xmrig | d25e8eff6528014638d13cd011995d7dcada5d0ce567865386c43bd48ea3e1a4

Analysis

max time kernel
130s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
Size

1.9MB
MD5

34c641a535c9d53928f9c30160496d60
SHA1

3409170480bd338a11534b6af1977b9720730843
SHA256

d25e8eff6528014638d13cd011995d7dcada5d0ce567865386c43bd48ea3e1a4
SHA512

363502c987aab12eabc66d1dcc98c6944548018d95af060b094d81148641eedd58f2c7740f7dccd01e38f5f676759a6c7e4e2cdf7fa5c1c1f6a0b7a31daf380e
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEd2hXnn6ebUtjTv:RWWBib356utgx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral2/memory/3820-12-0x00007FF63C0C0000-0x00007FF63C411000-memory.dmp	xmrig
behavioral2/memory/1196-54-0x00007FF770580000-0x00007FF7708D1000-memory.dmp	xmrig
behavioral2/memory/2016-57-0x00007FF713C40000-0x00007FF713F91000-memory.dmp	xmrig
behavioral2/memory/2384-60-0x00007FF6FE9E0000-0x00007FF6FED31000-memory.dmp	xmrig
behavioral2/memory/2296-62-0x00007FF74D240000-0x00007FF74D591000-memory.dmp	xmrig
behavioral2/memory/396-61-0x00007FF7BB320000-0x00007FF7BB671000-memory.dmp	xmrig
behavioral2/memory/1332-59-0x00007FF7987F0000-0x00007FF798B41000-memory.dmp	xmrig
behavioral2/memory/2116-58-0x00007FF689410000-0x00007FF689761000-memory.dmp	xmrig
behavioral2/memory/4628-52-0x00007FF68A030000-0x00007FF68A381000-memory.dmp	xmrig
behavioral2/memory/4728-29-0x00007FF723170000-0x00007FF7234C1000-memory.dmp	xmrig
behavioral2/memory/4816-68-0x00007FF73F900000-0x00007FF73FC51000-memory.dmp	xmrig
behavioral2/memory/1744-178-0x00007FF7D41C0000-0x00007FF7D4511000-memory.dmp	xmrig
behavioral2/memory/4540-195-0x00007FF756CB0000-0x00007FF757001000-memory.dmp	xmrig
behavioral2/memory/2984-203-0x00007FF7247A0000-0x00007FF724AF1000-memory.dmp	xmrig
behavioral2/memory/4488-199-0x00007FF67FCE0000-0x00007FF680031000-memory.dmp	xmrig
behavioral2/memory/4936-191-0x00007FF726E00000-0x00007FF727151000-memory.dmp	xmrig
behavioral2/memory/3580-190-0x00007FF697560000-0x00007FF6978B1000-memory.dmp	xmrig
behavioral2/memory/4068-184-0x00007FF75BA90000-0x00007FF75BDE1000-memory.dmp	xmrig
behavioral2/memory/2600-172-0x00007FF745060000-0x00007FF7453B1000-memory.dmp	xmrig
behavioral2/memory/1596-168-0x00007FF71C3D0000-0x00007FF71C721000-memory.dmp	xmrig
behavioral2/memory/4132-167-0x00007FF6E3A80000-0x00007FF6E3DD1000-memory.dmp	xmrig
behavioral2/memory/1716-159-0x00007FF72FD70000-0x00007FF7300C1000-memory.dmp	xmrig
behavioral2/memory/2448-145-0x00007FF7A0190000-0x00007FF7A04E1000-memory.dmp	xmrig
behavioral2/memory/3792-111-0x00007FF69F130000-0x00007FF69F481000-memory.dmp	xmrig
behavioral2/memory/3700-108-0x00007FF74EC50000-0x00007FF74EFA1000-memory.dmp	xmrig
behavioral2/memory/4588-74-0x00007FF7B18D0000-0x00007FF7B1C21000-memory.dmp	xmrig
behavioral2/memory/4736-1080-0x00007FF628380000-0x00007FF6286D1000-memory.dmp	xmrig
behavioral2/memory/3820-1636-0x00007FF63C0C0000-0x00007FF63C411000-memory.dmp	xmrig
behavioral2/memory/868-2221-0x00007FF6BD2D0000-0x00007FF6BD621000-memory.dmp	xmrig
behavioral2/memory/2112-2222-0x00007FF631560000-0x00007FF6318B1000-memory.dmp	xmrig
behavioral2/memory/1360-2223-0x00007FF7A0BB0000-0x00007FF7A0F01000-memory.dmp	xmrig
behavioral2/memory/3792-2224-0x00007FF69F130000-0x00007FF69F481000-memory.dmp	xmrig
behavioral2/memory/2448-2245-0x00007FF7A0190000-0x00007FF7A04E1000-memory.dmp	xmrig
behavioral2/memory/3820-2248-0x00007FF63C0C0000-0x00007FF63C411000-memory.dmp	xmrig
behavioral2/memory/4628-2252-0x00007FF68A030000-0x00007FF68A381000-memory.dmp	xmrig
behavioral2/memory/4728-2250-0x00007FF723170000-0x00007FF7234C1000-memory.dmp	xmrig
behavioral2/memory/2296-2258-0x00007FF74D240000-0x00007FF74D591000-memory.dmp	xmrig
behavioral2/memory/1196-2256-0x00007FF770580000-0x00007FF7708D1000-memory.dmp	xmrig
behavioral2/memory/396-2254-0x00007FF7BB320000-0x00007FF7BB671000-memory.dmp	xmrig
behavioral2/memory/2384-2266-0x00007FF6FE9E0000-0x00007FF6FED31000-memory.dmp	xmrig
behavioral2/memory/2116-2264-0x00007FF689410000-0x00007FF689761000-memory.dmp	xmrig
behavioral2/memory/1332-2263-0x00007FF7987F0000-0x00007FF798B41000-memory.dmp	xmrig
behavioral2/memory/2016-2260-0x00007FF713C40000-0x00007FF713F91000-memory.dmp	xmrig
behavioral2/memory/4816-2304-0x00007FF73F900000-0x00007FF73FC51000-memory.dmp	xmrig
behavioral2/memory/4588-2306-0x00007FF7B18D0000-0x00007FF7B1C21000-memory.dmp	xmrig
behavioral2/memory/3700-2317-0x00007FF74EC50000-0x00007FF74EFA1000-memory.dmp	xmrig
behavioral2/memory/868-2319-0x00007FF6BD2D0000-0x00007FF6BD621000-memory.dmp	xmrig
behavioral2/memory/1360-2322-0x00007FF7A0BB0000-0x00007FF7A0F01000-memory.dmp	xmrig
behavioral2/memory/3792-2323-0x00007FF69F130000-0x00007FF69F481000-memory.dmp	xmrig
behavioral2/memory/2448-2342-0x00007FF7A0190000-0x00007FF7A04E1000-memory.dmp	xmrig
behavioral2/memory/2984-2349-0x00007FF7247A0000-0x00007FF724AF1000-memory.dmp	xmrig
behavioral2/memory/4488-2347-0x00007FF67FCE0000-0x00007FF680031000-memory.dmp	xmrig
behavioral2/memory/4936-2345-0x00007FF726E00000-0x00007FF727151000-memory.dmp	xmrig
behavioral2/memory/4068-2340-0x00007FF75BA90000-0x00007FF75BDE1000-memory.dmp	xmrig
behavioral2/memory/4132-2343-0x00007FF6E3A80000-0x00007FF6E3DD1000-memory.dmp	xmrig
behavioral2/memory/2600-2339-0x00007FF745060000-0x00007FF7453B1000-memory.dmp	xmrig
behavioral2/memory/1716-2338-0x00007FF72FD70000-0x00007FF7300C1000-memory.dmp	xmrig
behavioral2/memory/2112-2337-0x00007FF631560000-0x00007FF6318B1000-memory.dmp	xmrig
behavioral2/memory/3580-2336-0x00007FF697560000-0x00007FF6978B1000-memory.dmp	xmrig
behavioral2/memory/4540-2334-0x00007FF756CB0000-0x00007FF757001000-memory.dmp	xmrig
behavioral2/memory/1744-2335-0x00007FF7D41C0000-0x00007FF7D4511000-memory.dmp	xmrig
behavioral2/memory/1596-2333-0x00007FF71C3D0000-0x00007FF71C721000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3820	WbzxHhi.exe
4728	DYpJQAr.exe
4628	fEwiacL.exe
396	NjfRxJp.exe
1196	xztNikT.exe
2296	PtfzJgi.exe
2016	wTNqyzV.exe
2116	CpmRLpe.exe
1332	dAJiLNB.exe
2384	SiMeYyd.exe
4816	RLqOOGi.exe
4588	GtIsQhz.exe
868	hNLmJHS.exe
1360	pUSNlzB.exe
2112	cGPfgrC.exe
2448	dvFeWXL.exe
3700	Vhbhxyy.exe
3792	wLnSrvP.exe
1716	jBKmogn.exe
4132	OCbtUZQ.exe
4540	VCfntEI.exe
1596	IKGILPQ.exe
2600	yssGEXo.exe
1744	hfpNVRQ.exe
4068	YiglnyN.exe
3580	BoOaQiz.exe
4936	vIcoEgc.exe
4488	RampAUw.exe
2984	xMxxhCY.exe
4620	qJiaZtR.exe
4928	NveBXph.exe
2592	xvjZIRL.exe
5116	KTEiCRA.exe
640	gLvWJHs.exe
2452	moThtoI.exe
4656	lYmhOVk.exe
4524	WurwFbP.exe
4116	uLoLYPS.exe
2948	kPyCefz.exe
912	HBwTBrM.exe
4296	HiHjcew.exe
2816	FyLBFXE.exe
5132	bHwSjGp.exe
5160	uXItnFr.exe
5196	xqNowZl.exe
5220	fYZwiOw.exe
5248	JvUYJdS.exe
5272	mbuvHrr.exe
5300	HIultaC.exe
5328	vjYZlQx.exe
5360	AQDaWHD.exe
5384	bfWmbGq.exe
5416	tlokJQE.exe
5444	SXgYjeq.exe
5484	QTlmwIp.exe
5512	cQQqfyI.exe
5536	sSrQdOS.exe
5568	RMcbVbZ.exe
5596	egQdlQS.exe
5624	ACoEZbl.exe
5648	bqxGfSB.exe
5680	eQodGOU.exe
5708	UWyXrVW.exe
5736	tNpagfz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4736-0-0x00007FF628380000-0x00007FF6286D1000-memory.dmp	upx
behavioral2/files/0x0009000000023598-6.dat	upx
behavioral2/memory/3820-12-0x00007FF63C0C0000-0x00007FF63C411000-memory.dmp	upx
behavioral2/files/0x000700000002359f-14.dat	upx
behavioral2/files/0x00070000000235a3-30.dat	upx
behavioral2/files/0x00070000000235a6-43.dat	upx
behavioral2/files/0x00070000000235a7-48.dat	upx
behavioral2/memory/1196-54-0x00007FF770580000-0x00007FF7708D1000-memory.dmp	upx
behavioral2/memory/2016-57-0x00007FF713C40000-0x00007FF713F91000-memory.dmp	upx
behavioral2/memory/2384-60-0x00007FF6FE9E0000-0x00007FF6FED31000-memory.dmp	upx
behavioral2/memory/2296-62-0x00007FF74D240000-0x00007FF74D591000-memory.dmp	upx
behavioral2/memory/396-61-0x00007FF7BB320000-0x00007FF7BB671000-memory.dmp	upx
behavioral2/memory/1332-59-0x00007FF7987F0000-0x00007FF798B41000-memory.dmp	upx
behavioral2/memory/2116-58-0x00007FF689410000-0x00007FF689761000-memory.dmp	upx
behavioral2/memory/4628-52-0x00007FF68A030000-0x00007FF68A381000-memory.dmp	upx
behavioral2/files/0x00070000000235a5-46.dat	upx
behavioral2/files/0x00070000000235a4-45.dat	upx
behavioral2/memory/4728-29-0x00007FF723170000-0x00007FF7234C1000-memory.dmp	upx
behavioral2/files/0x00070000000235a1-27.dat	upx
behavioral2/files/0x00070000000235a2-28.dat	upx
behavioral2/files/0x00070000000235a0-13.dat	upx
behavioral2/files/0x00070000000235a8-66.dat	upx
behavioral2/memory/4816-68-0x00007FF73F900000-0x00007FF73FC51000-memory.dmp	upx
behavioral2/files/0x000800000002359c-72.dat	upx
behavioral2/files/0x00070000000235ac-94.dat	upx
behavioral2/files/0x00070000000235ae-95.dat	upx
behavioral2/files/0x00070000000235b6-139.dat	upx
behavioral2/files/0x00070000000235b2-147.dat	upx
behavioral2/files/0x00070000000235bb-169.dat	upx
behavioral2/memory/1744-178-0x00007FF7D41C0000-0x00007FF7D4511000-memory.dmp	upx
behavioral2/memory/4540-195-0x00007FF756CB0000-0x00007FF757001000-memory.dmp	upx
behavioral2/memory/2984-203-0x00007FF7247A0000-0x00007FF724AF1000-memory.dmp	upx
behavioral2/memory/4488-199-0x00007FF67FCE0000-0x00007FF680031000-memory.dmp	upx
behavioral2/memory/4936-191-0x00007FF726E00000-0x00007FF727151000-memory.dmp	upx
behavioral2/memory/3580-190-0x00007FF697560000-0x00007FF6978B1000-memory.dmp	upx
behavioral2/files/0x00070000000235be-187.dat	upx
behavioral2/files/0x00070000000235bc-185.dat	upx
behavioral2/memory/4068-184-0x00007FF75BA90000-0x00007FF75BDE1000-memory.dmp	upx
behavioral2/files/0x00070000000235bd-181.dat	upx
behavioral2/files/0x00070000000235ba-173.dat	upx
behavioral2/memory/2600-172-0x00007FF745060000-0x00007FF7453B1000-memory.dmp	upx
behavioral2/memory/1596-168-0x00007FF71C3D0000-0x00007FF71C721000-memory.dmp	upx
behavioral2/memory/4132-167-0x00007FF6E3A80000-0x00007FF6E3DD1000-memory.dmp	upx
behavioral2/files/0x00070000000235b8-162.dat	upx
behavioral2/files/0x00070000000235b9-160.dat	upx
behavioral2/memory/1716-159-0x00007FF72FD70000-0x00007FF7300C1000-memory.dmp	upx
behavioral2/files/0x00070000000235b7-156.dat	upx
behavioral2/files/0x00070000000235b4-155.dat	upx
behavioral2/files/0x00070000000235b3-153.dat	upx
behavioral2/memory/2448-145-0x00007FF7A0190000-0x00007FF7A04E1000-memory.dmp	upx
behavioral2/files/0x00070000000235b5-134.dat	upx
behavioral2/files/0x00070000000235b0-116.dat	upx
behavioral2/files/0x00070000000235b1-114.dat	upx
behavioral2/memory/3792-111-0x00007FF69F130000-0x00007FF69F481000-memory.dmp	upx
behavioral2/files/0x00070000000235af-109.dat	upx
behavioral2/memory/3700-108-0x00007FF74EC50000-0x00007FF74EFA1000-memory.dmp	upx
behavioral2/files/0x00070000000235ad-103.dat	upx
behavioral2/memory/1360-101-0x00007FF7A0BB0000-0x00007FF7A0F01000-memory.dmp	upx
behavioral2/files/0x00070000000235ab-92.dat	upx
behavioral2/memory/868-87-0x00007FF6BD2D0000-0x00007FF6BD621000-memory.dmp	upx
behavioral2/files/0x00070000000235aa-85.dat	upx
behavioral2/memory/2112-90-0x00007FF631560000-0x00007FF6318B1000-memory.dmp	upx
behavioral2/memory/4588-74-0x00007FF7B18D0000-0x00007FF7B1C21000-memory.dmp	upx
behavioral2/memory/4736-1080-0x00007FF628380000-0x00007FF6286D1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tueuJLI.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\xEksAsM.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\hIEBwMx.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\AEgKDBk.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\RoWoUIA.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\vhynfQk.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\calMANh.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\HLLQpVY.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\IYNNJgH.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\cgBbzMF.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\vFqsJGN.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\uBGspiA.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\KRVNImX.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\QORvPcO.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\PPcHQdB.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\qcDEehV.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\kGHcuZi.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\pZgcrvR.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\ViLuVeK.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\SlFObiC.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\UydqGwk.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\JlmFjuE.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\SMVYPNZ.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\daprDlv.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\BqgtsKl.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\etcAscq.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\kzLVXoR.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\AcMUtQu.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\fYZwiOw.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\wFHeCfb.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\dhDFZWj.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\sDbzeFE.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\YoVyyRN.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\FXPkksO.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\cpebRmf.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\CuXpIvC.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\oJQHiHQ.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\EcdvEhr.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\DINbFrp.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\yXFWBQK.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\dPKDrQO.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\DYpJQAr.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\FyLBFXE.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\JpAyAmq.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\dJKZkbX.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\ehkInBi.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\qFhLpDz.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\NywuEIk.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\HUsLakL.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\EBEdOLY.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\FexZJun.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\HanJFCb.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\bMkbfbg.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\ZlYtJmn.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\doberax.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\AHWuUDN.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\lGmTgiX.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\LtDNkDJ.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\mUidnmM.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\ygAlNyJ.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\uDovkbC.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\MmuQyrd.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\dIuAyWY.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
File created	C:\Windows\System\lCMykfu.exe	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
15184	WerFaultSecure.exe
15184	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15356	dwm.exe
Token: SeChangeNotifyPrivilege	15356	dwm.exe
Token: 33	15356	dwm.exe
Token: SeIncBasePriorityPrivilege	15356	dwm.exe
Token: SeShutdownPrivilege	15356	dwm.exe
Token: SeCreatePagefilePrivilege	15356	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 3820	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	92
PID 4736 wrote to memory of 3820	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	92
PID 4736 wrote to memory of 4628	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	93
PID 4736 wrote to memory of 4628	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	93
PID 4736 wrote to memory of 4728	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	94
PID 4736 wrote to memory of 4728	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	94
PID 4736 wrote to memory of 396	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	95
PID 4736 wrote to memory of 396	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	95
PID 4736 wrote to memory of 1196	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	96
PID 4736 wrote to memory of 1196	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	96
PID 4736 wrote to memory of 2296	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	97
PID 4736 wrote to memory of 2296	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	97
PID 4736 wrote to memory of 2016	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	98
PID 4736 wrote to memory of 2016	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	98
PID 4736 wrote to memory of 2116	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	99
PID 4736 wrote to memory of 2116	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	99
PID 4736 wrote to memory of 1332	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	100
PID 4736 wrote to memory of 1332	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	100
PID 4736 wrote to memory of 2384	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	101
PID 4736 wrote to memory of 2384	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	101
PID 4736 wrote to memory of 4816	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	102
PID 4736 wrote to memory of 4816	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	102
PID 4736 wrote to memory of 4588	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	103
PID 4736 wrote to memory of 4588	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	103
PID 4736 wrote to memory of 868	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	104
PID 4736 wrote to memory of 868	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	104
PID 4736 wrote to memory of 1360	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	105
PID 4736 wrote to memory of 1360	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	105
PID 4736 wrote to memory of 2448	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	106
PID 4736 wrote to memory of 2448	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	106
PID 4736 wrote to memory of 2112	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	107
PID 4736 wrote to memory of 2112	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	107
PID 4736 wrote to memory of 3700	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	108
PID 4736 wrote to memory of 3700	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	108
PID 4736 wrote to memory of 3792	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	109
PID 4736 wrote to memory of 3792	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	109
PID 4736 wrote to memory of 1716	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	110
PID 4736 wrote to memory of 1716	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	110
PID 4736 wrote to memory of 4132	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	111
PID 4736 wrote to memory of 4132	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	111
PID 4736 wrote to memory of 4540	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	112
PID 4736 wrote to memory of 4540	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	112
PID 4736 wrote to memory of 1596	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	113
PID 4736 wrote to memory of 1596	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	113
PID 4736 wrote to memory of 2600	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	114
PID 4736 wrote to memory of 2600	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	114
PID 4736 wrote to memory of 1744	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	115
PID 4736 wrote to memory of 1744	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	115
PID 4736 wrote to memory of 4068	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	116
PID 4736 wrote to memory of 4068	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	116
PID 4736 wrote to memory of 3580	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	117
PID 4736 wrote to memory of 3580	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	117
PID 4736 wrote to memory of 4936	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	118
PID 4736 wrote to memory of 4936	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	118
PID 4736 wrote to memory of 4488	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	119
PID 4736 wrote to memory of 4488	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	119
PID 4736 wrote to memory of 2984	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	120
PID 4736 wrote to memory of 2984	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	120
PID 4736 wrote to memory of 4620	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	121
PID 4736 wrote to memory of 4620	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	121
PID 4736 wrote to memory of 4928	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	123
PID 4736 wrote to memory of 4928	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	123
PID 4736 wrote to memory of 2592	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	124
PID 4736 wrote to memory of 2592	4736	34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe	124

