-0x00007FF7154A0000-0x00007FF7157F4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-2117-0x00007FF7154A0000-0x00007FF7157F4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-168-0x00007FF736C60000-0x00007FF736FB4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2134-0x00007FF736C60000-0x00007FF736FB4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2116-0x00007FF71BDE0000-0x00007FF71C134000-memory.dmp

Filesize
3.3MB

Download
memory/2204-44-0x00007FF71BDE0000-0x00007FF71C134000-memory.dmp

Filesize
3.3MB

Download
memory/2256-195-0x00007FF714220000-0x00007FF714574000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2126-0x00007FF714220000-0x00007FF714574000-memory.dmp

Filesize
3.3MB

Download
memory/2336-174-0x00007FF789EF0000-0x00007FF78A244000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2128-0x00007FF789EF0000-0x00007FF78A244000-memory.dmp

Filesize
3.3MB

Download
memory/2340-1-0x000001B136440000-0x000001B136450000-memory.dmp

Filesize
64KB

Download
memory/2340-0-0x00007FF634DB0000-0x00007FF635104000-memory.dmp

Filesize
3.3MB

Download
memory/2968-186-0x00007FF70AA50000-0x00007FF70ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2130-0x00007FF70AA50000-0x00007FF70ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/3104-2137-0x00007FF623760000-0x00007FF623AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3104-191-0x00007FF623760000-0x00007FF623AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2141-0x00007FF65D500000-0x00007FF65D854000-memory.dmp

Filesize
3.3MB

Download
memory/3184-192-0x00007FF65D500000-0x00007FF65D854000-memory.dmp

Filesize
3.3MB

Download
memory/3464-69-0x00007FF797D40000-0x00007FF798094000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2123-0x00007FF797D40000-0x00007FF798094000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2112-0x00007FF797D40000-0x00007FF798094000-memory.dmp

Filesize
3.3MB

Download
memory/3508-61-0x00007FF6FAFD0000-0x00007FF6FB324000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2120-0x00007FF6FAFD0000-0x00007FF6FB324000-memory.dmp

Filesize
3.3MB

Download
memory/3560-196-0x00007FF6E12A0000-0x00007FF6E15F4000-memory.dmp

Filesize
3.3MB

Download
memory/3560-2133-0x00007FF6E12A0000-0x00007FF6E15F4000-memory.dmp

Filesize
3.3MB

Download
memory/3608-2140-0x00007FF7D94D0000-0x00007FF7D9824000-memory.dmp

Filesize
3.3MB

Download
memory/3608-189-0x00007FF7D94D0000-0x00007FF7D9824000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2121-0x00007FF69A6B0000-0x00007FF69AA04000-memory.dmp

Filesize
3.3MB

Download
memory/3636-62-0x00007FF69A6B0000-0x00007FF69AA04000-memory.dmp

Filesize
3.3MB

Download
memory/3824-2119-0x00007FF6775D0000-0x00007FF677924000-memory.dmp

Filesize
3.3MB

Download
memory/3824-49-0x00007FF6775D0000-0x00007FF677924000-memory.dmp

Filesize
3.3MB

Download
memory/3904-2138-0x00007FF60E930000-0x00007FF60EC84000-memory.dmp

Filesize
3.3MB

Download
memory/3904-190-0x00007FF60E930000-0x00007FF60EC84000-memory.dmp

Filesize
3.3MB

Download
memory/3932-193-0x00007FF711D20000-0x00007FF712074000-memory.dmp

Filesize
3.3MB

Download
memory/3932-2125-0x00007FF711D20000-0x00007FF712074000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2127-0x00007FF6A4CB0000-0x00007FF6A5004000-memory.dmp

Filesize
3.3MB

Download
memory/3956-167-0x00007FF6A4CB0000-0x00007FF6A5004000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2131-0x00007FF743410000-0x00007FF743764000-memory.dmp

Filesize
3.3MB

Download
memory/3960-183-0x00007FF743410000-0x00007FF743764000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2124-0x00007FF781870000-0x00007FF781BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4036-112-0x00007FF781870000-0x00007FF781BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4200-197-0x00007FF7C42D0000-0x00007FF7C4624000-memory.dmp

Filesize
3.3MB

Download
memory/4200-2135-0x00007FF7C42D0000-0x00007FF7C4624000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2139-0x00007FF6138B0000-0x00007FF613C04000-memory.dmp

Filesize
3.3MB

Download
memory/4336-188-0x00007FF6138B0000-0x00007FF613C04000-memory.dmp

Filesize
3.3MB

Download
memory/4856-18-0x00007FF6FC3C0000-0x00007FF6FC714000-memory.dmp

Filesize
3.3MB

Download
memory/4856-2113-0x00007FF6FC3C0000-0x00007FF6FC714000-memory.dmp

Filesize
3.3MB

Download
memory/5004-29-0x00007FF733A00000-0x00007FF733D54000-memory.dmp

Filesize
3.3MB

Download
memory/5004-2115-0x00007FF733A00000-0x00007FF733D54000-memory.dmp

Filesize
3.3MB

Download
memory/5008-187-0x00007FF6D5C50000-0x00007FF6D5FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2129-0x00007FF6D5C50000-0x00007FF6D5FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5028-2132-0x00007FF796450000-0x00007FF7967A4000-memory.dmp

Filesize
3.3MB

Download
memory/5028-175-0x00007FF796450000-0x00007FF7967A4000-memory.dmp

Filesize
3.3MB

Download