xmrig | 56d9abd43c8f4c50c51daaca0b9cb9c3898116a3707ec18e4e53458cb6831a58

Analysis

max time kernel
143s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
Size

2.1MB
MD5

a6847108a69d4cf28609ecafe3462ca0
SHA1

9492f9d2fd3a940b4224e920631e8c7af493b95a
SHA256

56d9abd43c8f4c50c51daaca0b9cb9c3898116a3707ec18e4e53458cb6831a58
SHA512

e613e0bc4659482e1690c91208858a015ffa09cba0fba37db5613bcafde2aa539db303f0bc7c9bd4a34c22c0cc7374eb43deb139e8e56295f90f9bba32189681
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICb5Trec2a/1ASmM:BemTLkNdfE0pZru

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2724-0-0x00007FF72EB10000-0x00007FF72EE64000-memory.dmp	xmrig
C:\Windows\System\eUMmahD.exe	xmrig
behavioral2/memory/1016-6-0x00007FF793FD0000-0x00007FF794324000-memory.dmp	xmrig
C:\Windows\System\vpopJys.exe	xmrig
behavioral2/memory/5016-12-0x00007FF6F12E0000-0x00007FF6F1634000-memory.dmp	xmrig
C:\Windows\System\jraakZu.exe	xmrig
C:\Windows\System\VkcoIoA.exe	xmrig
C:\Windows\System\FxXWcEs.exe	xmrig
behavioral2/memory/3416-48-0x00007FF79BE80000-0x00007FF79C1D4000-memory.dmp	xmrig
C:\Windows\System\kIrdXzq.exe	xmrig
C:\Windows\System\naFWPmg.exe	xmrig
C:\Windows\System\CJnLbUg.exe	xmrig
C:\Windows\System\NoDWVdp.exe	xmrig
C:\Windows\System\QwyKGDx.exe	xmrig
C:\Windows\System\fHWooOc.exe	xmrig
C:\Windows\System\iomQqWB.exe	xmrig
behavioral2/memory/2276-569-0x00007FF7DB4B0000-0x00007FF7DB804000-memory.dmp	xmrig
behavioral2/memory/4152-572-0x00007FF702BF0000-0x00007FF702F44000-memory.dmp	xmrig
behavioral2/memory/4860-573-0x00007FF7FA7A0000-0x00007FF7FAAF4000-memory.dmp	xmrig
behavioral2/memory/3896-574-0x00007FF7F9C40000-0x00007FF7F9F94000-memory.dmp	xmrig
behavioral2/memory/400-575-0x00007FF637AC0000-0x00007FF637E14000-memory.dmp	xmrig
behavioral2/memory/3180-577-0x00007FF79DD80000-0x00007FF79E0D4000-memory.dmp	xmrig
behavioral2/memory/3076-578-0x00007FF64C540000-0x00007FF64C894000-memory.dmp	xmrig
behavioral2/memory/4568-579-0x00007FF64D310000-0x00007FF64D664000-memory.dmp	xmrig
behavioral2/memory/4712-582-0x00007FF739E90000-0x00007FF73A1E4000-memory.dmp	xmrig
behavioral2/memory/1376-591-0x00007FF7FFBB0000-0x00007FF7FFF04000-memory.dmp	xmrig
behavioral2/memory/3368-598-0x00007FF728960000-0x00007FF728CB4000-memory.dmp	xmrig
behavioral2/memory/1624-615-0x00007FF6EEEA0000-0x00007FF6EF1F4000-memory.dmp	xmrig
behavioral2/memory/1644-623-0x00007FF6C1600000-0x00007FF6C1954000-memory.dmp	xmrig
behavioral2/memory/1716-612-0x00007FF7DB220000-0x00007FF7DB574000-memory.dmp	xmrig
behavioral2/memory/2740-608-0x00007FF74BFA0000-0x00007FF74C2F4000-memory.dmp	xmrig
behavioral2/memory/2724-2083-0x00007FF72EB10000-0x00007FF72EE64000-memory.dmp	xmrig
behavioral2/memory/3144-605-0x00007FF621820000-0x00007FF621B74000-memory.dmp	xmrig
behavioral2/memory/2656-595-0x00007FF70F1B0000-0x00007FF70F504000-memory.dmp	xmrig
behavioral2/memory/1756-581-0x00007FF68D100000-0x00007FF68D454000-memory.dmp	xmrig
behavioral2/memory/4740-580-0x00007FF79B700000-0x00007FF79BA54000-memory.dmp	xmrig
behavioral2/memory/3776-576-0x00007FF7D29D0000-0x00007FF7D2D24000-memory.dmp	xmrig
behavioral2/memory/1460-571-0x00007FF780B20000-0x00007FF780E74000-memory.dmp	xmrig
behavioral2/memory/1076-570-0x00007FF7EB0F0000-0x00007FF7EB444000-memory.dmp	xmrig
behavioral2/memory/1396-568-0x00007FF62DCC0000-0x00007FF62E014000-memory.dmp	xmrig
C:\Windows\System\KizFSgm.exe	xmrig
C:\Windows\System\ztEokXW.exe	xmrig
C:\Windows\System\eRhHwCs.exe	xmrig
C:\Windows\System\bovzoDq.exe	xmrig
C:\Windows\System\azAxncb.exe	xmrig
C:\Windows\System\WwMakfU.exe	xmrig
C:\Windows\System\MghPZgs.exe	xmrig
C:\Windows\System\ftbiwkJ.exe	xmrig
C:\Windows\System\IOTEgXd.exe	xmrig
C:\Windows\System\fuMZzAs.exe	xmrig
C:\Windows\System\piynBcT.exe	xmrig
C:\Windows\System\QuxbzIa.exe	xmrig
C:\Windows\System\ZufnYGb.exe	xmrig
C:\Windows\System\HAZcoli.exe	xmrig
C:\Windows\System\jHMqYAC.exe	xmrig
C:\Windows\System\phwzPJH.exe	xmrig
C:\Windows\System\WPgNzVA.exe	xmrig
behavioral2/memory/1356-54-0x00007FF6E4A00000-0x00007FF6E4D54000-memory.dmp	xmrig
C:\Windows\System\IVZeZJP.exe	xmrig
behavioral2/memory/2492-50-0x00007FF7A4F70000-0x00007FF7A52C4000-memory.dmp	xmrig
behavioral2/memory/4848-49-0x00007FF7D3560000-0x00007FF7D38B4000-memory.dmp	xmrig
C:\Windows\System\VeaASVH.exe	xmrig
C:\Windows\System\zlobUaa.exe	xmrig
C:\Windows\System\wQmbOFB.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

eUMmahD.exevpopJys.exejraakZu.exeVkcoIoA.exewQmbOFB.exezlobUaa.exeFxXWcEs.exeVeaASVH.exeIVZeZJP.exekIrdXzq.exenaFWPmg.exeWPgNzVA.exeCJnLbUg.exephwzPJH.exeNoDWVdp.exejHMqYAC.exeHAZcoli.exeZufnYGb.exeQuxbzIa.exepiynBcT.exefuMZzAs.exeQwyKGDx.exeIOTEgXd.exefHWooOc.exeftbiwkJ.exeMghPZgs.exeWwMakfU.exeazAxncb.exebovzoDq.exeeRhHwCs.exeKizFSgm.exeztEokXW.exeiomQqWB.exelgSahry.exeXdasvvy.exefqbrfvE.exeTGWytNG.exefewyXQq.exeOLciETH.exepDZdqJN.exekUYGYsg.exexgdjlkq.exemWlGXDI.exeHQkEtCk.exehMVRrre.exeeDAnuAo.exeMPhpeER.exePVNhHlQ.exePNGbHSy.exewMAydWx.exexMHBAxg.exeYYysVbN.exeULTFjvj.exelxmDRlr.exeoJCxaGA.exeEsXjUcB.exemuvxYJt.exeeSVmEeV.exeueXKZWZ.exeomIwefW.exeGCXrZFw.exeSMHZCxy.exeNYsKLqA.exeeVwBEWn.exe

pid	process
1016	eUMmahD.exe
5016	vpopJys.exe
3416	jraakZu.exe
4848	VkcoIoA.exe
2492	wQmbOFB.exe
1356	zlobUaa.exe
1396	FxXWcEs.exe
2276	VeaASVH.exe
1076	IVZeZJP.exe
1644	kIrdXzq.exe
1460	naFWPmg.exe
4152	WPgNzVA.exe
4860	CJnLbUg.exe
3896	phwzPJH.exe
400	NoDWVdp.exe
3776	jHMqYAC.exe
3180	HAZcoli.exe
3076	ZufnYGb.exe
4568	QuxbzIa.exe
4740	piynBcT.exe
1756	fuMZzAs.exe
4712	QwyKGDx.exe
1376	IOTEgXd.exe
2656	fHWooOc.exe
3368	ftbiwkJ.exe
3144	MghPZgs.exe
2740	WwMakfU.exe
1716	azAxncb.exe
1624	bovzoDq.exe
4208	eRhHwCs.exe
2360	KizFSgm.exe
3756	ztEokXW.exe
1304	iomQqWB.exe
4916	lgSahry.exe
3480	Xdasvvy.exe
1956	fqbrfvE.exe
3256	TGWytNG.exe
1664	fewyXQq.exe
860	OLciETH.exe
5112	pDZdqJN.exe
4048	kUYGYsg.exe
848	xgdjlkq.exe
1232	mWlGXDI.exe
1068	HQkEtCk.exe
4580	hMVRrre.exe
2216	eDAnuAo.exe
4384	MPhpeER.exe
776	PVNhHlQ.exe
4380	PNGbHSy.exe
5108	wMAydWx.exe
4664	xMHBAxg.exe
4496	YYysVbN.exe
2912	ULTFjvj.exe
2252	lxmDRlr.exe
2220	oJCxaGA.exe
4604	EsXjUcB.exe
3604	muvxYJt.exe
3200	eSVmEeV.exe
2552	ueXKZWZ.exe
2112	omIwefW.exe
4356	GCXrZFw.exe
4476	SMHZCxy.exe
4504	NYsKLqA.exe
3552	eVwBEWn.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2724-0-0x00007FF72EB10000-0x00007FF72EE64000-memory.dmp	upx
C:\Windows\System\eUMmahD.exe	upx
behavioral2/memory/1016-6-0x00007FF793FD0000-0x00007FF794324000-memory.dmp	upx
C:\Windows\System\vpopJys.exe	upx
behavioral2/memory/5016-12-0x00007FF6F12E0000-0x00007FF6F1634000-memory.dmp	upx
C:\Windows\System\jraakZu.exe	upx
C:\Windows\System\VkcoIoA.exe	upx
C:\Windows\System\FxXWcEs.exe	upx
behavioral2/memory/3416-48-0x00007FF79BE80000-0x00007FF79C1D4000-memory.dmp	upx
C:\Windows\System\kIrdXzq.exe	upx
C:\Windows\System\naFWPmg.exe	upx
C:\Windows\System\CJnLbUg.exe	upx
C:\Windows\System\NoDWVdp.exe	upx
C:\Windows\System\QwyKGDx.exe	upx
C:\Windows\System\fHWooOc.exe	upx
C:\Windows\System\iomQqWB.exe	upx
behavioral2/memory/2276-569-0x00007FF7DB4B0000-0x00007FF7DB804000-memory.dmp	upx
behavioral2/memory/4152-572-0x00007FF702BF0000-0x00007FF702F44000-memory.dmp	upx
behavioral2/memory/4860-573-0x00007FF7FA7A0000-0x00007FF7FAAF4000-memory.dmp	upx
behavioral2/memory/3896-574-0x00007FF7F9C40000-0x00007FF7F9F94000-memory.dmp	upx
behavioral2/memory/400-575-0x00007FF637AC0000-0x00007FF637E14000-memory.dmp	upx
behavioral2/memory/3180-577-0x00007FF79DD80000-0x00007FF79E0D4000-memory.dmp	upx
behavioral2/memory/3076-578-0x00007FF64C540000-0x00007FF64C894000-memory.dmp	upx
behavioral2/memory/4568-579-0x00007FF64D310000-0x00007FF64D664000-memory.dmp	upx
behavioral2/memory/4712-582-0x00007FF739E90000-0x00007FF73A1E4000-memory.dmp	upx
behavioral2/memory/1376-591-0x00007FF7FFBB0000-0x00007FF7FFF04000-memory.dmp	upx
behavioral2/memory/3368-598-0x00007FF728960000-0x00007FF728CB4000-memory.dmp	upx
behavioral2/memory/1624-615-0x00007FF6EEEA0000-0x00007FF6EF1F4000-memory.dmp	upx
behavioral2/memory/1644-623-0x00007FF6C1600000-0x00007FF6C1954000-memory.dmp	upx
behavioral2/memory/1716-612-0x00007FF7DB220000-0x00007FF7DB574000-memory.dmp	upx
behavioral2/memory/2740-608-0x00007FF74BFA0000-0x00007FF74C2F4000-memory.dmp	upx
behavioral2/memory/2724-2083-0x00007FF72EB10000-0x00007FF72EE64000-memory.dmp	upx
behavioral2/memory/3144-605-0x00007FF621820000-0x00007FF621B74000-memory.dmp	upx
behavioral2/memory/2656-595-0x00007FF70F1B0000-0x00007FF70F504000-memory.dmp	upx
behavioral2/memory/1756-581-0x00007FF68D100000-0x00007FF68D454000-memory.dmp	upx
behavioral2/memory/4740-580-0x00007FF79B700000-0x00007FF79BA54000-memory.dmp	upx
behavioral2/memory/3776-576-0x00007FF7D29D0000-0x00007FF7D2D24000-memory.dmp	upx
behavioral2/memory/1460-571-0x00007FF780B20000-0x00007FF780E74000-memory.dmp	upx
behavioral2/memory/1076-570-0x00007FF7EB0F0000-0x00007FF7EB444000-memory.dmp	upx
behavioral2/memory/1396-568-0x00007FF62DCC0000-0x00007FF62E014000-memory.dmp	upx
C:\Windows\System\KizFSgm.exe	upx
C:\Windows\System\ztEokXW.exe	upx
C:\Windows\System\eRhHwCs.exe	upx
C:\Windows\System\bovzoDq.exe	upx
C:\Windows\System\azAxncb.exe	upx
C:\Windows\System\WwMakfU.exe	upx
C:\Windows\System\MghPZgs.exe	upx
C:\Windows\System\ftbiwkJ.exe	upx
C:\Windows\System\IOTEgXd.exe	upx
C:\Windows\System\fuMZzAs.exe	upx
C:\Windows\System\piynBcT.exe	upx
C:\Windows\System\QuxbzIa.exe	upx
C:\Windows\System\ZufnYGb.exe	upx
C:\Windows\System\HAZcoli.exe	upx
C:\Windows\System\jHMqYAC.exe	upx
C:\Windows\System\phwzPJH.exe	upx
C:\Windows\System\WPgNzVA.exe	upx
behavioral2/memory/1356-54-0x00007FF6E4A00000-0x00007FF6E4D54000-memory.dmp	upx
C:\Windows\System\IVZeZJP.exe	upx
behavioral2/memory/2492-50-0x00007FF7A4F70000-0x00007FF7A52C4000-memory.dmp	upx
behavioral2/memory/4848-49-0x00007FF7D3560000-0x00007FF7D38B4000-memory.dmp	upx
C:\Windows\System\VeaASVH.exe	upx
C:\Windows\System\zlobUaa.exe	upx
C:\Windows\System\wQmbOFB.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\YYysVbN.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\oJCxaGA.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\nQkslFw.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\tdMijEs.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\tjdeJxm.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\HINczGZ.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\aTRMOyy.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\TGbLhKQ.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\phCYFIl.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\OyEEoSM.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\mMOmfmn.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\yjfkKWO.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\VeaASVH.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\MghPZgs.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\pStNGuA.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\ZjRgUle.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\rrrpcwA.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\kEqwipb.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\bDSpZAs.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\hzbPZHm.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\AeOnLnB.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\etosbon.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\Sweagvf.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\IVZeZJP.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\MPhpeER.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\XydYIhV.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\ntFeaBz.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\xIDsdkC.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\Giddwzk.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\GEtAcgf.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\bfJPgTL.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\MAQyUsQ.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\BRrKDsT.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\WwMakfU.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\LvIXvjL.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\LLtoObq.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\AoXiyjV.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\TXbGCBV.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\iNGWChN.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\mBtnQKp.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\tvMvPno.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\MkLcgUS.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\flJWZaf.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\tVwanNf.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\uUYdlMj.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\GPqnoVw.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\zORArzK.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\wPsFTAb.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\tvDBuCE.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\oEyCwnN.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\eVwBEWn.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\YGtJMWz.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\roLFoRz.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\bITPKtA.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\owCFDsc.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\PBuRyrq.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\sBVFalP.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\RFdymSk.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\PVNhHlQ.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\XGAHCUW.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\mCafPjT.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\iIqFVgX.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\yXTQuls.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
File created	C:\Windows\System\suVuhfb.exe	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	14960	dwm.exe
Token: SeChangeNotifyPrivilege	14960	dwm.exe
Token: 33	14960	dwm.exe
Token: SeIncBasePriorityPrivilege	14960	dwm.exe
Token: SeShutdownPrivilege	14960	dwm.exe
Token: SeCreatePagefilePrivilege	14960	dwm.exe
Token: SeShutdownPrivilege	14960	dwm.exe
Token: SeCreatePagefilePrivilege	14960	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe

