kpot | a8cb94ec689b154455786cc8d2527b5ac152bc7ac857b4a1dab12c3dfe384161

Analysis

max time kernel
108s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
Size

2.0MB
MD5

47708a21d646146dbbb1e525dee836f0
SHA1

b329f2fbbd27b076e28009165ec8887dce9a2b4e
SHA256

a8cb94ec689b154455786cc8d2527b5ac152bc7ac857b4a1dab12c3dfe384161
SHA512

303126f616d729a7b005345e244fd0ee0778d4f56b3caeb3828c6cb8ff6f503ed6f8ddc5e4846c92d5a2b90a7314f5ce183070564e8b9b355ee33e7e2bb487e8
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3k:BemTLkNdfE0pZrws

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x00080000000233fc-5.dat	family_kpot
behavioral2/files/0x0007000000023401-14.dat	family_kpot
behavioral2/files/0x0007000000023404-30.dat	family_kpot
behavioral2/files/0x0007000000023402-35.dat	family_kpot
behavioral2/files/0x000700000002340a-61.dat	family_kpot
behavioral2/files/0x000700000002340e-81.dat	family_kpot
behavioral2/files/0x0007000000023414-102.dat	family_kpot
behavioral2/files/0x000700000002341e-173.dat	family_kpot
behavioral2/files/0x000700000002341d-171.dat	family_kpot
behavioral2/files/0x0007000000023417-169.dat	family_kpot
behavioral2/files/0x000700000002341c-167.dat	family_kpot
behavioral2/files/0x000700000002341b-165.dat	family_kpot
behavioral2/files/0x0007000000023416-162.dat	family_kpot
behavioral2/files/0x000700000002341a-160.dat	family_kpot
behavioral2/files/0x0007000000023418-156.dat	family_kpot
behavioral2/files/0x0007000000023411-154.dat	family_kpot
behavioral2/files/0x0007000000023415-152.dat	family_kpot
behavioral2/files/0x000700000002340d-140.dat	family_kpot
behavioral2/files/0x0007000000023412-138.dat	family_kpot
behavioral2/files/0x0007000000023410-135.dat	family_kpot
behavioral2/files/0x000700000002340f-134.dat	family_kpot
behavioral2/files/0x000700000002340b-133.dat	family_kpot
behavioral2/files/0x0007000000023419-125.dat	family_kpot
behavioral2/files/0x0007000000023413-124.dat	family_kpot
behavioral2/files/0x0007000000023408-113.dat	family_kpot
behavioral2/files/0x000700000002340c-107.dat	family_kpot
behavioral2/files/0x0007000000023407-97.dat	family_kpot
behavioral2/files/0x0007000000023409-94.dat	family_kpot
behavioral2/files/0x0007000000023405-77.dat	family_kpot
behavioral2/files/0x0007000000023406-56.dat	family_kpot
behavioral2/files/0x0007000000023403-41.dat	family_kpot
behavioral2/files/0x0007000000023400-24.dat	family_kpot

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 15132 created 8	15132	WerFaultSecure.exe	80

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1248-0-0x00007FF7D1F70000-0x00007FF7D22C4000-memory.dmp	xmrig
behavioral2/files/0x00080000000233fc-5.dat	xmrig
behavioral2/memory/3520-10-0x00007FF611A10000-0x00007FF611D64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023401-14.dat	xmrig
behavioral2/files/0x0007000000023404-30.dat	xmrig
behavioral2/files/0x0007000000023402-35.dat	xmrig
behavioral2/files/0x000700000002340a-61.dat	xmrig
behavioral2/files/0x000700000002340e-81.dat	xmrig
behavioral2/files/0x0007000000023414-102.dat	xmrig
behavioral2/memory/4684-164-0x00007FF7BC490000-0x00007FF7BC7E4000-memory.dmp	xmrig
behavioral2/memory/2488-177-0x00007FF6FDDE0000-0x00007FF6FE134000-memory.dmp	xmrig
behavioral2/memory/2016-181-0x00007FF6255E0000-0x00007FF625934000-memory.dmp	xmrig
behavioral2/memory/2944-186-0x00007FF714A30000-0x00007FF714D84000-memory.dmp	xmrig
behavioral2/memory/4844-191-0x00007FF6A1170000-0x00007FF6A14C4000-memory.dmp	xmrig
behavioral2/memory/5016-190-0x00007FF6441A0000-0x00007FF6444F4000-memory.dmp	xmrig
behavioral2/memory/2964-189-0x00007FF7CE220000-0x00007FF7CE574000-memory.dmp	xmrig
behavioral2/memory/3600-188-0x00007FF6D7E90000-0x00007FF6D81E4000-memory.dmp	xmrig
behavioral2/memory/1644-187-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp	xmrig
behavioral2/memory/1388-185-0x00007FF650540000-0x00007FF650894000-memory.dmp	xmrig
behavioral2/memory/4892-184-0x00007FF7E2530000-0x00007FF7E2884000-memory.dmp	xmrig
behavioral2/memory/64-183-0x00007FF6E7460000-0x00007FF6E77B4000-memory.dmp	xmrig
behavioral2/memory/464-182-0x00007FF721D30000-0x00007FF722084000-memory.dmp	xmrig
behavioral2/memory/1564-180-0x00007FF7BE220000-0x00007FF7BE574000-memory.dmp	xmrig
behavioral2/memory/4428-179-0x00007FF611B50000-0x00007FF611EA4000-memory.dmp	xmrig
behavioral2/memory/1492-178-0x00007FF724320000-0x00007FF724674000-memory.dmp	xmrig
behavioral2/memory/5012-176-0x00007FF6515E0000-0x00007FF651934000-memory.dmp	xmrig
behavioral2/memory/4468-175-0x00007FF71D340000-0x00007FF71D694000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-173.dat	xmrig
behavioral2/files/0x000700000002341d-171.dat	xmrig
behavioral2/files/0x0007000000023417-169.dat	xmrig
behavioral2/files/0x000700000002341c-167.dat	xmrig
behavioral2/files/0x000700000002341b-165.dat	xmrig
behavioral2/files/0x0007000000023416-162.dat	xmrig
behavioral2/files/0x000700000002341a-160.dat	xmrig
behavioral2/memory/2416-159-0x00007FF63B1E0000-0x00007FF63B534000-memory.dmp	xmrig
behavioral2/memory/392-158-0x00007FF68B810000-0x00007FF68BB64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-156.dat	xmrig
behavioral2/files/0x0007000000023411-154.dat	xmrig
behavioral2/files/0x0007000000023415-152.dat	xmrig
behavioral2/memory/2068-146-0x00007FF6172C0000-0x00007FF617614000-memory.dmp	xmrig
behavioral2/memory/2656-145-0x00007FF6096D0000-0x00007FF609A24000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-140.dat	xmrig
behavioral2/files/0x0007000000023412-138.dat	xmrig
behavioral2/files/0x0007000000023410-135.dat	xmrig
behavioral2/files/0x000700000002340f-134.dat	xmrig
behavioral2/files/0x000700000002340b-133.dat	xmrig
behavioral2/files/0x0007000000023419-125.dat	xmrig
behavioral2/files/0x0007000000023413-124.dat	xmrig
behavioral2/memory/2604-118-0x00007FF750090000-0x00007FF7503E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-113.dat	xmrig
behavioral2/files/0x000700000002340c-107.dat	xmrig
behavioral2/files/0x0007000000023407-97.dat	xmrig
behavioral2/files/0x0007000000023409-94.dat	xmrig
behavioral2/memory/2072-89-0x00007FF71E7A0000-0x00007FF71EAF4000-memory.dmp	xmrig
behavioral2/memory/3736-70-0x00007FF6D0D40000-0x00007FF6D1094000-memory.dmp	xmrig
behavioral2/files/0x0007000000023405-77.dat	xmrig
behavioral2/files/0x0007000000023406-56.dat	xmrig
behavioral2/memory/3760-48-0x00007FF7EAEF0000-0x00007FF7EB244000-memory.dmp	xmrig
behavioral2/files/0x0007000000023403-41.dat	xmrig
behavioral2/memory/4524-31-0x00007FF6B8000000-0x00007FF6B8354000-memory.dmp	xmrig
behavioral2/files/0x0007000000023400-24.dat	xmrig
behavioral2/memory/2988-22-0x00007FF640DB0000-0x00007FF641104000-memory.dmp	xmrig
behavioral2/memory/3520-2131-0x00007FF611A10000-0x00007FF611D64000-memory.dmp	xmrig
behavioral2/memory/2988-2132-0x00007FF640DB0000-0x00007FF641104000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3520	RwLZNHb.exe
2988	DUoaxJJ.exe
4524	OzAvCzQ.exe
1644	GNTCNKS.exe
3760	JCgMSJB.exe
3736	WFrVxFZ.exe
3600	mVnmVDN.exe
2072	DyEaQDL.exe
2964	UaWrHxP.exe
2604	yOhWkOS.exe
2656	XYronMK.exe
2068	rBlUlin.exe
392	VKNvRhQ.exe
2416	iSKXhxT.exe
4684	CLWlXNB.exe
4468	qVgocjI.exe
5012	wrNciPw.exe
2488	PSTGMjO.exe
5016	lhAtlbk.exe
1492	LJZLovp.exe
4428	nqAXuxf.exe
1564	rbQEHdy.exe
2016	cZALjBc.exe
464	eXtXSDa.exe
64	WCFXfdh.exe
4844	sZjoCdl.exe
4892	VjSCMCx.exe
1388	hFFgXhC.exe
2944	DfqlABq.exe
232	dfLEUne.exe
1904	IiVbSrP.exe
3872	ANvUqYO.exe
4340	dLGxyXl.exe
3480	lQuluWw.exe
756	liugdWw.exe
4228	RhuyuMJ.exe
3032	nAtQEQh.exe
5112	oFTXypQ.exe
4108	BcvagbA.exe
4080	AgLfBhn.exe
2332	uQfCaUE.exe
3444	ZBWWwgi.exe
1112	VLkaBlF.exe
2748	qtzVdyB.exe
964	ZeAcTki.exe
4440	rSiIIOj.exe
4912	uSFpXmY.exe
1812	bJhlzzE.exe
2328	buMMVZu.exe
1512	DkKSGEH.exe
3528	ZacTltB.exe
2956	genHVZp.exe
2620	rykUgJX.exe
2908	QdApXWV.exe
3340	qTkOXmd.exe
4996	ryNZFgC.exe
4120	LoQiaud.exe
3644	fMszLJh.exe
3488	RjIYxSB.exe
1668	altvbzg.exe
3084	kGarnxa.exe
3144	VVXAlNs.exe
2428	DtbnDnv.exe
4596	zlYYhGI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1248-0-0x00007FF7D1F70000-0x00007FF7D22C4000-memory.dmp	upx
behavioral2/files/0x00080000000233fc-5.dat	upx
behavioral2/memory/3520-10-0x00007FF611A10000-0x00007FF611D64000-memory.dmp	upx
behavioral2/files/0x0007000000023401-14.dat	upx
behavioral2/files/0x0007000000023404-30.dat	upx
behavioral2/files/0x0007000000023402-35.dat	upx