C:\Users\Admin\AppData\Local\Temp\34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\34c641a535c9d53928f9c30160496d60_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\System\WbzxHhi.exe
  C:\Windows\System\WbzxHhi.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\fEwiacL.exe
  C:\Windows\System\fEwiacL.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\DYpJQAr.exe
  C:\Windows\System\DYpJQAr.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\NjfRxJp.exe
  C:\Windows\System\NjfRxJp.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\xztNikT.exe
  C:\Windows\System\xztNikT.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\PtfzJgi.exe
  C:\Windows\System\PtfzJgi.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\wTNqyzV.exe
  C:\Windows\System\wTNqyzV.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\CpmRLpe.exe
  C:\Windows\System\CpmRLpe.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\dAJiLNB.exe
  C:\Windows\System\dAJiLNB.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\SiMeYyd.exe
  C:\Windows\System\SiMeYyd.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\RLqOOGi.exe
  C:\Windows\System\RLqOOGi.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\GtIsQhz.exe
  C:\Windows\System\GtIsQhz.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\hNLmJHS.exe
  C:\Windows\System\hNLmJHS.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\pUSNlzB.exe
  C:\Windows\System\pUSNlzB.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\dvFeWXL.exe
  C:\Windows\System\dvFeWXL.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\cGPfgrC.exe
  C:\Windows\System\cGPfgrC.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\Vhbhxyy.exe
  C:\Windows\System\Vhbhxyy.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\wLnSrvP.exe
  C:\Windows\System\wLnSrvP.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\jBKmogn.exe
  C:\Windows\System\jBKmogn.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\OCbtUZQ.exe
  C:\Windows\System\OCbtUZQ.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\VCfntEI.exe
  C:\Windows\System\VCfntEI.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\IKGILPQ.exe
  C:\Windows\System\IKGILPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\yssGEXo.exe
  C:\Windows\System\yssGEXo.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\hfpNVRQ.exe
  C:\Windows\System\hfpNVRQ.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\YiglnyN.exe
  C:\Windows\System\YiglnyN.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\BoOaQiz.exe
  C:\Windows\System\BoOaQiz.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\vIcoEgc.exe
  C:\Windows\System\vIcoEgc.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\RampAUw.exe
  C:\Windows\System\RampAUw.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\xMxxhCY.exe
  C:\Windows\System\xMxxhCY.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\qJiaZtR.exe
  C:\Windows\System\qJiaZtR.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\NveBXph.exe
  C:\Windows\System\NveBXph.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\xvjZIRL.exe
  C:\Windows\System\xvjZIRL.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\KTEiCRA.exe
  C:\Windows\System\KTEiCRA.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\gLvWJHs.exe
  C:\Windows\System\gLvWJHs.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\moThtoI.exe
  C:\Windows\System\moThtoI.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\lYmhOVk.exe
  C:\Windows\System\lYmhOVk.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\WurwFbP.exe
  C:\Windows\System\WurwFbP.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\uLoLYPS.exe
  C:\Windows\System\uLoLYPS.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\kPyCefz.exe
  C:\Windows\System\kPyCefz.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\HBwTBrM.exe
  C:\Windows\System\HBwTBrM.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\HiHjcew.exe
  C:\Windows\System\HiHjcew.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\FyLBFXE.exe
  C:\Windows\System\FyLBFXE.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\bHwSjGp.exe
  C:\Windows\System\bHwSjGp.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\uXItnFr.exe
  C:\Windows\System\uXItnFr.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System\xqNowZl.exe
  C:\Windows\System\xqNowZl.exe
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Windows\System\fYZwiOw.exe
  C:\Windows\System\fYZwiOw.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System\JvUYJdS.exe
  C:\Windows\System\JvUYJdS.exe
  2⤵
  - Executes dropped EXE
  PID:5248
- C:\Windows\System\mbuvHrr.exe
  C:\Windows\System\mbuvHrr.exe
  2⤵
  - Executes dropped EXE
  PID:5272
- C:\Windows\System\HIultaC.exe
  C:\Windows\System\HIultaC.exe
  2⤵
  - Executes dropped EXE
  PID:5300
- C:\Windows\System\vjYZlQx.exe
  C:\Windows\System\vjYZlQx.exe
  2⤵
  - Executes dropped EXE
  PID:5328
- C:\Windows\System\AQDaWHD.exe
  C:\Windows\System\AQDaWHD.exe
  2⤵
  - Executes dropped EXE
  PID:5360
- C:\Windows\System\bfWmbGq.exe
  C:\Windows\System\bfWmbGq.exe
  2⤵
  - Executes dropped EXE
  PID:5384
- C:\Windows\System\tlokJQE.exe
  C:\Windows\System\tlokJQE.exe
  2⤵
  - Executes dropped EXE
  PID:5416
- C:\Windows\System\SXgYjeq.exe
  C:\Windows\System\SXgYjeq.exe
  2⤵
  - Executes dropped EXE
  PID:5444
- C:\Windows\System\QTlmwIp.exe
  C:\Windows\System\QTlmwIp.exe
  2⤵
  - Executes dropped EXE
  PID:5484
- C:\Windows\System\cQQqfyI.exe
  C:\Windows\System\cQQqfyI.exe
  2⤵
  - Executes dropped EXE
  PID:5512
- C:\Windows\System\sSrQdOS.exe
  C:\Windows\System\sSrQdOS.exe
  2⤵
  - Executes dropped EXE
  PID:5536
- C:\Windows\System\RMcbVbZ.exe
  C:\Windows\System\RMcbVbZ.exe
  2⤵
  - Executes dropped EXE
  PID:5568
- C:\Windows\System\egQdlQS.exe
  C:\Windows\System\egQdlQS.exe
  2⤵
  - Executes dropped EXE
  PID:5596
- C:\Windows\System\ACoEZbl.exe
  C:\Windows\System\ACoEZbl.exe
  2⤵
  - Executes dropped EXE
  PID:5624
- C:\Windows\System\bqxGfSB.exe
  C:\Windows\System\bqxGfSB.exe
  2⤵
  - Executes dropped EXE
  PID:5648
- C:\Windows\System\eQodGOU.exe
  C:\Windows\System\eQodGOU.exe
  2⤵
  - Executes dropped EXE
  PID:5680
- C:\Windows\System\UWyXrVW.exe
  C:\Windows\System\UWyXrVW.exe
  2⤵
  - Executes dropped EXE
  PID:5708
- C:\Windows\System\tNpagfz.exe
  C:\Windows\System\tNpagfz.exe
  2⤵
  - Executes dropped EXE
  PID:5736
- C:\Windows\System\YgFcdbu.exe
  C:\Windows\System\YgFcdbu.exe
  2⤵
  PID:5772
- C:\Windows\System\FNbUkDx.exe
  C:\Windows\System\FNbUkDx.exe
  2⤵
  PID:5792
- C:\Windows\System\PDaQTwa.exe
  C:\Windows\System\PDaQTwa.exe
  2⤵
  PID:5820
- C:\Windows\System\ApCyeYk.exe
  C:\Windows\System\ApCyeYk.exe
  2⤵
  PID:5848
- C:\Windows\System\KekxCWj.exe
  C:\Windows\System\KekxCWj.exe
  2⤵
  PID:5876
- C:\Windows\System\cswfGMD.exe
  C:\Windows\System\cswfGMD.exe
  2⤵
  PID:5904
- C:\Windows\System\Setmwkn.exe
  C:\Windows\System\Setmwkn.exe
  2⤵
  PID:5932
- C:\Windows\System\qmkKlRt.exe
  C:\Windows\System\qmkKlRt.exe
  2⤵
  PID:5960
- C:\Windows\System\LqJuojn.exe
  C:\Windows\System\LqJuojn.exe
  2⤵
  PID:5988
- C:\Windows\System\bekobRd.exe
  C:\Windows\System\bekobRd.exe
  2⤵
  PID:6016
- C:\Windows\System\yJZwnCk.exe
  C:\Windows\System\yJZwnCk.exe
  2⤵
  PID:6044
- C:\Windows\System\XlDFcyS.exe
  C:\Windows\System\XlDFcyS.exe
  2⤵
  PID:6072
- C:\Windows\System\dyAkeRt.exe
  C:\Windows\System\dyAkeRt.exe
  2⤵
  PID:6100
- C:\Windows\System\OkUkUVP.exe
  C:\Windows\System\OkUkUVP.exe
  2⤵
  PID:6128
- C:\Windows\System\WuwtVYA.exe
  C:\Windows\System\WuwtVYA.exe
  2⤵
  PID:6160
- C:\Windows\System\PQuuqeO.exe
  C:\Windows\System\PQuuqeO.exe
  2⤵
  PID:6188
- C:\Windows\System\iWmdLHs.exe
  C:\Windows\System\iWmdLHs.exe
  2⤵
  PID:6216
- C:\Windows\System\GvvtBAr.exe
  C:\Windows\System\GvvtBAr.exe
  2⤵
  PID:6244
- C:\Windows\System\uKublAS.exe
  C:\Windows\System\uKublAS.exe
  2⤵
  PID:6272
- C:\Windows\System\vDeZPQj.exe
  C:\Windows\System\vDeZPQj.exe
  2⤵
  PID:6300
- C:\Windows\System\hXjZdzG.exe
  C:\Windows\System\hXjZdzG.exe
  2⤵
  PID:6328
- C:\Windows\System\JpAyAmq.exe
  C:\Windows\System\JpAyAmq.exe
  2⤵
  PID:6356
- C:\Windows\System\RoWoUIA.exe
  C:\Windows\System\RoWoUIA.exe
  2⤵
  PID:6380
- C:\Windows\System\OsoeAkd.exe
  C:\Windows\System\OsoeAkd.exe
  2⤵
  PID:6412
- C:\Windows\System\CKBudoO.exe
  C:\Windows\System\CKBudoO.exe
  2⤵
  PID:6440
- C:\Windows\System\fxFBBse.exe
  C:\Windows\System\fxFBBse.exe
  2⤵
  PID:6468
- C:\Windows\System\xrmeDfS.exe
  C:\Windows\System\xrmeDfS.exe
  2⤵
  PID:6496
- C:\Windows\System\TbasaCw.exe
  C:\Windows\System\TbasaCw.exe
  2⤵
  PID:6524
- C:\Windows\System\hofrydB.exe
  C:\Windows\System\hofrydB.exe
  2⤵
  PID:6552
- C:\Windows\System\oDRIxUK.exe
  C:\Windows\System\oDRIxUK.exe
  2⤵
  PID:6580
- C:\Windows\System\FGCgzOA.exe
  C:\Windows\System\FGCgzOA.exe
  2⤵
  PID:6608
- C:\Windows\System\cgSqyRA.exe
  C:\Windows\System\cgSqyRA.exe
  2⤵
  PID:6636
- C:\Windows\System\skZFzkZ.exe
  C:\Windows\System\skZFzkZ.exe
  2⤵
  PID:6664
- C:\Windows\System\NhXSyUU.exe
  C:\Windows\System\NhXSyUU.exe
  2⤵
  PID:6692
- C:\Windows\System\wtdVkap.exe
  C:\Windows\System\wtdVkap.exe
  2⤵
  PID:6720
- C:\Windows\System\eOaKloU.exe
  C:\Windows\System\eOaKloU.exe
  2⤵
  PID:6752
- C:\Windows\System\PXtvJRX.exe
  C:\Windows\System\PXtvJRX.exe
  2⤵
  PID:6780
- C:\Windows\System\ZZJTfMo.exe
  C:\Windows\System\ZZJTfMo.exe
  2⤵
  PID:6812
- C:\Windows\System\JTcZZeY.exe
  C:\Windows\System\JTcZZeY.exe
  2⤵
  PID:6840
- C:\Windows\System\uvzlvyt.exe
  C:\Windows\System\uvzlvyt.exe
  2⤵
  PID:6868
- C:\Windows\System\AHnppTU.exe
  C:\Windows\System\AHnppTU.exe
  2⤵
  PID:6900
- C:\Windows\System\aiOrhCH.exe
  C:\Windows\System\aiOrhCH.exe
  2⤵
  PID:6928
- C:\Windows\System\UlCfqac.exe
  C:\Windows\System\UlCfqac.exe
  2⤵
  PID:6956
- C:\Windows\System\eJMMgdk.exe
  C:\Windows\System\eJMMgdk.exe
  2⤵
  PID:6984
- C:\Windows\System\cMzHotS.exe
  C:\Windows\System\cMzHotS.exe
  2⤵
  PID:7012
- C:\Windows\System\IKkaKYg.exe
  C:\Windows\System\IKkaKYg.exe
  2⤵
  PID:7040
- C:\Windows\System\fmrnTkN.exe
  C:\Windows\System\fmrnTkN.exe
  2⤵
  PID:7068
- C:\Windows\System\FAocbfT.exe
  C:\Windows\System\FAocbfT.exe
  2⤵
  PID:7096
- C:\Windows\System\puFaeFl.exe
  C:\Windows\System\puFaeFl.exe
  2⤵
  PID:7124
- C:\Windows\System\LYZpzHv.exe
  C:\Windows\System\LYZpzHv.exe
  2⤵
  PID:7152
- C:\Windows\System\xFkArwt.exe
  C:\Windows\System\xFkArwt.exe
  2⤵
  PID:7184
- C:\Windows\System\ZYIeAvq.exe
  C:\Windows\System\ZYIeAvq.exe
  2⤵
  PID:7216
- C:\Windows\System\FlbOhrh.exe
  C:\Windows\System\FlbOhrh.exe
  2⤵
  PID:7240
- C:\Windows\System\pKKGjjx.exe
  C:\Windows\System\pKKGjjx.exe
  2⤵
  PID:7268