description	pid	process	target process
PID 2724 wrote to memory of 1016	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	eUMmahD.exe
PID 2724 wrote to memory of 1016	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	eUMmahD.exe
PID 2724 wrote to memory of 5016	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	vpopJys.exe
PID 2724 wrote to memory of 5016	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	vpopJys.exe
PID 2724 wrote to memory of 3416	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	jraakZu.exe
PID 2724 wrote to memory of 3416	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	jraakZu.exe
PID 2724 wrote to memory of 4848	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	VkcoIoA.exe
PID 2724 wrote to memory of 4848	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	VkcoIoA.exe
PID 2724 wrote to memory of 2492	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	wQmbOFB.exe
PID 2724 wrote to memory of 2492	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	wQmbOFB.exe
PID 2724 wrote to memory of 1356	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	zlobUaa.exe
PID 2724 wrote to memory of 1356	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	zlobUaa.exe
PID 2724 wrote to memory of 1396	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	FxXWcEs.exe
PID 2724 wrote to memory of 1396	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	FxXWcEs.exe
PID 2724 wrote to memory of 2276	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	VeaASVH.exe
PID 2724 wrote to memory of 2276	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	VeaASVH.exe
PID 2724 wrote to memory of 1076	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	IVZeZJP.exe
PID 2724 wrote to memory of 1076	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	IVZeZJP.exe
PID 2724 wrote to memory of 1644	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	kIrdXzq.exe
PID 2724 wrote to memory of 1644	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	kIrdXzq.exe
PID 2724 wrote to memory of 1460	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	naFWPmg.exe
PID 2724 wrote to memory of 1460	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	naFWPmg.exe
PID 2724 wrote to memory of 4152	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	WPgNzVA.exe
PID 2724 wrote to memory of 4152	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	WPgNzVA.exe
PID 2724 wrote to memory of 4860	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	CJnLbUg.exe
PID 2724 wrote to memory of 4860	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	CJnLbUg.exe
PID 2724 wrote to memory of 3896	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	phwzPJH.exe
PID 2724 wrote to memory of 3896	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	phwzPJH.exe
PID 2724 wrote to memory of 400	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	NoDWVdp.exe
PID 2724 wrote to memory of 400	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	NoDWVdp.exe
PID 2724 wrote to memory of 3776	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	jHMqYAC.exe
PID 2724 wrote to memory of 3776	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	jHMqYAC.exe
PID 2724 wrote to memory of 3180	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	HAZcoli.exe
PID 2724 wrote to memory of 3180	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	HAZcoli.exe
PID 2724 wrote to memory of 3076	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	ZufnYGb.exe
PID 2724 wrote to memory of 3076	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	ZufnYGb.exe
PID 2724 wrote to memory of 4568	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	QuxbzIa.exe
PID 2724 wrote to memory of 4568	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	QuxbzIa.exe
PID 2724 wrote to memory of 4740	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	piynBcT.exe
PID 2724 wrote to memory of 4740	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	piynBcT.exe
PID 2724 wrote to memory of 1756	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	fuMZzAs.exe
PID 2724 wrote to memory of 1756	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	fuMZzAs.exe
PID 2724 wrote to memory of 4712	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	QwyKGDx.exe
PID 2724 wrote to memory of 4712	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	QwyKGDx.exe
PID 2724 wrote to memory of 1376	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	IOTEgXd.exe
PID 2724 wrote to memory of 1376	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	IOTEgXd.exe
PID 2724 wrote to memory of 2656	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	fHWooOc.exe
PID 2724 wrote to memory of 2656	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	fHWooOc.exe
PID 2724 wrote to memory of 3368	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	ftbiwkJ.exe
PID 2724 wrote to memory of 3368	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	ftbiwkJ.exe
PID 2724 wrote to memory of 3144	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	MghPZgs.exe
PID 2724 wrote to memory of 3144	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	MghPZgs.exe
PID 2724 wrote to memory of 2740	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	WwMakfU.exe
PID 2724 wrote to memory of 2740	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	WwMakfU.exe
PID 2724 wrote to memory of 1716	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	azAxncb.exe
PID 2724 wrote to memory of 1716	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	azAxncb.exe
PID 2724 wrote to memory of 1624	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	bovzoDq.exe
PID 2724 wrote to memory of 1624	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	bovzoDq.exe
PID 2724 wrote to memory of 4208	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	eRhHwCs.exe
PID 2724 wrote to memory of 4208	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	eRhHwCs.exe
PID 2724 wrote to memory of 2360	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	KizFSgm.exe
PID 2724 wrote to memory of 2360	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	KizFSgm.exe
PID 2724 wrote to memory of 3756	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	ztEokXW.exe
PID 2724 wrote to memory of 3756	2724	a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe	ztEokXW.exe