behavioral2/files/0x000700000002340a-61.dat	upx
behavioral2/files/0x000700000002340e-81.dat	upx
behavioral2/files/0x0007000000023414-102.dat	upx
behavioral2/memory/4684-164-0x00007FF7BC490000-0x00007FF7BC7E4000-memory.dmp	upx
behavioral2/memory/2488-177-0x00007FF6FDDE0000-0x00007FF6FE134000-memory.dmp	upx
behavioral2/memory/2016-181-0x00007FF6255E0000-0x00007FF625934000-memory.dmp	upx
behavioral2/memory/2944-186-0x00007FF714A30000-0x00007FF714D84000-memory.dmp	upx
behavioral2/memory/4844-191-0x00007FF6A1170000-0x00007FF6A14C4000-memory.dmp	upx
behavioral2/memory/5016-190-0x00007FF6441A0000-0x00007FF6444F4000-memory.dmp	upx
behavioral2/memory/2964-189-0x00007FF7CE220000-0x00007FF7CE574000-memory.dmp	upx
behavioral2/memory/3600-188-0x00007FF6D7E90000-0x00007FF6D81E4000-memory.dmp	upx
behavioral2/memory/1644-187-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp	upx
behavioral2/memory/1388-185-0x00007FF650540000-0x00007FF650894000-memory.dmp	upx
behavioral2/memory/4892-184-0x00007FF7E2530000-0x00007FF7E2884000-memory.dmp	upx
behavioral2/memory/64-183-0x00007FF6E7460000-0x00007FF6E77B4000-memory.dmp	upx
behavioral2/memory/464-182-0x00007FF721D30000-0x00007FF722084000-memory.dmp	upx
behavioral2/memory/1564-180-0x00007FF7BE220000-0x00007FF7BE574000-memory.dmp	upx
behavioral2/memory/4428-179-0x00007FF611B50000-0x00007FF611EA4000-memory.dmp	upx
behavioral2/memory/1492-178-0x00007FF724320000-0x00007FF724674000-memory.dmp	upx
behavioral2/memory/5012-176-0x00007FF6515E0000-0x00007FF651934000-memory.dmp	upx
behavioral2/memory/4468-175-0x00007FF71D340000-0x00007FF71D694000-memory.dmp	upx
behavioral2/files/0x000700000002341e-173.dat	upx
behavioral2/files/0x000700000002341d-171.dat	upx
behavioral2/files/0x0007000000023417-169.dat	upx
behavioral2/files/0x000700000002341c-167.dat	upx
behavioral2/files/0x000700000002341b-165.dat	upx
behavioral2/files/0x0007000000023416-162.dat	upx
behavioral2/files/0x000700000002341a-160.dat	upx
behavioral2/memory/2416-159-0x00007FF63B1E0000-0x00007FF63B534000-memory.dmp	upx
behavioral2/memory/392-158-0x00007FF68B810000-0x00007FF68BB64000-memory.dmp	upx
behavioral2/files/0x0007000000023418-156.dat	upx
behavioral2/files/0x0007000000023411-154.dat	upx
behavioral2/files/0x0007000000023415-152.dat	upx
behavioral2/memory/2068-146-0x00007FF6172C0000-0x00007FF617614000-memory.dmp	upx
behavioral2/memory/2656-145-0x00007FF6096D0000-0x00007FF609A24000-memory.dmp	upx
behavioral2/files/0x000700000002340d-140.dat	upx
behavioral2/files/0x0007000000023412-138.dat	upx
behavioral2/files/0x0007000000023410-135.dat	upx
behavioral2/files/0x000700000002340f-134.dat	upx
behavioral2/files/0x000700000002340b-133.dat	upx
behavioral2/files/0x0007000000023419-125.dat	upx
behavioral2/files/0x0007000000023413-124.dat	upx
behavioral2/memory/2604-118-0x00007FF750090000-0x00007FF7503E4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-113.dat	upx
behavioral2/files/0x000700000002340c-107.dat	upx
behavioral2/files/0x0007000000023407-97.dat	upx
behavioral2/files/0x0007000000023409-94.dat	upx
behavioral2/memory/2072-89-0x00007FF71E7A0000-0x00007FF71EAF4000-memory.dmp	upx
behavioral2/memory/3736-70-0x00007FF6D0D40000-0x00007FF6D1094000-memory.dmp	upx
behavioral2/files/0x0007000000023405-77.dat	upx
behavioral2/files/0x0007000000023406-56.dat	upx
behavioral2/memory/3760-48-0x00007FF7EAEF0000-0x00007FF7EB244000-memory.dmp	upx
behavioral2/files/0x0007000000023403-41.dat	upx
behavioral2/memory/4524-31-0x00007FF6B8000000-0x00007FF6B8354000-memory.dmp	upx
behavioral2/files/0x0007000000023400-24.dat	upx
behavioral2/memory/2988-22-0x00007FF640DB0000-0x00007FF641104000-memory.dmp	upx
behavioral2/memory/3520-2131-0x00007FF611A10000-0x00007FF611D64000-memory.dmp	upx
behavioral2/memory/2988-2132-0x00007FF640DB0000-0x00007FF641104000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QhcjNjC.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\NJHZsTg.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\vwhlCVA.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\jXJkFrs.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\EHKEmEc.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\zDUzpPt.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\dBWQceh.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\JCgMSJB.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\LyRQHdn.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\tXJdtsC.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\qWDYERv.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\pYBNjMN.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\genHVZp.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\POiQCkB.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\AcPGnbc.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\BlKNYLy.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\syhHdqf.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\YdEBnqJ.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\BCmYFfU.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\aEngkNg.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\RBRnTds.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\PpGtwtW.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\IVcmhZe.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\BCDLwHH.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\XuKlFaR.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\rykUgJX.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\ePrfLga.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\idpkgms.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\tJYWauO.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\gXHIEIq.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\DfqlABq.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\kTDkdzb.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\BZgOQdd.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\NqKdrsn.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\LZViGyx.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\faSLzRj.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\VtuQoYC.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\hLzLfOj.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\OrCngJP.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\ObWsRbc.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\VLXAnGO.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\feGkITo.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\jmoJEor.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\TAowDTa.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\djXstTT.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\EKlQZxT.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\hSiVRQd.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\FCnPdtB.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\HdherNP.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\DkKSGEH.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\ACvxXrX.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\ajxtNum.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\nXbQLSh.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\YijPTWD.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\rSiIIOj.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\UKwcCzb.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\epizyVk.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\WzwiftI.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\vuHcTfc.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\pKJVSwQ.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\wARdoEX.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\FPsHugx.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\XYronMK.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
File created	C:\Windows\System\xkIRYXT.exe	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
15228	WerFaultSecure.exe
15228	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14964	dwm.exe
Token: SeChangeNotifyPrivilege	14964	dwm.exe
Token: 33	14964	dwm.exe
Token: SeIncBasePriorityPrivilege	14964	dwm.exe
Token: SeShutdownPrivilege	14964	dwm.exe
Token: SeCreatePagefilePrivilege	14964	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 3520	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	83