- C:\Windows\System\SxxPoXd.exe
  C:\Windows\System\SxxPoXd.exe
  2⤵
  PID:7300
- C:\Windows\System\PuNBVfH.exe
  C:\Windows\System\PuNBVfH.exe
  2⤵
  PID:7352
- C:\Windows\System\SJiYHwp.exe
  C:\Windows\System\SJiYHwp.exe
  2⤵
  PID:7388
- C:\Windows\System\PMiVLVT.exe
  C:\Windows\System\PMiVLVT.exe
  2⤵
  PID:7416
- C:\Windows\System\UexnGnT.exe
  C:\Windows\System\UexnGnT.exe
  2⤵
  PID:7440
- C:\Windows\System\yKqlXUd.exe
  C:\Windows\System\yKqlXUd.exe
  2⤵
  PID:7492
- C:\Windows\System\FPUZAbk.exe
  C:\Windows\System\FPUZAbk.exe
  2⤵
  PID:7508
- C:\Windows\System\bsxliET.exe
  C:\Windows\System\bsxliET.exe
  2⤵
  PID:7532
- C:\Windows\System\GaaDRnS.exe
  C:\Windows\System\GaaDRnS.exe
  2⤵
  PID:7572
- C:\Windows\System\cBnfnrQ.exe
  C:\Windows\System\cBnfnrQ.exe
  2⤵
  PID:7608
- C:\Windows\System\wMiDYjF.exe
  C:\Windows\System\wMiDYjF.exe
  2⤵
  PID:7636
- C:\Windows\System\MsfScJD.exe
  C:\Windows\System\MsfScJD.exe
  2⤵
  PID:7672
- C:\Windows\System\gVgGwoR.exe
  C:\Windows\System\gVgGwoR.exe
  2⤵
  PID:7696
- C:\Windows\System\OLOvLch.exe
  C:\Windows\System\OLOvLch.exe
  2⤵
  PID:7732
- C:\Windows\System\DKlQsMs.exe
  C:\Windows\System\DKlQsMs.exe
  2⤵
  PID:7764
- C:\Windows\System\ZPtAoyK.exe
  C:\Windows\System\ZPtAoyK.exe
  2⤵
  PID:7804
- C:\Windows\System\TwBjkOf.exe
  C:\Windows\System\TwBjkOf.exe
  2⤵
  PID:7832
- C:\Windows\System\stkiOPf.exe
  C:\Windows\System\stkiOPf.exe
  2⤵
  PID:7868
- C:\Windows\System\wFHeCfb.exe
  C:\Windows\System\wFHeCfb.exe
  2⤵
  PID:7884
- C:\Windows\System\NRuNAxg.exe
  C:\Windows\System\NRuNAxg.exe
  2⤵
  PID:7908
- C:\Windows\System\bOfRLGT.exe
  C:\Windows\System\bOfRLGT.exe
  2⤵
  PID:7948
- C:\Windows\System\HNBaCyB.exe
  C:\Windows\System\HNBaCyB.exe
  2⤵
  PID:7964
- C:\Windows\System\OMetmOT.exe
  C:\Windows\System\OMetmOT.exe
  2⤵
  PID:7988
- C:\Windows\System\KRVNImX.exe
  C:\Windows\System\KRVNImX.exe
  2⤵
  PID:8020
- C:\Windows\System\xEjwOQM.exe
  C:\Windows\System\xEjwOQM.exe
  2⤵
  PID:8040
- C:\Windows\System\bIPHste.exe
  C:\Windows\System\bIPHste.exe
  2⤵
  PID:8088
- C:\Windows\System\CLdmyzI.exe
  C:\Windows\System\CLdmyzI.exe
  2⤵
  PID:8108
- C:\Windows\System\RmlumcW.exe
  C:\Windows\System\RmlumcW.exe
  2⤵
  PID:8140
- C:\Windows\System\hBwOSIK.exe
  C:\Windows\System\hBwOSIK.exe
  2⤵
  PID:8160
- C:\Windows\System\PsolSOX.exe
  C:\Windows\System\PsolSOX.exe
  2⤵
  PID:8188
- C:\Windows\System\dKcHCyP.exe
  C:\Windows\System\dKcHCyP.exe
  2⤵
  PID:7204
- C:\Windows\System\tVOQyID.exe
  C:\Windows\System\tVOQyID.exe
  2⤵
  PID:7140
- C:\Windows\System\LEYLEbu.exe
  C:\Windows\System\LEYLEbu.exe
  2⤵
  PID:7108
- C:\Windows\System\sypSFPJ.exe
  C:\Windows\System\sypSFPJ.exe
  2⤵
  PID:1396
- C:\Windows\System\InmxQEY.exe
  C:\Windows\System\InmxQEY.exe
  2⤵
  PID:7028
- C:\Windows\System\mYOvsms.exe
  C:\Windows\System\mYOvsms.exe
  2⤵
  PID:6976
- C:\Windows\System\DMFEBSD.exe
  C:\Windows\System\DMFEBSD.exe
  2⤵
  PID:6944
- C:\Windows\System\cpebRmf.exe
  C:\Windows\System\cpebRmf.exe
  2⤵
  PID:6884
- C:\Windows\System\iGfbHwF.exe
  C:\Windows\System\iGfbHwF.exe
  2⤵
  PID:5012
- C:\Windows\System\QVwXORQ.exe
  C:\Windows\System\QVwXORQ.exe
  2⤵
  PID:6776
- C:\Windows\System\gOWFned.exe
  C:\Windows\System\gOWFned.exe
  2⤵
  PID:6740
- C:\Windows\System\qbzqPWY.exe
  C:\Windows\System\qbzqPWY.exe
  2⤵
  PID:6680
- C:\Windows\System\WwHiYZo.exe
  C:\Windows\System\WwHiYZo.exe
  2⤵
  PID:6624
- C:\Windows\System\SNYNCYT.exe
  C:\Windows\System\SNYNCYT.exe
  2⤵
  PID:6592
- C:\Windows\System\MDwVpni.exe
  C:\Windows\System\MDwVpni.exe
  2⤵
  PID:6540
- C:\Windows\System\FMdwAye.exe
  C:\Windows\System\FMdwAye.exe
  2⤵
  PID:6432
- C:\Windows\System\BfAGtbX.exe
  C:\Windows\System\BfAGtbX.exe
  2⤵
  PID:6400
- C:\Windows\System\nQRxrnY.exe
  C:\Windows\System\nQRxrnY.exe
  2⤵
  PID:6320
- C:\Windows\System\pfFkNfK.exe
  C:\Windows\System\pfFkNfK.exe
  2⤵
  PID:6256
- C:\Windows\System\uzUXrWN.exe
  C:\Windows\System\uzUXrWN.exe
  2⤵
  PID:6204
- C:\Windows\System\AnkcDqz.exe
  C:\Windows\System\AnkcDqz.exe
  2⤵
  PID:6152
- C:\Windows\System\AfDkEeX.exe
  C:\Windows\System\AfDkEeX.exe
  2⤵
  PID:6084
- C:\Windows\System\xsiMLqq.exe
  C:\Windows\System\xsiMLqq.exe
  2⤵
  PID:6028
- C:\Windows\System\VbwgaXa.exe
  C:\Windows\System\VbwgaXa.exe
  2⤵
  PID:5952
- C:\Windows\System\jrOKfAe.exe
  C:\Windows\System\jrOKfAe.exe
  2⤵
  PID:5832
- C:\Windows\System\DwDZywK.exe
  C:\Windows\System\DwDZywK.exe
  2⤵
  PID:5728
- C:\Windows\System\UIWnBdB.exe
  C:\Windows\System\UIWnBdB.exe
  2⤵
  PID:5692
- C:\Windows\System\xbjdBai.exe
  C:\Windows\System\xbjdBai.exe
  2⤵
  PID:5616
- C:\Windows\System\DjXQbeZ.exe
  C:\Windows\System\DjXQbeZ.exe
  2⤵
  PID:5584
- C:\Windows\System\ZgUQTxU.exe
  C:\Windows\System\ZgUQTxU.exe
  2⤵
  PID:5528
- C:\Windows\System\GtiFOuN.exe
  C:\Windows\System\GtiFOuN.exe
  2⤵
  PID:5472
- C:\Windows\System\Jtevlyb.exe
  C:\Windows\System\Jtevlyb.exe
  2⤵
  PID:5432
- C:\Windows\System\OfKXgzK.exe
  C:\Windows\System\OfKXgzK.exe
  2⤵
  PID:5372
- C:\Windows\System\KqjdXyL.exe
  C:\Windows\System\KqjdXyL.exe
  2⤵
  PID:5316
- C:\Windows\System\TUAxJVu.exe
  C:\Windows\System\TUAxJVu.exe
  2⤵
  PID:5260
- C:\Windows\System\LVnaGEd.exe
  C:\Windows\System\LVnaGEd.exe
  2⤵
  PID:5148
- C:\Windows\System\PQEJifu.exe
  C:\Windows\System\PQEJifu.exe
  2⤵
  PID:3816
- C:\Windows\System\uWhPnnV.exe
  C:\Windows\System\uWhPnnV.exe
  2⤵
  PID:3944
- C:\Windows\System\XWnExGU.exe
  C:\Windows\System\XWnExGU.exe
  2⤵
  PID:4748
- C:\Windows\System\pOzbCXS.exe
  C:\Windows\System\pOzbCXS.exe
  2⤵
  PID:4812
- C:\Windows\System\QORvPcO.exe
  C:\Windows\System\QORvPcO.exe
  2⤵
  PID:4612
- C:\Windows\System\DdujXMw.exe
  C:\Windows\System\DdujXMw.exe
  2⤵
  PID:1204
- C:\Windows\System\qhOYwPg.exe
  C:\Windows\System\qhOYwPg.exe
  2⤵
  PID:5076
- C:\Windows\System\fbHvOco.exe
  C:\Windows\System\fbHvOco.exe
  2⤵
  PID:784
- C:\Windows\System\OUrYvRo.exe
  C:\Windows\System\OUrYvRo.exe
  2⤵
  PID:7288
- C:\Windows\System\vhynfQk.exe
  C:\Windows\System\vhynfQk.exe
  2⤵
  PID:7260
- C:\Windows\System\iQIaAco.exe
  C:\Windows\System\iQIaAco.exe
  2⤵
  PID:7432
- C:\Windows\System\SehiQSb.exe
  C:\Windows\System\SehiQSb.exe
  2⤵
  PID:7452
- C:\Windows\System\dhDFZWj.exe
  C:\Windows\System\dhDFZWj.exe
  2⤵
  PID:7484
- C:\Windows\System\PSpSimv.exe
  C:\Windows\System\PSpSimv.exe
  2⤵
  PID:7560
- C:\Windows\System\qWZpMeJ.exe
  C:\Windows\System\qWZpMeJ.exe
  2⤵
  PID:7652
- C:\Windows\System\iaOlVYV.exe
  C:\Windows\System\iaOlVYV.exe
  2⤵
  PID:3832
- C:\Windows\System\vbmbEYU.exe
  C:\Windows\System\vbmbEYU.exe
  2⤵
  PID:7744
- C:\Windows\System\PtCugEX.exe
  C:\Windows\System\PtCugEX.exe
  2⤵
  PID:7776
- C:\Windows\System\RIWxGCJ.exe
  C:\Windows\System\RIWxGCJ.exe
  2⤵
  PID:996
- C:\Windows\System\dJKZkbX.exe
  C:\Windows\System\dJKZkbX.exe
  2⤵
  PID:7860
- C:\Windows\System\LtDNkDJ.exe
  C:\Windows\System\LtDNkDJ.exe
  2⤵
  PID:7904
- C:\Windows\System\UVxTcdU.exe
  C:\Windows\System\UVxTcdU.exe
  2⤵
  PID:8012
- C:\Windows\System\zTGZKWB.exe
  C:\Windows\System\zTGZKWB.exe
  2⤵
  PID:8068
- C:\Windows\System\calMANh.exe
  C:\Windows\System\calMANh.exe
  2⤵
  PID:8100
- C:\Windows\System\MhPslZR.exe
  C:\Windows\System\MhPslZR.exe
  2⤵
  PID:8156
- C:\Windows\System\lyRXOJm.exe
  C:\Windows\System\lyRXOJm.exe
  2⤵
  PID:4312
- C:\Windows\System\BWHshME.exe
  C:\Windows\System\BWHshME.exe
  2⤵
  PID:7060
- C:\Windows\System\BdeXOaB.exe
  C:\Windows\System\BdeXOaB.exe
  2⤵
  PID:7000
- C:\Windows\System\yXCzfVI.exe
  C:\Windows\System\yXCzfVI.exe
  2⤵
  PID:6888
- C:\Windows\System\HVzUBoh.exe
  C:\Windows\System\HVzUBoh.exe
  2⤵
  PID:6832
- C:\Windows\System\vQVgBHC.exe
  C:\Windows\System\vQVgBHC.exe
  2⤵
  PID:6656
- C:\Windows\System\mzohheV.exe
  C:\Windows\System\mzohheV.exe
  2⤵
  PID:6452
- C:\Windows\System\ofGgLvT.exe
  C:\Windows\System\ofGgLvT.exe
  2⤵
  PID:6348
- C:\Windows\System\BZAFJte.exe
  C:\Windows\System\BZAFJte.exe
  2⤵
  PID:6092
- C:\Windows\System\HLLQpVY.exe
  C:\Windows\System\HLLQpVY.exe
  2⤵
  PID:6060
- C:\Windows\System\HXaMMLu.exe
  C:\Windows\System\HXaMMLu.exe
  2⤵
  PID:5892
- C:\Windows\System\XHVrqIZ.exe
  C:\Windows\System\XHVrqIZ.exe
  2⤵
  PID:5668
- C:\Windows\System\vfmzbxH.exe
  C:\Windows\System\vfmzbxH.exe
  2⤵
  PID:5640
- C:\Windows\System\ypdjUfL.exe
  C:\Windows\System\ypdjUfL.exe
  2⤵
  PID:5268
- C:\Windows\System\mUidnmM.exe
  C:\Windows\System\mUidnmM.exe
  2⤵
  PID:5172
- C:\Windows\System\mdEvVwZ.exe
  C:\Windows\System\mdEvVwZ.exe
  2⤵
  PID:2200
- C:\Windows\System\AQPMkBG.exe
  C:\Windows\System\AQPMkBG.exe
  2⤵
  PID:4212
- C:\Windows\System\EcdvEhr.exe
  C:\Windows\System\EcdvEhr.exe
  2⤵
  PID:860
- C:\Windows\System\PPcHQdB.exe
  C:\Windows\System\PPcHQdB.exe
  2⤵
  PID:4960
- C:\Windows\System\LhBjTKL.exe
  C:\Windows\System\LhBjTKL.exe
  2⤵
  PID:7264
- C:\Windows\System\TYhwMQK.exe
  C:\Windows\System\TYhwMQK.exe
  2⤵
  PID:7408
- C:\Windows\System\EQDFJzy.exe
  C:\Windows\System\EQDFJzy.exe
  2⤵
  PID:7600
- C:\Windows\System\niaIGBs.exe
  C:\Windows\System\niaIGBs.exe
  2⤵
  PID:7688
- C:\Windows\System\qYEopjD.exe
  C:\Windows\System\qYEopjD.exe
  2⤵
  PID:3396
- C:\Windows\System\XvWEFJS.exe
  C:\Windows\System\XvWEFJS.exe
  2⤵
  PID:1508
- C:\Windows\System\YqEjnub.exe
  C:\Windows\System\YqEjnub.exe
  2⤵
  PID:7972
- C:\Windows\System\nBLxcYi.exe
  C:\Windows\System\nBLxcYi.exe
  2⤵
  PID:8136
- C:\Windows\System\aRnTtIm.exe
  C:\Windows\System\aRnTtIm.exe
  2⤵
  PID:7112
- C:\Windows\System\tbRdaOW.exe
  C:\Windows\System\tbRdaOW.exe
  2⤵
  PID:6404
- C:\Windows\System\PTwIpQf.exe
  C:\Windows\System\PTwIpQf.exe
  2⤵
  PID:6228
- C:\Windows\System\ShshTtR.exe
  C:\Windows\System\ShshTtR.exe
  2⤵
  PID:6376
- C:\Windows\System\yxljNBj.exe
  C:\Windows\System\yxljNBj.exe
  2⤵
  PID:5496
- C:\Windows\System\PlkWGIG.exe
  C:\Windows\System\PlkWGIG.exe
  2⤵
  PID:5344
- C:\Windows\System\QsiRkou.exe
  C:\Windows\System\QsiRkou.exe
  2⤵
  PID:4156
- C:\Windows\System\RDwmUzB.exe
  C:\Windows\System\RDwmUzB.exe
  2⤵
  PID:7380
- C:\Windows\System\fbQvaev.exe
  C:\Windows\System\fbQvaev.exe
  2⤵
  PID:7320
- C:\Windows\System\yPtRQLG.exe
  C:\Windows\System\yPtRQLG.exe
  2⤵
  PID:7520
- C:\Windows\System\mCfwWVU.exe
  C:\Windows\System\mCfwWVU.exe
  2⤵
  PID:7876
- C:\Windows\System\crOjdlj.exe
  C:\Windows\System\crOjdlj.exe
  2⤵
  PID:6968
- C:\Windows\System\qObHOgM.exe
  C:\Windows\System\qObHOgM.exe
  2⤵
  PID:5944
- C:\Windows\System\qSuAOeD.exe
  C:\Windows\System\qSuAOeD.exe
  2⤵
  PID:5436
- C:\Windows\System\qcDEehV.exe
  C:\Windows\System\qcDEehV.exe
  2⤵
  PID:7956
- C:\Windows\System\UydqGwk.exe
  C:\Windows\System\UydqGwk.exe
  2⤵
  PID:8152
- C:\Windows\System\gkroiGc.exe