C:\Users\Admin\AppData\Local\Temp\a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a6847108a69d4cf28609ecafe3462ca0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\System\eUMmahD.exe
  C:\Windows\System\eUMmahD.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\vpopJys.exe
  C:\Windows\System\vpopJys.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\jraakZu.exe
  C:\Windows\System\jraakZu.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\VkcoIoA.exe
  C:\Windows\System\VkcoIoA.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\wQmbOFB.exe
  C:\Windows\System\wQmbOFB.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\zlobUaa.exe
  C:\Windows\System\zlobUaa.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\FxXWcEs.exe
  C:\Windows\System\FxXWcEs.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\VeaASVH.exe
  C:\Windows\System\VeaASVH.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\IVZeZJP.exe
  C:\Windows\System\IVZeZJP.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\kIrdXzq.exe
  C:\Windows\System\kIrdXzq.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\naFWPmg.exe
  C:\Windows\System\naFWPmg.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\WPgNzVA.exe
  C:\Windows\System\WPgNzVA.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\CJnLbUg.exe
  C:\Windows\System\CJnLbUg.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\phwzPJH.exe
  C:\Windows\System\phwzPJH.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\NoDWVdp.exe
  C:\Windows\System\NoDWVdp.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\jHMqYAC.exe
  C:\Windows\System\jHMqYAC.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\HAZcoli.exe
  C:\Windows\System\HAZcoli.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\ZufnYGb.exe
  C:\Windows\System\ZufnYGb.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\QuxbzIa.exe
  C:\Windows\System\QuxbzIa.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\piynBcT.exe
  C:\Windows\System\piynBcT.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\fuMZzAs.exe
  C:\Windows\System\fuMZzAs.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\QwyKGDx.exe
  C:\Windows\System\QwyKGDx.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\IOTEgXd.exe
  C:\Windows\System\IOTEgXd.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\fHWooOc.exe
  C:\Windows\System\fHWooOc.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\ftbiwkJ.exe
  C:\Windows\System\ftbiwkJ.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\MghPZgs.exe
  C:\Windows\System\MghPZgs.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\WwMakfU.exe
  C:\Windows\System\WwMakfU.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\azAxncb.exe
  C:\Windows\System\azAxncb.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\bovzoDq.exe
  C:\Windows\System\bovzoDq.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\eRhHwCs.exe
  C:\Windows\System\eRhHwCs.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\KizFSgm.exe
  C:\Windows\System\KizFSgm.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\ztEokXW.exe
  C:\Windows\System\ztEokXW.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\iomQqWB.exe
  C:\Windows\System\iomQqWB.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\lgSahry.exe
  C:\Windows\System\lgSahry.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\Xdasvvy.exe
  C:\Windows\System\Xdasvvy.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\fqbrfvE.exe
  C:\Windows\System\fqbrfvE.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\TGWytNG.exe
  C:\Windows\System\TGWytNG.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\fewyXQq.exe
  C:\Windows\System\fewyXQq.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\OLciETH.exe
  C:\Windows\System\OLciETH.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\pDZdqJN.exe
  C:\Windows\System\pDZdqJN.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\kUYGYsg.exe
  C:\Windows\System\kUYGYsg.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\xgdjlkq.exe
  C:\Windows\System\xgdjlkq.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\mWlGXDI.exe
  C:\Windows\System\mWlGXDI.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\HQkEtCk.exe
  C:\Windows\System\HQkEtCk.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\hMVRrre.exe
  C:\Windows\System\hMVRrre.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\eDAnuAo.exe
  C:\Windows\System\eDAnuAo.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\MPhpeER.exe
  C:\Windows\System\MPhpeER.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\PVNhHlQ.exe
  C:\Windows\System\PVNhHlQ.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\PNGbHSy.exe
  C:\Windows\System\PNGbHSy.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\wMAydWx.exe
  C:\Windows\System\wMAydWx.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\xMHBAxg.exe
  C:\Windows\System\xMHBAxg.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\YYysVbN.exe
  C:\Windows\System\YYysVbN.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\ULTFjvj.exe
  C:\Windows\System\ULTFjvj.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\lxmDRlr.exe
  C:\Windows\System\lxmDRlr.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\oJCxaGA.exe
  C:\Windows\System\oJCxaGA.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\EsXjUcB.exe
  C:\Windows\System\EsXjUcB.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\muvxYJt.exe
  C:\Windows\System\muvxYJt.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\eSVmEeV.exe
  C:\Windows\System\eSVmEeV.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\ueXKZWZ.exe
  C:\Windows\System\ueXKZWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\omIwefW.exe
  C:\Windows\System\omIwefW.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\GCXrZFw.exe
  C:\Windows\System\GCXrZFw.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\SMHZCxy.exe
  C:\Windows\System\SMHZCxy.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\NYsKLqA.exe
  C:\Windows\System\NYsKLqA.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\eVwBEWn.exe
  C:\Windows\System\eVwBEWn.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\bSjqTIM.exe
  C:\Windows\System\bSjqTIM.exe
  2⤵
  PID:2888
- C:\Windows\System\Zzxwnfl.exe
  C:\Windows\System\Zzxwnfl.exe
  2⤵
  PID:2940
- C:\Windows\System\tThdzDc.exe
  C:\Windows\System\tThdzDc.exe
  2⤵
  PID:780
- C:\Windows\System\ulndXWo.exe
  C:\Windows\System\ulndXWo.exe
  2⤵
  PID:4632
- C:\Windows\System\rHCJADH.exe
  C:\Windows\System\rHCJADH.exe
  2⤵
  PID:4968
- C:\Windows\System\ZcIZveL.exe
  C:\Windows\System\ZcIZveL.exe
  2⤵
  PID:4028
- C:\Windows\System\XydYIhV.exe
  C:\Windows\System\XydYIhV.exe
  2⤵
  PID:1284
- C:\Windows\System\tDbWylN.exe
  C:\Windows\System\tDbWylN.exe
  2⤵
  PID:1336
- C:\Windows\System\hsRlKow.exe
  C:\Windows\System\hsRlKow.exe
  2⤵
  PID:2744
- C:\Windows\System\qqAdtkI.exe
  C:\Windows\System\qqAdtkI.exe
  2⤵
  PID:4032
- C:\Windows\System\mBtnQKp.exe
  C:\Windows\System\mBtnQKp.exe
  2⤵
  PID:2568
- C:\Windows\System\womZTCg.exe
  C:\Windows\System\womZTCg.exe
  2⤵
  PID:2976
- C:\Windows\System\SXDABdA.exe
  C:\Windows\System\SXDABdA.exe
  2⤵
  PID:2860
- C:\Windows\System\GEtAcgf.exe
  C:\Windows\System\GEtAcgf.exe
  2⤵
  PID:5160
- C:\Windows\System\NQBCqFk.exe
  C:\Windows\System\NQBCqFk.exe
  2⤵
  PID:5184
- C:\Windows\System\nfDjAgl.exe
  C:\Windows\System\nfDjAgl.exe
  2⤵
  PID:5200
- C:\Windows\System\NRhYfVV.exe
  C:\Windows\System\NRhYfVV.exe
  2⤵
  PID:5224
- C:\Windows\System\iwbkpvW.exe
  C:\Windows\System\iwbkpvW.exe
  2⤵
  PID:5252
- C:\Windows\System\FYTwQLk.exe
  C:\Windows\System\FYTwQLk.exe
  2⤵
  PID:5272
- C:\Windows\System\aaUmFky.exe
  C:\Windows\System\aaUmFky.exe
  2⤵
  PID:5300
- C:\Windows\System\ItccHRb.exe
  C:\Windows\System\ItccHRb.exe
  2⤵
  PID:5328
- C:\Windows\System\UhQJbEE.exe
  C:\Windows\System\UhQJbEE.exe
  2⤵
  PID:5356
- C:\Windows\System\GbnvbaV.exe
  C:\Windows\System\GbnvbaV.exe
  2⤵
  PID:5384
- C:\Windows\System\atAEuhQ.exe
  C:\Windows\System\atAEuhQ.exe
  2⤵
  PID:5416
- C:\Windows\System\GPqnoVw.exe
  C:\Windows\System\GPqnoVw.exe
  2⤵
  PID:5440
- C:\Windows\System\lDdDbJK.exe
  C:\Windows\System\lDdDbJK.exe
  2⤵
  PID:5468
- C:\Windows\System\IJzGdIV.exe
  C:\Windows\System\IJzGdIV.exe
  2⤵
  PID:5496
- C:\Windows\System\ozBLnjG.exe
  C:\Windows\System\ozBLnjG.exe
  2⤵
  PID:5520
- C:\Windows\System\pjRbKHs.exe
  C:\Windows\System\pjRbKHs.exe
  2⤵
  PID:5548
- C:\Windows\System\GLMqdPn.exe
  C:\Windows\System\GLMqdPn.exe
  2⤵
  PID:5576
- C:\Windows\System\IQKSupr.exe
  C:\Windows\System\IQKSupr.exe
  2⤵
  PID:5604
- C:\Windows\System\hgwCFKk.exe
  C:\Windows\System\hgwCFKk.exe
  2⤵
  PID:5636
- C:\Windows\System\xCBfZtw.exe
  C:\Windows\System\xCBfZtw.exe
  2⤵
  PID:5660
- C:\Windows\System\mxdAHid.exe
  C:\Windows\System\mxdAHid.exe
  2⤵
  PID:5688
- C:\Windows\System\kgKMuxD.exe
  C:\Windows\System\kgKMuxD.exe
  2⤵
  PID:5716
- C:\Windows\System\OhLHxpI.exe
  C:\Windows\System\OhLHxpI.exe
  2⤵
  PID:5744
- C:\Windows\System\bzFJkro.exe
  C:\Windows\System\bzFJkro.exe
  2⤵
  PID:5776
- C:\Windows\System\XIdwwgN.exe
  C:\Windows\System\XIdwwgN.exe
  2⤵
  PID:5800
- C:\Windows\System\gdFdgeL.exe
  C:\Windows\System\gdFdgeL.exe
  2⤵
  PID:5832
- C:\Windows\System\VRDfSZB.exe
  C:\Windows\System\VRDfSZB.exe
  2⤵
  PID:5860
- C:\Windows\System\IMHihVc.exe
  C:\Windows\System\IMHihVc.exe
  2⤵
  PID:5888
- C:\Windows\System\gLtJZcx.exe
  C:\Windows\System\gLtJZcx.exe
  2⤵
  PID:5912
- C:\Windows\System\aTRMOyy.exe
  C:\Windows\System\aTRMOyy.exe
  2⤵
  PID:5944
- C:\Windows\System\ZhEdqxw.exe
  C:\Windows\System\ZhEdqxw.exe
  2⤵
  PID:5968
- C:\Windows\System\AmuGyJg.exe
  C:\Windows\System\AmuGyJg.exe
  2⤵
  PID:5996
- C:\Windows\System\uvHWRsf.exe
  C:\Windows\System\uvHWRsf.exe
  2⤵
  PID:6028
- C:\Windows\System\yKTdyPx.exe
  C:\Windows\System\yKTdyPx.exe
  2⤵
  PID:6052
- C:\Windows\System\gCcQEgh.exe
  C:\Windows\System\gCcQEgh.exe
  2⤵
  PID:6080
- C:\Windows\System\nsWmZdr.exe
  C:\Windows\System\nsWmZdr.exe
  2⤵
  PID:6112
- C:\Windows\System\XGAHCUW.exe
  C:\Windows\System\XGAHCUW.exe
  2⤵
  PID:6140
- C:\Windows\System\quPOwpA.exe
  C:\Windows\System\quPOwpA.exe
  2⤵
  PID:2304
- C:\Windows\System\XMBKgbt.exe
  C:\Windows\System\XMBKgbt.exe
  2⤵
  PID:4332
- C:\Windows\System\dUfbhjy.exe
  C:\Windows\System\dUfbhjy.exe
  2⤵
  PID:3696
- C:\Windows\System\CNcZQtP.exe
  C:\Windows\System\CNcZQtP.exe
  2⤵
  PID:1512
- C:\Windows\System\VnBmGPY.exe
  C:\Windows\System\VnBmGPY.exe
  2⤵
  PID:5124
- C:\Windows\System\GWysDQM.exe
  C:\Windows\System\GWysDQM.exe
  2⤵
  PID:5196
- C:\Windows\System\RZAjdMj.exe
  C:\Windows\System\RZAjdMj.exe
  2⤵
  PID:5268
- C:\Windows\System\hvMAUmn.exe
  C:\Windows\System\hvMAUmn.exe
  2⤵
  PID:5340
- C:\Windows\System\ttlBwxm.exe
  C:\Windows\System\ttlBwxm.exe
  2⤵
  PID:5396
- C:\Windows\System\BfzbqoE.exe
  C:\Windows\System\BfzbqoE.exe
  2⤵
  PID:5456
- C:\Windows\System\LhSTSBw.exe
  C:\Windows\System\LhSTSBw.exe
  2⤵
  PID:5536
- C:\Windows\System\pTUhUbI.exe
  C:\Windows\System\pTUhUbI.exe
  2⤵
  PID:5596
- C:\Windows\System\RmPFyje.exe
  C:\Windows\System\RmPFyje.exe
  2⤵
  PID:5652
- C:\Windows\System\YSAJIHE.exe
  C:\Windows\System\YSAJIHE.exe
  2⤵
  PID:5712
- C:\Windows\System\TGbLhKQ.exe
  C:\Windows\System\TGbLhKQ.exe
  2⤵
  PID:5788
- C:\Windows\System\oruOxCO.exe
  C:\Windows\System\oruOxCO.exe
  2⤵
  PID:5848
- C:\Windows\System\oyblvFK.exe
  C:\Windows\System\oyblvFK.exe
  2⤵
  PID:5908
- C:\Windows\System\ijDUYPa.exe
  C:\Windows\System\ijDUYPa.exe
  2⤵
  PID:5964
- C:\Windows\System\fOMDlXC.exe
  C:\Windows\System\fOMDlXC.exe
  2⤵
  PID:6044
- C:\Windows\System\OwtWTFn.exe
  C:\Windows\System\OwtWTFn.exe
  2⤵
  PID:6124
- C:\Windows\System\lZgoZyN.exe
  C:\Windows\System\lZgoZyN.exe
  2⤵
  PID:4488
- C:\Windows\System\MkeENGp.exe
  C:\Windows\System\MkeENGp.exe
  2⤵
  PID:2272
- C:\Windows\System\htWvcvP.exe
  C:\Windows\System\htWvcvP.exe
  2⤵
  PID:5192
- C:\Windows\System\FeglLLY.exe
  C:\Windows\System\FeglLLY.exe
  2⤵
  PID:5368
- C:\Windows\System\OksHlUH.exe
  C:\Windows\System\OksHlUH.exe
  2⤵
  PID:5488
- C:\Windows\System\CbVApTA.exe
  C:\Windows\System\CbVApTA.exe
  2⤵
  PID:5624
- C:\Windows\System\TVJGUnl.exe
  C:\Windows\System\TVJGUnl.exe
  2⤵
  PID:5764
- C:\Windows\System\FMGcDGy.exe
  C:\Windows\System\FMGcDGy.exe
  2⤵
  PID:5900
- C:\Windows\System\FWPZFsp.exe
  C:\Windows\System\FWPZFsp.exe
  2⤵
  PID:6016
- C:\Windows\System\UpBUHWu.exe
  C:\Windows\System\UpBUHWu.exe
  2⤵
  PID:6100
- C:\Windows\System\ULeGTUX.exe
  C:\Windows\System\ULeGTUX.exe
  2⤵
  PID:2576
- C:\Windows\System\stFuadV.exe
  C:\Windows\System\stFuadV.exe
  2⤵
  PID:1332
- C:\Windows\System\pqQlwfz.exe
  C:\Windows\System\pqQlwfz.exe
  2⤵
  PID:6168
- C:\Windows\System\KBQEaEk.exe
  C:\Windows\System\KBQEaEk.exe
  2⤵
  PID:6200
- C:\Windows\System\yYbsOEv.exe
  C:\Windows\System\yYbsOEv.exe
  2⤵
  PID:6228
- C:\Windows\System\rcmuVse.exe
  C:\Windows\System\rcmuVse.exe
  2⤵
  PID:6256
- C:\Windows\System\LJwFEls.exe
  C:\Windows\System\LJwFEls.exe
  2⤵
  PID:6284
- C:\Windows\System\TbhVtxC.exe
  C:\Windows\System\TbhVtxC.exe
  2⤵
  PID:6312
- C:\Windows\System\VnJyhVi.exe
  C:\Windows\System\VnJyhVi.exe
  2⤵
  PID:6340