PID 1248 wrote to memory of 3520	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	83
PID 1248 wrote to memory of 2988	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	84
PID 1248 wrote to memory of 2988	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	84
PID 1248 wrote to memory of 4524	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	85
PID 1248 wrote to memory of 4524	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	85
PID 1248 wrote to memory of 1644	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	86
PID 1248 wrote to memory of 1644	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	86
PID 1248 wrote to memory of 3760	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	87
PID 1248 wrote to memory of 3760	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	87
PID 1248 wrote to memory of 3736	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	88
PID 1248 wrote to memory of 3736	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	88
PID 1248 wrote to memory of 3600	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	89
PID 1248 wrote to memory of 3600	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	89
PID 1248 wrote to memory of 2072	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	90
PID 1248 wrote to memory of 2072	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	90
PID 1248 wrote to memory of 2656	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	91
PID 1248 wrote to memory of 2656	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	91
PID 1248 wrote to memory of 2964	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	92
PID 1248 wrote to memory of 2964	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	92
PID 1248 wrote to memory of 2604	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	93
PID 1248 wrote to memory of 2604	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	93
PID 1248 wrote to memory of 2068	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	94
PID 1248 wrote to memory of 2068	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	94
PID 1248 wrote to memory of 392	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	95
PID 1248 wrote to memory of 392	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	95
PID 1248 wrote to memory of 2416	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	96
PID 1248 wrote to memory of 2416	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	96
PID 1248 wrote to memory of 4684	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	97
PID 1248 wrote to memory of 4684	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	97
PID 1248 wrote to memory of 4468	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	98
PID 1248 wrote to memory of 4468	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	98
PID 1248 wrote to memory of 5012	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	99
PID 1248 wrote to memory of 5012	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	99
PID 1248 wrote to memory of 2488	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	100
PID 1248 wrote to memory of 2488	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	100
PID 1248 wrote to memory of 1564	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	101
PID 1248 wrote to memory of 1564	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	101
PID 1248 wrote to memory of 5016	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	102
PID 1248 wrote to memory of 5016	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	102
PID 1248 wrote to memory of 4844	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	103
PID 1248 wrote to memory of 4844	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	103
PID 1248 wrote to memory of 1492	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	104
PID 1248 wrote to memory of 1492	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	104
PID 1248 wrote to memory of 4428	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	105
PID 1248 wrote to memory of 4428	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	105
PID 1248 wrote to memory of 2016	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	106
PID 1248 wrote to memory of 2016	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	106
PID 1248 wrote to memory of 464	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	107
PID 1248 wrote to memory of 464	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	107
PID 1248 wrote to memory of 64	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	108
PID 1248 wrote to memory of 64	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	108
PID 1248 wrote to memory of 4892	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	109
PID 1248 wrote to memory of 4892	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	109
PID 1248 wrote to memory of 1388	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	110
PID 1248 wrote to memory of 1388	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	110
PID 1248 wrote to memory of 2944	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	111
PID 1248 wrote to memory of 2944	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	111
PID 1248 wrote to memory of 232	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	112
PID 1248 wrote to memory of 232	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	112
PID 1248 wrote to memory of 1904	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	113
PID 1248 wrote to memory of 1904	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	113
PID 1248 wrote to memory of 3872	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	114
PID 1248 wrote to memory of 3872	1248	47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe	114

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:8
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 8 -s 2148
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:15228

C:\Users\Admin\AppData\Local\Temp\47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\47708a21d646146dbbb1e525dee836f0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\System\RwLZNHb.exe
  C:\Windows\System\RwLZNHb.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\DUoaxJJ.exe
  C:\Windows\System\DUoaxJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\OzAvCzQ.exe
  C:\Windows\System\OzAvCzQ.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\GNTCNKS.exe
  C:\Windows\System\GNTCNKS.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\JCgMSJB.exe
  C:\Windows\System\JCgMSJB.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\WFrVxFZ.exe
  C:\Windows\System\WFrVxFZ.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\mVnmVDN.exe
  C:\Windows\System\mVnmVDN.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\DyEaQDL.exe
  C:\Windows\System\DyEaQDL.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\XYronMK.exe
  C:\Windows\System\XYronMK.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\UaWrHxP.exe
  C:\Windows\System\UaWrHxP.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\yOhWkOS.exe
  C:\Windows\System\yOhWkOS.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\rBlUlin.exe
  C:\Windows\System\rBlUlin.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\VKNvRhQ.exe
  C:\Windows\System\VKNvRhQ.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\iSKXhxT.exe
  C:\Windows\System\iSKXhxT.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\CLWlXNB.exe
  C:\Windows\System\CLWlXNB.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\qVgocjI.exe
  C:\Windows\System\qVgocjI.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\wrNciPw.exe
  C:\Windows\System\wrNciPw.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\PSTGMjO.exe
  C:\Windows\System\PSTGMjO.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\rbQEHdy.exe
  C:\Windows\System\rbQEHdy.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\lhAtlbk.exe
  C:\Windows\System\lhAtlbk.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\sZjoCdl.exe
  C:\Windows\System\sZjoCdl.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\LJZLovp.exe
  C:\Windows\System\LJZLovp.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\nqAXuxf.exe
  C:\Windows\System\nqAXuxf.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\cZALjBc.exe
  C:\Windows\System\cZALjBc.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\eXtXSDa.exe