  C:\Windows\System\gkroiGc.exe
  2⤵
  PID:6856
- C:\Windows\System\tpiileK.exe
  C:\Windows\System\tpiileK.exe
  2⤵
  PID:4016
- C:\Windows\System\FxlSfyL.exe
  C:\Windows\System\FxlSfyL.exe
  2⤵
  PID:8236
- C:\Windows\System\nbIKPwU.exe
  C:\Windows\System\nbIKPwU.exe
  2⤵
  PID:8260
- C:\Windows\System\otYbzGG.exe
  C:\Windows\System\otYbzGG.exe
  2⤵
  PID:8300
- C:\Windows\System\DINbFrp.exe
  C:\Windows\System\DINbFrp.exe
  2⤵
  PID:8332
- C:\Windows\System\AOeSXML.exe
  C:\Windows\System\AOeSXML.exe
  2⤵
  PID:8360
- C:\Windows\System\Jkjpbnz.exe
  C:\Windows\System\Jkjpbnz.exe
  2⤵
  PID:8384
- C:\Windows\System\fCbDclv.exe
  C:\Windows\System\fCbDclv.exe
  2⤵
  PID:8412
- C:\Windows\System\JBFGddd.exe
  C:\Windows\System\JBFGddd.exe
  2⤵
  PID:8432
- C:\Windows\System\YVAUgVU.exe
  C:\Windows\System\YVAUgVU.exe
  2⤵
  PID:8472
- C:\Windows\System\cWtQvdD.exe
  C:\Windows\System\cWtQvdD.exe
  2⤵
  PID:8496
- C:\Windows\System\BmYincj.exe
  C:\Windows\System\BmYincj.exe
  2⤵
  PID:8524
- C:\Windows\System\yIPuLMu.exe
  C:\Windows\System\yIPuLMu.exe
  2⤵
  PID:8544
- C:\Windows\System\wRekPaW.exe
  C:\Windows\System\wRekPaW.exe
  2⤵
  PID:8560
- C:\Windows\System\fVAknie.exe
  C:\Windows\System\fVAknie.exe
  2⤵
  PID:8600
- C:\Windows\System\FgUwBFf.exe
  C:\Windows\System\FgUwBFf.exe
  2⤵
  PID:8620
- C:\Windows\System\hRKhNem.exe
  C:\Windows\System\hRKhNem.exe
  2⤵
  PID:8648
- C:\Windows\System\nxsaEyT.exe
  C:\Windows\System\nxsaEyT.exe
  2⤵
  PID:8668
- C:\Windows\System\BXtDiwY.exe
  C:\Windows\System\BXtDiwY.exe
  2⤵
  PID:8696
- C:\Windows\System\VKYICVD.exe
  C:\Windows\System\VKYICVD.exe
  2⤵
  PID:8716
- C:\Windows\System\dBieMSc.exe
  C:\Windows\System\dBieMSc.exe
  2⤵
  PID:8744
- C:\Windows\System\xRgqWMX.exe
  C:\Windows\System\xRgqWMX.exe
  2⤵
  PID:8776
- C:\Windows\System\CmzaiMI.exe
  C:\Windows\System\CmzaiMI.exe
  2⤵
  PID:8824
- C:\Windows\System\sDbzeFE.exe
  C:\Windows\System\sDbzeFE.exe
  2⤵
  PID:8844
- C:\Windows\System\BqgtsKl.exe
  C:\Windows\System\BqgtsKl.exe
  2⤵
  PID:8876
- C:\Windows\System\JlmFjuE.exe
  C:\Windows\System\JlmFjuE.exe
  2⤵
  PID:8892
- C:\Windows\System\tOFIcVh.exe
  C:\Windows\System\tOFIcVh.exe
  2⤵
  PID:8920
- C:\Windows\System\ScWlzPM.exe
  C:\Windows\System\ScWlzPM.exe
  2⤵
  PID:8940
- C:\Windows\System\xFHlGTQ.exe
  C:\Windows\System\xFHlGTQ.exe
  2⤵
  PID:8976
- C:\Windows\System\yUqQgsE.exe
  C:\Windows\System\yUqQgsE.exe
  2⤵
  PID:9028
- C:\Windows\System\RdJiELE.exe
  C:\Windows\System\RdJiELE.exe
  2⤵
  PID:9048
- C:\Windows\System\RhgeXnd.exe
  C:\Windows\System\RhgeXnd.exe
  2⤵
  PID:9088
- C:\Windows\System\hWQUVis.exe
  C:\Windows\System\hWQUVis.exe
  2⤵
  PID:9112
- C:\Windows\System\elxuybD.exe
  C:\Windows\System\elxuybD.exe
  2⤵
  PID:9140
- C:\Windows\System\mXmwJnc.exe
  C:\Windows\System\mXmwJnc.exe
  2⤵
  PID:9168
- C:\Windows\System\whwqMmD.exe
  C:\Windows\System\whwqMmD.exe
  2⤵
  PID:9188
- C:\Windows\System\ygAlNyJ.exe
  C:\Windows\System\ygAlNyJ.exe
  2⤵
  PID:2876
- C:\Windows\System\wuXgSjr.exe
  C:\Windows\System\wuXgSjr.exe
  2⤵
  PID:8228
- C:\Windows\System\jdGYtju.exe
  C:\Windows\System\jdGYtju.exe
  2⤵
  PID:8296
- C:\Windows\System\etcAscq.exe
  C:\Windows\System\etcAscq.exe
  2⤵
  PID:8352
- C:\Windows\System\yTJMFEF.exe
  C:\Windows\System\yTJMFEF.exe
  2⤵
  PID:8400
- C:\Windows\System\usvvqcI.exe
  C:\Windows\System\usvvqcI.exe
  2⤵
  PID:8452
- C:\Windows\System\oemczQw.exe
  C:\Windows\System\oemczQw.exe
  2⤵
  PID:8516
- C:\Windows\System\IdIBhis.exe
  C:\Windows\System\IdIBhis.exe
  2⤵
  PID:8540
- C:\Windows\System\mdqPVpE.exe
  C:\Windows\System\mdqPVpE.exe
  2⤵
  PID:8588
- C:\Windows\System\bNjGmeV.exe
  C:\Windows\System\bNjGmeV.exe
  2⤵
  PID:8660
- C:\Windows\System\gjDTDmU.exe
  C:\Windows\System\gjDTDmU.exe
  2⤵
  PID:8736
- C:\Windows\System\WlCMNTd.exe
  C:\Windows\System\WlCMNTd.exe
  2⤵
  PID:8852
- C:\Windows\System\ttHXXOo.exe
  C:\Windows\System\ttHXXOo.exe
  2⤵
  PID:8900
- C:\Windows\System\daOPQhu.exe
  C:\Windows\System\daOPQhu.exe
  2⤵
  PID:8908
- C:\Windows\System\PcXxvBg.exe
  C:\Windows\System\PcXxvBg.exe
  2⤵
  PID:9012
- C:\Windows\System\oSKHgui.exe
  C:\Windows\System\oSKHgui.exe
  2⤵
  PID:9100
- C:\Windows\System\pJuEfvC.exe
  C:\Windows\System\pJuEfvC.exe
  2⤵
  PID:9176
- C:\Windows\System\foswlWG.exe
  C:\Windows\System\foswlWG.exe
  2⤵
  PID:8376
- C:\Windows\System\DcFluWi.exe
  C:\Windows\System\DcFluWi.exe
  2⤵
  PID:8468
- C:\Windows\System\BCHHmpv.exe
  C:\Windows\System\BCHHmpv.exe
  2⤵
  PID:8636
- C:\Windows\System\kbRuhmC.exe
  C:\Windows\System\kbRuhmC.exe
  2⤵
  PID:8812
- C:\Windows\System\olGgonV.exe
  C:\Windows\System\olGgonV.exe
  2⤵
  PID:9044
- C:\Windows\System\tgHrHjA.exe
  C:\Windows\System\tgHrHjA.exe
  2⤵
  PID:9232
- C:\Windows\System\kdkSCcc.exe
  C:\Windows\System\kdkSCcc.exe
  2⤵
  PID:9252
- C:\Windows\System\HBkIItp.exe
  C:\Windows\System\HBkIItp.exe
  2⤵
  PID:9272
- C:\Windows\System\yQFUnJZ.exe
  C:\Windows\System\yQFUnJZ.exe
  2⤵
  PID:9288
- C:\Windows\System\ZmGbmHZ.exe
  C:\Windows\System\ZmGbmHZ.exe
  2⤵
  PID:9304
- C:\Windows\System\kzLVXoR.exe
  C:\Windows\System\kzLVXoR.exe
  2⤵
  PID:9320
- C:\Windows\System\OeexDba.exe
  C:\Windows\System\OeexDba.exe
  2⤵
  PID:9336
- C:\Windows\System\uBkOreA.exe
  C:\Windows\System\uBkOreA.exe
  2⤵
  PID:9352
- C:\Windows\System\LFUkiNY.exe
  C:\Windows\System\LFUkiNY.exe
  2⤵
  PID:9368
- C:\Windows\System\oSgWEcF.exe
  C:\Windows\System\oSgWEcF.exe
  2⤵
  PID:9440
- C:\Windows\System\IOzGluS.exe
  C:\Windows\System\IOzGluS.exe
  2⤵
  PID:9456
- C:\Windows\System\HJdBNgp.exe
  C:\Windows\System\HJdBNgp.exe
  2⤵
  PID:9516
- C:\Windows\System\rmtauZV.exe
  C:\Windows\System\rmtauZV.exe
  2⤵
  PID:9532
- C:\Windows\System\yBIDCTG.exe
  C:\Windows\System\yBIDCTG.exe
  2⤵
  PID:9600
- C:\Windows\System\JwdCtFF.exe
  C:\Windows\System\JwdCtFF.exe
  2⤵
  PID:9688
- C:\Windows\System\tfmNmBQ.exe
  C:\Windows\System\tfmNmBQ.exe
  2⤵
  PID:9716
- C:\Windows\System\MvNloGg.exe
  C:\Windows\System\MvNloGg.exe
  2⤵
  PID:9736
- C:\Windows\System\WldWuyL.exe
  C:\Windows\System\WldWuyL.exe
  2⤵
  PID:9764
- C:\Windows\System\mFCQYQQ.exe
  C:\Windows\System\mFCQYQQ.exe
  2⤵
  PID:9788
- C:\Windows\System\PkESgrT.exe
  C:\Windows\System\PkESgrT.exe
  2⤵
  PID:9828
- C:\Windows\System\ChQlKIO.exe
  C:\Windows\System\ChQlKIO.exe
  2⤵
  PID:9848
- C:\Windows\System\rNQndHA.exe
  C:\Windows\System\rNQndHA.exe
  2⤵
  PID:9888
- C:\Windows\System\xuhtalH.exe
  C:\Windows\System\xuhtalH.exe
  2⤵
  PID:9920
- C:\Windows\System\zAaZqQz.exe
  C:\Windows\System\zAaZqQz.exe
  2⤵
  PID:9944
- C:\Windows\System\eRDKoIS.exe
  C:\Windows\System\eRDKoIS.exe
  2⤵
  PID:9968
- C:\Windows\System\BUuITHo.exe
  C:\Windows\System\BUuITHo.exe
  2⤵
  PID:9984
- C:\Windows\System\SGdFpPb.exe
  C:\Windows\System\SGdFpPb.exe
  2⤵
  PID:10044
- C:\Windows\System\azDneEo.exe
  C:\Windows\System\azDneEo.exe
  2⤵
  PID:10064
- C:\Windows\System\VUdmAQt.exe
  C:\Windows\System\VUdmAQt.exe
  2⤵
  PID:10092
- C:\Windows\System\ekkGzEI.exe
  C:\Windows\System\ekkGzEI.exe
  2⤵
  PID:10112
- C:\Windows\System\wmoTUGe.exe
  C:\Windows\System\wmoTUGe.exe
  2⤵
  PID:10144
- C:\Windows\System\DtDwCsX.exe
  C:\Windows\System\DtDwCsX.exe
  2⤵
  PID:10168
- C:\Windows\System\cLfZaFc.exe
  C:\Windows\System\cLfZaFc.exe
  2⤵
  PID:10192
- C:\Windows\System\TlNroyj.exe
  C:\Windows\System\TlNroyj.exe
  2⤵
  PID:8292
- C:\Windows\System\iuRZtCZ.exe
  C:\Windows\System\iuRZtCZ.exe
  2⤵
  PID:8252
- C:\Windows\System\XkWnCkU.exe
  C:\Windows\System\XkWnCkU.exe
  2⤵
  PID:9300
- C:\Windows\System\lAgJUuf.exe
  C:\Windows\System\lAgJUuf.exe
  2⤵
  PID:8800
- C:\Windows\System\cKRUcHc.exe
  C:\Windows\System\cKRUcHc.exe
  2⤵
  PID:9160
- C:\Windows\System\RAKekaX.exe
  C:\Windows\System\RAKekaX.exe
  2⤵
  PID:9416
- C:\Windows\System\RdTugQc.exe
  C:\Windows\System\RdTugQc.exe
  2⤵
  PID:8996
- C:\Windows\System\bQgxqXn.exe
  C:\Windows\System\bQgxqXn.exe
  2⤵
  PID:9280
- C:\Windows\System\ySFWXxD.exe
  C:\Windows\System\ySFWXxD.exe
  2⤵
  PID:9296
- C:\Windows\System\tueuJLI.exe
  C:\Windows\System\tueuJLI.exe
  2⤵
  PID:9360
- C:\Windows\System\xTjpjWX.exe
  C:\Windows\System\xTjpjWX.exe
  2⤵
  PID:9528
- C:\Windows\System\CAcBmmc.exe
  C:\Windows\System\CAcBmmc.exe
  2⤵
  PID:9584
- C:\Windows\System\hnwLzCp.exe
  C:\Windows\System\hnwLzCp.exe
  2⤵
  PID:9676
- C:\Windows\System\DmBpDxZ.exe
  C:\Windows\System\DmBpDxZ.exe
  2⤵
  PID:9680
- C:\Windows\System\NRwGYEU.exe
  C:\Windows\System\NRwGYEU.exe
  2⤵
  PID:9760
- C:\Windows\System\RJnvTsr.exe
  C:\Windows\System\RJnvTsr.exe
  2⤵
  PID:9780
- C:\Windows\System\XGzPoTb.exe
  C:\Windows\System\XGzPoTb.exe
  2⤵
  PID:9908
- C:\Windows\System\elvlsRe.exe
  C:\Windows\System\elvlsRe.exe
  2⤵
  PID:10036
- C:\Windows\System\uDovkbC.exe
  C:\Windows\System\uDovkbC.exe
  2⤵
  PID:10056
- C:\Windows\System\PtJSHbI.exe
  C:\Windows\System\PtJSHbI.exe
  2⤵
  PID:10124
- C:\Windows\System\LbaEsnZ.exe
  C:\Windows\System\LbaEsnZ.exe
  2⤵
  PID:10188
- C:\Windows\System\IYNNJgH.exe
  C:\Windows\System\IYNNJgH.exe
  2⤵
  PID:10236
- C:\Windows\System\hZgehwb.exe
  C:\Windows\System\hZgehwb.exe
  2⤵
  PID:8684
- C:\Windows\System\RiYbxxC.exe
  C:\Windows\System\RiYbxxC.exe
  2⤵
  PID:9424
- C:\Windows\System\JkXgDxU.exe
  C:\Windows\System\JkXgDxU.exe
  2⤵
  PID:9396
- C:\Windows\System\AjCcESP.exe
  C:\Windows\System\AjCcESP.exe
  2⤵
  PID:9580
- C:\Windows\System\naXDFdO.exe
  C:\Windows\System\naXDFdO.exe
  2⤵
  PID:9744
- C:\Windows\System\sxGmmzv.exe
  C:\Windows\System\sxGmmzv.exe
  2⤵
  PID:9876
- C:\Windows\System\cynZhRr.exe
  C:\Windows\System\cynZhRr.exe
  2⤵
  PID:10000
- C:\Windows\System\JPelfLM.exe
  C:\Windows\System\JPelfLM.exe
  2⤵
  PID:10080
- C:\Windows\System\tbxRLfT.exe
  C:\Windows\System\tbxRLfT.exe
  2⤵
  PID:8712
- C:\Windows\System\uueCIot.exe
  C:\Windows\System\uueCIot.exe
  2⤵
  PID:9540
- C:\Windows\System\ccqDLZS.exe
  C:\Windows\System\ccqDLZS.exe
  2⤵
  PID:9448
- C:\Windows\System\MVZTQjm.exe
  C:\Windows\System\MVZTQjm.exe
  2⤵
  PID:9936
- C:\Windows\System\rucWakZ.exe
  C:\Windows\System\rucWakZ.exe
  2⤵
  PID:10128
- C:\Windows\System\tyTYjcC.exe
  C:\Windows\System\tyTYjcC.exe
  2⤵
  PID:9488
- C:\Windows\System\hphcuCC.exe
  C:\Windows\System\hphcuCC.exe
  2⤵
  PID:10264
- C:\Windows\System\iulWWas.exe
  C:\Windows\System\iulWWas.exe
  2⤵
  PID:10296
- C:\Windows\System\LJTaQdi.exe
  C:\Windows\System\LJTaQdi.exe
  2⤵
  PID:10332
- C:\Windows\System\ZlYtJmn.exe
  C:\Windows\System\ZlYtJmn.exe
  2⤵
  PID:10356
- C:\Windows\System\GWgaRhF.exe
  C:\Windows\System\GWgaRhF.exe
  2⤵
  PID:10388
- C:\Windows\System\GFywMxG.exe
  C:\Windows\System\GFywMxG.exe
  2⤵
  PID:10416
- C:\Windows\System\DHWXpge.exe