- C:\Windows\System\YNDrJrh.exe
  C:\Windows\System\YNDrJrh.exe
  2⤵
  PID:6376
- C:\Windows\System\IiIHWWa.exe
  C:\Windows\System\IiIHWWa.exe
  2⤵
  PID:6396
- C:\Windows\System\gZGzhyc.exe
  C:\Windows\System\gZGzhyc.exe
  2⤵
  PID:6424
- C:\Windows\System\wZpLPkb.exe
  C:\Windows\System\wZpLPkb.exe
  2⤵
  PID:6452
- C:\Windows\System\QmLXnjl.exe
  C:\Windows\System\QmLXnjl.exe
  2⤵
  PID:6480
- C:\Windows\System\aQZJnAi.exe
  C:\Windows\System\aQZJnAi.exe
  2⤵
  PID:6508
- C:\Windows\System\oWnNbWd.exe
  C:\Windows\System\oWnNbWd.exe
  2⤵
  PID:6536
- C:\Windows\System\DERfqbB.exe
  C:\Windows\System\DERfqbB.exe
  2⤵
  PID:6564
- C:\Windows\System\gZHTIxR.exe
  C:\Windows\System\gZHTIxR.exe
  2⤵
  PID:6596
- C:\Windows\System\eXJApET.exe
  C:\Windows\System\eXJApET.exe
  2⤵
  PID:6620
- C:\Windows\System\AJoZAqA.exe
  C:\Windows\System\AJoZAqA.exe
  2⤵
  PID:6648
- C:\Windows\System\UUbZAFH.exe
  C:\Windows\System\UUbZAFH.exe
  2⤵
  PID:6676
- C:\Windows\System\mCafPjT.exe
  C:\Windows\System\mCafPjT.exe
  2⤵
  PID:6700
- C:\Windows\System\qEiOeRu.exe
  C:\Windows\System\qEiOeRu.exe
  2⤵
  PID:6732
- C:\Windows\System\WtzRFDj.exe
  C:\Windows\System\WtzRFDj.exe
  2⤵
  PID:6888
- C:\Windows\System\MhatMhX.exe
  C:\Windows\System\MhatMhX.exe
  2⤵
  PID:6912
- C:\Windows\System\xVwbAFY.exe
  C:\Windows\System\xVwbAFY.exe
  2⤵
  PID:6940
- C:\Windows\System\DrnLtuk.exe
  C:\Windows\System\DrnLtuk.exe
  2⤵
  PID:6956
- C:\Windows\System\iIqFVgX.exe
  C:\Windows\System\iIqFVgX.exe
  2⤵
  PID:7012
- C:\Windows\System\bfJPgTL.exe
  C:\Windows\System\bfJPgTL.exe
  2⤵
  PID:7040
- C:\Windows\System\mAvmFYe.exe
  C:\Windows\System\mAvmFYe.exe
  2⤵
  PID:7064
- C:\Windows\System\jWJCwSA.exe
  C:\Windows\System\jWJCwSA.exe
  2⤵
  PID:7096
- C:\Windows\System\fCRbZcZ.exe
  C:\Windows\System\fCRbZcZ.exe
  2⤵
  PID:7120
- C:\Windows\System\rZbDscB.exe
  C:\Windows\System\rZbDscB.exe
  2⤵
  PID:7148
- C:\Windows\System\UuHtCag.exe
  C:\Windows\System\UuHtCag.exe
  2⤵
  PID:1180
- C:\Windows\System\kEZLAtR.exe
  C:\Windows\System\kEZLAtR.exe
  2⤵
  PID:6156
- C:\Windows\System\dExnczA.exe
  C:\Windows\System\dExnczA.exe
  2⤵
  PID:608
- C:\Windows\System\ooNIiAi.exe
  C:\Windows\System\ooNIiAi.exe
  2⤵
  PID:6192
- C:\Windows\System\TqSdOoL.exe
  C:\Windows\System\TqSdOoL.exe
  2⤵
  PID:6240
- C:\Windows\System\KhgxMAR.exe
  C:\Windows\System\KhgxMAR.exe
  2⤵
  PID:6268
- C:\Windows\System\VToddEg.exe
  C:\Windows\System\VToddEg.exe
  2⤵
  PID:6300
- C:\Windows\System\QKBLzOh.exe
  C:\Windows\System\QKBLzOh.exe
  2⤵
  PID:6352
- C:\Windows\System\JvSurOG.exe
  C:\Windows\System\JvSurOG.exe
  2⤵
  PID:6388
- C:\Windows\System\WPlMfdH.exe
  C:\Windows\System\WPlMfdH.exe
  2⤵
  PID:6472
- C:\Windows\System\phCYFIl.exe
  C:\Windows\System\phCYFIl.exe
  2⤵
  PID:6560
- C:\Windows\System\xOLcXje.exe
  C:\Windows\System\xOLcXje.exe
  2⤵
  PID:3648
- C:\Windows\System\rmOzvtR.exe
  C:\Windows\System\rmOzvtR.exe
  2⤵
  PID:2300
- C:\Windows\System\UwLzGWi.exe
  C:\Windows\System\UwLzGWi.exe
  2⤵
  PID:1064
- C:\Windows\System\MZaeTyK.exe
  C:\Windows\System\MZaeTyK.exe
  2⤵
  PID:6952
- C:\Windows\System\bzzXdbW.exe
  C:\Windows\System\bzzXdbW.exe
  2⤵
  PID:1056
- C:\Windows\System\GuZZyek.exe
  C:\Windows\System\GuZZyek.exe
  2⤵
  PID:3296
- C:\Windows\System\NwfFyJe.exe
  C:\Windows\System\NwfFyJe.exe
  2⤵
  PID:1696
- C:\Windows\System\bpIFyQP.exe
  C:\Windows\System\bpIFyQP.exe
  2⤵
  PID:6980
- C:\Windows\System\CYBArtN.exe
  C:\Windows\System\CYBArtN.exe
  2⤵
  PID:7116
- C:\Windows\System\jufgtUu.exe
  C:\Windows\System\jufgtUu.exe
  2⤵
  PID:680
- C:\Windows\System\OkrvQaf.exe
  C:\Windows\System\OkrvQaf.exe
  2⤵
  PID:6164
- C:\Windows\System\MAQyUsQ.exe
  C:\Windows\System\MAQyUsQ.exe
  2⤵
  PID:4072
- C:\Windows\System\MzknbYp.exe
  C:\Windows\System\MzknbYp.exe
  2⤵
  PID:6276
- C:\Windows\System\SSndJyH.exe
  C:\Windows\System\SSndJyH.exe
  2⤵
  PID:6468
- C:\Windows\System\FBBkSWh.exe
  C:\Windows\System\FBBkSWh.exe
  2⤵
  PID:6696
- C:\Windows\System\LqhIdrB.exe
  C:\Windows\System\LqhIdrB.exe
  2⤵
  PID:6588
- C:\Windows\System\pVajxiz.exe
  C:\Windows\System\pVajxiz.exe
  2⤵
  PID:4636
- C:\Windows\System\ppYhsLT.exe
  C:\Windows\System\ppYhsLT.exe
  2⤵
  PID:1832
- C:\Windows\System\AlJBGqd.exe
  C:\Windows\System\AlJBGqd.exe
  2⤵
  PID:7028
- C:\Windows\System\gbSByJr.exe
  C:\Windows\System\gbSByJr.exe
  2⤵
  PID:5708
- C:\Windows\System\hKLCpSr.exe
  C:\Windows\System\hKLCpSr.exe
  2⤵
  PID:6220
- C:\Windows\System\QFVUaoB.exe
  C:\Windows\System\QFVUaoB.exe
  2⤵
  PID:6548
- C:\Windows\System\OzIFAkK.exe
  C:\Windows\System\OzIFAkK.exe
  2⤵
  PID:4124
- C:\Windows\System\SAsLtnM.exe
  C:\Windows\System\SAsLtnM.exe
  2⤵
  PID:6372
- C:\Windows\System\Bloopvz.exe
  C:\Windows\System\Bloopvz.exe
  2⤵
  PID:872
- C:\Windows\System\ybclJHC.exe
  C:\Windows\System\ybclJHC.exe
  2⤵
  PID:7180
- C:\Windows\System\vctRiPx.exe
  C:\Windows\System\vctRiPx.exe
  2⤵
  PID:7208
- C:\Windows\System\NYtHbao.exe
  C:\Windows\System\NYtHbao.exe
  2⤵
  PID:7248
- C:\Windows\System\Tkwzlxb.exe
  C:\Windows\System\Tkwzlxb.exe
  2⤵
  PID:7268
- C:\Windows\System\tvMvPno.exe
  C:\Windows\System\tvMvPno.exe
  2⤵
  PID:7300
- C:\Windows\System\KlcjnxD.exe
  C:\Windows\System\KlcjnxD.exe
  2⤵
  PID:7348
- C:\Windows\System\lLktkHY.exe
  C:\Windows\System\lLktkHY.exe
  2⤵
  PID:7380
- C:\Windows\System\ZeXwraT.exe
  C:\Windows\System\ZeXwraT.exe
  2⤵
  PID:7424
- C:\Windows\System\PjHOAKZ.exe
  C:\Windows\System\PjHOAKZ.exe
  2⤵
  PID:7472
- C:\Windows\System\XltyTzj.exe
  C:\Windows\System\XltyTzj.exe
  2⤵
  PID:7500
- C:\Windows\System\lTBgrTg.exe
  C:\Windows\System\lTBgrTg.exe
  2⤵
  PID:7536
- C:\Windows\System\ITCKlwV.exe
  C:\Windows\System\ITCKlwV.exe
  2⤵
  PID:7564
- C:\Windows\System\lQDmVVl.exe
  C:\Windows\System\lQDmVVl.exe
  2⤵
  PID:7596
- C:\Windows\System\ZRqUYYp.exe
  C:\Windows\System\ZRqUYYp.exe
  2⤵
  PID:7624
- C:\Windows\System\KjRldRK.exe
  C:\Windows\System\KjRldRK.exe
  2⤵
  PID:7656
- C:\Windows\System\DPDJCdi.exe
  C:\Windows\System\DPDJCdi.exe
  2⤵
  PID:7688
- C:\Windows\System\QmIBksL.exe
  C:\Windows\System\QmIBksL.exe
  2⤵
  PID:7720
- C:\Windows\System\PtDOSbo.exe
  C:\Windows\System\PtDOSbo.exe
  2⤵
  PID:7744
- C:\Windows\System\ttbfcpR.exe
  C:\Windows\System\ttbfcpR.exe
  2⤵
  PID:7772
- C:\Windows\System\bDSpZAs.exe
  C:\Windows\System\bDSpZAs.exe
  2⤵
  PID:7804
- C:\Windows\System\rTydsSN.exe
  C:\Windows\System\rTydsSN.exe
  2⤵
  PID:7844
- C:\Windows\System\eGHuvUH.exe
  C:\Windows\System\eGHuvUH.exe
  2⤵
  PID:7860
- C:\Windows\System\QoEimZQ.exe
  C:\Windows\System\QoEimZQ.exe
  2⤵
  PID:7888
- C:\Windows\System\BjYBRjz.exe
  C:\Windows\System\BjYBRjz.exe
  2⤵
  PID:7932
- C:\Windows\System\BVjVSri.exe
  C:\Windows\System\BVjVSri.exe
  2⤵
  PID:7952
- C:\Windows\System\QvYeoYF.exe
  C:\Windows\System\QvYeoYF.exe
  2⤵
  PID:7980
- C:\Windows\System\ntFeaBz.exe
  C:\Windows\System\ntFeaBz.exe
  2⤵
  PID:8024
- C:\Windows\System\faJeJBv.exe
  C:\Windows\System\faJeJBv.exe
  2⤵
  PID:8040
- C:\Windows\System\DCNXyqK.exe
  C:\Windows\System\DCNXyqK.exe
  2⤵
  PID:8072
- C:\Windows\System\MEKQATn.exe
  C:\Windows\System\MEKQATn.exe
  2⤵
  PID:8104
- C:\Windows\System\LuhhRde.exe
  C:\Windows\System\LuhhRde.exe
  2⤵
  PID:8136
- C:\Windows\System\JzyivSr.exe
  C:\Windows\System\JzyivSr.exe
  2⤵
  PID:8160
- C:\Windows\System\HMlTJPo.exe
  C:\Windows\System\HMlTJPo.exe
  2⤵
  PID:6724
- C:\Windows\System\adYuDDO.exe
  C:\Windows\System\adYuDDO.exe
  2⤵
  PID:7228
- C:\Windows\System\qktSvmY.exe
  C:\Windows\System\qktSvmY.exe
  2⤵
  PID:7336
- C:\Windows\System\OLbVrat.exe
  C:\Windows\System\OLbVrat.exe
  2⤵
  PID:7404
- C:\Windows\System\miWUHRZ.exe
  C:\Windows\System\miWUHRZ.exe
  2⤵
  PID:7496
- C:\Windows\System\QkMyZTR.exe
  C:\Windows\System\QkMyZTR.exe
  2⤵
  PID:7580
- C:\Windows\System\ecSbRLh.exe
  C:\Windows\System\ecSbRLh.exe
  2⤵
  PID:7648
- C:\Windows\System\VjrAYCg.exe
  C:\Windows\System\VjrAYCg.exe
  2⤵
  PID:7712
- C:\Windows\System\aLgUEOo.exe
  C:\Windows\System\aLgUEOo.exe
  2⤵
  PID:7784
- C:\Windows\System\zPrwsZd.exe
  C:\Windows\System\zPrwsZd.exe
  2⤵
  PID:7824
- C:\Windows\System\iYPLBFN.exe
  C:\Windows\System\iYPLBFN.exe
  2⤵
  PID:7388
- C:\Windows\System\fxgkegf.exe
  C:\Windows\System\fxgkegf.exe
  2⤵
  PID:7876
- C:\Windows\System\ZVaEjTz.exe
  C:\Windows\System\ZVaEjTz.exe
  2⤵
  PID:7972
- C:\Windows\System\DNaRgCt.exe
  C:\Windows\System\DNaRgCt.exe
  2⤵
  PID:8032
- C:\Windows\System\mhSMmTO.exe
  C:\Windows\System\mhSMmTO.exe
  2⤵
  PID:8116
- C:\Windows\System\hlBOrDc.exe
  C:\Windows\System\hlBOrDc.exe
  2⤵
  PID:7060
- C:\Windows\System\LkVpotY.exe
  C:\Windows\System\LkVpotY.exe
  2⤵
  PID:7372
- C:\Windows\System\cpzwkyg.exe
  C:\Windows\System\cpzwkyg.exe
  2⤵
  PID:7680
- C:\Windows\System\xnIpzDl.exe
  C:\Windows\System\xnIpzDl.exe
  2⤵
  PID:7852
- C:\Windows\System\YlqgJFW.exe
  C:\Windows\System\YlqgJFW.exe
  2⤵
  PID:7944
- C:\Windows\System\NRApaqs.exe
  C:\Windows\System\NRApaqs.exe
  2⤵
  PID:8096
- C:\Windows\System\pStNGuA.exe
  C:\Windows\System\pStNGuA.exe
  2⤵
  PID:7256
- C:\Windows\System\oSBDjWe.exe
  C:\Windows\System\oSBDjWe.exe
  2⤵
  PID:6808
- C:\Windows\System\SFilfmF.exe
  C:\Windows\System\SFilfmF.exe
  2⤵
  PID:8204
- C:\Windows\System\IwvVKMb.exe
  C:\Windows\System\IwvVKMb.exe
  2⤵
  PID:8232
- C:\Windows\System\vcJEgHT.exe
  C:\Windows\System\vcJEgHT.exe
  2⤵
  PID:8252
- C:\Windows\System\NvSaBJl.exe
  C:\Windows\System\NvSaBJl.exe
  2⤵
  PID:8284
- C:\Windows\System\HyhsZrZ.exe
  C:\Windows\System\HyhsZrZ.exe
  2⤵
  PID:8324
- C:\Windows\System\lxUuKQq.exe
  C:\Windows\System\lxUuKQq.exe
  2⤵
  PID:8368
- C:\Windows\System\tHXqXGS.exe
  C:\Windows\System\tHXqXGS.exe
  2⤵
  PID:8404
- C:\Windows\System\OIEllJP.exe
  C:\Windows\System\OIEllJP.exe
  2⤵
  PID:8432
- C:\Windows\System\CahsUfo.exe
  C:\Windows\System\CahsUfo.exe
  2⤵
  PID:8476
- C:\Windows\System\MccunlB.exe
  C:\Windows\System\MccunlB.exe
  2⤵
  PID:8504
- C:\Windows\System\TskEqMQ.exe
  C:\Windows\System\TskEqMQ.exe
  2⤵
  PID:8536
- C:\Windows\System\FQfYRUa.exe
  C:\Windows\System\FQfYRUa.exe
  2⤵
  PID:8556
- C:\Windows\System\petqhTy.exe
  C:\Windows\System\petqhTy.exe
  2⤵
  PID:8580
- C:\Windows\System\LvIXvjL.exe
  C:\Windows\System\LvIXvjL.exe
  2⤵
  PID:8608
- C:\Windows\System\BcfwXRN.exe
  C:\Windows\System\BcfwXRN.exe
  2⤵
  PID:8632
- C:\Windows\System\YHOVxAE.exe
  C:\Windows\System\YHOVxAE.exe
  2⤵
  PID:8652
- C:\Windows\System\YGtJMWz.exe
  C:\Windows\System\YGtJMWz.exe
  2⤵
  PID:8672
- C:\Windows\System\NEYglwn.exe
  C:\Windows\System\NEYglwn.exe
  2⤵
  PID:8704
- C:\Windows\System\cTdxvJr.exe
  C:\Windows\System\cTdxvJr.exe
  2⤵
  PID:8748
- C:\Windows\System\vYVnoVe.exe
  C:\Windows\System\vYVnoVe.exe
  2⤵
  PID:8792
- C:\Windows\System\SvzrJoH.exe
  C:\Windows\System\SvzrJoH.exe
  2⤵
  PID:8820
- C:\Windows\System\KKSVKjO.exe
  C:\Windows\System\KKSVKjO.exe
  2⤵
  PID:8848
- C:\Windows\System\nhiMiiL.exe
  C:\Windows\System\nhiMiiL.exe
  2⤵
  PID:8864
- C:\Windows\System\ERLXgcb.exe
  C:\Windows\System\ERLXgcb.exe
  2⤵
  PID:8880
- C:\Windows\System\MyCdhuf.exe
  C:\Windows\System\MyCdhuf.exe
  2⤵
  PID:8896
- C:\Windows\System\CjiVyRO.exe
  C:\Windows\System\CjiVyRO.exe
  2⤵
  PID:8956
- C:\Windows\System\ciOMbrU.exe
  C:\Windows\System\ciOMbrU.exe
  2⤵
  PID:9016
- C:\Windows\System\BbcGXxc.exe
  C:\Windows\System\BbcGXxc.exe
  2⤵
  PID:9060
- C:\Windows\System\myzQjOw.exe
  C:\Windows\System\myzQjOw.exe
  2⤵
  PID:9088
- C:\Windows\System\eDPrrlZ.exe
  C:\Windows\System\eDPrrlZ.exe
  2⤵
  PID:9112
- C:\Windows\System\zZbFliC.exe
  C:\Windows\System\zZbFliC.exe
  2⤵
  PID:9144
- C:\Windows\System\oVeaUek.exe
  C:\Windows\System\oVeaUek.exe
  2⤵
  PID:9172
- C:\Windows\System\UCoPPMD.exe
  C:\Windows\System\UCoPPMD.exe
  2⤵
  PID:9208
- C:\Windows\System\cEgqpVq.exe
  C:\Windows\System\cEgqpVq.exe
  2⤵
  PID:8260
- C:\Windows\System\pBUEptV.exe
  C:\Windows\System\pBUEptV.exe
  2⤵
  PID:8312
- C:\Windows\System\dvABWcl.exe
  C:\Windows\System\dvABWcl.exe
  2⤵
  PID:8416
- C:\Windows\System\CpwAEin.exe
  C:\Windows\System\CpwAEin.exe
  2⤵
  PID:8468
- C:\Windows\System\jdCZxrl.exe
  C:\Windows\System\jdCZxrl.exe
  2⤵
  PID:8520
- C:\Windows\System\qomRXip.exe
  C:\Windows\System\qomRXip.exe
  2⤵
  PID:8624
- C:\Windows\System\sJuaVPS.exe
  C:\Windows\System\sJuaVPS.exe
  2⤵
  PID:8684
- C:\Windows\System\nWdAghw.exe
  C:\Windows\System\nWdAghw.exe
  2⤵
  PID:8788
- C:\Windows\System\jnpjJVt.exe
  C:\Windows\System\jnpjJVt.exe
  2⤵
  PID:8840
- C:\Windows\System\epwyzpE.exe
  C:\Windows\System\epwyzpE.exe
  2⤵
  PID:8936
- C:\Windows\System\xPxIURh.exe
  C:\Windows\System\xPxIURh.exe
  2⤵
  PID:8992
- C:\Windows\System\kOSuUCz.exe
  C:\Windows\System\kOSuUCz.exe
  2⤵
  PID:9100
- C:\Windows\System\VkeXVEx.exe
  C:\Windows\System\VkeXVEx.exe
  2⤵
  PID:9164
- C:\Windows\System\EQednqE.exe
  C:\Windows\System\EQednqE.exe
  2⤵
  PID:6984
- C:\Windows\System\hYrszeA.exe
  C:\Windows\System\hYrszeA.exe
  2⤵
  PID:8424
- C:\Windows\System\ifZBoSi.exe
  C:\Windows\System\ifZBoSi.exe
  2⤵
  PID:8616
- C:\Windows\System\fGbSbpm.exe
  C:\Windows\System\fGbSbpm.exe
  2⤵
  PID:8760
- C:\Windows\System\SAoaQKH.exe
  C:\Windows\System\SAoaQKH.exe
  2⤵
  PID:8892