  C:\Windows\System\eXtXSDa.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\WCFXfdh.exe
  C:\Windows\System\WCFXfdh.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\VjSCMCx.exe
  C:\Windows\System\VjSCMCx.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\hFFgXhC.exe
  C:\Windows\System\hFFgXhC.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\DfqlABq.exe
  C:\Windows\System\DfqlABq.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\dfLEUne.exe
  C:\Windows\System\dfLEUne.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\IiVbSrP.exe
  C:\Windows\System\IiVbSrP.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ANvUqYO.exe
  C:\Windows\System\ANvUqYO.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\dLGxyXl.exe
  C:\Windows\System\dLGxyXl.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\lQuluWw.exe
  C:\Windows\System\lQuluWw.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\liugdWw.exe
  C:\Windows\System\liugdWw.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\RhuyuMJ.exe
  C:\Windows\System\RhuyuMJ.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\nAtQEQh.exe
  C:\Windows\System\nAtQEQh.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\oFTXypQ.exe
  C:\Windows\System\oFTXypQ.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\BcvagbA.exe
  C:\Windows\System\BcvagbA.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\AgLfBhn.exe
  C:\Windows\System\AgLfBhn.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\uQfCaUE.exe
  C:\Windows\System\uQfCaUE.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ZBWWwgi.exe
  C:\Windows\System\ZBWWwgi.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\VLkaBlF.exe
  C:\Windows\System\VLkaBlF.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\qtzVdyB.exe
  C:\Windows\System\qtzVdyB.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\ZeAcTki.exe
  C:\Windows\System\ZeAcTki.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\rSiIIOj.exe
  C:\Windows\System\rSiIIOj.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\uSFpXmY.exe
  C:\Windows\System\uSFpXmY.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\bJhlzzE.exe
  C:\Windows\System\bJhlzzE.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\buMMVZu.exe
  C:\Windows\System\buMMVZu.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\DkKSGEH.exe
  C:\Windows\System\DkKSGEH.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ZacTltB.exe
  C:\Windows\System\ZacTltB.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\genHVZp.exe
  C:\Windows\System\genHVZp.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\rykUgJX.exe
  C:\Windows\System\rykUgJX.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\QdApXWV.exe
  C:\Windows\System\QdApXWV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\qTkOXmd.exe
  C:\Windows\System\qTkOXmd.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\ryNZFgC.exe
  C:\Windows\System\ryNZFgC.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\LoQiaud.exe
  C:\Windows\System\LoQiaud.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\fMszLJh.exe
  C:\Windows\System\fMszLJh.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\RjIYxSB.exe
  C:\Windows\System\RjIYxSB.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\altvbzg.exe
  C:\Windows\System\altvbzg.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\kGarnxa.exe
  C:\Windows\System\kGarnxa.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\VVXAlNs.exe
  C:\Windows\System\VVXAlNs.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\DtbnDnv.exe
  C:\Windows\System\DtbnDnv.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\zlYYhGI.exe
  C:\Windows\System\zlYYhGI.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\YWNLMph.exe
  C:\Windows\System\YWNLMph.exe
  2⤵
  PID:2924
- C:\Windows\System\lpvfuEQ.exe
  C:\Windows\System\lpvfuEQ.exe
  2⤵
  PID:712
- C:\Windows\System\hsTosbx.exe
  C:\Windows\System\hsTosbx.exe
  2⤵
  PID:5076
- C:\Windows\System\WudYMAf.exe
  C:\Windows\System\WudYMAf.exe
  2⤵
  PID:4556
- C:\Windows\System\UjbPEzK.exe
  C:\Windows\System\UjbPEzK.exe
  2⤵
  PID:3720
- C:\Windows\System\NOHTPzK.exe
  C:\Windows\System\NOHTPzK.exe
  2⤵
  PID:3968
- C:\Windows\System\ePrfLga.exe
  C:\Windows\System\ePrfLga.exe
  2⤵
  PID:4768
- C:\Windows\System\ACvxXrX.exe
  C:\Windows\System\ACvxXrX.exe
  2⤵
  PID:2384
- C:\Windows\System\tHEXoHH.exe
  C:\Windows\System\tHEXoHH.exe
  2⤵
  PID:4404
- C:\Windows\System\RGpdRfj.exe
  C:\Windows\System\RGpdRfj.exe
  2⤵
  PID:4448
- C:\Windows\System\kAkxIuo.exe
  C:\Windows\System\kAkxIuo.exe
  2⤵
  PID:3548
- C:\Windows\System\zlIbhiW.exe
  C:\Windows\System\zlIbhiW.exe
  2⤵
  PID:512
- C:\Windows\System\ZvKTXRl.exe
  C:\Windows\System\ZvKTXRl.exe
  2⤵
  PID:4044
- C:\Windows\System\UUkVxSv.exe
  C:\Windows\System\UUkVxSv.exe
  2⤵
  PID:2240
- C:\Windows\System\rhatpUU.exe
  C:\Windows\System\rhatpUU.exe
  2⤵
  PID:4060
- C:\Windows\System\SUpfadb.exe
  C:\Windows\System\SUpfadb.exe
  2⤵
  PID:3752
- C:\Windows\System\DXuFLkm.exe
  C:\Windows\System\DXuFLkm.exe
  2⤵
  PID:4500
- C:\Windows\System\iFOeZdT.exe
  C:\Windows\System\iFOeZdT.exe
  2⤵
  PID:4708
- C:\Windows\System\Wkpzwpg.exe
  C:\Windows\System\Wkpzwpg.exe
  2⤵
  PID:4972
- C:\Windows\System\DWRgTam.exe
  C:\Windows\System\DWRgTam.exe
  2⤵
  PID:5072
- C:\Windows\System\IzEPHwY.exe
  C:\Windows\System\IzEPHwY.exe
  2⤵
  PID:1432
- C:\Windows\System\FYmsloW.exe
  C:\Windows\System\FYmsloW.exe
  2⤵
  PID:4088
- C:\Windows\System\oPhUqeq.exe
  C:\Windows\System\oPhUqeq.exe
  2⤵
  PID:4200
- C:\Windows\System\GQEqmQu.exe
  C:\Windows\System\GQEqmQu.exe
  2⤵
  PID:916
- C:\Windows\System\BRtWKZB.exe
  C:\Windows\System\BRtWKZB.exe
  2⤵
  PID:1540
- C:\Windows\System\FuFiWPg.exe
  C:\Windows\System\FuFiWPg.exe
  2⤵
  PID:4572
- C:\Windows\System\OJuixmD.exe
  C:\Windows\System\OJuixmD.exe
  2⤵
  PID:3280
- C:\Windows\System\RErIKsH.exe
  C:\Windows\System\RErIKsH.exe
  2⤵
  PID:2040
- C:\Windows\System\lrHWHcN.exe
  C:\Windows\System\lrHWHcN.exe
  2⤵
  PID:4680
- C:\Windows\System\mQjSfrL.exe
  C:\Windows\System\mQjSfrL.exe
  2⤵
  PID:4172
- C:\Windows\System\ZliqmhC.exe
  C:\Windows\System\ZliqmhC.exe
  2⤵
  PID:4964
- C:\Windows\System\qyvWsoy.exe
  C:\Windows\System\qyvWsoy.exe
  2⤵
  PID:4960
- C:\Windows\System\EHKEmEc.exe
  C:\Windows\System\EHKEmEc.exe
  2⤵
  PID:4412
- C:\Windows\System\ZfrHdpZ.exe
  C:\Windows\System\ZfrHdpZ.exe
  2⤵
  PID:1500
- C:\Windows\System\WGMCWKV.exe
  C:\Windows\System\WGMCWKV.exe
  2⤵
  PID:856
- C:\Windows\System\KQUleWz.exe
  C:\Windows\System\KQUleWz.exe
  2⤵
  PID:2092
- C:\Windows\System\iyXACvD.exe
  C:\Windows\System\iyXACvD.exe
  2⤵
  PID:4736
- C:\Windows\System\cMURqKn.exe
  C:\Windows\System\cMURqKn.exe
  2⤵
  PID:5132
- C:\Windows\System\MSWVuWC.exe
  C:\Windows\System\MSWVuWC.exe
  2⤵
  PID:5164
- C:\Windows\System\WINoDte.exe
  C:\Windows\System\WINoDte.exe
  2⤵
  PID:5196
- C:\Windows\System\zQTbfQW.exe
  C:\Windows\System\zQTbfQW.exe
  2⤵
  PID:5224
- C:\Windows\System\NagYjku.exe
  C:\Windows\System\NagYjku.exe
  2⤵
  PID:5256
- C:\Windows\System\WamxlXA.exe
  C:\Windows\System\WamxlXA.exe
  2⤵
  PID:5284
- C:\Windows\System\EFlHFXV.exe
  C:\Windows\System\EFlHFXV.exe
  2⤵
  PID:5300
- C:\Windows\System\yGbKDMt.exe
  C:\Windows\System\yGbKDMt.exe
  2⤵
  PID:5356
- C:\Windows\System\nVbkURz.exe
  C:\Windows\System\nVbkURz.exe
  2⤵
  PID:5372
- C:\Windows\System\QqmtbFF.exe
  C:\Windows\System\QqmtbFF.exe
  2⤵
  PID:5404
- C:\Windows\System\DmxUeTw.exe
  C:\Windows\System\DmxUeTw.exe
  2⤵
  PID:5440
- C:\Windows\System\uYWSHCS.exe
  C:\Windows\System\uYWSHCS.exe
  2⤵
  PID:5460
- C:\Windows\System\YajYmuj.exe
  C:\Windows\System\YajYmuj.exe
  2⤵
  PID:5496
- C:\Windows\System\GGfDYin.exe
  C:\Windows\System\GGfDYin.exe
  2⤵
  PID:5516
- C:\Windows\System\iRRTofN.exe
  C:\Windows\System\iRRTofN.exe
  2⤵
  PID:5544
- C:\Windows\System\bWBeyDP.exe
  C:\Windows\System\bWBeyDP.exe
  2⤵
  PID:5572
- C:\Windows\System\vjjPRyo.exe
  C:\Windows\System\vjjPRyo.exe
  2⤵
  PID:5608
- C:\Windows\System\pVBWXwv.exe
  C:\Windows\System\pVBWXwv.exe
  2⤵
  PID:5628
- C:\Windows\System\yAmWnDA.exe
  C:\Windows\System\yAmWnDA.exe
  2⤵
  PID:5656
- C:\Windows\System\gPvIatn.exe