  C:\Windows\System\DHWXpge.exe
  2⤵
  PID:10452
- C:\Windows\System\jNDExOA.exe
  C:\Windows\System\jNDExOA.exe
  2⤵
  PID:10492
- C:\Windows\System\iWbSTqh.exe
  C:\Windows\System\iWbSTqh.exe
  2⤵
  PID:10508
- C:\Windows\System\AcMUtQu.exe
  C:\Windows\System\AcMUtQu.exe
  2⤵
  PID:10532
- C:\Windows\System\gqJOYYv.exe
  C:\Windows\System\gqJOYYv.exe
  2⤵
  PID:10560
- C:\Windows\System\EXbebkx.exe
  C:\Windows\System\EXbebkx.exe
  2⤵
  PID:10580
- C:\Windows\System\doberax.exe
  C:\Windows\System\doberax.exe
  2⤵
  PID:10604
- C:\Windows\System\moqKEbu.exe
  C:\Windows\System\moqKEbu.exe
  2⤵
  PID:10628
- C:\Windows\System\zRULCns.exe
  C:\Windows\System\zRULCns.exe
  2⤵
  PID:10652
- C:\Windows\System\lZZfCcp.exe
  C:\Windows\System\lZZfCcp.exe
  2⤵
  PID:10680
- C:\Windows\System\SMVYPNZ.exe
  C:\Windows\System\SMVYPNZ.exe
  2⤵
  PID:10704
- C:\Windows\System\fLtfAmR.exe
  C:\Windows\System\fLtfAmR.exe
  2⤵
  PID:10740
- C:\Windows\System\UjUBNMl.exe
  C:\Windows\System\UjUBNMl.exe
  2⤵
  PID:10772
- C:\Windows\System\keeUoIM.exe
  C:\Windows\System\keeUoIM.exe
  2⤵
  PID:10800
- C:\Windows\System\HOzqsPC.exe
  C:\Windows\System\HOzqsPC.exe
  2⤵
  PID:10832
- C:\Windows\System\wFhjMkR.exe
  C:\Windows\System\wFhjMkR.exe
  2⤵
  PID:10868
- C:\Windows\System\QaDjpsK.exe
  C:\Windows\System\QaDjpsK.exe
  2⤵
  PID:10908
- C:\Windows\System\ztBsZac.exe
  C:\Windows\System\ztBsZac.exe
  2⤵
  PID:10928
- C:\Windows\System\xEksAsM.exe
  C:\Windows\System\xEksAsM.exe
  2⤵
  PID:10972
- C:\Windows\System\nWxaIwV.exe
  C:\Windows\System\nWxaIwV.exe
  2⤵
  PID:10996
- C:\Windows\System\PibsNXY.exe
  C:\Windows\System\PibsNXY.exe
  2⤵
  PID:11032
- C:\Windows\System\ADWSCRX.exe
  C:\Windows\System\ADWSCRX.exe
  2⤵
  PID:11056
- C:\Windows\System\LeJmBak.exe
  C:\Windows\System\LeJmBak.exe
  2⤵
  PID:11080
- C:\Windows\System\fmUPaZK.exe
  C:\Windows\System\fmUPaZK.exe
  2⤵
  PID:11112
- C:\Windows\System\EBEdOLY.exe
  C:\Windows\System\EBEdOLY.exe
  2⤵
  PID:11128
- C:\Windows\System\kqiBhuY.exe
  C:\Windows\System\kqiBhuY.exe
  2⤵
  PID:11156
- C:\Windows\System\PIThejn.exe
  C:\Windows\System\PIThejn.exe
  2⤵
  PID:11180
- C:\Windows\System\wnDVnzL.exe
  C:\Windows\System\wnDVnzL.exe
  2⤵
  PID:11224
- C:\Windows\System\LhujPEg.exe
  C:\Windows\System\LhujPEg.exe
  2⤵
  PID:11248
- C:\Windows\System\QnoSWIu.exe
  C:\Windows\System\QnoSWIu.exe
  2⤵
  PID:10252
- C:\Windows\System\efEDazc.exe
  C:\Windows\System\efEDazc.exe
  2⤵
  PID:9728
- C:\Windows\System\JfGqfYG.exe
  C:\Windows\System\JfGqfYG.exe
  2⤵
  PID:10380
- C:\Windows\System\fCNlKQC.exe
  C:\Windows\System\fCNlKQC.exe
  2⤵
  PID:10384
- C:\Windows\System\sOesgcg.exe
  C:\Windows\System\sOesgcg.exe
  2⤵
  PID:10436
- C:\Windows\System\tHCGBhI.exe
  C:\Windows\System\tHCGBhI.exe
  2⤵
  PID:10500
- C:\Windows\System\rSwzGlU.exe
  C:\Windows\System\rSwzGlU.exe
  2⤵
  PID:10600
- C:\Windows\System\UegCSKd.exe
  C:\Windows\System\UegCSKd.exe
  2⤵
  PID:10572
- C:\Windows\System\baKaezG.exe
  C:\Windows\System\baKaezG.exe
  2⤵
  PID:10672
- C:\Windows\System\SHmrxCE.exe
  C:\Windows\System\SHmrxCE.exe
  2⤵
  PID:10764
- C:\Windows\System\CrvPpgE.exe
  C:\Windows\System\CrvPpgE.exe
  2⤵
  PID:10784
- C:\Windows\System\CbXsfYz.exe
  C:\Windows\System\CbXsfYz.exe
  2⤵
  PID:10896
- C:\Windows\System\MYYDHqp.exe
  C:\Windows\System\MYYDHqp.exe
  2⤵
  PID:11012
- C:\Windows\System\BAsrpvr.exe
  C:\Windows\System\BAsrpvr.exe
  2⤵
  PID:11064
- C:\Windows\System\uHGhAcs.exe
  C:\Windows\System\uHGhAcs.exe
  2⤵
  PID:11104
- C:\Windows\System\YoVyyRN.exe
  C:\Windows\System\YoVyyRN.exe
  2⤵
  PID:11124
- C:\Windows\System\cuyUzpo.exe
  C:\Windows\System\cuyUzpo.exe
  2⤵
  PID:11196
- C:\Windows\System\ZqUSSSW.exe
  C:\Windows\System\ZqUSSSW.exe
  2⤵
  PID:11232
- C:\Windows\System\MnPcmFr.exe
  C:\Windows\System\MnPcmFr.exe
  2⤵
  PID:10352
- C:\Windows\System\bDYcffd.exe
  C:\Windows\System\bDYcffd.exe
  2⤵
  PID:10476
- C:\Windows\System\XzTYOqT.exe
  C:\Windows\System\XzTYOqT.exe
  2⤵
  PID:10760
- C:\Windows\System\btOrfte.exe
  C:\Windows\System\btOrfte.exe
  2⤵
  PID:11028
- C:\Windows\System\dIuAyWY.exe
  C:\Windows\System\dIuAyWY.exe
  2⤵
  PID:11052
- C:\Windows\System\ISPLrue.exe
  C:\Windows\System\ISPLrue.exe
  2⤵
  PID:11148
- C:\Windows\System\ByjQDCN.exe
  C:\Windows\System\ByjQDCN.exe
  2⤵
  PID:10468
- C:\Windows\System\oDLxRdx.exe
  C:\Windows\System\oDLxRdx.exe
  2⤵
  PID:10664
- C:\Windows\System\JQSJzqa.exe
  C:\Windows\System\JQSJzqa.exe
  2⤵
  PID:11020
- C:\Windows\System\svJgLkB.exe
  C:\Windows\System\svJgLkB.exe
  2⤵
  PID:10272
- C:\Windows\System\vrbHYPu.exe
  C:\Windows\System\vrbHYPu.exe
  2⤵
  PID:10552
- C:\Windows\System\LcsTszz.exe
  C:\Windows\System\LcsTszz.exe
  2⤵
  PID:11300
- C:\Windows\System\gzFIiiL.exe
  C:\Windows\System\gzFIiiL.exe
  2⤵
  PID:11324
- C:\Windows\System\xhNcRqu.exe
  C:\Windows\System\xhNcRqu.exe
  2⤵
  PID:11360
- C:\Windows\System\CHnxGHB.exe
  C:\Windows\System\CHnxGHB.exe
  2⤵
  PID:11400
- C:\Windows\System\HLQcvgf.exe
  C:\Windows\System\HLQcvgf.exe
  2⤵
  PID:11424
- C:\Windows\System\THLuBoy.exe
  C:\Windows\System\THLuBoy.exe
  2⤵
  PID:11444
- C:\Windows\System\LrUhvhY.exe
  C:\Windows\System\LrUhvhY.exe
  2⤵
  PID:11464
- C:\Windows\System\CUhTVdN.exe
  C:\Windows\System\CUhTVdN.exe
  2⤵
  PID:11496
- C:\Windows\System\ndgcWsr.exe
  C:\Windows\System\ndgcWsr.exe
  2⤵
  PID:11524
- C:\Windows\System\djnjqZC.exe
  C:\Windows\System\djnjqZC.exe
  2⤵
  PID:11544
- C:\Windows\System\yBfBSZf.exe
  C:\Windows\System\yBfBSZf.exe
  2⤵
  PID:11584
- C:\Windows\System\kJveFil.exe
  C:\Windows\System\kJveFil.exe
  2⤵
  PID:11620
- C:\Windows\System\TPzYPJJ.exe
  C:\Windows\System\TPzYPJJ.exe
  2⤵
  PID:11644
- C:\Windows\System\HJlDPvU.exe
  C:\Windows\System\HJlDPvU.exe
  2⤵
  PID:11668
- C:\Windows\System\cgBbzMF.exe
  C:\Windows\System\cgBbzMF.exe
  2⤵
  PID:11688
- C:\Windows\System\KateuOc.exe
  C:\Windows\System\KateuOc.exe
  2⤵
  PID:11728
- C:\Windows\System\CuXpIvC.exe
  C:\Windows\System\CuXpIvC.exe
  2⤵
  PID:11752
- C:\Windows\System\QzMhbZQ.exe
  C:\Windows\System\QzMhbZQ.exe
  2⤵
  PID:11776
- C:\Windows\System\dCxSAvw.exe
  C:\Windows\System\dCxSAvw.exe
  2⤵
  PID:11816
- C:\Windows\System\vxTBKkC.exe
  C:\Windows\System\vxTBKkC.exe
  2⤵
  PID:11836
- C:\Windows\System\AAPJmNl.exe
  C:\Windows\System\AAPJmNl.exe
  2⤵
  PID:11860
- C:\Windows\System\WyfteFH.exe
  C:\Windows\System\WyfteFH.exe
  2⤵
  PID:11884
- C:\Windows\System\ywJWWxT.exe
  C:\Windows\System\ywJWWxT.exe
  2⤵
  PID:11920
- C:\Windows\System\oneKUrE.exe
  C:\Windows\System\oneKUrE.exe
  2⤵
  PID:11948
- C:\Windows\System\FmBBTHf.exe
  C:\Windows\System\FmBBTHf.exe
  2⤵
  PID:11976
- C:\Windows\System\oLEqRUJ.exe
  C:\Windows\System\oLEqRUJ.exe
  2⤵
  PID:11992
- C:\Windows\System\FXPkksO.exe
  C:\Windows\System\FXPkksO.exe
  2⤵
  PID:12024
- C:\Windows\System\hIEBwMx.exe
  C:\Windows\System\hIEBwMx.exe
  2⤵
  PID:12048
- C:\Windows\System\GsbeTpK.exe
  C:\Windows\System\GsbeTpK.exe
  2⤵
  PID:12076
- C:\Windows\System\pPwZyEm.exe
  C:\Windows\System\pPwZyEm.exe
  2⤵
  PID:12104
- C:\Windows\System\NVYmVDg.exe
  C:\Windows\System\NVYmVDg.exe
  2⤵
  PID:12128
- C:\Windows\System\SUEOPMC.exe
  C:\Windows\System\SUEOPMC.exe
  2⤵
  PID:12144
- C:\Windows\System\PFPqMnR.exe
  C:\Windows\System\PFPqMnR.exe
  2⤵
  PID:12204
- C:\Windows\System\GeQeLfl.exe
  C:\Windows\System\GeQeLfl.exe
  2⤵
  PID:12240
- C:\Windows\System\vNASjGk.exe
  C:\Windows\System\vNASjGk.exe
  2⤵
  PID:12256
- C:\Windows\System\WFRuAVx.exe
  C:\Windows\System\WFRuAVx.exe
  2⤵
  PID:12284
- C:\Windows\System\IUEJefb.exe
  C:\Windows\System\IUEJefb.exe
  2⤵
  PID:11276
- C:\Windows\System\ZZINUlD.exe
  C:\Windows\System\ZZINUlD.exe
  2⤵
  PID:11336
- C:\Windows\System\uvgTsjF.exe
  C:\Windows\System\uvgTsjF.exe
  2⤵
  PID:11476
- C:\Windows\System\YRLvaUO.exe
  C:\Windows\System\YRLvaUO.exe
  2⤵
  PID:11504
- C:\Windows\System\OJtcWou.exe
  C:\Windows\System\OJtcWou.exe
  2⤵
  PID:11576
- C:\Windows\System\Sxqjtbg.exe
  C:\Windows\System\Sxqjtbg.exe
  2⤵
  PID:11632
- C:\Windows\System\lfwPZeQ.exe
  C:\Windows\System\lfwPZeQ.exe
  2⤵
  PID:11724
- C:\Windows\System\SpTXzPM.exe
  C:\Windows\System\SpTXzPM.exe
  2⤵
  PID:11720
- C:\Windows\System\vVprqHX.exe
  C:\Windows\System\vVprqHX.exe
  2⤵
  PID:11848
- C:\Windows\System\DjQzZMJ.exe
  C:\Windows\System\DjQzZMJ.exe
  2⤵
  PID:11900
- C:\Windows\System\XNbwugb.exe
  C:\Windows\System\XNbwugb.exe
  2⤵
  PID:11988
- C:\Windows\System\taGoobb.exe
  C:\Windows\System\taGoobb.exe
  2⤵
  PID:12016
- C:\Windows\System\Tqnxyfq.exe
  C:\Windows\System\Tqnxyfq.exe
  2⤵
  PID:12044
- C:\Windows\System\yNDaziK.exe
  C:\Windows\System\yNDaziK.exe
  2⤵
  PID:12156
- C:\Windows\System\Kjqsglm.exe
  C:\Windows\System\Kjqsglm.exe
  2⤵
  PID:12188
- C:\Windows\System\TYdZuVy.exe
  C:\Windows\System\TYdZuVy.exe
  2⤵
  PID:12276
- C:\Windows\System\zIYVPdD.exe
  C:\Windows\System\zIYVPdD.exe
  2⤵
  PID:11392
- C:\Windows\System\JJeqcdm.exe
  C:\Windows\System\JJeqcdm.exe
  2⤵
  PID:11536
- C:\Windows\System\TdzpbCI.exe
  C:\Windows\System\TdzpbCI.exe
  2⤵
  PID:11664
- C:\Windows\System\NxnPLsQ.exe
  C:\Windows\System\NxnPLsQ.exe
  2⤵
  PID:11876
- C:\Windows\System\DOacTwd.exe
  C:\Windows\System\DOacTwd.exe
  2⤵
  PID:11928
- C:\Windows\System\vgVtmrx.exe
  C:\Windows\System\vgVtmrx.exe
  2⤵
  PID:11960
- C:\Windows\System\exMLHaL.exe
  C:\Windows\System\exMLHaL.exe
  2⤵
  PID:12160
- C:\Windows\System\ktNdFQG.exe
  C:\Windows\System\ktNdFQG.exe
  2⤵
  PID:10328
- C:\Windows\System\BbrDbna.exe
  C:\Windows\System\BbrDbna.exe
  2⤵
  PID:12136
- C:\Windows\System\EgGboGr.exe
  C:\Windows\System\EgGboGr.exe
  2⤵
  PID:11944
- C:\Windows\System\SisJswo.exe
  C:\Windows\System\SisJswo.exe
  2⤵
  PID:12088
- C:\Windows\System\AbbbylP.exe
  C:\Windows\System\AbbbylP.exe
  2⤵
  PID:12308
- C:\Windows\System\FexZJun.exe
  C:\Windows\System\FexZJun.exe
  2⤵
  PID:12324
- C:\Windows\System\xYHDqVI.exe
  C:\Windows\System\xYHDqVI.exe
  2⤵
  PID:12384
- C:\Windows\System\rJTPHZL.exe
  C:\Windows\System\rJTPHZL.exe
  2⤵
  PID:12428
- C:\Windows\System\RkzEJks.exe
  C:\Windows\System\RkzEJks.exe
  2⤵
  PID:12476
- C:\Windows\System\HIvrdZn.exe
  C:\Windows\System\HIvrdZn.exe
  2⤵
  PID:12516
- C:\Windows\System\yXFWBQK.exe
  C:\Windows\System\yXFWBQK.exe
  2⤵
  PID:12540
- C:\Windows\System\QGoNlZQ.exe
  C:\Windows\System\QGoNlZQ.exe
  2⤵
  PID:12560
- C:\Windows\System\wKScemI.exe
  C:\Windows\System\wKScemI.exe
  2⤵
  PID:12584
- C:\Windows\System\AHWuUDN.exe
  C:\Windows\System\AHWuUDN.exe
  2⤵
  PID:12616
- C:\Windows\System\dPKDrQO.exe
  C:\Windows\System\dPKDrQO.exe
  2⤵
  PID:12660
- C:\Windows\System\CQkJtsI.exe
  C:\Windows\System\CQkJtsI.exe
  2⤵
  PID:12688