- C:\Windows\System\RivovmY.exe
  C:\Windows\System\RivovmY.exe
  2⤵
  PID:9140
- C:\Windows\System\WIeAdLP.exe
  C:\Windows\System\WIeAdLP.exe
  2⤵
  PID:8400
- C:\Windows\System\RjCnHpy.exe
  C:\Windows\System\RjCnHpy.exe
  2⤵
  PID:8724
- C:\Windows\System\fCbJyAa.exe
  C:\Windows\System\fCbJyAa.exe
  2⤵
  PID:9204
- C:\Windows\System\CHUiIxA.exe
  C:\Windows\System\CHUiIxA.exe
  2⤵
  PID:9084
- C:\Windows\System\HRjMoKF.exe
  C:\Windows\System\HRjMoKF.exe
  2⤵
  PID:9228
- C:\Windows\System\nQkslFw.exe
  C:\Windows\System\nQkslFw.exe
  2⤵
  PID:9256
- C:\Windows\System\tvrOesM.exe
  C:\Windows\System\tvrOesM.exe
  2⤵
  PID:9284
- C:\Windows\System\wZDLGbC.exe
  C:\Windows\System\wZDLGbC.exe
  2⤵
  PID:9304
- C:\Windows\System\rRhkccR.exe
  C:\Windows\System\rRhkccR.exe
  2⤵
  PID:9340
- C:\Windows\System\GqzdusR.exe
  C:\Windows\System\GqzdusR.exe
  2⤵
  PID:9368
- C:\Windows\System\Wqwpmbo.exe
  C:\Windows\System\Wqwpmbo.exe
  2⤵
  PID:9396
- C:\Windows\System\xAaMiIZ.exe
  C:\Windows\System\xAaMiIZ.exe
  2⤵
  PID:9424
- C:\Windows\System\QkgbgTn.exe
  C:\Windows\System\QkgbgTn.exe
  2⤵
  PID:9452
- C:\Windows\System\vDCbanu.exe
  C:\Windows\System\vDCbanu.exe
  2⤵
  PID:9480
- C:\Windows\System\eBFdIYV.exe
  C:\Windows\System\eBFdIYV.exe
  2⤵
  PID:9504
- C:\Windows\System\fnknjKf.exe
  C:\Windows\System\fnknjKf.exe
  2⤵
  PID:9528
- C:\Windows\System\EDUZmTX.exe
  C:\Windows\System\EDUZmTX.exe
  2⤵
  PID:9568
- C:\Windows\System\AviwZSA.exe
  C:\Windows\System\AviwZSA.exe
  2⤵
  PID:9596
- C:\Windows\System\KicseJz.exe
  C:\Windows\System\KicseJz.exe
  2⤵
  PID:9612
- C:\Windows\System\JJGlPPt.exe
  C:\Windows\System\JJGlPPt.exe
  2⤵
  PID:9652
- C:\Windows\System\ZmfYSBu.exe
  C:\Windows\System\ZmfYSBu.exe
  2⤵
  PID:9680
- C:\Windows\System\iqsevij.exe
  C:\Windows\System\iqsevij.exe
  2⤵
  PID:9708
- C:\Windows\System\vRSwnsK.exe
  C:\Windows\System\vRSwnsK.exe
  2⤵
  PID:9736
- C:\Windows\System\uyzheEx.exe
  C:\Windows\System\uyzheEx.exe
  2⤵
  PID:9764
- C:\Windows\System\TtmUUho.exe
  C:\Windows\System\TtmUUho.exe
  2⤵
  PID:9792
- C:\Windows\System\vfTTwNX.exe
  C:\Windows\System\vfTTwNX.exe
  2⤵
  PID:9820
- C:\Windows\System\GGohbuY.exe
  C:\Windows\System\GGohbuY.exe
  2⤵
  PID:9840
- C:\Windows\System\wAloXsx.exe
  C:\Windows\System\wAloXsx.exe
  2⤵
  PID:9868
- C:\Windows\System\ASpKgCc.exe
  C:\Windows\System\ASpKgCc.exe
  2⤵
  PID:9904
- C:\Windows\System\qblXxxJ.exe
  C:\Windows\System\qblXxxJ.exe
  2⤵
  PID:9932
- C:\Windows\System\QOOyiLy.exe
  C:\Windows\System\QOOyiLy.exe
  2⤵
  PID:9968
- C:\Windows\System\fnIeAYa.exe
  C:\Windows\System\fnIeAYa.exe
  2⤵
  PID:9996
- C:\Windows\System\bdRCePU.exe
  C:\Windows\System\bdRCePU.exe
  2⤵
  PID:10024
- C:\Windows\System\yXTQuls.exe
  C:\Windows\System\yXTQuls.exe
  2⤵
  PID:10052
- C:\Windows\System\GZFkEVu.exe
  C:\Windows\System\GZFkEVu.exe
  2⤵
  PID:10080
- C:\Windows\System\pFRMdqC.exe
  C:\Windows\System\pFRMdqC.exe
  2⤵
  PID:10108
- C:\Windows\System\ujPFPMr.exe
  C:\Windows\System\ujPFPMr.exe
  2⤵
  PID:10136
- C:\Windows\System\gxGbGNX.exe
  C:\Windows\System\gxGbGNX.exe
  2⤵
  PID:10164
- C:\Windows\System\VBgMmzD.exe
  C:\Windows\System\VBgMmzD.exe
  2⤵
  PID:10192
- C:\Windows\System\blFcBxD.exe
  C:\Windows\System\blFcBxD.exe
  2⤵
  PID:10220
- C:\Windows\System\NrgJbDH.exe
  C:\Windows\System\NrgJbDH.exe
  2⤵
  PID:9080
- C:\Windows\System\sfiyRNv.exe
  C:\Windows\System\sfiyRNv.exe
  2⤵
  PID:9320
- C:\Windows\System\pSkzLKu.exe
  C:\Windows\System\pSkzLKu.exe
  2⤵
  PID:9356
- C:\Windows\System\ZjRgUle.exe
  C:\Windows\System\ZjRgUle.exe
  2⤵
  PID:9392
- C:\Windows\System\RNEFnZt.exe
  C:\Windows\System\RNEFnZt.exe
  2⤵
  PID:9464
- C:\Windows\System\TAytOis.exe
  C:\Windows\System\TAytOis.exe
  2⤵
  PID:9540
- C:\Windows\System\BRIYsdT.exe
  C:\Windows\System\BRIYsdT.exe
  2⤵
  PID:9592
- C:\Windows\System\gAWsaPk.exe
  C:\Windows\System\gAWsaPk.exe
  2⤵
  PID:9640
- C:\Windows\System\tVXLUeZ.exe
  C:\Windows\System\tVXLUeZ.exe
  2⤵
  PID:9700
- C:\Windows\System\dHJnNZF.exe
  C:\Windows\System\dHJnNZF.exe
  2⤵
  PID:9756
- C:\Windows\System\ViUaiZI.exe
  C:\Windows\System\ViUaiZI.exe
  2⤵
  PID:9848
- C:\Windows\System\GZTRScd.exe
  C:\Windows\System\GZTRScd.exe
  2⤵
  PID:9924
- C:\Windows\System\GLPqARi.exe
  C:\Windows\System\GLPqARi.exe
  2⤵
  PID:9984
- C:\Windows\System\zENRHVU.exe
  C:\Windows\System\zENRHVU.exe
  2⤵
  PID:10044
- C:\Windows\System\arhLWTe.exe
  C:\Windows\System\arhLWTe.exe
  2⤵
  PID:10104
- C:\Windows\System\VuDZyFj.exe
  C:\Windows\System\VuDZyFj.exe
  2⤵
  PID:10156
- C:\Windows\System\GdZsTyM.exe
  C:\Windows\System\GdZsTyM.exe
  2⤵
  PID:10232
- C:\Windows\System\mFjhEUK.exe
  C:\Windows\System\mFjhEUK.exe
  2⤵
  PID:6840
- C:\Windows\System\KYTMFdr.exe
  C:\Windows\System\KYTMFdr.exe
  2⤵
  PID:9440
- C:\Windows\System\VhcoKrd.exe
  C:\Windows\System\VhcoKrd.exe
  2⤵
  PID:9524
- C:\Windows\System\GOfGUvV.exe
  C:\Windows\System\GOfGUvV.exe
  2⤵
  PID:9608
- C:\Windows\System\BRrKDsT.exe
  C:\Windows\System\BRrKDsT.exe
  2⤵
  PID:9892
- C:\Windows\System\suVuhfb.exe
  C:\Windows\System\suVuhfb.exe
  2⤵
  PID:10020
- C:\Windows\System\arxFpwo.exe
  C:\Windows\System\arxFpwo.exe
  2⤵
  PID:10212
- C:\Windows\System\dYAGdSl.exe
  C:\Windows\System\dYAGdSl.exe
  2⤵
  PID:9696
- C:\Windows\System\DcVivYa.exe
  C:\Windows\System\DcVivYa.exe
  2⤵
  PID:1684
- C:\Windows\System\hBstQfb.exe
  C:\Windows\System\hBstQfb.exe
  2⤵
  PID:6852
- C:\Windows\System\RJKVnbE.exe
  C:\Windows\System\RJKVnbE.exe
  2⤵
  PID:6800
- C:\Windows\System\qsUGEvW.exe
  C:\Windows\System\qsUGEvW.exe
  2⤵
  PID:10248
- C:\Windows\System\roLFoRz.exe
  C:\Windows\System\roLFoRz.exe
  2⤵
  PID:10280
- C:\Windows\System\JiljORO.exe
  C:\Windows\System\JiljORO.exe
  2⤵
  PID:10308
- C:\Windows\System\taNpQEM.exe
  C:\Windows\System\taNpQEM.exe
  2⤵
  PID:10336
- C:\Windows\System\NCQaMzH.exe
  C:\Windows\System\NCQaMzH.exe
  2⤵
  PID:10364
- C:\Windows\System\gjKRjin.exe
  C:\Windows\System\gjKRjin.exe
  2⤵
  PID:10404
- C:\Windows\System\ZxRyxRY.exe
  C:\Windows\System\ZxRyxRY.exe
  2⤵
  PID:10424
- C:\Windows\System\ZGsqztL.exe
  C:\Windows\System\ZGsqztL.exe
  2⤵
  PID:10452
- C:\Windows\System\PSxZZCL.exe
  C:\Windows\System\PSxZZCL.exe
  2⤵
  PID:10480
- C:\Windows\System\BsOjoeb.exe
  C:\Windows\System\BsOjoeb.exe
  2⤵
  PID:10508
- C:\Windows\System\oHVEijs.exe
  C:\Windows\System\oHVEijs.exe
  2⤵
  PID:10524
- C:\Windows\System\fWhEFEG.exe
  C:\Windows\System\fWhEFEG.exe
  2⤵
  PID:10564
- C:\Windows\System\hufLFLj.exe
  C:\Windows\System\hufLFLj.exe
  2⤵
  PID:10592
- C:\Windows\System\dVrioUq.exe
  C:\Windows\System\dVrioUq.exe
  2⤵
  PID:10608
- C:\Windows\System\ogcZBGw.exe
  C:\Windows\System\ogcZBGw.exe
  2⤵
  PID:10648
- C:\Windows\System\IYffDLV.exe
  C:\Windows\System\IYffDLV.exe
  2⤵
  PID:10676
- C:\Windows\System\ONhksQE.exe
  C:\Windows\System\ONhksQE.exe
  2⤵
  PID:10704
- C:\Windows\System\jJNfkjT.exe
  C:\Windows\System\jJNfkjT.exe
  2⤵
  PID:10728
- C:\Windows\System\iziWWvX.exe
  C:\Windows\System\iziWWvX.exe
  2⤵
  PID:10748
- C:\Windows\System\KhvXbQt.exe
  C:\Windows\System\KhvXbQt.exe
  2⤵
  PID:10788
- C:\Windows\System\ZmEjTZQ.exe
  C:\Windows\System\ZmEjTZQ.exe
  2⤵
  PID:10820
- C:\Windows\System\paQYwYo.exe
  C:\Windows\System\paQYwYo.exe
  2⤵
  PID:10848
- C:\Windows\System\wrMmusE.exe
  C:\Windows\System\wrMmusE.exe
  2⤵
  PID:10876
- C:\Windows\System\zORArzK.exe
  C:\Windows\System\zORArzK.exe
  2⤵
  PID:10912
- C:\Windows\System\CxjTrwe.exe
  C:\Windows\System\CxjTrwe.exe
  2⤵
  PID:10940
- C:\Windows\System\fzvAGqN.exe
  C:\Windows\System\fzvAGqN.exe
  2⤵
  PID:10968
- C:\Windows\System\knEKSHI.exe
  C:\Windows\System\knEKSHI.exe
  2⤵
  PID:11000
- C:\Windows\System\BOddkFu.exe
  C:\Windows\System\BOddkFu.exe
  2⤵
  PID:11028
- C:\Windows\System\bITPKtA.exe
  C:\Windows\System\bITPKtA.exe
  2⤵
  PID:11056
- C:\Windows\System\vYAzixO.exe
  C:\Windows\System\vYAzixO.exe
  2⤵
  PID:11084
- C:\Windows\System\msLESQJ.exe
  C:\Windows\System\msLESQJ.exe
  2⤵
  PID:11112
- C:\Windows\System\CuwKXko.exe
  C:\Windows\System\CuwKXko.exe
  2⤵
  PID:11140
- C:\Windows\System\awTpVzt.exe
  C:\Windows\System\awTpVzt.exe
  2⤵
  PID:11168
- C:\Windows\System\WohTzUf.exe
  C:\Windows\System\WohTzUf.exe
  2⤵
  PID:11196
- C:\Windows\System\JowmmWR.exe
  C:\Windows\System\JowmmWR.exe
  2⤵
  PID:11224
- C:\Windows\System\WKkPrDT.exe
  C:\Windows\System\WKkPrDT.exe
  2⤵
  PID:11252
- C:\Windows\System\bgywckE.exe
  C:\Windows\System\bgywckE.exe
  2⤵
  PID:10272
- C:\Windows\System\nVbULGd.exe
  C:\Windows\System\nVbULGd.exe
  2⤵
  PID:10332
- C:\Windows\System\xDVTkyH.exe
  C:\Windows\System\xDVTkyH.exe
  2⤵
  PID:6824
- C:\Windows\System\lChwOwX.exe
  C:\Windows\System\lChwOwX.exe
  2⤵
  PID:10448
- C:\Windows\System\TuKzUgG.exe
  C:\Windows\System\TuKzUgG.exe
  2⤵
  PID:10516
- C:\Windows\System\ptUeYHU.exe
  C:\Windows\System\ptUeYHU.exe
  2⤵
  PID:10600
- C:\Windows\System\hhhmEcU.exe
  C:\Windows\System\hhhmEcU.exe
  2⤵
  PID:10664
- C:\Windows\System\ldGPqoH.exe
  C:\Windows\System\ldGPqoH.exe
  2⤵
  PID:10724
- C:\Windows\System\jmChSNT.exe
  C:\Windows\System\jmChSNT.exe
  2⤵
  PID:10784
- C:\Windows\System\oVLxTEl.exe
  C:\Windows\System\oVLxTEl.exe
  2⤵
  PID:10864
- C:\Windows\System\WEScsub.exe
  C:\Windows\System\WEScsub.exe
  2⤵
  PID:1500
- C:\Windows\System\KSiWgkD.exe
  C:\Windows\System\KSiWgkD.exe
  2⤵
  PID:10960
- C:\Windows\System\UgwxnKw.exe
  C:\Windows\System\UgwxnKw.exe
  2⤵
  PID:11012
- C:\Windows\System\KtyKfFm.exe
  C:\Windows\System\KtyKfFm.exe
  2⤵
  PID:11096
- C:\Windows\System\RmjyykO.exe
  C:\Windows\System\RmjyykO.exe
  2⤵
  PID:11160
- C:\Windows\System\XvTryaB.exe
  C:\Windows\System\XvTryaB.exe
  2⤵
  PID:11220
- C:\Windows\System\PKlpcsk.exe
  C:\Windows\System\PKlpcsk.exe
  2⤵
  PID:10244
- C:\Windows\System\YCkUGxP.exe
  C:\Windows\System\YCkUGxP.exe
  2⤵
  PID:10384
- C:\Windows\System\BWeviuD.exe
  C:\Windows\System\BWeviuD.exe
  2⤵
  PID:10492
- C:\Windows\System\owCFDsc.exe
  C:\Windows\System\owCFDsc.exe
  2⤵
  PID:10688
- C:\Windows\System\mJCbfRx.exe
  C:\Windows\System\mJCbfRx.exe
  2⤵
  PID:10840
- C:\Windows\System\OxHxJGO.exe
  C:\Windows\System\OxHxJGO.exe
  2⤵
  PID:1872
- C:\Windows\System\etnRsrx.exe
  C:\Windows\System\etnRsrx.exe
  2⤵
  PID:11128
- C:\Windows\System\sEtnDbJ.exe
  C:\Windows\System\sEtnDbJ.exe
  2⤵
  PID:11248
- C:\Windows\System\fdrCUYy.exe
  C:\Windows\System\fdrCUYy.exe
  2⤵
  PID:10504
- C:\Windows\System\rETGnkz.exe
  C:\Windows\System\rETGnkz.exe
  2⤵
  PID:10908
- C:\Windows\System\MwmOlws.exe
  C:\Windows\System\MwmOlws.exe
  2⤵
  PID:11192
- C:\Windows\System\EsKTskY.exe
  C:\Windows\System\EsKTskY.exe
  2⤵
  PID:10780
- C:\Windows\System\PfLBjAf.exe
  C:\Windows\System\PfLBjAf.exe
  2⤵
  PID:10496
- C:\Windows\System\GiEccUw.exe
  C:\Windows\System\GiEccUw.exe
  2⤵
  PID:11284
- C:\Windows\System\lHSSTeT.exe
  C:\Windows\System\lHSSTeT.exe
  2⤵
  PID:11312
- C:\Windows\System\LLtoObq.exe
  C:\Windows\System\LLtoObq.exe
  2⤵
  PID:11340
- C:\Windows\System\DMoeyBv.exe
  C:\Windows\System\DMoeyBv.exe
  2⤵
  PID:11368
- C:\Windows\System\oADCTOF.exe
  C:\Windows\System\oADCTOF.exe
  2⤵
  PID:11396
- C:\Windows\System\mUhUIsh.exe
  C:\Windows\System\mUhUIsh.exe
  2⤵
  PID:11420
- C:\Windows\System\leCTpeT.exe
  C:\Windows\System\leCTpeT.exe
  2⤵
  PID:11452
- C:\Windows\System\MPEXFxf.exe
  C:\Windows\System\MPEXFxf.exe
  2⤵
  PID:11476
- C:\Windows\System\vpDhTwf.exe
  C:\Windows\System\vpDhTwf.exe
  2⤵
  PID:11508
- C:\Windows\System\GKaBtKf.exe
  C:\Windows\System\GKaBtKf.exe
  2⤵
  PID:11536
- C:\Windows\System\ZcYNmfe.exe
  C:\Windows\System\ZcYNmfe.exe
  2⤵
  PID:11564
- C:\Windows\System\JZXIaWR.exe
  C:\Windows\System\JZXIaWR.exe
  2⤵
  PID:11592
- C:\Windows\System\HmSsTkI.exe
  C:\Windows\System\HmSsTkI.exe
  2⤵
  PID:11620
- C:\Windows\System\TKiaXrW.exe
  C:\Windows\System\TKiaXrW.exe
  2⤵
  PID:11648
- C:\Windows\System\TUeDsnI.exe
  C:\Windows\System\TUeDsnI.exe
  2⤵
  PID:11676
- C:\Windows\System\YLBYyQv.exe
  C:\Windows\System\YLBYyQv.exe
  2⤵
  PID:11704
- C:\Windows\System\spyveeO.exe
  C:\Windows\System\spyveeO.exe
  2⤵
  PID:11732
- C:\Windows\System\ZbGbDJP.exe
  C:\Windows\System\ZbGbDJP.exe
  2⤵
  PID:11760
- C:\Windows\System\eaNocGm.exe
  C:\Windows\System\eaNocGm.exe
  2⤵
  PID:11788
- C:\Windows\System\eHeRRBI.exe
  C:\Windows\System\eHeRRBI.exe
  2⤵
  PID:11816
- C:\Windows\System\MkLcgUS.exe
  C:\Windows\System\MkLcgUS.exe
  2⤵
  PID:11844
- C:\Windows\System\hzenFYo.exe
  C:\Windows\System\hzenFYo.exe
  2⤵
  PID:11864
- C:\Windows\System\OVtPxtA.exe
  C:\Windows\System\OVtPxtA.exe
  2⤵
  PID:11900
- C:\Windows\System\aiowbTk.exe
  C:\Windows\System\aiowbTk.exe
  2⤵
  PID:11928
- C:\Windows\System\UoWEMKH.exe
  C:\Windows\System\UoWEMKH.exe
  2⤵
  PID:11956
- C:\Windows\System\wkSLEbg.exe
  C:\Windows\System\wkSLEbg.exe
  2⤵
  PID:11984
- C:\Windows\System\AYZJPWj.exe
  C:\Windows\System\AYZJPWj.exe
  2⤵
  PID:12008
- C:\Windows\System\wTSqzne.exe
  C:\Windows\System\wTSqzne.exe
  2⤵
  PID:12036
- C:\Windows\System\dzeieOF.exe
  C:\Windows\System\dzeieOF.exe
  2⤵
  PID:12068
- C:\Windows\System\MXDRrxl.exe
  C:\Windows\System\MXDRrxl.exe
  2⤵
  PID:12096
- C:\Windows\System\uocvXUM.exe
  C:\Windows\System\uocvXUM.exe
  2⤵