  C:\Windows\System\gPvIatn.exe
  2⤵
  PID:5692
- C:\Windows\System\eBcuAFJ.exe
  C:\Windows\System\eBcuAFJ.exe
  2⤵
  PID:5712
- C:\Windows\System\UmIceIw.exe
  C:\Windows\System\UmIceIw.exe
  2⤵
  PID:5740
- C:\Windows\System\ztKBKIt.exe
  C:\Windows\System\ztKBKIt.exe
  2⤵
  PID:5768
- C:\Windows\System\sJQZwgQ.exe
  C:\Windows\System\sJQZwgQ.exe
  2⤵
  PID:5804
- C:\Windows\System\xvOxErw.exe
  C:\Windows\System\xvOxErw.exe
  2⤵
  PID:5828
- C:\Windows\System\kLurdEc.exe
  C:\Windows\System\kLurdEc.exe
  2⤵
  PID:5856
- C:\Windows\System\AgPVosh.exe
  C:\Windows\System\AgPVosh.exe
  2⤵
  PID:5880
- C:\Windows\System\Qlmzqqn.exe
  C:\Windows\System\Qlmzqqn.exe
  2⤵
  PID:5896
- C:\Windows\System\xPezcYc.exe
  C:\Windows\System\xPezcYc.exe
  2⤵
  PID:5924
- C:\Windows\System\sLbAUbt.exe
  C:\Windows\System\sLbAUbt.exe
  2⤵
  PID:5952
- C:\Windows\System\fTgjppH.exe
  C:\Windows\System\fTgjppH.exe
  2⤵
  PID:6000
- C:\Windows\System\rOpmrRJ.exe
  C:\Windows\System\rOpmrRJ.exe
  2⤵
  PID:6036
- C:\Windows\System\RMJyRnw.exe
  C:\Windows\System\RMJyRnw.exe
  2⤵
  PID:6064
- C:\Windows\System\jmoJEor.exe
  C:\Windows\System\jmoJEor.exe
  2⤵
  PID:6092
- C:\Windows\System\MdvHwPJ.exe
  C:\Windows\System\MdvHwPJ.exe
  2⤵
  PID:6124
- C:\Windows\System\ZQkjVkh.exe
  C:\Windows\System\ZQkjVkh.exe
  2⤵
  PID:5124
- C:\Windows\System\whYWllI.exe
  C:\Windows\System\whYWllI.exe
  2⤵
  PID:5192
- C:\Windows\System\URGrMuR.exe
  C:\Windows\System\URGrMuR.exe
  2⤵
  PID:5276
- C:\Windows\System\nxapJFW.exe
  C:\Windows\System\nxapJFW.exe
  2⤵
  PID:5328
- C:\Windows\System\NzmwTlz.exe
  C:\Windows\System\NzmwTlz.exe
  2⤵
  PID:5392
- C:\Windows\System\WTvPAOf.exe
  C:\Windows\System\WTvPAOf.exe
  2⤵
  PID:4820
- C:\Windows\System\WzwiftI.exe
  C:\Windows\System\WzwiftI.exe
  2⤵
  PID:5528
- C:\Windows\System\GGKRaXo.exe
  C:\Windows\System\GGKRaXo.exe
  2⤵
  PID:5600
- C:\Windows\System\aEIkuLs.exe
  C:\Windows\System\aEIkuLs.exe
  2⤵
  PID:5676
- C:\Windows\System\tatTQgW.exe
  C:\Windows\System\tatTQgW.exe
  2⤵
  PID:5724
- C:\Windows\System\kISRZXx.exe
  C:\Windows\System\kISRZXx.exe
  2⤵
  PID:5812
- C:\Windows\System\lIERYgh.exe
  C:\Windows\System\lIERYgh.exe
  2⤵
  PID:5912
- C:\Windows\System\rUORZkQ.exe
  C:\Windows\System\rUORZkQ.exe
  2⤵
  PID:5936
- C:\Windows\System\EsavsLj.exe
  C:\Windows\System\EsavsLj.exe
  2⤵
  PID:6012
- C:\Windows\System\tBdDyBc.exe
  C:\Windows\System\tBdDyBc.exe
  2⤵
  PID:6076
- C:\Windows\System\AtsITcb.exe
  C:\Windows\System\AtsITcb.exe
  2⤵
  PID:5156
- C:\Windows\System\hlfDdak.exe
  C:\Windows\System\hlfDdak.exe
  2⤵
  PID:5264
- C:\Windows\System\TZxEAph.exe
  C:\Windows\System\TZxEAph.exe
  2⤵
  PID:5416
- C:\Windows\System\ptWOPGz.exe
  C:\Windows\System\ptWOPGz.exe
  2⤵
  PID:5556
- C:\Windows\System\tsTGUPD.exe
  C:\Windows\System\tsTGUPD.exe
  2⤵
  PID:5764
- C:\Windows\System\eubCawy.exe
  C:\Windows\System\eubCawy.exe
  2⤵
  PID:5868
- C:\Windows\System\peVJxLE.exe
  C:\Windows\System\peVJxLE.exe
  2⤵
  PID:6056
- C:\Windows\System\raOSBBF.exe
  C:\Windows\System\raOSBBF.exe
  2⤵
  PID:5208
- C:\Windows\System\aiLHbsN.exe
  C:\Windows\System\aiLHbsN.exe
  2⤵
  PID:5700
- C:\Windows\System\FQcwyZA.exe
  C:\Windows\System\FQcwyZA.exe
  2⤵
  PID:6048
- C:\Windows\System\XFIKmFB.exe
  C:\Windows\System\XFIKmFB.exe
  2⤵
  PID:5472
- C:\Windows\System\idpkgms.exe
  C:\Windows\System\idpkgms.exe
  2⤵
  PID:6112
- C:\Windows\System\HkdtFua.exe
  C:\Windows\System\HkdtFua.exe
  2⤵
  PID:6176
- C:\Windows\System\fnZbCrv.exe
  C:\Windows\System\fnZbCrv.exe
  2⤵
  PID:6204
- C:\Windows\System\IkLBtyX.exe
  C:\Windows\System\IkLBtyX.exe
  2⤵
  PID:6236
- C:\Windows\System\oVqraHL.exe
  C:\Windows\System\oVqraHL.exe
  2⤵
  PID:6264
- C:\Windows\System\UtSAWJk.exe
  C:\Windows\System\UtSAWJk.exe
  2⤵
  PID:6292
- C:\Windows\System\pVSqLCY.exe
  C:\Windows\System\pVSqLCY.exe
  2⤵
  PID:6324
- C:\Windows\System\oHfRsQp.exe
  C:\Windows\System\oHfRsQp.exe
  2⤵
  PID:6344
- C:\Windows\System\KUFwKKW.exe
  C:\Windows\System\KUFwKKW.exe
  2⤵
  PID:6380
- C:\Windows\System\rWSnkHN.exe
  C:\Windows\System\rWSnkHN.exe
  2⤵
  PID:6404
- C:\Windows\System\EKlQZxT.exe
  C:\Windows\System\EKlQZxT.exe
  2⤵
  PID:6436
- C:\Windows\System\ocFyzqn.exe
  C:\Windows\System\ocFyzqn.exe
  2⤵
  PID:6464
- C:\Windows\System\MDMTKmP.exe
  C:\Windows\System\MDMTKmP.exe
  2⤵
  PID:6492
- C:\Windows\System\HePObnC.exe
  C:\Windows\System\HePObnC.exe
  2⤵
  PID:6520
- C:\Windows\System\CHhWYsC.exe
  C:\Windows\System\CHhWYsC.exe
  2⤵
  PID:6552
- C:\Windows\System\sXgyLKh.exe
  C:\Windows\System\sXgyLKh.exe
  2⤵
  PID:6576
- C:\Windows\System\VtuQoYC.exe
  C:\Windows\System\VtuQoYC.exe
  2⤵
  PID:6604
- C:\Windows\System\RRRgHIy.exe
  C:\Windows\System\RRRgHIy.exe
  2⤵
  PID:6632
- C:\Windows\System\aEngkNg.exe
  C:\Windows\System\aEngkNg.exe
  2⤵
  PID:6648
- C:\Windows\System\WNXzChc.exe
  C:\Windows\System\WNXzChc.exe
  2⤵
  PID:6664
- C:\Windows\System\VzkQuVq.exe
  C:\Windows\System\VzkQuVq.exe
  2⤵
  PID:6680
- C:\Windows\System\psgGWzs.exe
  C:\Windows\System\psgGWzs.exe
  2⤵
  PID:6696
- C:\Windows\System\uTcfALS.exe
  C:\Windows\System\uTcfALS.exe
  2⤵
  PID:6720
- C:\Windows\System\QZkwiuH.exe
  C:\Windows\System\QZkwiuH.exe
  2⤵
  PID:6748
- C:\Windows\System\zDUzpPt.exe
  C:\Windows\System\zDUzpPt.exe
  2⤵
  PID:6776
- C:\Windows\System\bxpGAoS.exe
  C:\Windows\System\bxpGAoS.exe
  2⤵
  PID:6808
- C:\Windows\System\PTDPuEI.exe
  C:\Windows\System\PTDPuEI.exe
  2⤵
  PID:6840
- C:\Windows\System\uVfXpkJ.exe
  C:\Windows\System\uVfXpkJ.exe
  2⤵
  PID:6868
- C:\Windows\System\POiQCkB.exe
  C:\Windows\System\POiQCkB.exe
  2⤵
  PID:6892
- C:\Windows\System\gZULkqt.exe
  C:\Windows\System\gZULkqt.exe
  2⤵
  PID:6920
- C:\Windows\System\RQGIHdF.exe
  C:\Windows\System\RQGIHdF.exe
  2⤵
  PID:6944
- C:\Windows\System\ddFXrEP.exe
  C:\Windows\System\ddFXrEP.exe
  2⤵
  PID:6968
- C:\Windows\System\FQqgcYX.exe
  C:\Windows\System\FQqgcYX.exe
  2⤵
  PID:6992
- C:\Windows\System\exCYSxM.exe
  C:\Windows\System\exCYSxM.exe
  2⤵
  PID:7024
- C:\Windows\System\cgktzLG.exe
  C:\Windows\System\cgktzLG.exe
  2⤵
  PID:7048
- C:\Windows\System\iaxbtzh.exe
  C:\Windows\System\iaxbtzh.exe
  2⤵
  PID:7084
- C:\Windows\System\yNzBMqR.exe
  C:\Windows\System\yNzBMqR.exe
  2⤵
  PID:7120
- C:\Windows\System\iGfBFIi.exe
  C:\Windows\System\iGfBFIi.exe
  2⤵
  PID:7152
- C:\Windows\System\xZZoIbr.exe
  C:\Windows\System\xZZoIbr.exe
  2⤵
  PID:6164
- C:\Windows\System\bnXfeLI.exe
  C:\Windows\System\bnXfeLI.exe
  2⤵
  PID:6244
- C:\Windows\System\AEFGKCr.exe
  C:\Windows\System\AEFGKCr.exe
  2⤵
  PID:6280
- C:\Windows\System\UjNHQeq.exe
  C:\Windows\System\UjNHQeq.exe
  2⤵
  PID:6340
- C:\Windows\System\vuHcTfc.exe
  C:\Windows\System\vuHcTfc.exe
  2⤵
  PID:6412
- C:\Windows\System\tqhozJf.exe
  C:\Windows\System\tqhozJf.exe
  2⤵
  PID:6488
- C:\Windows\System\SicgkqD.exe
  C:\Windows\System\SicgkqD.exe
  2⤵
  PID:6544
- C:\Windows\System\hLzLfOj.exe
  C:\Windows\System\hLzLfOj.exe
  2⤵
  PID:6620
- C:\Windows\System\aRlwtlS.exe
  C:\Windows\System\aRlwtlS.exe
  2⤵
  PID:6768
- C:\Windows\System\HmwbXLv.exe
  C:\Windows\System\HmwbXLv.exe
  2⤵
  PID:6856
- C:\Windows\System\Fqczspj.exe
  C:\Windows\System\Fqczspj.exe
  2⤵
  PID:6852
- C:\Windows\System\JWpLhgU.exe
  C:\Windows\System\JWpLhgU.exe
  2⤵
  PID:6980
- C:\Windows\System\KYDPMVL.exe
  C:\Windows\System\KYDPMVL.exe
  2⤵
  PID:7068
- C:\Windows\System\lxLfiOV.exe
  C:\Windows\System\lxLfiOV.exe
  2⤵
  PID:7036
- C:\Windows\System\kTDkdzb.exe
  C:\Windows\System\kTDkdzb.exe
  2⤵
  PID:5892
- C:\Windows\System\ApgSFgq.exe
  C:\Windows\System\ApgSFgq.exe
  2⤵
  PID:6228
- C:\Windows\System\iNwNTVm.exe
  C:\Windows\System\iNwNTVm.exe
  2⤵
  PID:6532
- C:\Windows\System\pKJVSwQ.exe
  C:\Windows\System\pKJVSwQ.exe
  2⤵
  PID:6644
- C:\Windows\System\IIhdznp.exe
  C:\Windows\System\IIhdznp.exe
  2⤵
  PID:6816
- C:\Windows\System\LgZNekI.exe
  C:\Windows\System\LgZNekI.exe
  2⤵
  PID:6960
- C:\Windows\System\zfAunhl.exe
  C:\Windows\System\zfAunhl.exe
  2⤵
  PID:7012
- C:\Windows\System\xgxeedF.exe
  C:\Windows\System\xgxeedF.exe
  2⤵
  PID:6452
- C:\Windows\System\OfToAkN.exe
  C:\Windows\System\OfToAkN.exe
  2⤵
  PID:6764
- C:\Windows\System\KETcTpZ.exe
  C:\Windows\System\KETcTpZ.exe
  2⤵
  PID:7016