- C:\Windows\System\FFVZqLV.exe
  C:\Windows\System\FFVZqLV.exe
  2⤵
  PID:12720
- C:\Windows\System\vXcbVlC.exe
  C:\Windows\System\vXcbVlC.exe
  2⤵
  PID:12752
- C:\Windows\System\oQMrgIh.exe
  C:\Windows\System\oQMrgIh.exe
  2⤵
  PID:12788
- C:\Windows\System\JVQDHpZ.exe
  C:\Windows\System\JVQDHpZ.exe
  2⤵
  PID:12808
- C:\Windows\System\tqlmcme.exe
  C:\Windows\System\tqlmcme.exe
  2⤵
  PID:12832
- C:\Windows\System\ehkInBi.exe
  C:\Windows\System\ehkInBi.exe
  2⤵
  PID:12856
- C:\Windows\System\TszImDm.exe
  C:\Windows\System\TszImDm.exe
  2⤵
  PID:12876
- C:\Windows\System\wuJAQjR.exe
  C:\Windows\System\wuJAQjR.exe
  2⤵
  PID:12896
- C:\Windows\System\PahNHkX.exe
  C:\Windows\System\PahNHkX.exe
  2⤵
  PID:12964
- C:\Windows\System\HanJFCb.exe
  C:\Windows\System\HanJFCb.exe
  2⤵
  PID:12996
- C:\Windows\System\cRnFrzY.exe
  C:\Windows\System\cRnFrzY.exe
  2⤵
  PID:13028
- C:\Windows\System\xjkguJY.exe
  C:\Windows\System\xjkguJY.exe
  2⤵
  PID:13048
- C:\Windows\System\DFmRjla.exe
  C:\Windows\System\DFmRjla.exe
  2⤵
  PID:13080
- C:\Windows\System\lCMykfu.exe
  C:\Windows\System\lCMykfu.exe
  2⤵
  PID:13108
- C:\Windows\System\bMkbfbg.exe
  C:\Windows\System\bMkbfbg.exe
  2⤵
  PID:13124
- C:\Windows\System\OkTLlQu.exe
  C:\Windows\System\OkTLlQu.exe
  2⤵
  PID:13148
- C:\Windows\System\OQWwBUj.exe
  C:\Windows\System\OQWwBUj.exe
  2⤵
  PID:13168
- C:\Windows\System\vFqsJGN.exe
  C:\Windows\System\vFqsJGN.exe
  2⤵
  PID:13188
- C:\Windows\System\wfLuBjv.exe
  C:\Windows\System\wfLuBjv.exe
  2⤵
  PID:13216
- C:\Windows\System\cSVPbHn.exe
  C:\Windows\System\cSVPbHn.exe
  2⤵
  PID:13232
- C:\Windows\System\aTKBNBO.exe
  C:\Windows\System\aTKBNBO.exe
  2⤵
  PID:13276
- C:\Windows\System\cMdFEHM.exe
  C:\Windows\System\cMdFEHM.exe
  2⤵
  PID:13308
- C:\Windows\System\SpBMQZp.exe
  C:\Windows\System\SpBMQZp.exe
  2⤵
  PID:12300
- C:\Windows\System\VxeprWH.exe
  C:\Windows\System\VxeprWH.exe
  2⤵
  PID:12344
- C:\Windows\System\loMxpSr.exe
  C:\Windows\System\loMxpSr.exe
  2⤵
  PID:12456
- C:\Windows\System\dJDcfJA.exe
  C:\Windows\System\dJDcfJA.exe
  2⤵
  PID:2320
- C:\Windows\System\yifLTPN.exe
  C:\Windows\System\yifLTPN.exe
  2⤵
  PID:12528
- C:\Windows\System\pyZthdA.exe
  C:\Windows\System\pyZthdA.exe
  2⤵
  PID:12604
- C:\Windows\System\HUkMtmK.exe
  C:\Windows\System\HUkMtmK.exe
  2⤵
  PID:12764
- C:\Windows\System\TemVtDw.exe
  C:\Windows\System\TemVtDw.exe
  2⤵
  PID:12744
- C:\Windows\System\DFBztXR.exe
  C:\Windows\System\DFBztXR.exe
  2⤵
  PID:12800
- C:\Windows\System\NQnywYE.exe
  C:\Windows\System\NQnywYE.exe
  2⤵
  PID:12864
- C:\Windows\System\qGRkbba.exe
  C:\Windows\System\qGRkbba.exe
  2⤵
  PID:12940
- C:\Windows\System\jmDtknL.exe
  C:\Windows\System\jmDtknL.exe
  2⤵
  PID:11696
- C:\Windows\System\dpGbPZG.exe
  C:\Windows\System\dpGbPZG.exe
  2⤵
  PID:13076
- C:\Windows\System\daprDlv.exe
  C:\Windows\System\daprDlv.exe
  2⤵
  PID:13204
- C:\Windows\System\MlvTtis.exe
  C:\Windows\System\MlvTtis.exe
  2⤵
  PID:5064
- C:\Windows\System\JulScXc.exe
  C:\Windows\System\JulScXc.exe
  2⤵
  PID:13264
- C:\Windows\System\FILUGjS.exe
  C:\Windows\System\FILUGjS.exe
  2⤵
  PID:12464
- C:\Windows\System\vGHvKWD.exe
  C:\Windows\System\vGHvKWD.exe
  2⤵
  PID:12552
- C:\Windows\System\TAHZphL.exe
  C:\Windows\System\TAHZphL.exe
  2⤵
  PID:2052
- C:\Windows\System\oOUWcXp.exe
  C:\Windows\System\oOUWcXp.exe
  2⤵
  PID:12776
- C:\Windows\System\ieDsMoN.exe
  C:\Windows\System\ieDsMoN.exe
  2⤵
  PID:12992
- C:\Windows\System\oGjMLoH.exe
  C:\Windows\System\oGjMLoH.exe
  2⤵
  PID:13160
- C:\Windows\System\ZvfPcbX.exe
  C:\Windows\System\ZvfPcbX.exe
  2⤵
  PID:11596
- C:\Windows\System\HdPXGwY.exe
  C:\Windows\System\HdPXGwY.exe
  2⤵
  PID:12424
- C:\Windows\System\oJQHiHQ.exe
  C:\Windows\System\oJQHiHQ.exe
  2⤵
  PID:12680
- C:\Windows\System\yomDvJG.exe
  C:\Windows\System\yomDvJG.exe
  2⤵
  PID:13100
- C:\Windows\System\MtZRByZ.exe
  C:\Windows\System\MtZRByZ.exe
  2⤵
  PID:13356
- C:\Windows\System\SeHzGHM.exe
  C:\Windows\System\SeHzGHM.exe
  2⤵
  PID:13392
- C:\Windows\System\qvnHZNq.exe
  C:\Windows\System\qvnHZNq.exe
  2⤵
  PID:13416
- C:\Windows\System\pqINOYD.exe
  C:\Windows\System\pqINOYD.exe
  2⤵
  PID:13444
- C:\Windows\System\IEKYJga.exe
  C:\Windows\System\IEKYJga.exe
  2⤵
  PID:13492
- C:\Windows\System\cKHepoH.exe
  C:\Windows\System\cKHepoH.exe
  2⤵
  PID:13520
- C:\Windows\System\oJCTfaa.exe
  C:\Windows\System\oJCTfaa.exe
  2⤵
  PID:13544
- C:\Windows\System\XyEHCGv.exe
  C:\Windows\System\XyEHCGv.exe
  2⤵
  PID:13576
- C:\Windows\System\oqEDnlC.exe
  C:\Windows\System\oqEDnlC.exe
  2⤵
  PID:13612
- C:\Windows\System\SauqNAF.exe
  C:\Windows\System\SauqNAF.exe
  2⤵
  PID:13660
- C:\Windows\System\ZMhWATZ.exe
  C:\Windows\System\ZMhWATZ.exe
  2⤵
  PID:13692
- C:\Windows\System\ZWaFtCl.exe
  C:\Windows\System\ZWaFtCl.exe
  2⤵
  PID:13716
- C:\Windows\System\EtKNwxg.exe
  C:\Windows\System\EtKNwxg.exe
  2⤵
  PID:13740
- C:\Windows\System\lGmTgiX.exe
  C:\Windows\System\lGmTgiX.exe
  2⤵
  PID:13760
- C:\Windows\System\PzkkCtd.exe
  C:\Windows\System\PzkkCtd.exe
  2⤵
  PID:13792
- C:\Windows\System\NfpKVFD.exe
  C:\Windows\System\NfpKVFD.exe
  2⤵
  PID:13828
- C:\Windows\System\jLAbJRp.exe
  C:\Windows\System\jLAbJRp.exe
  2⤵
  PID:13860
- C:\Windows\System\ueYfbkh.exe
  C:\Windows\System\ueYfbkh.exe
  2⤵
  PID:13880
- C:\Windows\System\aiKrHAW.exe
  C:\Windows\System\aiKrHAW.exe
  2⤵
  PID:13900
- C:\Windows\System\WApOCyF.exe
  C:\Windows\System\WApOCyF.exe
  2⤵
  PID:13932
- C:\Windows\System\QjQzJMF.exe
  C:\Windows\System\QjQzJMF.exe
  2⤵
  PID:13968
- C:\Windows\System\Hiazpvy.exe
  C:\Windows\System\Hiazpvy.exe
  2⤵
  PID:14020
- C:\Windows\System\CFZZyKc.exe
  C:\Windows\System\CFZZyKc.exe
  2⤵
  PID:14040
- C:\Windows\System\uBGspiA.exe
  C:\Windows\System\uBGspiA.exe
  2⤵
  PID:14072
- C:\Windows\System\PBxQDoI.exe
  C:\Windows\System\PBxQDoI.exe
  2⤵
  PID:14112
- C:\Windows\System\tozmYst.exe
  C:\Windows\System\tozmYst.exe
  2⤵
  PID:14144
- C:\Windows\System\AHQkaoZ.exe
  C:\Windows\System\AHQkaoZ.exe
  2⤵
  PID:14188
- C:\Windows\System\dltddmQ.exe
  C:\Windows\System\dltddmQ.exe
  2⤵
  PID:14212
- C:\Windows\System\hfNaSea.exe
  C:\Windows\System\hfNaSea.exe
  2⤵
  PID:14248
- C:\Windows\System\WMwJALs.exe
  C:\Windows\System\WMwJALs.exe
  2⤵
  PID:14272
- C:\Windows\System\Blfpxjr.exe
  C:\Windows\System\Blfpxjr.exe
  2⤵
  PID:14320
- C:\Windows\System\ClmqaVH.exe
  C:\Windows\System\ClmqaVH.exe
  2⤵
  PID:12376
- C:\Windows\System\EdnKBQR.exe
  C:\Windows\System\EdnKBQR.exe
  2⤵
  PID:5040
- C:\Windows\System\uWIStln.exe
  C:\Windows\System\uWIStln.exe
  2⤵
  PID:13384
- C:\Windows\System\zVimPGy.exe
  C:\Windows\System\zVimPGy.exe
  2⤵
  PID:4180
- C:\Windows\System\qaAGTrt.exe
  C:\Windows\System\qaAGTrt.exe
  2⤵
  PID:2460
- C:\Windows\System\hOzAETz.exe
  C:\Windows\System\hOzAETz.exe
  2⤵
  PID:13568
- C:\Windows\System\pZgcrvR.exe
  C:\Windows\System\pZgcrvR.exe
  2⤵
  PID:13680
- C:\Windows\System\REdyJJy.exe
  C:\Windows\System\REdyJJy.exe
  2⤵
  PID:13788
- C:\Windows\System\zaHezMb.exe
  C:\Windows\System\zaHezMb.exe
  2⤵
  PID:13824
- C:\Windows\System\kGcHkcJ.exe
  C:\Windows\System\kGcHkcJ.exe
  2⤵
  PID:13940
- C:\Windows\System\FiWBFtC.exe
  C:\Windows\System\FiWBFtC.exe
  2⤵
  PID:13920
- C:\Windows\System\opsEdwS.exe
  C:\Windows\System\opsEdwS.exe
  2⤵
  PID:14008
- C:\Windows\System\BsPqAMf.exe
  C:\Windows\System\BsPqAMf.exe
  2⤵
  PID:14184
- C:\Windows\System\kDxaReP.exe
  C:\Windows\System\kDxaReP.exe
  2⤵
  PID:14208
- C:\Windows\System\hIVOniJ.exe
  C:\Windows\System\hIVOniJ.exe
  2⤵
  PID:14264
- C:\Windows\System\fBPVVdx.exe
  C:\Windows\System\fBPVVdx.exe
  2⤵
  PID:12640
- C:\Windows\System\PBKNUYS.exe
  C:\Windows\System\PBKNUYS.exe
  2⤵
  PID:13440
- C:\Windows\System\qFhLpDz.exe
  C:\Windows\System\qFhLpDz.exe
  2⤵
  PID:13532
- C:\Windows\System\RYtzSsU.exe
  C:\Windows\System\RYtzSsU.exe
  2⤵
  PID:13724
- C:\Windows\System\QtPyYNn.exe
  C:\Windows\System\QtPyYNn.exe
  2⤵
  PID:13176
- C:\Windows\System\TYESbWO.exe
  C:\Windows\System\TYESbWO.exe
  2⤵
  PID:14132
- C:\Windows\System\RkAjLbu.exe
  C:\Windows\System\RkAjLbu.exe
  2⤵
  PID:14232
- C:\Windows\System\xZffKoh.exe
  C:\Windows\System\xZffKoh.exe
  2⤵
  PID:13116
- C:\Windows\System\KIvjbFY.exe
  C:\Windows\System\KIvjbFY.exe
  2⤵
  PID:13892
- C:\Windows\System\yCDPdyf.exe
  C:\Windows\System\yCDPdyf.exe
  2⤵
  PID:14000
- C:\Windows\System\fWBzaBn.exe
  C:\Windows\System\fWBzaBn.exe
  2⤵
  PID:13572
- C:\Windows\System\nIMQxWg.exe
  C:\Windows\System\nIMQxWg.exe
  2⤵
  PID:14356
- C:\Windows\System\LsRhegY.exe
  C:\Windows\System\LsRhegY.exe
  2⤵
  PID:14376
- C:\Windows\System\CZJvxbJ.exe
  C:\Windows\System\CZJvxbJ.exe
  2⤵
  PID:14400
- C:\Windows\System\YROIeZP.exe
  C:\Windows\System\YROIeZP.exe
  2⤵
  PID:14420
- C:\Windows\System\YiGSbMW.exe
  C:\Windows\System\YiGSbMW.exe
  2⤵
  PID:14456
- C:\Windows\System\wyXGWcR.exe
  C:\Windows\System\wyXGWcR.exe
  2⤵
  PID:14484
- C:\Windows\System\NTjpkdG.exe
  C:\Windows\System\NTjpkdG.exe
  2⤵
  PID:14512
- C:\Windows\System\kUidBkp.exe
  C:\Windows\System\kUidBkp.exe
  2⤵
  PID:14540
- C:\Windows\System\BCbglNE.exe
  C:\Windows\System\BCbglNE.exe
  2⤵
  PID:14556
- C:\Windows\System\CktXjMC.exe
  C:\Windows\System\CktXjMC.exe
  2⤵
  PID:14620
- C:\Windows\System\IZKcYAV.exe
  C:\Windows\System\IZKcYAV.exe
  2⤵
  PID:14636
- C:\Windows\System\yNpGkSW.exe
  C:\Windows\System\yNpGkSW.exe
  2⤵
  PID:14664
- C:\Windows\System\XVfWHWi.exe
  C:\Windows\System\XVfWHWi.exe
  2⤵
  PID:14680
- C:\Windows\System\CSEFgNi.exe
  C:\Windows\System\CSEFgNi.exe
  2⤵
  PID:14712
- C:\Windows\System\aaxYpZI.exe
  C:\Windows\System\aaxYpZI.exe
  2⤵
  PID:14732
- C:\Windows\System\bjYsAGo.exe
  C:\Windows\System\bjYsAGo.exe
  2⤵
  PID:14752
- C:\Windows\System\rDNjQBE.exe
  C:\Windows\System\rDNjQBE.exe
  2⤵
  PID:14780
- C:\Windows\System\xMvhdbz.exe
  C:\Windows\System\xMvhdbz.exe
  2⤵
  PID:14800
- C:\Windows\System\XMdPHnV.exe
  C:\Windows\System\XMdPHnV.exe
  2⤵
  PID:14832
- C:\Windows\System\XAfLieW.exe
  C:\Windows\System\XAfLieW.exe
  2⤵
  PID:14852
- C:\Windows\System\AEgKDBk.exe
  C:\Windows\System\AEgKDBk.exe
  2⤵
  PID:14868
- C:\Windows\System\RftSEoR.exe
  C:\Windows\System\RftSEoR.exe
  2⤵
  PID:14896
- C:\Windows\System\XuWcOog.exe
  C:\Windows\System\XuWcOog.exe
  2⤵
  PID:14920
- C:\Windows\System\JaMWWAb.exe
  C:\Windows\System\JaMWWAb.exe
  2⤵
  PID:15196
- C:\Windows\System\PNnIgQg.exe
  C:\Windows\System\PNnIgQg.exe
  2⤵
  PID:15216
- C:\Windows\System\cKedmNA.exe
  C:\Windows\System\cKedmNA.exe
  2⤵
  PID:15232
- C:\Windows\System\hTPikEm.exe
  C:\Windows\System\hTPikEm.exe
  2⤵
  PID:15256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:8
1⤵
PID:7344