  PID:12120
- C:\Windows\System\skupqHC.exe
  C:\Windows\System\skupqHC.exe
  2⤵
  PID:12152
- C:\Windows\System\PBuRyrq.exe
  C:\Windows\System\PBuRyrq.exe
  2⤵
  PID:12180
- C:\Windows\System\tFUWBYJ.exe
  C:\Windows\System\tFUWBYJ.exe
  2⤵
  PID:12208
- C:\Windows\System\IqNlAWI.exe
  C:\Windows\System\IqNlAWI.exe
  2⤵
  PID:12240
- C:\Windows\System\lbcBDPQ.exe
  C:\Windows\System\lbcBDPQ.exe
  2⤵
  PID:12268
- C:\Windows\System\vTMTFtj.exe
  C:\Windows\System\vTMTFtj.exe
  2⤵
  PID:11280
- C:\Windows\System\jzYGpwM.exe
  C:\Windows\System\jzYGpwM.exe
  2⤵
  PID:11356
- C:\Windows\System\ZzOypeT.exe
  C:\Windows\System\ZzOypeT.exe
  2⤵
  PID:11428
- C:\Windows\System\rrrpcwA.exe
  C:\Windows\System\rrrpcwA.exe
  2⤵
  PID:11492
- C:\Windows\System\nQyZguA.exe
  C:\Windows\System\nQyZguA.exe
  2⤵
  PID:11556
- C:\Windows\System\FfuyKOM.exe
  C:\Windows\System\FfuyKOM.exe
  2⤵
  PID:11616
- C:\Windows\System\UUUDtmz.exe
  C:\Windows\System\UUUDtmz.exe
  2⤵
  PID:11688
- C:\Windows\System\xIDsdkC.exe
  C:\Windows\System\xIDsdkC.exe
  2⤵
  PID:11716
- C:\Windows\System\JZbgOQi.exe
  C:\Windows\System\JZbgOQi.exe
  2⤵
  PID:11780
- C:\Windows\System\sBVFalP.exe
  C:\Windows\System\sBVFalP.exe
  2⤵
  PID:11832
- C:\Windows\System\LsIZgHr.exe
  C:\Windows\System\LsIZgHr.exe
  2⤵
  PID:11920
- C:\Windows\System\fgPbvxb.exe
  C:\Windows\System\fgPbvxb.exe
  2⤵
  PID:11980
- C:\Windows\System\JgQdVka.exe
  C:\Windows\System\JgQdVka.exe
  2⤵
  PID:10604
- C:\Windows\System\sWJozAR.exe
  C:\Windows\System\sWJozAR.exe
  2⤵
  PID:12092
- C:\Windows\System\fofMbEk.exe
  C:\Windows\System\fofMbEk.exe
  2⤵
  PID:12168
- C:\Windows\System\kEqwipb.exe
  C:\Windows\System\kEqwipb.exe
  2⤵
  PID:12224
- C:\Windows\System\kZTSnsZ.exe
  C:\Windows\System\kZTSnsZ.exe
  2⤵
  PID:12232
- C:\Windows\System\uIcWbUD.exe
  C:\Windows\System\uIcWbUD.exe
  2⤵
  PID:11416
- C:\Windows\System\mUBRCMS.exe
  C:\Windows\System\mUBRCMS.exe
  2⤵
  PID:11588
- C:\Windows\System\laZIKpt.exe
  C:\Windows\System\laZIKpt.exe
  2⤵
  PID:2260
- C:\Windows\System\vTsGcgQ.exe
  C:\Windows\System\vTsGcgQ.exe
  2⤵
  PID:11828
- C:\Windows\System\flJWZaf.exe
  C:\Windows\System\flJWZaf.exe
  2⤵
  PID:12004
- C:\Windows\System\MTpwUfa.exe
  C:\Windows\System\MTpwUfa.exe
  2⤵
  PID:12140
- C:\Windows\System\lzGVAdu.exe
  C:\Windows\System\lzGVAdu.exe
  2⤵
  PID:11276
- C:\Windows\System\tvDBuCE.exe
  C:\Windows\System\tvDBuCE.exe
  2⤵
  PID:11552
- C:\Windows\System\tVwanNf.exe
  C:\Windows\System\tVwanNf.exe
  2⤵
  PID:11880
- C:\Windows\System\qpKGPYK.exe
  C:\Windows\System\qpKGPYK.exe
  2⤵
  PID:12280
- C:\Windows\System\RwZrTry.exe
  C:\Windows\System\RwZrTry.exe
  2⤵
  PID:11812
- C:\Windows\System\BpANams.exe
  C:\Windows\System\BpANams.exe
  2⤵
  PID:11836
- C:\Windows\System\FspwaZT.exe
  C:\Windows\System\FspwaZT.exe
  2⤵
  PID:12304
- C:\Windows\System\feQjzSh.exe
  C:\Windows\System\feQjzSh.exe
  2⤵
  PID:12332
- C:\Windows\System\FcpRGiC.exe
  C:\Windows\System\FcpRGiC.exe
  2⤵
  PID:12360
- C:\Windows\System\xjmvGns.exe
  C:\Windows\System\xjmvGns.exe
  2⤵
  PID:12388
- C:\Windows\System\QNbdbJT.exe
  C:\Windows\System\QNbdbJT.exe
  2⤵
  PID:12416
- C:\Windows\System\APpDhhC.exe
  C:\Windows\System\APpDhhC.exe
  2⤵
  PID:12444
- C:\Windows\System\bbaFlqL.exe
  C:\Windows\System\bbaFlqL.exe
  2⤵
  PID:12472
- C:\Windows\System\EIgdspC.exe
  C:\Windows\System\EIgdspC.exe
  2⤵
  PID:12500
- C:\Windows\System\DbAgekU.exe
  C:\Windows\System\DbAgekU.exe
  2⤵
  PID:12528
- C:\Windows\System\pZSfbAK.exe
  C:\Windows\System\pZSfbAK.exe
  2⤵
  PID:12556
- C:\Windows\System\xycHMTa.exe
  C:\Windows\System\xycHMTa.exe
  2⤵
  PID:12584
- C:\Windows\System\zujPRUQ.exe
  C:\Windows\System\zujPRUQ.exe
  2⤵
  PID:12600
- C:\Windows\System\VKjAhas.exe
  C:\Windows\System\VKjAhas.exe
  2⤵
  PID:12616
- C:\Windows\System\ZAZZDlB.exe
  C:\Windows\System\ZAZZDlB.exe
  2⤵
  PID:12668
- C:\Windows\System\gZgBvBm.exe
  C:\Windows\System\gZgBvBm.exe
  2⤵
  PID:12696
- C:\Windows\System\ROwMTBI.exe
  C:\Windows\System\ROwMTBI.exe
  2⤵
  PID:12724
- C:\Windows\System\UkaiNDN.exe
  C:\Windows\System\UkaiNDN.exe
  2⤵
  PID:12752
- C:\Windows\System\lOZeINL.exe
  C:\Windows\System\lOZeINL.exe
  2⤵
  PID:12780
- C:\Windows\System\yGVBYkF.exe
  C:\Windows\System\yGVBYkF.exe
  2⤵
  PID:12808
- C:\Windows\System\hpmJYxI.exe
  C:\Windows\System\hpmJYxI.exe
  2⤵
  PID:12832
- C:\Windows\System\qmbVwkR.exe
  C:\Windows\System\qmbVwkR.exe
  2⤵
  PID:12876
- C:\Windows\System\gtGTBTG.exe
  C:\Windows\System\gtGTBTG.exe
  2⤵
  PID:12908
- C:\Windows\System\vTQhdnK.exe
  C:\Windows\System\vTQhdnK.exe
  2⤵
  PID:12928
- C:\Windows\System\ZaxiIcV.exe
  C:\Windows\System\ZaxiIcV.exe
  2⤵
  PID:12960
- C:\Windows\System\oClrPBX.exe
  C:\Windows\System\oClrPBX.exe
  2⤵
  PID:12992
- C:\Windows\System\dBAAmlI.exe
  C:\Windows\System\dBAAmlI.exe
  2⤵
  PID:13020
- C:\Windows\System\XoafqrL.exe
  C:\Windows\System\XoafqrL.exe
  2⤵
  PID:13068
- C:\Windows\System\uKUqZsc.exe
  C:\Windows\System\uKUqZsc.exe
  2⤵
  PID:13104
- C:\Windows\System\YYVhATd.exe
  C:\Windows\System\YYVhATd.exe
  2⤵
  PID:13136
- C:\Windows\System\qLAREPL.exe
  C:\Windows\System\qLAREPL.exe
  2⤵
  PID:13180
- C:\Windows\System\jnkyAwh.exe
  C:\Windows\System\jnkyAwh.exe
  2⤵
  PID:13204
- C:\Windows\System\HajZvwf.exe
  C:\Windows\System\HajZvwf.exe
  2⤵
  PID:13248
- C:\Windows\System\BfJskRk.exe
  C:\Windows\System\BfJskRk.exe
  2⤵
  PID:13276
- C:\Windows\System\aBxEtyJ.exe
  C:\Windows\System\aBxEtyJ.exe
  2⤵
  PID:12324
- C:\Windows\System\vTjAMKC.exe
  C:\Windows\System\vTjAMKC.exe
  2⤵
  PID:12384
- C:\Windows\System\msvOikL.exe
  C:\Windows\System\msvOikL.exe
  2⤵
  PID:12464
- C:\Windows\System\euWhirK.exe
  C:\Windows\System\euWhirK.exe
  2⤵
  PID:12552
- C:\Windows\System\AoXiyjV.exe
  C:\Windows\System\AoXiyjV.exe
  2⤵
  PID:12596
- C:\Windows\System\JCmngyL.exe
  C:\Windows\System\JCmngyL.exe
  2⤵
  PID:12680
- C:\Windows\System\MDWaWxF.exe
  C:\Windows\System\MDWaWxF.exe
  2⤵
  PID:12864
- C:\Windows\System\sqYMurq.exe
  C:\Windows\System\sqYMurq.exe
  2⤵
  PID:12936
- C:\Windows\System\QXqSsZM.exe
  C:\Windows\System\QXqSsZM.exe
  2⤵
  PID:12956
- C:\Windows\System\TXbGCBV.exe
  C:\Windows\System\TXbGCBV.exe
  2⤵
  PID:13036
- C:\Windows\System\kMiugNc.exe
  C:\Windows\System\kMiugNc.exe
  2⤵
  PID:13120
- C:\Windows\System\QBwrMck.exe
  C:\Windows\System\QBwrMck.exe
  2⤵
  PID:13200
- C:\Windows\System\PMMiOFa.exe
  C:\Windows\System\PMMiOFa.exe
  2⤵
  PID:13268
- C:\Windows\System\nqxVugz.exe
  C:\Windows\System\nqxVugz.exe
  2⤵
  PID:12380
- C:\Windows\System\oEyCwnN.exe
  C:\Windows\System\oEyCwnN.exe
  2⤵
  PID:12440
- C:\Windows\System\GDwkyrH.exe
  C:\Windows\System\GDwkyrH.exe
  2⤵
  PID:12660
- C:\Windows\System\koESDsv.exe
  C:\Windows\System\koESDsv.exe
  2⤵
  PID:12872
- C:\Windows\System\JPHEWOc.exe
  C:\Windows\System\JPHEWOc.exe
  2⤵
  PID:13008
- C:\Windows\System\uUYdlMj.exe
  C:\Windows\System\uUYdlMj.exe
  2⤵
  PID:13088
- C:\Windows\System\tdMijEs.exe
  C:\Windows\System\tdMijEs.exe
  2⤵
  PID:12408
- C:\Windows\System\BcgaOjr.exe
  C:\Windows\System\BcgaOjr.exe
  2⤵
  PID:3288
- C:\Windows\System\hWGyNtL.exe
  C:\Windows\System\hWGyNtL.exe
  2⤵
  PID:4700
- C:\Windows\System\PVmIJoN.exe
  C:\Windows\System\PVmIJoN.exe
  2⤵
  PID:11700
- C:\Windows\System\tqdgTcT.exe
  C:\Windows\System\tqdgTcT.exe
  2⤵
  PID:4532
- C:\Windows\System\yFDCFcj.exe
  C:\Windows\System\yFDCFcj.exe
  2⤵
  PID:2700
- C:\Windows\System\ffOlZhg.exe
  C:\Windows\System\ffOlZhg.exe
  2⤵
  PID:4984
- C:\Windows\System\QtxgFEC.exe
  C:\Windows\System\QtxgFEC.exe
  2⤵
  PID:13320
- C:\Windows\System\YqcfXgZ.exe
  C:\Windows\System\YqcfXgZ.exe
  2⤵
  PID:13348
- C:\Windows\System\EeKMfPi.exe
  C:\Windows\System\EeKMfPi.exe
  2⤵
  PID:13376
- C:\Windows\System\RluSxLB.exe
  C:\Windows\System\RluSxLB.exe
  2⤵
  PID:13404
- C:\Windows\System\XhqcWrL.exe
  C:\Windows\System\XhqcWrL.exe
  2⤵
  PID:13432
- C:\Windows\System\MSovrQd.exe
  C:\Windows\System\MSovrQd.exe
  2⤵
  PID:13460
- C:\Windows\System\plaeEvB.exe
  C:\Windows\System\plaeEvB.exe
  2⤵
  PID:13488
- C:\Windows\System\GIvFHDE.exe
  C:\Windows\System\GIvFHDE.exe
  2⤵
  PID:13516
- C:\Windows\System\AVdfJBs.exe
  C:\Windows\System\AVdfJBs.exe
  2⤵
  PID:13544
- C:\Windows\System\Ixcmmet.exe
  C:\Windows\System\Ixcmmet.exe
  2⤵
  PID:13572
- C:\Windows\System\gpcoPgn.exe
  C:\Windows\System\gpcoPgn.exe
  2⤵
  PID:13588
- C:\Windows\System\safjRsB.exe
  C:\Windows\System\safjRsB.exe
  2⤵
  PID:13616
- C:\Windows\System\yENzWtr.exe
  C:\Windows\System\yENzWtr.exe
  2⤵
  PID:13632
- C:\Windows\System\EAiSdRE.exe
  C:\Windows\System\EAiSdRE.exe
  2⤵
  PID:13684
- C:\Windows\System\KeLUktf.exe
  C:\Windows\System\KeLUktf.exe
  2⤵
  PID:13700
- C:\Windows\System\wcNvIkW.exe
  C:\Windows\System\wcNvIkW.exe
  2⤵
  PID:13740
- C:\Windows\System\MFARzSA.exe
  C:\Windows\System\MFARzSA.exe
  2⤵
  PID:13764
- C:\Windows\System\Qmjprqn.exe
  C:\Windows\System\Qmjprqn.exe
  2⤵
  PID:13796
- C:\Windows\System\PepNIft.exe
  C:\Windows\System\PepNIft.exe
  2⤵
  PID:13824
- C:\Windows\System\VBJpTjC.exe
  C:\Windows\System\VBJpTjC.exe
  2⤵
  PID:13848
- C:\Windows\System\iNSQJWA.exe
  C:\Windows\System\iNSQJWA.exe
  2⤵
  PID:13880
- C:\Windows\System\uNDTFbG.exe
  C:\Windows\System\uNDTFbG.exe
  2⤵
  PID:13908
- C:\Windows\System\hdYYkNV.exe
  C:\Windows\System\hdYYkNV.exe
  2⤵
  PID:13936
- C:\Windows\System\vZATxOi.exe
  C:\Windows\System\vZATxOi.exe
  2⤵
  PID:13964
- C:\Windows\System\DROijAL.exe
  C:\Windows\System\DROijAL.exe
  2⤵
  PID:13992
- C:\Windows\System\uYDyeWG.exe
  C:\Windows\System\uYDyeWG.exe
  2⤵
  PID:14024
- C:\Windows\System\XigOyfa.exe
  C:\Windows\System\XigOyfa.exe
  2⤵
  PID:14052
- C:\Windows\System\yjmmMEq.exe
  C:\Windows\System\yjmmMEq.exe
  2⤵
  PID:14080
- C:\Windows\System\RFdymSk.exe
  C:\Windows\System\RFdymSk.exe
  2⤵
  PID:14108
- C:\Windows\System\Giddwzk.exe
  C:\Windows\System\Giddwzk.exe
  2⤵
  PID:14124
- C:\Windows\System\PdBEUNn.exe
  C:\Windows\System\PdBEUNn.exe
  2⤵
  PID:14144
- C:\Windows\System\XuTmeLq.exe
  C:\Windows\System\XuTmeLq.exe
  2⤵
  PID:14168
- C:\Windows\System\vwgVYLI.exe
  C:\Windows\System\vwgVYLI.exe
  2⤵
  PID:14192
- C:\Windows\System\lMSewuT.exe
  C:\Windows\System\lMSewuT.exe
  2⤵
  PID:14212
- C:\Windows\System\arxeXSJ.exe
  C:\Windows\System\arxeXSJ.exe
  2⤵
  PID:14244
- C:\Windows\System\sZQrkDo.exe
  C:\Windows\System\sZQrkDo.exe
  2⤵
  PID:14280
- C:\Windows\System\MBprBdX.exe
  C:\Windows\System\MBprBdX.exe
  2⤵
  PID:14308
- C:\Windows\System\gSiQOWl.exe
  C:\Windows\System\gSiQOWl.exe
  2⤵
  PID:14332
- C:\Windows\System\jTgXubL.exe
  C:\Windows\System\jTgXubL.exe
  2⤵
  PID:13344
- C:\Windows\System\IAzmGcP.exe
  C:\Windows\System\IAzmGcP.exe
  2⤵
  PID:13424
- C:\Windows\System\pYcwjhL.exe
  C:\Windows\System\pYcwjhL.exe
  2⤵
  PID:13508
- C:\Windows\System\vwaomrA.exe
  C:\Windows\System\vwaomrA.exe
  2⤵
  PID:13560
- C:\Windows\System\vfdMQQW.exe
  C:\Windows\System\vfdMQQW.exe
  2⤵
  PID:13604
- C:\Windows\System\IFEdXIj.exe
  C:\Windows\System\IFEdXIj.exe
  2⤵
  PID:13608
- C:\Windows\System\BDKpxWG.exe
  C:\Windows\System\BDKpxWG.exe
  2⤵
  PID:13720
- C:\Windows\System\TSHcrYX.exe
  C:\Windows\System\TSHcrYX.exe
  2⤵
  PID:13760
- C:\Windows\System\iNGWChN.exe
  C:\Windows\System\iNGWChN.exe
  2⤵
  PID:13856
- C:\Windows\System\tjdeJxm.exe
  C:\Windows\System\tjdeJxm.exe
  2⤵
  PID:13904
- C:\Windows\System\sPcVCMO.exe
  C:\Windows\System\sPcVCMO.exe
  2⤵
  PID:13960
- C:\Windows\System\ysMIRkx.exe
  C:\Windows\System\ysMIRkx.exe
  2⤵
  PID:14036
- C:\Windows\System\GcwaBbr.exe
  C:\Windows\System\GcwaBbr.exe
  2⤵
  PID:14092
- C:\Windows\System\lMaIYhj.exe
  C:\Windows\System\lMaIYhj.exe
  2⤵
  PID:14184
- C:\Windows\System\aJtsVEG.exe
  C:\Windows\System\aJtsVEG.exe
  2⤵
  PID:14240
- C:\Windows\System\gKEarJr.exe
  C:\Windows\System\gKEarJr.exe
  2⤵
  PID:14324
- C:\Windows\System\DHBgXAn.exe
  C:\Windows\System\DHBgXAn.exe
  2⤵
  PID:13484
- C:\Windows\System\ZfVbwlb.exe
  C:\Windows\System\ZfVbwlb.exe
  2⤵
  PID:13628
- C:\Windows\System\NRQQuxq.exe
  C:\Windows\System\NRQQuxq.exe
  2⤵
  PID:13692
- C:\Windows\System\xYbtLQe.exe
  C:\Windows\System\xYbtLQe.exe
  2⤵
  PID:13988
- C:\Windows\System\iSgOARX.exe
  C:\Windows\System\iSgOARX.exe
  2⤵
  PID:14152
- C:\Windows\System\eCSHHzA.exe
  C:\Windows\System\eCSHHzA.exe
  2⤵
  PID:14232
- C:\Windows\System\jNsNoTY.exe
  C:\Windows\System\jNsNoTY.exe
  2⤵
  PID:14300
- C:\Windows\System\xApJuhW.exe
  C:\Windows\System\xApJuhW.exe
  2⤵
  PID:14316
- C:\Windows\System\hzbPZHm.exe
  C:\Windows\System\hzbPZHm.exe
  2⤵
  PID:13876
- C:\Windows\System\kPHPwcR.exe
  C:\Windows\System\kPHPwcR.exe
  2⤵
  PID:13892
- C:\Windows\System\xLLQYQM.exe
  C:\Windows\System\xLLQYQM.exe
  2⤵
  PID:14380
- C:\Windows\System\AeOnLnB.exe
  C:\Windows\System\AeOnLnB.exe
  2⤵
  PID:14396
- C:\Windows\System\tlrQNBJ.exe
  C:\Windows\System\tlrQNBJ.exe
  2⤵
  PID:14420
- C:\Windows\System\zJhQIAA.exe
  C:\Windows\System\zJhQIAA.exe
  2⤵
  PID:14452
- C:\Windows\System\pigeXfo.exe
  C:\Windows\System\pigeXfo.exe
  2⤵
  PID:14468
- C:\Windows\System\nqcARmZ.exe
  C:\Windows\System\nqcARmZ.exe
  2⤵
  PID:14488
- C:\Windows\System\YfCUgUN.exe
  C:\Windows\System\YfCUgUN.exe
  2⤵
  PID:14508