- C:\Windows\System\LVsmsTp.exe
  C:\Windows\System\LVsmsTp.exe
  2⤵
  PID:6916
- C:\Windows\System\NayYDyD.exe
  C:\Windows\System\NayYDyD.exe
  2⤵
  PID:7192
- C:\Windows\System\JinSHjx.exe
  C:\Windows\System\JinSHjx.exe
  2⤵
  PID:7240
- C:\Windows\System\jYTfLVV.exe
  C:\Windows\System\jYTfLVV.exe
  2⤵
  PID:7272
- C:\Windows\System\xyANCcZ.exe
  C:\Windows\System\xyANCcZ.exe
  2⤵
  PID:7304
- C:\Windows\System\qFUHDFG.exe
  C:\Windows\System\qFUHDFG.exe
  2⤵
  PID:7340
- C:\Windows\System\xsMOKiR.exe
  C:\Windows\System\xsMOKiR.exe
  2⤵
  PID:7368
- C:\Windows\System\UKwcCzb.exe
  C:\Windows\System\UKwcCzb.exe
  2⤵
  PID:7388
- C:\Windows\System\ouzGDbe.exe
  C:\Windows\System\ouzGDbe.exe
  2⤵
  PID:7416
- C:\Windows\System\PCSBdpZ.exe
  C:\Windows\System\PCSBdpZ.exe
  2⤵
  PID:7452
- C:\Windows\System\etwOVhF.exe
  C:\Windows\System\etwOVhF.exe
  2⤵
  PID:7472
- C:\Windows\System\LIsBrOl.exe
  C:\Windows\System\LIsBrOl.exe
  2⤵
  PID:7508
- C:\Windows\System\YcsCQXW.exe
  C:\Windows\System\YcsCQXW.exe
  2⤵
  PID:7528
- C:\Windows\System\avyVdmr.exe
  C:\Windows\System\avyVdmr.exe
  2⤵
  PID:7556
- C:\Windows\System\QAtCUCk.exe
  C:\Windows\System\QAtCUCk.exe
  2⤵
  PID:7584
- C:\Windows\System\FsAkQkC.exe
  C:\Windows\System\FsAkQkC.exe
  2⤵
  PID:7620
- C:\Windows\System\LqvnZui.exe
  C:\Windows\System\LqvnZui.exe
  2⤵
  PID:7644
- C:\Windows\System\YytMxBp.exe
  C:\Windows\System\YytMxBp.exe
  2⤵
  PID:7668
- C:\Windows\System\MfmrFeA.exe
  C:\Windows\System\MfmrFeA.exe
  2⤵
  PID:7696
- C:\Windows\System\qSjztYK.exe
  C:\Windows\System\qSjztYK.exe
  2⤵
  PID:7732
- C:\Windows\System\XJEFAUU.exe
  C:\Windows\System\XJEFAUU.exe
  2⤵
  PID:7752
- C:\Windows\System\fQisGeP.exe
  C:\Windows\System\fQisGeP.exe
  2⤵
  PID:7780
- C:\Windows\System\iRhzdMI.exe
  C:\Windows\System\iRhzdMI.exe
  2⤵
  PID:7808
- C:\Windows\System\PwmOCHm.exe
  C:\Windows\System\PwmOCHm.exe
  2⤵
  PID:7836
- C:\Windows\System\yfTUGMx.exe
  C:\Windows\System\yfTUGMx.exe
  2⤵
  PID:7864
- C:\Windows\System\xkIRYXT.exe
  C:\Windows\System\xkIRYXT.exe
  2⤵
  PID:7896
- C:\Windows\System\KUjCpKI.exe
  C:\Windows\System\KUjCpKI.exe
  2⤵
  PID:7920
- C:\Windows\System\LOuApmX.exe
  C:\Windows\System\LOuApmX.exe
  2⤵
  PID:7948
- C:\Windows\System\ZPmlhBu.exe
  C:\Windows\System\ZPmlhBu.exe
  2⤵
  PID:7976
- C:\Windows\System\cEPamDD.exe
  C:\Windows\System\cEPamDD.exe
  2⤵
  PID:8012
- C:\Windows\System\LJdPimD.exe
  C:\Windows\System\LJdPimD.exe
  2⤵
  PID:8032
- C:\Windows\System\IxAMUWL.exe
  C:\Windows\System\IxAMUWL.exe
  2⤵
  PID:8060
- C:\Windows\System\PsXLbDP.exe
  C:\Windows\System\PsXLbDP.exe
  2⤵
  PID:8088
- C:\Windows\System\RBRnTds.exe
  C:\Windows\System\RBRnTds.exe
  2⤵
  PID:8120
- C:\Windows\System\epizyVk.exe
  C:\Windows\System\epizyVk.exe
  2⤵
  PID:8148
- C:\Windows\System\GAJHOXA.exe
  C:\Windows\System\GAJHOXA.exe
  2⤵
  PID:8176
- C:\Windows\System\dBWQceh.exe
  C:\Windows\System\dBWQceh.exe
  2⤵
  PID:7228
- C:\Windows\System\IVcmhZe.exe
  C:\Windows\System\IVcmhZe.exe
  2⤵
  PID:7296
- C:\Windows\System\pQFbLHX.exe
  C:\Windows\System\pQFbLHX.exe
  2⤵
  PID:7332
- C:\Windows\System\ICrrgKE.exe
  C:\Windows\System\ICrrgKE.exe
  2⤵
  PID:7408
- C:\Windows\System\bSNAvlR.exe
  C:\Windows\System\bSNAvlR.exe
  2⤵
  PID:7492
- C:\Windows\System\UfungLJ.exe
  C:\Windows\System\UfungLJ.exe
  2⤵
  PID:7552
- C:\Windows\System\POoPRso.exe
  C:\Windows\System\POoPRso.exe
  2⤵
  PID:7628
- C:\Windows\System\jNXAiyG.exe
  C:\Windows\System\jNXAiyG.exe
  2⤵
  PID:7660
- C:\Windows\System\ZzgTBdW.exe
  C:\Windows\System\ZzgTBdW.exe
  2⤵
  PID:7692
- C:\Windows\System\mqVGwen.exe
  C:\Windows\System\mqVGwen.exe
  2⤵
  PID:7748
- C:\Windows\System\PpGtwtW.exe
  C:\Windows\System\PpGtwtW.exe
  2⤵
  PID:6376
- C:\Windows\System\rjYRRps.exe
  C:\Windows\System\rjYRRps.exe
  2⤵
  PID:7848
- C:\Windows\System\AHozPKU.exe
  C:\Windows\System\AHozPKU.exe
  2⤵
  PID:7904
- C:\Windows\System\MBsLUQH.exe
  C:\Windows\System\MBsLUQH.exe
  2⤵
  PID:7968
- C:\Windows\System\ifBsEzc.exe
  C:\Windows\System\ifBsEzc.exe
  2⤵
  PID:8044
- C:\Windows\System\mZwnIXu.exe
  C:\Windows\System\mZwnIXu.exe
  2⤵
  PID:8132
- C:\Windows\System\fOxsJGo.exe
  C:\Windows\System\fOxsJGo.exe
  2⤵
  PID:7200
- C:\Windows\System\WGXdUyi.exe
  C:\Windows\System\WGXdUyi.exe
  2⤵
  PID:7356
- C:\Windows\System\wRjuTwS.exe
  C:\Windows\System\wRjuTwS.exe
  2⤵
  PID:7540
- C:\Windows\System\gwEcbtA.exe
  C:\Windows\System\gwEcbtA.exe
  2⤵
  PID:7680
- C:\Windows\System\niOQtzB.exe
  C:\Windows\System\niOQtzB.exe
  2⤵
  PID:7724
- C:\Windows\System\NeZPZTG.exe
  C:\Windows\System\NeZPZTG.exe
  2⤵
  PID:8080
- C:\Windows\System\teNrfQt.exe
  C:\Windows\System\teNrfQt.exe
  2⤵
  PID:7380
- C:\Windows\System\OSZefrJ.exe
  C:\Windows\System\OSZefrJ.exe
  2⤵
  PID:7960
- C:\Windows\System\ajxtNum.exe
  C:\Windows\System\ajxtNum.exe
  2⤵
  PID:7580
- C:\Windows\System\JLEcqiG.exe
  C:\Windows\System\JLEcqiG.exe
  2⤵
  PID:8200
- C:\Windows\System\SkDEtOg.exe
  C:\Windows\System\SkDEtOg.exe
  2⤵
  PID:8228
- C:\Windows\System\tdPNAnw.exe
  C:\Windows\System\tdPNAnw.exe
  2⤵
  PID:8256
- C:\Windows\System\uLmaStp.exe
  C:\Windows\System\uLmaStp.exe
  2⤵
  PID:8284
- C:\Windows\System\BBfhyru.exe
  C:\Windows\System\BBfhyru.exe
  2⤵
  PID:8312
- C:\Windows\System\ANIkEpk.exe
  C:\Windows\System\ANIkEpk.exe
  2⤵
  PID:8340
- C:\Windows\System\rJgKxSX.exe
  C:\Windows\System\rJgKxSX.exe
  2⤵
  PID:8384
- C:\Windows\System\BozwcJy.exe
  C:\Windows\System\BozwcJy.exe
  2⤵
  PID:8420
- C:\Windows\System\cPsvQKy.exe
  C:\Windows\System\cPsvQKy.exe
  2⤵
  PID:8452
- C:\Windows\System\DQFGhZr.exe
  C:\Windows\System\DQFGhZr.exe
  2⤵
  PID:8508
- C:\Windows\System\DtqfXdN.exe
  C:\Windows\System\DtqfXdN.exe
  2⤵
  PID:8536
- C:\Windows\System\cARQZGM.exe
  C:\Windows\System\cARQZGM.exe
  2⤵
  PID:8568
- C:\Windows\System\cDRaEbE.exe
  C:\Windows\System\cDRaEbE.exe
  2⤵
  PID:8596
- C:\Windows\System\EgrXQQf.exe
  C:\Windows\System\EgrXQQf.exe
  2⤵
  PID:8632
- C:\Windows\System\wetoYTJ.exe
  C:\Windows\System\wetoYTJ.exe
  2⤵
  PID:8676
- C:\Windows\System\vQHAQBE.exe
  C:\Windows\System\vQHAQBE.exe
  2⤵
  PID:8704
- C:\Windows\System\lvNauAf.exe
  C:\Windows\System\lvNauAf.exe
  2⤵
  PID:8728
- C:\Windows\System\WKNvCYO.exe
  C:\Windows\System\WKNvCYO.exe
  2⤵
  PID:8756
- C:\Windows\System\PEByHWk.exe
  C:\Windows\System\PEByHWk.exe
  2⤵
  PID:8792
- C:\Windows\System\ZnzCwKi.exe
  C:\Windows\System\ZnzCwKi.exe
  2⤵
  PID:8824
- C:\Windows\System\WcLeIif.exe
  C:\Windows\System\WcLeIif.exe
  2⤵
  PID:8844
- C:\Windows\System\OrCngJP.exe
  C:\Windows\System\OrCngJP.exe
  2⤵
  PID:8884
- C:\Windows\System\jDUYSaT.exe
  C:\Windows\System\jDUYSaT.exe
  2⤵
  PID:8916
- C:\Windows\System\stGzVIK.exe
  C:\Windows\System\stGzVIK.exe
  2⤵
  PID:8944
- C:\Windows\System\BvbDtan.exe
  C:\Windows\System\BvbDtan.exe
  2⤵
  PID:8964
- C:\Windows\System\RUAMqGv.exe
  C:\Windows\System\RUAMqGv.exe
  2⤵
  PID:8988
- C:\Windows\System\dpUlwEq.exe
  C:\Windows\System\dpUlwEq.exe
  2⤵
  PID:9024
- C:\Windows\System\iwQeDrE.exe
  C:\Windows\System\iwQeDrE.exe
  2⤵
  PID:9060
- C:\Windows\System\BZgOQdd.exe
  C:\Windows\System\BZgOQdd.exe
  2⤵
  PID:9096
- C:\Windows\System\zuDFBZN.exe
  C:\Windows\System\zuDFBZN.exe
  2⤵
  PID:9132
- C:\Windows\System\gPGAOHg.exe
  C:\Windows\System\gPGAOHg.exe
  2⤵
  PID:9160
- C:\Windows\System\iOlryqi.exe
  C:\Windows\System\iOlryqi.exe
  2⤵
  PID:9192
- C:\Windows\System\QbszqxU.exe
  C:\Windows\System\QbszqxU.exe
  2⤵
  PID:7316
- C:\Windows\System\AtRHVPN.exe
  C:\Windows\System\AtRHVPN.exe
  2⤵
  PID:8220
- C:\Windows\System\GjQAyCe.exe
  C:\Windows\System\GjQAyCe.exe
  2⤵
  PID:8280
- C:\Windows\System\iwePiYN.exe
  C:\Windows\System\iwePiYN.exe
  2⤵
  PID:8324
- C:\Windows\System\vYASsTT.exe
  C:\Windows\System\vYASsTT.exe
  2⤵
  PID:8408
- C:\Windows\System\OLCzJju.exe
  C:\Windows\System\OLCzJju.exe
  2⤵
  PID:8484
- C:\Windows\System\GjDLooN.exe
  C:\Windows\System\GjDLooN.exe
  2⤵
  PID:8544
- C:\Windows\System\YIFGCSX.exe
  C:\Windows\System\YIFGCSX.exe
  2⤵
  PID:8588
- C:\Windows\System\flsuEis.exe
  C:\Windows\System\flsuEis.exe
  2⤵
  PID:8624
- C:\Windows\System\WQdTCfR.exe
  C:\Windows\System\WQdTCfR.exe
  2⤵
  PID:8740
- C:\Windows\System\pkrwUkl.exe