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15356

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 2936 -s 2120
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:15184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BoOaQiz.exe

Filesize
2.0MB

MD5
1b14c5f3331220aa539bbd9333b484fa

SHA1
81639c136651a4990b05a493bd1f12ba90bc6560

SHA256
e1462fa3e429d5d9ba468e13c47848c13571b20e7587ec96907b9387ef40a868

SHA512
a3abc6a0023e7b1286b4e97bdb39157e1c00da315996353496c2c7d6361c632020a0ace8c4838ac8837a82495dd69ec58e876db109f31b520994b145fc2b98f1

Download Submit
C:\Windows\System\CpmRLpe.exe

Filesize
1.9MB

MD5
f284abd36b951de3009107acd511fde6

SHA1
a3007729ffde693d8d9c6695f2cbfd4c230c539d

SHA256
1e4c5ec4e7ebdae2d72a35f3b8f71fb86b2c4837b190731c28bb722f9b1503af

SHA512
d498c8e82351e3f002ebc9f6a7455c3ed9ff4955407bd9ae9ca2496111f801c7b17f15aec42b42703ac2a756af6a09b022974e53e071626f85791df0808049a9

Download Submit
C:\Windows\System\DYpJQAr.exe

Filesize
1.9MB

MD5
48c260c5cd94dc2c936884bb9fb01867

SHA1
287c7915463f33cfbb7eeacec03552f742e44f72

SHA256
a865add7f1cdb6f8707461c13a0da280a40c65c25f3971071230a6f3510722ff

SHA512
a88b7e1e6c8a2b144a43baf725a984148b6405d0147990f11cb75d2b4e427b5d4d8adde976720e6fedcf0b7e6db4cd7de4ca0c983dea2a179f72ce416e89d352

Download Submit
C:\Windows\System\GtIsQhz.exe

Filesize
1.9MB

MD5
82f16ebb8fa389768f69c998c4d362b9

SHA1
41bb080820fa2af7db5ca916eef5d28dd0c8c632

SHA256
aae2498ad12c944a4aafcb650bc7903bcf9ca311b7feb4a6b58aa9468c559efc

SHA512
26ea20e6c1382fa2b9bc750ee57ee0bbf7f5ed3b391a431dec33f549f2f8d75a006bc819a34cac643b8590a5903ec032f35680c1de49905a8d92ddee12e045e7

Download Submit
C:\Windows\System\IKGILPQ.exe

Filesize
2.0MB

MD5
408bf590f60fbafe5454112b336975f7

SHA1
7ed2ba948b637dd0edd0ec9f7665130231015ee9

SHA256
5a2405028b0eabbcf5dd26010e3397bed9becbfd1f1d0d0eb8fd0ed1e9942ef5

SHA512
4f97c775fa598933191f8ea16526cfd17529f7ba3cde4ad5cd8577118cb8283a03ca27d175c7f1bc66fcb1bbc56b14198ba60d238d3ea4f7d12016f90f23fc9b

Download Submit
C:\Windows\System\KTEiCRA.exe

Filesize
2.0MB

MD5
40be6ce10beff241e061367798c22f6a

SHA1
daf8ef3accf97ba9d4fbcdb83f14d2dcb7c52933

SHA256
f09d7bf3b30f693e01f15723cea19a978bea5f6d54d8187ffc1fc752514e3ebd

SHA512
00ecaa15ec2862cca70584e7a2ad4ee3e5fbdc5c74121b44f1ede47fce52c11a0aa2836528b6c27394ae06ec7a83d2805888dcd2e087e27e18171157b6fb7a8c

Download Submit
C:\Windows\System\NjfRxJp.exe

Filesize
1.9MB

MD5
05ddd4aa0272baf49940f354b3c20567

SHA1
99d0edd5e790ead6752c01d4e5800c6dd2f7a996

SHA256
58d7b40a1b318056947b4b51385a56b6414892e2f57ba22040b2934fe12f4539

SHA512
941509fc1feea453a2f810eac79019905cdcc2c9411d8a9c7a90f6706750744f3ca0efed64840c2ebe1d69bd544941a077bf9d74309d157f0e064c85a14d4f75

Download Submit
C:\Windows\System\NveBXph.exe

Filesize
2.0MB

MD5
18fe69d36003e1b83dd29a70cb638a56

SHA1
6fd5d1ef32f307b21146322d19653287ba742219

SHA256
0dcf6d855c898b88d8a9a59f44a2ac0193d533a61da07b99f77fae09eb4eb76c

SHA512
0a8727e3dab399fcfb80aa4c0d32b27d4e735e3dec3856f7cde2aa5454b289a409defb2fa3f75b179aa13fe50654b6385e1a6ea07d70410fab9b3b46b6c61d8d

Download Submit
C:\Windows\System\OCbtUZQ.exe

Filesize
1.9MB

MD5
48d338e7562260aeeaea5800918de082

SHA1
32a17700a1685b6e7fc0dc0fb0f375493756e3d8

SHA256
755a5f46e422cfa6beab2f0ea9f69644e0c0eeabd8a01f4339aa6312a9b348aa

SHA512
8e9fd2a63a1eee6a40cbe33ed975330188bd0b397df570ca57fa5270a8f871140ba8e085a3f90e0c58f379fc138da03a045326e0e53e04532934064c2e954299

Download Submit
C:\Windows\System\PtfzJgi.exe

Filesize
1.9MB

MD5
581e812824ed45920ef356057bffcc5d

SHA1
b8f079cba00f1c9b7be1133b9d068066b18f5267

SHA256
96f9d1aa7861dcf17c6a7d7a45bba8747aa9d0c7225dd447b6cc316a6d86e05e

SHA512
ae811bf6d776b472af6b3a4cde74377356049ef128f62a40bdc088e3b4b3a80dbaa6bd9ce814334e0336a0760f1786eec43ffe8c2785a24193e285b71301515e

Download Submit
C:\Windows\System\RLqOOGi.exe

Filesize
1.9MB

MD5
8db59282dac9e9617a39a26f2450a6ba

SHA1
0e838fae1faee8b88ad0599d846bf5165a18003c

SHA256
04e671f89a54772180a1edb35f2a9de9daf12263ab1634b7c15f7a773df5e4c8

SHA512
c0f7d569e5ab04f0130a284f67bda1a8c67b867f4f74d4b08826791ce5812cc8b64f24ae04053c6312b4ba1cd295e0f3389040b064a4b09bf9bce85705c91031

Download Submit
C:\Windows\System\RampAUw.exe

Filesize
2.0MB

MD5
6732b85f2300bd080e6f1633f6cafd14

SHA1
9b160fa45c1219775398313abbd2bfc26cf5bcbb

SHA256
bac9bb2059f0b0bcb9a0964a2c712e90488a2f0bfc2db1d3d1510e1edc93f721

SHA512
324f8c2a51c53b7722fc75530460e4bb1f174b0d97ad4944bb272f5d1985737d24b5bb520dfc277651de2b883756df6698439adce9f0a2d940c1776e80160e8c

Download Submit
C:\Windows\System\SiMeYyd.exe

Filesize
1.9MB

MD5
e33dfb1f2df89da98be93abd385cfbea

SHA1
06ab77434344dc3876f28a9c5451f2b089f197d1

SHA256
69f68745efd72881af0e37b66133ed158cfda3d85095e82de08983e31e51ee63

SHA512
8259f281397c6525d85774a08b1d0a6d7765d4d2e695c488ba3d0a82dbf48e8744d5b82b3676168d971d3e5a98a4c9c130c07f46281829906c90c0a368c62cd2

Download Submit
C:\Windows\System\VCfntEI.exe

Filesize
2.0MB

MD5
f5d4e8d5faf071fc41e24a81f567bc39

SHA1
e4f7536bea3fc31a0c0b54fa0d1227ca1648b2b3

SHA256
a0ad9aca44a00f9107ada20a5fc07f029c9fabc145d1f44ab52e1f1f381cd898

SHA512
1265a28346eee7e0580deea5e28df223b23d72b8efdd819d2d6a3f0c5b29570d4b82e022621578e98bc592f8949666f684771664249b9a17964a05cc305e6bc5

Download Submit
C:\Windows\System\Vhbhxyy.exe

Filesize
1.9MB

MD5
de9d8afa0cad71849c98f870b5dc3644

SHA1
1d27e35eee44bb3c1396a4deb9ce81e632c9de53

SHA256
337a4835183cf9538f4b7f4e563ab915ace0286dabddb14426352e47dcc5cd87

SHA512
d10873e98f4db2c96677be245fe195682ca9445ba5064d7050fc00622fcddaebf652b2d9d19b00af1cf9fd662183d43c4d61c1413e06a7bf591479482f63992f

Download Submit
C:\Windows\System\WbzxHhi.exe

Filesize
1.9MB

MD5
a16e6eac1f27bb09a10d36356c99eca1

SHA1
f8e1fb95e0cf2bfd0920790ef66a1071949d6434

SHA256
3a4bb0a5ae7b32bea555d87ea53f3aaff07f9c0f710831fc2832c857459464bd

SHA512
23cd85fc24c4fdc0a479bfd9049b149bbaf3a649c3729e8e9df97f7e6cd61b4f53bbd2f118b0b5f50e7bb371668bf882c87dde64fdf201db2287174a4d8e4d19

Download Submit
C:\Windows\System\YiglnyN.exe

Filesize
2.0MB

MD5
404b76643c7fa595723d6287587f4fab

SHA1
93da38e552ef2987f7264f8a6cc64a16789819d6

SHA256
cc1d570331d5a3b6551372cd9d5cf973d119e4023f6172ac771dae23a3ee4e46

SHA512
2e8c420e26de89afe8645eab23c05cd9c0869f2d618981ad4d86639d207fc47be40d1fe7b7fef07f1b2150784879d007407d07d32e4683250cc9a3cded98f3b4