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CJnLbUg.exe

Filesize
2.1MB

MD5
cd4128297cf51b2672d9c90847e8302b

SHA1
677d84fd431ef7d2a933c0f5922921c794a9b5ef

SHA256
7dc15c778a2ab360b58493c1641e5d0ebde3511400d28cf12a21749d28b68fca

SHA512
0ff965512072a276b1ba998e0e4031d5dfbf50c2ca7636f1cf91cb2f083adc0916c515634a9e2f88db2ee8bf389381e79fe3c56eb32819f5aa29611c4b242669

Download Submit
C:\Windows\System\FxXWcEs.exe

Filesize
2.1MB

MD5
3695eb7dc82f32bd8793ff4f7166d7ba

SHA1
557e021fb3fbad57482104e127b67e8ab4691920

SHA256
2c505f0e64ca1d2936778a3cdc80819c7ab6126c523b7444b4293e19d153df5e

SHA512
77e74fd10d30059cabaa7ebb5bad4642c892babaae3913665d481094e9e6e317e61366ade84841dfd9b3a89844fae50a1f8b10e15a3f19071c337f04bd5b90ea

Download Submit
C:\Windows\System\HAZcoli.exe

Filesize
2.1MB

MD5
759cc43794b3d1ddb9450930d65eb391

SHA1
33bf4938a7a2771bba3dfa4dc4b25f0932a6716b

SHA256
8808a71178374e10a2a20559909c64d21400bbf8080c52d0c6bccb1166da09b0

SHA512
8ce7894f9f9804bf661afa0d24ba2fe88510a1ba02348836aff589d353c78cf2f517121be00da5b0fbcf89ae4a998bb3b33840ff1c5564ee5668e7a0189130ca

Download Submit
C:\Windows\System\IOTEgXd.exe

Filesize
2.1MB

MD5
a171a31ea8ddae82b1811554c5550a9d

SHA1
56487d70fc70d56a743bd5e7291fbf18ff807247

SHA256
2d9c4a1a6002341258bcf77fdf1673f8a480eb01935dd94f18a378a4c537c980

SHA512
257b429fd21cda521846f3cea61ad9777ad91f84ed13a08c7af2a9b86c8d871f7b63bac1311f08b4ca42e5f1e281e9489b53616c92a0d8d487f0335273e4d3a7

Download Submit
C:\Windows\System\IVZeZJP.exe

Filesize
2.1MB

MD5
f1c71d6f4943654d67e9fb589ed356ef

SHA1
109425ab05b5600ea73d236dca6c12daa912fa5f

SHA256
d7a70aa7595c8c18ac1a7a5dff82b023ed12786e92c55d4161902310a7c22953

SHA512
991a71f9d778ee50ad79baf5d15b0e0eb786181ab9ad99f07c8cdc8fd9ab36fd8120677b1e21f9ae9d7ac641ffd478ce1f47d6745e00b4fc49c6b890c50c52b3

Download Submit
C:\Windows\System\KizFSgm.exe

Filesize
2.1MB

MD5
41bea3b0412b758803ea4f601fd3ed8e

SHA1
62fd792ca3564288187393583206845bd324fb2e

SHA256
60b09ab441d427060a651c291e47c62cb5647d04251a2b23410f02bac9d9c03f

SHA512
6c97c768ec379a05023a01b36feec0e250b3f8eb087d7f3d77471193741e2d81a68db7b5d3a48d82a717e34b7a11005bccc059778085f7aa4be2eadec555422d

Download Submit
C:\Windows\System\MghPZgs.exe

Filesize
2.1MB

MD5
94877a8a17074da2357063b77f675fb9

SHA1
3d2745984ffa8457fc0f0d702133e05da712647e

SHA256
d40df3f2b6bb9e2249fdba1badb3b63554cc242d1eeb54da96076e349122de4c

SHA512
799bdcbad24aec2d29f17d27a6e6304a4b2d72375d6755ff02b89a35e0f7ced076f14b1c93214756b8ee6be8a24b5a8da465976e6a43a70626f92a1ea9a69890

Download Submit
C:\Windows\System\NoDWVdp.exe

Filesize
2.1MB

MD5
f443b81c38dc399185d3c1eb1076fde0

SHA1
2f81b25cad3b124738d8000a37e65c6fdb1132dd

SHA256
1a3573eac083382ac00266e006d34f949853fd939ec205259b4f2fcdececc1a7

SHA512
b70232f53b59ce924ab0b3f66d4177760031f3334550eb1619bf7b4630a808e03dc2d44ee34f814479f7a3b44f4ba6b065752bb37d46834fd2cbb37a4434c33d

Download Submit
C:\Windows\System\QuxbzIa.exe

Filesize
2.1MB

MD5
80f9356b945c678431357acf744900ee

SHA1
6a250942cd2c75a651961904fa7f9e15b32a24b5

SHA256
a606a44ba62bedce04f78abeb5b6e550cd6a03ac89ac402544bb770ca65488c1

SHA512
a8203509fca68e926b04147a2d2a2e31b6e578b724b2a7502017769ed556c6d266ab0a7fa5b88713903ec6f80e732ec51c374c46f65e05890cba0a1309a250ab

Download Submit
C:\Windows\System\QwyKGDx.exe

Filesize
2.1MB

MD5
a147ead3aff9b3153d881a4e1430fe3a

SHA1
cce0cf019ce24b976218ab93b65e2e69037baae8

SHA256
03822378fa2e3bea76e5e6851e451c4450bc052364e9e144d2a306bd4a4a00d7

SHA512
4493f47713f64a8f6d4d03fb4f55bf06f2240859f53440e02c941fca88dc3b6941f2a42916382fa0874cedf04bc3562684bd0eb2ddbe6060623831f9d57f9901

Download Submit
C:\Windows\System\VeaASVH.exe

Filesize
2.1MB

MD5
5ad9f743f0d9eb1ed75958fd283948bb

SHA1
90be6caa94ede1c7d519a061bfd2847adf716866

SHA256
7191d1079c296b01ef8b9b9fb17b1e4b535d6977fd1cf0dcae839aa50eb156ab

SHA512
f7e19cd4fe2091e6b781888ddcf1e7223e3bb1ca9be593a008f7432a6626bf706c6b5434e5a78888d2c7a6da7cfa398c232d2bf70197499620883ca2ac83208e

Download Submit
C:\Windows\System\VkcoIoA.exe

Filesize
2.1MB

MD5
544e99d8e8cb33d5a8052e245d956501

SHA1
a084e5edc2cbb1eefabd824ac7022da7b98729b5

SHA256
084bf7a7588cf1bb46138ed759c491bd0abb13e6c8c824021d33ae29040144f4

SHA512
ed35b7c454e22adbfda6740dd4d50f041269a6d736a248347145157c18449f8dede56b6e451179ad37fafa44a23825c3d9afcc49a06fe36fb9e2d66643370b5d

Download Submit
C:\Windows\System\WPgNzVA.exe

Filesize
2.1MB

MD5
ee3429435b0f2ba23e0e5dd7c2e74aba

SHA1
0ab350e89e99243a9060def412861aa032bce292

SHA256
7d3a74b5b9dd7cb9f4310e98f2808185af59d4e6a840dfe1cb8728a5c2912950

SHA512
7ce78fac190aac45fe9ba58643594ec8131a7738851568ac7d5ecbb54cbcf88e80b3d2591ed1e43b62d0f4813001000eee3cb636dd805ef5d24404a13e840cca

Download Submit
C:\Windows\System\WwMakfU.exe

Filesize
2.1MB

MD5
364c21a4f703fab02bc7bf9f0bc68a9f

SHA1
cad6c16eb5c7398dfc9476e4059cfe9b9a818d3f

SHA256
de017f2dca744da2ac4263f3d96b1fd5fec262b033815a4e70e5a61199d02392

SHA512
28721b62505c1002b012ff1662740a82eddee8d28a3a953bd4e3fd7645530215de4b7d73b7ae40afb55dbe9d6db80ea0e8551349eb4122624be984012c56bd99

Download Submit
C:\Windows\System\ZufnYGb.exe

Filesize
2.1MB

MD5
9c5a9ccf3b71f8d2fdfecbd5e47948d0

SHA1
da8c48fce3ed7ae528b3b96414d1c33dd2c77088

SHA256
c454350e03c696f35beb8101ebb77aa47d11c2de73b2d7eefccde00b41896e77

SHA512
02226621ab3350b3cf8bb4618b365c8c7a2542b25f04ab1afd7f4a2a3efe6f14f4eb1e88a4c9aa416fe7d7fd3828121c2428f16c9324cdcee20b96d452bf0200