  C:\Windows\System\pkrwUkl.exe
  2⤵
  PID:8808
- C:\Windows\System\dEzUJqH.exe
  C:\Windows\System\dEzUJqH.exe
  2⤵
  PID:8872
- C:\Windows\System\hCNEDyV.exe
  C:\Windows\System\hCNEDyV.exe
  2⤵
  PID:8900
- C:\Windows\System\VnvNiun.exe
  C:\Windows\System\VnvNiun.exe
  2⤵
  PID:9008
- C:\Windows\System\SDPqvgG.exe
  C:\Windows\System\SDPqvgG.exe
  2⤵
  PID:9072
- C:\Windows\System\SLNDzHf.exe
  C:\Windows\System\SLNDzHf.exe
  2⤵
  PID:9212
- C:\Windows\System\AffhxhH.exe
  C:\Windows\System\AffhxhH.exe
  2⤵
  PID:8240
- C:\Windows\System\dFqemzy.exe
  C:\Windows\System\dFqemzy.exe
  2⤵
  PID:8332
- C:\Windows\System\Mlijomv.exe
  C:\Windows\System\Mlijomv.exe
  2⤵
  PID:8800
- C:\Windows\System\ueZCsyu.exe
  C:\Windows\System\ueZCsyu.exe
  2⤵
  PID:8116
- C:\Windows\System\YnXuhEI.exe
  C:\Windows\System\YnXuhEI.exe
  2⤵
  PID:9124
- C:\Windows\System\OzrqFKL.exe
  C:\Windows\System\OzrqFKL.exe
  2⤵
  PID:9188
- C:\Windows\System\csCxLhd.exe
  C:\Windows\System\csCxLhd.exe
  2⤵
  PID:8216
- C:\Windows\System\obfBWYX.exe
  C:\Windows\System\obfBWYX.exe
  2⤵
  PID:8432
- C:\Windows\System\dkNJFtc.exe
  C:\Windows\System\dkNJFtc.exe
  2⤵
  PID:9248
- C:\Windows\System\xtimUvZ.exe
  C:\Windows\System\xtimUvZ.exe
  2⤵
  PID:9284
- C:\Windows\System\SpclLqH.exe
  C:\Windows\System\SpclLqH.exe
  2⤵
  PID:9312
- C:\Windows\System\CLCiyHh.exe
  C:\Windows\System\CLCiyHh.exe
  2⤵
  PID:9352
- C:\Windows\System\xABMird.exe
  C:\Windows\System\xABMird.exe
  2⤵
  PID:9372
- C:\Windows\System\mKdSgKE.exe
  C:\Windows\System\mKdSgKE.exe
  2⤵
  PID:9404
- C:\Windows\System\qHAhyFG.exe
  C:\Windows\System\qHAhyFG.exe
  2⤵
  PID:9432
- C:\Windows\System\BlKNYLy.exe
  C:\Windows\System\BlKNYLy.exe
  2⤵
  PID:9456
- C:\Windows\System\zXgolts.exe
  C:\Windows\System\zXgolts.exe
  2⤵
  PID:9480
- C:\Windows\System\fPodCGY.exe
  C:\Windows\System\fPodCGY.exe
  2⤵
  PID:9508
- C:\Windows\System\zpDBrlJ.exe
  C:\Windows\System\zpDBrlJ.exe
  2⤵
  PID:9528
- C:\Windows\System\lifDLJd.exe
  C:\Windows\System\lifDLJd.exe
  2⤵
  PID:9572
- C:\Windows\System\ZTwSeRA.exe
  C:\Windows\System\ZTwSeRA.exe
  2⤵
  PID:9600
- C:\Windows\System\ZDyBlkd.exe
  C:\Windows\System\ZDyBlkd.exe
  2⤵
  PID:9624
- C:\Windows\System\wHjndze.exe
  C:\Windows\System\wHjndze.exe
  2⤵
  PID:9652
- C:\Windows\System\ANmqDrg.exe
  C:\Windows\System\ANmqDrg.exe
  2⤵
  PID:9680
- C:\Windows\System\QdJwRiZ.exe
  C:\Windows\System\QdJwRiZ.exe
  2⤵
  PID:9700
- C:\Windows\System\mZQoGxw.exe
  C:\Windows\System\mZQoGxw.exe
  2⤵
  PID:9760
- C:\Windows\System\SDECVDt.exe
  C:\Windows\System\SDECVDt.exe
  2⤵
  PID:9776
- C:\Windows\System\yjmECVa.exe
  C:\Windows\System\yjmECVa.exe
  2⤵
  PID:9796
- C:\Windows\System\UvQNYRp.exe
  C:\Windows\System\UvQNYRp.exe
  2⤵
  PID:9824
- C:\Windows\System\aaeAhYv.exe
  C:\Windows\System\aaeAhYv.exe
  2⤵
  PID:9864
- C:\Windows\System\ihoNhfp.exe
  C:\Windows\System\ihoNhfp.exe
  2⤵
  PID:9888
- C:\Windows\System\iLihCgQ.exe
  C:\Windows\System\iLihCgQ.exe
  2⤵
  PID:9920
- C:\Windows\System\pUOUiJz.exe
  C:\Windows\System\pUOUiJz.exe
  2⤵
  PID:9944
- C:\Windows\System\QcCOyFP.exe
  C:\Windows\System\QcCOyFP.exe
  2⤵
  PID:9960
- C:\Windows\System\PMeHKcR.exe
  C:\Windows\System\PMeHKcR.exe
  2⤵
  PID:9988
- C:\Windows\System\YAVLnRX.exe
  C:\Windows\System\YAVLnRX.exe
  2⤵
  PID:10008
- C:\Windows\System\EhUTAjY.exe
  C:\Windows\System\EhUTAjY.exe
  2⤵
  PID:10048
- C:\Windows\System\QOKhkEN.exe
  C:\Windows\System\QOKhkEN.exe
  2⤵
  PID:10080
- C:\Windows\System\itKmiDY.exe
  C:\Windows\System\itKmiDY.exe
  2⤵
  PID:10112
- C:\Windows\System\MroPLoS.exe
  C:\Windows\System\MroPLoS.exe
  2⤵
  PID:10140
- C:\Windows\System\YgiPvVW.exe
  C:\Windows\System\YgiPvVW.exe
  2⤵
  PID:10164
- C:\Windows\System\AMxzbye.exe
  C:\Windows\System\AMxzbye.exe
  2⤵
  PID:10196
- C:\Windows\System\taOwqSF.exe
  C:\Windows\System\taOwqSF.exe
  2⤵
  PID:10232
- C:\Windows\System\guMqYEv.exe
  C:\Windows\System\guMqYEv.exe
  2⤵
  PID:9224
- C:\Windows\System\QhcjNjC.exe
  C:\Windows\System\QhcjNjC.exe
  2⤵
  PID:9260
- C:\Windows\System\DkkTUaV.exe
  C:\Windows\System\DkkTUaV.exe
  2⤵
  PID:9296
- C:\Windows\System\nxblhiN.exe
  C:\Windows\System\nxblhiN.exe
  2⤵
  PID:9412
- C:\Windows\System\yksIbMR.exe
  C:\Windows\System\yksIbMR.exe
  2⤵
  PID:9472
- C:\Windows\System\UnMepON.exe
  C:\Windows\System\UnMepON.exe
  2⤵
  PID:9500
- C:\Windows\System\iKYFMTu.exe
  C:\Windows\System\iKYFMTu.exe
  2⤵
  PID:9552
- C:\Windows\System\jUJsViw.exe
  C:\Windows\System\jUJsViw.exe
  2⤵
  PID:9612
- C:\Windows\System\fhYpUbQ.exe
  C:\Windows\System\fhYpUbQ.exe
  2⤵
  PID:9784
- C:\Windows\System\clMtTxo.exe
  C:\Windows\System\clMtTxo.exe
  2⤵
  PID:9852
- C:\Windows\System\FVVqlua.exe
  C:\Windows\System\FVVqlua.exe
  2⤵
  PID:9900
- C:\Windows\System\wPnhqjq.exe
  C:\Windows\System\wPnhqjq.exe
  2⤵
  PID:9976
- C:\Windows\System\zGgTKay.exe
  C:\Windows\System\zGgTKay.exe
  2⤵
  PID:10036
- C:\Windows\System\MdvcqJd.exe
  C:\Windows\System\MdvcqJd.exe
  2⤵
  PID:10000
- C:\Windows\System\IFDQzxm.exe
  C:\Windows\System\IFDQzxm.exe
  2⤵
  PID:10180
- C:\Windows\System\NJHZsTg.exe
  C:\Windows\System\NJHZsTg.exe
  2⤵
  PID:9324
- C:\Windows\System\RHzzKad.exe
  C:\Windows\System\RHzzKad.exe
  2⤵
  PID:10216
- C:\Windows\System\RfovUHP.exe
  C:\Windows\System\RfovUHP.exe
  2⤵
  PID:9672
- C:\Windows\System\uKOuTQs.exe
  C:\Windows\System\uKOuTQs.exe
  2⤵
  PID:9716
- C:\Windows\System\LOpeLCS.exe
  C:\Windows\System\LOpeLCS.exe
  2⤵
  PID:9844
- C:\Windows\System\CtGijWy.exe
  C:\Windows\System\CtGijWy.exe
  2⤵
  PID:9972
- C:\Windows\System\GozbtoM.exe
  C:\Windows\System\GozbtoM.exe
  2⤵
  PID:9940
- C:\Windows\System\wOYCFrm.exe
  C:\Windows\System\wOYCFrm.exe
  2⤵
  PID:10208
- C:\Windows\System\QFjUJOB.exe
  C:\Windows\System\QFjUJOB.exe
  2⤵
  PID:9692
- C:\Windows\System\yZwoMol.exe
  C:\Windows\System\yZwoMol.exe
  2⤵
  PID:9588
- C:\Windows\System\TXnVQaL.exe
  C:\Windows\System\TXnVQaL.exe
  2⤵
  PID:9344
- C:\Windows\System\UdVWfOz.exe
  C:\Windows\System\UdVWfOz.exe
  2⤵
  PID:10248
- C:\Windows\System\fcNApBA.exe
  C:\Windows\System\fcNApBA.exe
  2⤵
  PID:10264
- C:\Windows\System\fmJOZPA.exe
  C:\Windows\System\fmJOZPA.exe
  2⤵
  PID:10296
- C:\Windows\System\QuFmxne.exe
  C:\Windows\System\QuFmxne.exe
  2⤵
  PID:10320
- C:\Windows\System\vxWjIFP.exe
  C:\Windows\System\vxWjIFP.exe
  2⤵
  PID:10352
- C:\Windows\System\ABcaZUQ.exe
  C:\Windows\System\ABcaZUQ.exe
  2⤵
  PID:10384
- C:\Windows\System\nNlgmOM.exe
  C:\Windows\System\nNlgmOM.exe
  2⤵
  PID:10408
- C:\Windows\System\UdNsvsn.exe
  C:\Windows\System\UdNsvsn.exe
  2⤵
  PID:10436
- C:\Windows\System\SNKMPhc.exe
  C:\Windows\System\SNKMPhc.exe
  2⤵
  PID:10464
- C:\Windows\System\XmkZxan.exe
  C:\Windows\System\XmkZxan.exe
  2⤵
  PID:10484
- C:\Windows\System\HvHbgiP.exe
  C:\Windows\System\HvHbgiP.exe
  2⤵
  PID:10512
- C:\Windows\System\ifPqEjl.exe
  C:\Windows\System\ifPqEjl.exe
  2⤵
  PID:10536
- C:\Windows\System\aWsMalA.exe
  C:\Windows\System\aWsMalA.exe
  2⤵
  PID:10568
- C:\Windows\System\croFOQQ.exe
  C:\Windows\System\croFOQQ.exe
  2⤵
  PID:10596
- C:\Windows\System\nhlaTYm.exe
  C:\Windows\System\nhlaTYm.exe
  2⤵
  PID:10616
- C:\Windows\System\MoOzDnY.exe
  C:\Windows\System\MoOzDnY.exe
  2⤵
  PID:10640
- C:\Windows\System\mYsBLbZ.exe
  C:\Windows\System\mYsBLbZ.exe
  2⤵
  PID:10668
- C:\Windows\System\npACFeV.exe
  C:\Windows\System\npACFeV.exe
  2⤵
  PID:10700
- C:\Windows\System\yYpLLWB.exe
  C:\Windows\System\yYpLLWB.exe
  2⤵
  PID:10724
- C:\Windows\System\hfFOppZ.exe
  C:\Windows\System\hfFOppZ.exe
  2⤵
  PID:10744
- C:\Windows\System\LyRQHdn.exe
  C:\Windows\System\LyRQHdn.exe
  2⤵
  PID:10772
- C:\Windows\System\kXXBhuT.exe
  C:\Windows\System\kXXBhuT.exe
  2⤵
  PID:10796
- C:\Windows\System\YuFJHJM.exe
  C:\Windows\System\YuFJHJM.exe
  2⤵
  PID:10832
- C:\Windows\System\kWUNcYI.exe
  C:\Windows\System\kWUNcYI.exe
  2⤵
  PID:10856
- C:\Windows\System\quNVHZR.exe
  C:\Windows\System\quNVHZR.exe
  2⤵
  PID:10896
- C:\Windows\System\FURcQxZ.exe
  C:\Windows\System\FURcQxZ.exe
  2⤵
  PID:10924
- C:\Windows\System\PZSRoPi.exe
  C:\Windows\System\PZSRoPi.exe
  2⤵
  PID:10948
- C:\Windows\System\fOFwlBA.exe
  C:\Windows\System\fOFwlBA.exe
  2⤵
  PID:10976
- C:\Windows\System\gfxqKEh.exe