Download Submit
C:\Windows\System\cGPfgrC.exe

Filesize
1.9MB

MD5
12189e8a4788c3c20ed8bc3ee79895db

SHA1
95d70bbaf65ffb31f4841dd9d7ca93266e309f11

SHA256
b59df54664f9865b92422f8f00f5b053e46e3601350f15c7344bb4db495fd6c2

SHA512
6265ff0c59350215dfe3eeb41d8b293eb7941f0acf3855c0edc004425c53eb8c600e37ff20884b45658c8f9e351caf09305db4b9a30676509cf268c18263287c

Download Submit
C:\Windows\System\dAJiLNB.exe

Filesize
1.9MB

MD5
57b86472739be072ec9febd99c00883b

SHA1
b0b69a108176a9f1355ddbfc6c06d3a9466fa26c

SHA256
485d8d3d7db30a8370aa2e054c96667089fc2090c235670ec6b0f6e7090d3aeb

SHA512
52b709949d1b6f3be93690b4ae7d5301d357fc4222379fe438b6a50f553daa4693a1f99c3ac60d82a7c3d2f6bd7ebdfdc225baa9010621e55d6a69f72de3875c

Download Submit
C:\Windows\System\dvFeWXL.exe

Filesize
1.9MB

MD5
d103c7fc814fe9e3969177fe43268c37

SHA1
93f656581230181d54f60c6bbf9fe70ca5b11cfc

SHA256
7b799e44674a53da5467c4d17a71e3dfd7a5f7fbeef586a8273c54ab0bfc9d83

SHA512
e6c5262cb23992da1192b6046eaf6279d94cd45e27ba5f262ec91aa63e1e792b2a1cdb247f86dfa96811a2cc53b4ffebc6c7ae59e274ce0efc35255c830313bc

Download Submit
C:\Windows\System\fEwiacL.exe

Filesize
1.9MB

MD5
a2cc4d92708323488df952c6da03c6ae

SHA1
f8a8fa65c5afceaef7950c08fcb7e4eddbf1a9e8

SHA256
375d29eb4f4f95502ac66db3a29777740a98878f728e3d4ee75ed90d34f076bd

SHA512
a34ce0983a192591b4f57b8289793b143d3afb851d0dbec77fa9a94d01f22f95fe3146bd9861977d7dc2040586777160c493a4522f5b0e6ee5129fc01ca5accf

Download Submit
C:\Windows\System\hNLmJHS.exe

Filesize
1.9MB

MD5
04031c947732744f192401b14e4d8b4c

SHA1
b6ad0d4159c159fffd1292d27ea10c27debb56c0

SHA256
3203261d1eeaf5e7290e27febe4b3f9d6e39910acab6d2bb0c45c12872894b29

SHA512
6e0f258b795ea6aedf6a726d5159d2e29963e19c9a5ee8d7f0a2711cc9d0c3ae012ab777533baed27c2d72c6a985ca70937528430cdb8d491e494674ca0a4ceb

Download Submit
C:\Windows\System\hfpNVRQ.exe

Filesize
2.0MB

MD5
2617ce5f8749f1ab0a4747925b552926

SHA1
273b84ac3f3de412db7c4c7bc480892014f226ac

SHA256
97267c8c2f0bd72795c93935283690432cbb619e21415cf331132e69b266bfa3

SHA512
fdd6cfd1337ef1c95665c7f9542002c9b23cc3539da59e57b6911861503f6b83df34420ce9d6c514aa0ab083836d8a331d10820571c29f581ff96dfe08d7c6af

Download Submit
C:\Windows\System\jBKmogn.exe

Filesize
1.9MB

MD5
8af99f7f05b50d2b50317329772eee17

SHA1
4c24f8d3b025f10773844c6420857a44aa379e00

SHA256
17c3bfd91de69798d1d89024daef96238f91d1093bb4fa9e8e787941eed378f2

SHA512
1314e90da4e77a1379dc768d0085d8c5f6fcf923d42cefa9d294c7cbbbe4a183d5cf3ca1bfb4883ff61f23fd98532f4d1b42ee29e2cac2703b41a9656fcabe52

Download Submit
C:\Windows\System\pUSNlzB.exe

Filesize
1.9MB

MD5
f13b7a6fd16833ebf6f5c11ca287530c

SHA1
4b2d6014c197f66126a734a3e934d321d5dbfe7c

SHA256
ef2e7997271c89b5309fe01d9cf3375f55e040afcb25ee9e8c4c1383d481a06f

SHA512
f4b6c2ee98e50ddd7f8271cc3d55587047e523036c0594341b8ce5cd06f9cdadd51b2f08df4689c8293c1950becdbb2c34ee477dfad5d37ea37b36075d92e519

Download Submit
C:\Windows\System\qJiaZtR.exe

Filesize
2.0MB

MD5
f7ee9a112894b48e3c4e52b333ba1e90

SHA1
84323cec8285c607a099ac6fdd09340e00707af6

SHA256
a5901b34523a084761021199a6e80f623e61e9382a0b508701f99ffd8f8c3127

SHA512
a76c9e1c427260e37764efc5001574ef5e329a17bf75a2a43a0443fed32b03806feab788069afa1a594a651fc8eafcda382bb4783f07a8d1ab2c13e72909eae2

Download Submit
C:\Windows\System\vIcoEgc.exe

Filesize
2.0MB

MD5
55f498b56c0cbe1fe1f7c0939d7f360b

SHA1
3b315c907055dd4f5738287d04982bf9235de551

SHA256
d207020a96c70911a791390445b187cdbc156ce624a957923a021166b255af8d

SHA512
06e85b2ab327252ddde535d1fae956dd54c7442f9c0f2fdc6aabbaab3c9fb887f3ad2efe6bd74ba02ff17566ad0d64404d5287f76e14fda1114f6006ae571bce

Download Submit
C:\Windows\System\wLnSrvP.exe

Filesize
1.9MB

MD5
4ce172b84795aecb85d4ad1cbf021019

SHA1
59792b545504211370db5a494e40d7a7cff9db63

SHA256
25f361462bdff6b13502f2ce18b8b1dbb9a21bee39ef74375360e57871103f82

SHA512
0b8d67137ed6e565eabd46d472b248332971d0281d5f5825f9d6784d6397f79cbbdbd1ae05af278d488798575be10773aa314fba24f4205a0c24b663851ffdb2

Download Submit
C:\Windows\System\wTNqyzV.exe

Filesize
1.9MB

MD5
78406c7d7f2d43439c1e93dd2b3d8e76

SHA1
1baf536741fa1b456ae017eadfe9e61196b08087

SHA256
ed0addf3e799adc06ac639b7d50229cfd9ee3044374231461a074b18fad29873

SHA512
0ff1f3f5730acae2ac51aba36cc3391ee59b6a33e1465a0a1f62db678911c513110c1e2e0e7c526d6581122a948cbbec90065abe1cf97d1052aee5f191f8c3d8

Download Submit
C:\Windows\System\xMxxhCY.exe

Filesize
2.0MB

MD5
796b5faf9172e63af1ab0f0739afebb9

SHA1
c86fa9072fcd8952f1daf8161b3f50e9007cdf3d

SHA256
3bde936bf55f04a36eb33fa4e958617a47ad7160c22986bbc6b15911feaf0d8c

SHA512
b0da022de1b60dc6d37d959782e6a5da4a786366f1058167320202f4aa0319897eadfce2f99e6a90ee448b17cc91b1d041fa695116373a175d18cf1fb2eb36a4

Download Submit
C:\Windows\System\xvjZIRL.exe

Filesize
2.0MB

MD5
28c18776b3b2980adc18acf54db0bb45

SHA1
23d9074acaedcb4c8afb9e79c4d995c950fb12ba

SHA256
81cd35693f172134fa13b89fc2af95d93897cc8df4b97db89ebb10dee1000bd9

SHA512
4abda04e41c203fb16c5856556c414cd17a43aab26a190753537c1afc736f6a8af4bf06d6d4e8291b1b9b1b7770332e3378b0dad441817cc45b3e9274d7c74ad

Download Submit
C:\Windows\System\xztNikT.exe

Filesize
1.9MB

MD5
ca3390a019bb28d68314ce9448680dd6

SHA1
cd5a1aeb45ee34a646d1c9fc3048356973cbc257

SHA256
bc545019eaefce304eff8e996adf1b65e240210f0d76bae160073e7c1aa95377

SHA512
f335b3db93ef8327d90539d2ff5400d34350b51dca8f35d54db575f8b7be63abaa3dc990855f38a7fdde1cff8c0d86b1ca42a941c6befac3f85d58650a0d4dee

Download Submit
C:\Windows\System\yssGEXo.exe

Filesize
2.0MB

MD5
25e6d9047fc8b23046b322d16a922fcc

SHA1
bfc47a9c3f85293b8fff65229ebfc1c51f0571d6

SHA256
cfef19c1c1337b0db18f974432354558f6e33afd1c2b26e6f5b9958ccc4c3f06

SHA512
758a0e3cb4c5af2c750179658975d0b5d32df33a4431db98dfff0fa99f5f067ba24a9d40f9862a471c8a14d69b3341edfb18407315a72b6e9ef0355a7e74ac5d

Download Submit
memory/396-61-0x00007FF7BB320000-0x00007FF7BB671000-memory.dmp

Filesize
3.3MB

Download
memory/396-2254-0x00007FF7BB320000-0x00007FF7BB671000-memory.dmp

Filesize
3.3MB

Download
memory/868-87-0x00007FF6BD2D0000-0x00007FF6BD621000-memory.dmp

Filesize
3.3MB

Download
memory/868-2319-0x00007FF6BD2D0000-0x00007FF6BD621000-memory.dmp

Filesize
3.3MB

Download
memory/868-2221-0x00007FF6BD2D0000-0x00007FF6BD621000-memory.dmp

Filesize
3.3MB

Download
memory/1196-54-0x00007FF770580000-0x00007FF7708D1000-memory.dmp

Filesize
3.3MB

Download
memory/1196-2256-0x00007FF770580000-0x00007FF7708D1000-memory.dmp

Filesize
3.3MB

Download
memory/1332-59-0x00007FF7987F0000-0x00007FF798B41000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2263-0x00007FF7987F0000-0x00007FF798B41000-memory.dmp

Filesize
3.3MB

Download
memory/1360-101-0x00007FF7A0BB0000-0x00007FF7A0F01000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2223-0x00007FF7A0BB0000-0x00007FF7A0F01000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2322-0x00007FF7A0BB0000-0x00007FF7A0F01000-memory.dmp

Filesize
3.3MB

Download
memory/1596-168-0x00007FF71C3D0000-0x00007FF71C721000-memory.dmp

Filesize
3.3MB

Download
memory/1596-2333-0x00007FF71C3D0000-0x00007FF71C721000-memory.dmp

Filesize
3.3MB

Download
memory/1716-159-0x00007FF72FD70000-0x00007FF7300C1000-memory.dmp

Filesize
3.3MB

Download
memory/1716-2338-0x00007FF72FD70000-0x00007FF7300C1000-memory.dmp

Filesize
3.3MB

Download
memory/1744-178-0x00007FF7D41C0000-0x00007FF7D4511000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2335-0x00007FF7D41C0000-0x00007FF7D4511000-memory.dmp

Filesize
3.3MB

Download
memory/2016-57-0x00007FF713C40000-0x00007FF713F91000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2260-0x00007FF713C40000-0x00007FF713F91000-memory.dmp

Filesize
3.3MB

Download
memory/2112-90-0x00007FF631560000-0x00007FF6318B1000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2337-0x00007FF631560000-0x00007FF6318B1000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2222-0x00007FF631560000-0x00007FF6318B1000-memory.dmp

Filesize
3.3MB

Download
memory/2116-58-0x00007FF689410000-0x00007FF689761000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2264-0x00007FF689410000-0x00007FF689761000-memory.dmp

Filesize
3.3MB

Download
memory/2296-62-0x00007FF74D240000-0x00007FF74D591000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2258-0x00007FF74D240000-0x00007FF74D591000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2266-0x00007FF6FE9E0000-0x00007FF6FED31000-memory.dmp

Filesize
3.3MB

Download
memory/2384-60-0x00007FF6FE9E0000-0x00007FF6FED31000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2245-0x00007FF7A0190000-0x00007FF7A04E1000-memory.dmp

Filesize
3.3MB

Download
memory/2448-145-0x00007FF7A0190000-0x00007FF7A04E1000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2342-0x00007FF7A0190000-0x00007FF7A04E1000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2339-0x00007FF745060000-0x00007FF7453B1000-memory.dmp

Filesize
3.3MB

Download
memory/2600-172-0x00007FF745060000-0x00007FF7453B1000-memory.dmp

Filesize
3.3MB

Download
memory/2984-203-0x00007FF7247A0000-0x00007FF724AF1000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2349-0x00007FF7247A0000-0x00007FF724AF1000-memory.dmp

Filesize
3.3MB

Download
memory/3580-190-0x00007FF697560000-0x00007FF6978B1000-memory.dmp

Filesize
3.3MB

Download
memory/3580-2336-0x00007FF697560000-0x00007FF6978B1000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2317-0x00007FF74EC50000-0x00007FF74EFA1000-memory.dmp

Filesize
3.3MB

Download
memory/3700-108-0x00007FF74EC50000-0x00007FF74EFA1000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2224-0x00007FF69F130000-0x00007FF69F481000-memory.dmp

Filesize
3.3MB

Download
memory/3792-111-0x00007FF69F130000-0x00007FF69F481000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2323-0x00007FF69F130000-0x00007FF69F481000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2248-0x00007FF63C0C0000-0x00007FF63C411000-memory.dmp

Filesize
3.3MB

Download
memory/3820-12-0x00007FF63C0C0000-0x00007FF63C411000-memory.dmp

Filesize
3.3MB

Download
memory/3820-1636-0x00007FF63C0C0000-0x00007FF63C411000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2340-0x00007FF75BA90000-0x00007FF75BDE1000-memory.dmp

Filesize
3.3MB

Download
memory/4068-184-0x00007FF75BA90000-0x00007FF75BDE1000-memory.dmp

Filesize
3.3MB

Download
memory/4132-167-0x00007FF6E3A80000-0x00007FF6E3DD1000-memory.dmp

Filesize
3.3MB

Download
memory/4132-2343-0x00007FF6E3A80000-0x00007FF6E3DD1000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2347-0x00007FF67FCE0000-0x00007FF680031000-memory.dmp

Filesize
3.3MB

Download
memory/4488-199-0x00007FF67FCE0000-0x00007FF680031000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2334-0x00007FF756CB0000-0x00007FF757001000-memory.dmp

Filesize
3.3MB

Download
memory/4540-195-0x00007FF756CB0000-0x00007FF757001000-memory.dmp

Filesize
3.3MB

Download
memory/4588-74-0x00007FF7B18D0000-0x00007FF7B1C21000-memory.dmp

Filesize
3.3MB

Download
memory/4588-2306-0x00007FF7B18D0000-0x00007FF7B1C21000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2252-0x00007FF68A030000-0x00007FF68A381000-memory.dmp

Filesize
3.3MB

Download
memory/4628-52-0x00007FF68A030000-0x00007FF68A381000-memory.dmp

Filesize
3.3MB

Download
memory/4728-2250-0x00007FF723170000-0x00007FF7234C1000-memory.dmp

Filesize
3.3MB

Download
memory/4728-29-0x00007FF723170000-0x00007FF7234C1000-memory.dmp

Filesize
3.3MB

Download
memory/4736-0-0x00007FF628380000-0x00007FF6286D1000-memory.dmp

Filesize
3.3MB

Download
memory/4736-1-0x000001EE3BEA0000-0x000001EE3BEB0000-memory.dmp

Filesize
64KB

Download
memory/4736-1080-0x00007FF628380000-0x00007FF6286D1000-memory.dmp

Filesize
3.3MB

Download
memory/4816-68-0x00007FF73F900000-0x00007FF73FC51000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2304-0x00007FF73F900000-0x00007FF73FC51000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2345-0x00007FF726E00000-0x00007FF727151000-memory.dmp

Filesize
3.3MB

Download
memory/4936-191-0x00007FF726E00000-0x00007FF727151000-memory.dmp

Filesize
3.3MB

Download