Download Submit
C:\Windows\System\azAxncb.exe

Filesize
2.1MB

MD5
006682178131b2577883d81d9f19167c

SHA1
5c1a4a1c55f5e89c3cac66df9666ba13d2d5223b

SHA256
1b3fd2e98e5e51e103f3c5d6ad874ba4008f6021e26a9f6e6be34dce829f8fb9

SHA512
8bfff0144b20b86862d5e58b4aab75268f65cab622a6239c5a0823b16ed4acbb39e8bd9e4353b28630f241bfa3dec97e1cffcf433415daf35be1dc5e7674da37

Download Submit
C:\Windows\System\bovzoDq.exe

Filesize
2.1MB

MD5
39f7e1f6a32a8e07fe05f607fa22e269

SHA1
012d0ed0fabc893d8b61a71b2945759b0ff0b90e

SHA256
14f437380079ff63f146be3500ac535f79b9a61b1e8f3589b605eac6eca6e36b

SHA512
d7a44ce2896a6afde44e74d0d4913a8d4ec135797ee8825a5d0ef12c43445e224252acce8c0336612e2496539614648f64e2bd88177dfa4db056253498dc2cda

Download Submit
C:\Windows\System\eRhHwCs.exe

Filesize
2.1MB

MD5
a0e3fb70e8c63af896536252c955a2e4

SHA1
4de350ecf709b109e9403c0e7e10a30fe347770e

SHA256
c9e32b4339f62d71feec804f2fe34700fa0051b8f63663b194aab17a707046a2

SHA512
fe5c678079042b8e4e43adbda228a56291d8cb85d6b6adb6050e7330202c81b4fb659a946c6f410824c7014d45df2ba519e81f961e539bec861253a90800822b

Download Submit
C:\Windows\System\eUMmahD.exe

Filesize
2.1MB

MD5
c89d9a90ca4763ca48f27364b62369db

SHA1
74f75c87b566844370dd07439e97f74a88e8d844

SHA256
24f8c0cc3c3a705cd399870e06222748de332b83a1c45801026ac35f3ce44c7f

SHA512
d51c05dee39e81005155a12bf55e87b2b028d2eb2eca64e26ad1b207d2fcd95a8888032cf20559625588c6e159d690e837719eb24e5f426c4de938c10958d0b6

Download Submit
C:\Windows\System\fHWooOc.exe

Filesize
2.1MB

MD5
5b36b424203f539a0ccc62798f534d3e

SHA1
86b5a23a51e2ed43efeab8ea60994db6a356fea6

SHA256
a3f5faf1c4d4c88ab4fe6e8adf9be28dda8969cb57c0caa06da7c363dc7c1c40

SHA512
2168837111977b6b1be576420f5eacdad0b9ca47bcf5cd94949a7a124f07acd958feafb36162e5068ad851a14b5f6ea4fe80f5759e4d53f118bb6745ff942c36

Download Submit
C:\Windows\System\ftbiwkJ.exe

Filesize
2.1MB

MD5
1ddc2d38ba1c57d8cb8d278a1252aaaa

SHA1
2267e1925c17be6ed09625e7d57511e88a15cd20

SHA256
7abfa3557cd28fc1c5dde68459c5797458d0a132f6b7fa66bb743c43c043f673

SHA512
5387d722920c255faceecaf338f8d44a07541ae52ca4966ce8f33187bed14c63dbb19d8de24ba3a2c517566bc5200e0309b038c760af45b93ca19bb8cc47a028

Download Submit
C:\Windows\System\fuMZzAs.exe

Filesize
2.1MB

MD5
a3813c4c4b14c48d893fc1841f517de0

SHA1
1758fbdc899eae0627d8824474e94acaf26a3d9e

SHA256
ee45de9e81afc4e6684a74bb9ed97758be49bb2bd76eb766a14cdb0c42ed0b0b

SHA512
8614efbb6b153288db8ad73b108cbcb659dfc72d8cdc25d8b7804622e7272bfdd58bc75acaef8ed33276fe12ea91bbe2dafc52760452dd7daa818a2831fdbc7b

Download Submit
C:\Windows\System\iomQqWB.exe

Filesize
2.1MB

MD5
5604eafbcabc4d9ad2f7d916779d057d

SHA1
2d2aefd143c1e45d1a2c6c30d6e793ba767bd036

SHA256
03ee027090fd3fcd87bdf0444eb14ad207796dc0562c14a841ebc60f424cd248

SHA512
8705f5ba13ad37c2a376faa8bb29f1064fbdd110355c341fdc3760eeee91f15e470d023a6e1bfefaf2c82189cf1013241583554990cca4325f25eab215aca12d

Download Submit
C:\Windows\System\jHMqYAC.exe

Filesize
2.1MB

MD5
858184d63e6209c69314634ca4bdc133

SHA1
0fb215f5d4ca53bba7939431fc6fad24cc7bbba7

SHA256
6494a34b11e5115ccd748b692c2d23a535533b4faaca2e3d72dce61ca655fa0a

SHA512
a0c5830a814e28e7d3838899561bffa6714ebefc1f79844ddc48c1b2b6a54b9a5ab8ca9940011b865505458429a039f15a4a610c7dd2d29045a04b19fbc46810

Download Submit
C:\Windows\System\jraakZu.exe

Filesize
2.1MB

MD5
911ee88d13c2a756bba862230ad68a20

SHA1
bfe52f504b03182ef93e2f29b4ca53cf21e21302

SHA256
be67eba382e48b70c49416ab96c1fc49c75ba336b81352fc96d42b8a78430eea

SHA512
a3ae872b7642ca13fb0d47c85fc9eda7f8f83258975cce00661143a59c354e2c279569c69f141ea8849f6124053a67af2a202c38c1a1a51c7e0ab7d8d6e7ada4

Download Submit
C:\Windows\System\kIrdXzq.exe

Filesize
2.1MB

MD5
59a0795e924d2e4dc7767a812a828736

SHA1
4044b8c5c5918e2a067f2e82c06d884a2e98e344

SHA256
522422493a9571880f98c1897dc3f00bbeab2bc30708de8e48119dd22af5ddff

SHA512
4e815c1b69385e99fd569a59bb49742ba25207151206bbb34987eb28fbdc7c9ef9b64eba9546fb792b2106c59d9401e4df7c7279f37bf7132bfaec602a1df76a

Download Submit
C:\Windows\System\naFWPmg.exe

Filesize
2.1MB

MD5
598114f2aa402b42f272cd88feb43290

SHA1
915ee3ca82fa639dec68636af51d07ded6ac12ed

SHA256
3d87a0d6b9fa2fde44913a67cd2d9aafde8e96c942d7c4f070f3d5b64518b3ca

SHA512
41234a8c17e1dbba6be3c79947374886de17e1074cab12b6f055ce3f52968eac2ceb612ef6003547387ca0863f305a5081366694ac611955e71bc5dbe748211c

Download Submit
C:\Windows\System\phwzPJH.exe

Filesize
2.1MB

MD5
fcff66ddfd92d14bd253b7f53b0708d3

SHA1
4efdcd7a90ceb26609b5ebc1cc84a1d87b63bee1

SHA256
fdeb62fe3a011b73e0d475e74fb4ddb17bf0f14f44f0fe5075f19b0637855b87

SHA512
f44ed3a9a1f745721f20376e390afb32e0150e939e70a3e6b966e309a95e3b9fab28c3444f6a7b7751424229bfc2f68d0b11dd9eac2cfdb23f48e8cbd59267bb

Download Submit
C:\Windows\System\piynBcT.exe

Filesize
2.1MB

MD5
0f81e074926c952df7f5c2b210e6931e

SHA1
cbf8999622140dc736e0434dfe0593ad137c5c2c

SHA256
5e344f40a2d24edcd159142c5af99aa31d4ef65ab8353cbc13bbc024eda951db

SHA512
d0ba3527ebee7c5e6289bd7baf0d075255642e41363b19f649a3f1d5d3ddcf339be50f0af98eed5b6e0813b580ca66ec4d069fe80257ab0f51c64cc58a88f3a8

Download Submit
C:\Windows\System\vpopJys.exe

Filesize
2.1MB

MD5
87d0b376d52bf4d42fd08e7d55286773

SHA1
12c0921e223e41cd22796196984b836594224133

SHA256
1d7e317d266f154985613686e1463f1097907c20e57e57af397dfd5973492681

SHA512
4b78eff8b71471c8b644d6382ec736e9797a755d87393b4a6adf3fa66d1d4170d44ff26c25e48904be00312094644cce63119ef9a8dff86b022eb1ed273c188e

Download Submit
C:\Windows\System\wQmbOFB.exe

Filesize
2.1MB

MD5
69338fcd3572f41b7894df0b592bad11

SHA1
cfc9d3f4edc4a58821d00fd8221fb564ad8fd583

SHA256
5b557a19282e4563a6d830835450b612577bf3dcd0f74f577e951da660e64545

SHA512
064368354f51fa382a0ad1dcda7edb6d311217882c770b0583e8c92d11353f02888d8b7f2b38e555a83967bc11871e4b04694eb52868a978bff328f5d43261bd

Download Submit
C:\Windows\System\zlobUaa.exe

Filesize
2.1MB

MD5
629dc8848416474b8cdaee9ad99a5bd1

SHA1
00a0e0f63314d72cc7317edf26d2ea9b778ed6e9

SHA256
43ffca45484dbe767e25427a26748e29247a9edca985f66c32c7f74fa027a7df

SHA512
9729474ac6c6cec4ae7ff51b78f07412b094f87cdc9d97863c21f353e431d27d092325f3644386e31bc24db810623e1f99986516a9f9c6a5c509a4b6af664f15

Download Submit
C:\Windows\System\ztEokXW.exe

Filesize
2.1MB

MD5
d7c70e8cbabc21aa1c7729ecd2e76434

SHA1
fb7753d853dd8c05b53463196c1953e746ce9574

SHA256
2732fc3e886af6fefd914ed378bb24a9e88accf3614dfa97b928c8ce63053176

SHA512
24a24b4a977b03d9b190edc5981b0cbbbc2649e30ad89677fd591a9f9271bd2552494bcdea2fea07198c19cb5df5275da295df814726fde54ae892235c742fb7

Download Submit
memory/400-575-0x00007FF637AC0000-0x00007FF637E14000-memory.dmp

Filesize
3.3MB

Download
memory/400-2094-0x00007FF637AC0000-0x00007FF637E14000-memory.dmp

Filesize
3.3MB

Download
memory/1016-6-0x00007FF793FD0000-0x00007FF794324000-memory.dmp

Filesize
3.3MB

Download
memory/1016-2086-0x00007FF793FD0000-0x00007FF794324000-memory.dmp

Filesize
3.3MB

Download
memory/1016-2084-0x00007FF793FD0000-0x00007FF794324000-memory.dmp

Filesize
3.3MB

Download
memory/1076-570-0x00007FF7EB0F0000-0x00007FF7EB444000-memory.dmp

Filesize
3.3MB

Download
memory/1076-2096-0x00007FF7EB0F0000-0x00007FF7EB444000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2092-0x00007FF6E4A00000-0x00007FF6E4D54000-memory.dmp

Filesize
3.3MB

Download
memory/1356-54-0x00007FF6E4A00000-0x00007FF6E4D54000-memory.dmp

Filesize
3.3MB

Download
memory/1376-591-0x00007FF7FFBB0000-0x00007FF7FFF04000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2105-0x00007FF7FFBB0000-0x00007FF7FFF04000-memory.dmp

Filesize
3.3MB

Download
memory/1396-568-0x00007FF62DCC0000-0x00007FF62E014000-memory.dmp

Filesize
3.3MB

Download
memory/1396-2091-0x00007FF62DCC0000-0x00007FF62E014000-memory.dmp

Filesize
3.3MB

Download
memory/1460-571-0x00007FF780B20000-0x00007FF780E74000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2101-0x00007FF780B20000-0x00007FF780E74000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2114-0x00007FF6EEEA0000-0x00007FF6EF1F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-615-0x00007FF6EEEA0000-0x00007FF6EF1F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-623-0x00007FF6C1600000-0x00007FF6C1954000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2097-0x00007FF6C1600000-0x00007FF6C1954000-memory.dmp

Filesize
3.3MB

Download
memory/1716-2112-0x00007FF7DB220000-0x00007FF7DB574000-memory.dmp

Filesize
3.3MB

Download
memory/1716-612-0x00007FF7DB220000-0x00007FF7DB574000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2109-0x00007FF68D100000-0x00007FF68D454000-memory.dmp

Filesize
3.3MB

Download
memory/1756-581-0x00007FF68D100000-0x00007FF68D454000-memory.dmp

Filesize
3.3MB

Download
memory/2276-569-0x00007FF7DB4B0000-0x00007FF7DB804000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2093-0x00007FF7DB4B0000-0x00007FF7DB804000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2090-0x00007FF7A4F70000-0x00007FF7A52C4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-50-0x00007FF7A4F70000-0x00007FF7A52C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2106-0x00007FF70F1B0000-0x00007FF70F504000-memory.dmp

Filesize
3.3MB

Download
memory/2656-595-0x00007FF70F1B0000-0x00007FF70F504000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2083-0x00007FF72EB10000-0x00007FF72EE64000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1-0x000002931A290000-0x000002931A2A0000-memory.dmp

Filesize
64KB

Download
memory/2724-0-0x00007FF72EB10000-0x00007FF72EE64000-memory.dmp

Filesize
3.3MB

Download
memory/2740-608-0x00007FF74BFA0000-0x00007FF74C2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2111-0x00007FF74BFA0000-0x00007FF74C2F4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-578-0x00007FF64C540000-0x00007FF64C894000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2103-0x00007FF64C540000-0x00007FF64C894000-memory.dmp

Filesize
3.3MB

Download
memory/3144-2107-0x00007FF621820000-0x00007FF621B74000-memory.dmp

Filesize
3.3MB

Download
memory/3144-605-0x00007FF621820000-0x00007FF621B74000-memory.dmp

Filesize
3.3MB

Download
memory/3180-577-0x00007FF79DD80000-0x00007FF79E0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2102-0x00007FF79DD80000-0x00007FF79E0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3368-598-0x00007FF728960000-0x00007FF728CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3368-2113-0x00007FF728960000-0x00007FF728CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3416-2088-0x00007FF79BE80000-0x00007FF79C1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3416-48-0x00007FF79BE80000-0x00007FF79C1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2095-0x00007FF7D29D0000-0x00007FF7D2D24000-memory.dmp

Filesize
3.3MB

Download
memory/3776-576-0x00007FF7D29D0000-0x00007FF7D2D24000-memory.dmp

Filesize
3.3MB

Download
memory/3896-574-0x00007FF7F9C40000-0x00007FF7F9F94000-memory.dmp

Filesize
3.3MB

Download
memory/3896-2098-0x00007FF7F9C40000-0x00007FF7F9F94000-memory.dmp

Filesize
3.3MB

Download
memory/4152-572-0x00007FF702BF0000-0x00007FF702F44000-memory.dmp

Filesize
3.3MB

Download
memory/4152-2100-0x00007FF702BF0000-0x00007FF702F44000-memory.dmp

Filesize
3.3MB

Download
memory/4568-579-0x00007FF64D310000-0x00007FF64D664000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2104-0x00007FF64D310000-0x00007FF64D664000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2108-0x00007FF739E90000-0x00007FF73A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-582-0x00007FF739E90000-0x00007FF73A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2110-0x00007FF79B700000-0x00007FF79BA54000-memory.dmp

Filesize
3.3MB

Download
memory/4740-580-0x00007FF79B700000-0x00007FF79BA54000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2089-0x00007FF7D3560000-0x00007FF7D38B4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-49-0x00007FF7D3560000-0x00007FF7D38B4000-memory.dmp

Filesize
3.3MB

Download
memory/4860-573-0x00007FF7FA7A0000-0x00007FF7FAAF4000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2099-0x00007FF7FA7A0000-0x00007FF7FAAF4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2087-0x00007FF6F12E0000-0x00007FF6F1634000-memory.dmp

Filesize
3.3MB

Download
memory/5016-12-0x00007FF6F12E0000-0x00007FF6F1634000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2085-0x00007FF6F12E0000-0x00007FF6F1634000-memory.dmp

Filesize
3.3MB

Download