  C:\Windows\System\gfxqKEh.exe
  2⤵
  PID:11012
- C:\Windows\System\PuYgbnL.exe
  C:\Windows\System\PuYgbnL.exe
  2⤵
  PID:11040
- C:\Windows\System\EdpBcOH.exe
  C:\Windows\System\EdpBcOH.exe
  2⤵
  PID:11072
- C:\Windows\System\RUqYRIf.exe
  C:\Windows\System\RUqYRIf.exe
  2⤵
  PID:11096
- C:\Windows\System\QQmQoQt.exe
  C:\Windows\System\QQmQoQt.exe
  2⤵
  PID:11124
- C:\Windows\System\tLiDuDV.exe
  C:\Windows\System\tLiDuDV.exe
  2⤵
  PID:11156
- C:\Windows\System\wIqojtQ.exe
  C:\Windows\System\wIqojtQ.exe
  2⤵
  PID:11196
- C:\Windows\System\BIbNRSG.exe
  C:\Windows\System\BIbNRSG.exe
  2⤵
  PID:11224
- C:\Windows\System\FQMjzJd.exe
  C:\Windows\System\FQMjzJd.exe
  2⤵
  PID:11244
- C:\Windows\System\lVNiOkd.exe
  C:\Windows\System\lVNiOkd.exe
  2⤵
  PID:9280
- C:\Windows\System\bIBYTli.exe
  C:\Windows\System\bIBYTli.exe
  2⤵
  PID:10260
- C:\Windows\System\XTkUEGk.exe
  C:\Windows\System\XTkUEGk.exe
  2⤵
  PID:10348
- C:\Windows\System\TAowDTa.exe
  C:\Windows\System\TAowDTa.exe
  2⤵
  PID:10428
- C:\Windows\System\qYeUXAa.exe
  C:\Windows\System\qYeUXAa.exe
  2⤵
  PID:10456
- C:\Windows\System\SRMMOXl.exe
  C:\Windows\System\SRMMOXl.exe
  2⤵
  PID:10552
- C:\Windows\System\iUNjTBH.exe
  C:\Windows\System\iUNjTBH.exe
  2⤵
  PID:10680
- C:\Windows\System\hLZpBlc.exe
  C:\Windows\System\hLZpBlc.exe
  2⤵
  PID:10720
- C:\Windows\System\EcdwZPs.exe
  C:\Windows\System\EcdwZPs.exe
  2⤵
  PID:10848
- C:\Windows\System\dLvhORK.exe
  C:\Windows\System\dLvhORK.exe
  2⤵
  PID:10868
- C:\Windows\System\tdbIqgz.exe
  C:\Windows\System\tdbIqgz.exe
  2⤵
  PID:10940
- C:\Windows\System\rZdImRp.exe
  C:\Windows\System\rZdImRp.exe
  2⤵
  PID:11104
- C:\Windows\System\HYFBYFP.exe
  C:\Windows\System\HYFBYFP.exe
  2⤵
  PID:11132
- C:\Windows\System\lLXxuPg.exe
  C:\Windows\System\lLXxuPg.exe
  2⤵
  PID:11164
- C:\Windows\System\BCDLwHH.exe
  C:\Windows\System\BCDLwHH.exe
  2⤵
  PID:11240
- C:\Windows\System\HvKmsSp.exe
  C:\Windows\System\HvKmsSp.exe
  2⤵
  PID:10344
- C:\Windows\System\tZrqqOV.exe
  C:\Windows\System\tZrqqOV.exe
  2⤵
  PID:10332
- C:\Windows\System\mHxPSwz.exe
  C:\Windows\System\mHxPSwz.exe
  2⤵
  PID:10656
- C:\Windows\System\ZzbzVQX.exe
  C:\Windows\System\ZzbzVQX.exe
  2⤵
  PID:10716
- C:\Windows\System\SzWvxPX.exe
  C:\Windows\System\SzWvxPX.exe
  2⤵
  PID:10936
- C:\Windows\System\tKlrOZG.exe
  C:\Windows\System\tKlrOZG.exe
  2⤵
  PID:11028
- C:\Windows\System\ZyIkgmH.exe
  C:\Windows\System\ZyIkgmH.exe
  2⤵
  PID:11188
- C:\Windows\System\KeNmLxs.exe
  C:\Windows\System\KeNmLxs.exe
  2⤵
  PID:10508
- C:\Windows\System\RTtHuuC.exe
  C:\Windows\System\RTtHuuC.exe
  2⤵
  PID:10908
- C:\Windows\System\QlFoOwY.exe
  C:\Windows\System\QlFoOwY.exe
  2⤵
  PID:11260
- C:\Windows\System\rkNfXkX.exe
  C:\Windows\System\rkNfXkX.exe
  2⤵
  PID:10780
- C:\Windows\System\BJaLszR.exe
  C:\Windows\System\BJaLszR.exe
  2⤵
  PID:11300
- C:\Windows\System\uijXHvb.exe
  C:\Windows\System\uijXHvb.exe
  2⤵
  PID:11324
- C:\Windows\System\oljluoX.exe
  C:\Windows\System\oljluoX.exe
  2⤵
  PID:11348
- C:\Windows\System\ykLSBiX.exe
  C:\Windows\System\ykLSBiX.exe
  2⤵
  PID:11380
- C:\Windows\System\htsJwIX.exe
  C:\Windows\System\htsJwIX.exe
  2⤵
  PID:11404
- C:\Windows\System\OKkaPdv.exe
  C:\Windows\System\OKkaPdv.exe
  2⤵
  PID:11440
- C:\Windows\System\ZfEiLLQ.exe
  C:\Windows\System\ZfEiLLQ.exe
  2⤵
  PID:11464
- C:\Windows\System\wARdoEX.exe
  C:\Windows\System\wARdoEX.exe
  2⤵
  PID:11488
- C:\Windows\System\qJNFOpq.exe
  C:\Windows\System\qJNFOpq.exe
  2⤵
  PID:11516
- C:\Windows\System\NqKdrsn.exe
  C:\Windows\System\NqKdrsn.exe
  2⤵
  PID:11540
- C:\Windows\System\ptTHDth.exe
  C:\Windows\System\ptTHDth.exe
  2⤵
  PID:11564
- C:\Windows\System\MuJudBL.exe
  C:\Windows\System\MuJudBL.exe
  2⤵
  PID:11588
- C:\Windows\System\HgrBtIL.exe
  C:\Windows\System\HgrBtIL.exe
  2⤵
  PID:11612
- C:\Windows\System\ilSEVWT.exe
  C:\Windows\System\ilSEVWT.exe
  2⤵
  PID:11640
- C:\Windows\System\ssIBXYF.exe
  C:\Windows\System\ssIBXYF.exe
  2⤵
  PID:11668
- C:\Windows\System\FBSOWli.exe
  C:\Windows\System\FBSOWli.exe
  2⤵
  PID:11696
- C:\Windows\System\uHwcZWi.exe
  C:\Windows\System\uHwcZWi.exe
  2⤵
  PID:11732
- C:\Windows\System\dkqmjmi.exe
  C:\Windows\System\dkqmjmi.exe
  2⤵
  PID:11756
- C:\Windows\System\ewHCTzk.exe
  C:\Windows\System\ewHCTzk.exe
  2⤵
  PID:11784
- C:\Windows\System\EGAMMxH.exe
  C:\Windows\System\EGAMMxH.exe
  2⤵
  PID:11816
- C:\Windows\System\bWaGHGF.exe
  C:\Windows\System\bWaGHGF.exe
  2⤵
  PID:11852
- C:\Windows\System\AQciYbl.exe
  C:\Windows\System\AQciYbl.exe
  2⤵
  PID:11872
- C:\Windows\System\syhHdqf.exe
  C:\Windows\System\syhHdqf.exe
  2⤵
  PID:11896
- C:\Windows\System\wSXwzNS.exe
  C:\Windows\System\wSXwzNS.exe
  2⤵
  PID:11920
- C:\Windows\System\vjDkCPJ.exe
  C:\Windows\System\vjDkCPJ.exe
  2⤵
  PID:11944
- C:\Windows\System\mhcmGPR.exe
  C:\Windows\System\mhcmGPR.exe
  2⤵
  PID:11972
- C:\Windows\System\iUYQDax.exe
  C:\Windows\System\iUYQDax.exe
  2⤵
  PID:12000
- C:\Windows\System\oNFiDDy.exe
  C:\Windows\System\oNFiDDy.exe
  2⤵
  PID:12024
- C:\Windows\System\FUjWEvJ.exe
  C:\Windows\System\FUjWEvJ.exe
  2⤵
  PID:12052
- C:\Windows\System\djXstTT.exe
  C:\Windows\System\djXstTT.exe
  2⤵
  PID:12084
- C:\Windows\System\Cmextfc.exe
  C:\Windows\System\Cmextfc.exe
  2⤵
  PID:12120
- C:\Windows\System\qnbtFKA.exe
  C:\Windows\System\qnbtFKA.exe
  2⤵
  PID:12148
- C:\Windows\System\EyIwMnP.exe
  C:\Windows\System\EyIwMnP.exe
  2⤵
  PID:12180
- C:\Windows\System\zQimKdT.exe
  C:\Windows\System\zQimKdT.exe
  2⤵
  PID:12212
- C:\Windows\System\KWlUgtu.exe
  C:\Windows\System\KWlUgtu.exe
  2⤵
  PID:12256
- C:\Windows\System\yXsUfyc.exe
  C:\Windows\System\yXsUfyc.exe
  2⤵
  PID:12280
- C:\Windows\System\CyKZJaq.exe
  C:\Windows\System\CyKZJaq.exe
  2⤵
  PID:11152
- C:\Windows\System\HtaxSLg.exe
  C:\Windows\System\HtaxSLg.exe
  2⤵
  PID:10736
- C:\Windows\System\DXrBLHw.exe
  C:\Windows\System\DXrBLHw.exe
  2⤵
  PID:11336
- C:\Windows\System\jnNnWki.exe
  C:\Windows\System\jnNnWki.exe
  2⤵
  PID:11364
- C:\Windows\System\woBAPZZ.exe
  C:\Windows\System\woBAPZZ.exe
  2⤵
  PID:11508
- C:\Windows\System\JnMmjUm.exe
  C:\Windows\System\JnMmjUm.exe
  2⤵
  PID:11552
- C:\Windows\System\bbwFppY.exe
  C:\Windows\System\bbwFppY.exe
  2⤵
  PID:11580
- C:\Windows\System\wgTcdiE.exe
  C:\Windows\System\wgTcdiE.exe
  2⤵
  PID:11716
- C:\Windows\System\NhhhErt.exe
  C:\Windows\System\NhhhErt.exe
  2⤵
  PID:11812
- C:\Windows\System\tJYWauO.exe
  C:\Windows\System\tJYWauO.exe
  2⤵
  PID:11836
- C:\Windows\System\AOKzeBG.exe
  C:\Windows\System\AOKzeBG.exe
  2⤵
  PID:12020
- C:\Windows\System\LZViGyx.exe
  C:\Windows\System\LZViGyx.exe
  2⤵
  PID:11992
- C:\Windows\System\AcPGnbc.exe
  C:\Windows\System\AcPGnbc.exe
  2⤵
  PID:12012
- C:\Windows\System\IEWicJx.exe
  C:\Windows\System\IEWicJx.exe
  2⤵
  PID:12104
- C:\Windows\System\vNlmYeM.exe
  C:\Windows\System\vNlmYeM.exe
  2⤵
  PID:12244
- C:\Windows\System\DOayAhU.exe
  C:\Windows\System\DOayAhU.exe
  2⤵
  PID:10424
- C:\Windows\System\AcOgovZ.exe
  C:\Windows\System\AcOgovZ.exe
  2⤵
  PID:11420
- C:\Windows\System\HdherNP.exe
  C:\Windows\System\HdherNP.exe
  2⤵
  PID:11500
- C:\Windows\System\PXIiGmI.exe
  C:\Windows\System\PXIiGmI.exe
  2⤵
  PID:11652
- C:\Windows\System\tXJdtsC.exe
  C:\Windows\System\tXJdtsC.exe
  2⤵
  PID:11636
- C:\Windows\System\fWTacaG.exe
  C:\Windows\System\fWTacaG.exe
  2⤵
  PID:11796
- C:\Windows\System\GcJLdHM.exe
  C:\Windows\System\GcJLdHM.exe
  2⤵
  PID:11928
- C:\Windows\System\YXDSwEj.exe
  C:\Windows\System\YXDSwEj.exe
  2⤵
  PID:12140
- C:\Windows\System\LOFeuCf.exe
  C:\Windows\System\LOFeuCf.exe
  2⤵
  PID:12160
- C:\Windows\System\XYFypwN.exe
  C:\Windows\System\XYFypwN.exe
  2⤵
  PID:11768
- C:\Windows\System\ydfiqjC.exe
  C:\Windows\System\ydfiqjC.exe
  2⤵
  PID:11932
- C:\Windows\System\SLepYiO.exe
  C:\Windows\System\SLepYiO.exe
  2⤵
  PID:11340
- C:\Windows\System\NlEoeHi.exe
  C:\Windows\System\NlEoeHi.exe
  2⤵
  PID:12300
- C:\Windows\System\XuKlFaR.exe
  C:\Windows\System\XuKlFaR.exe
  2⤵
  PID:12332
- C:\Windows\System\Hdlzfws.exe
  C:\Windows\System\Hdlzfws.exe
  2⤵
  PID:12364
- C:\Windows\System\tOOESZa.exe
  C:\Windows\System\tOOESZa.exe
  2⤵
  PID:12392
- C:\Windows\System\YVNSSSE.exe
  C:\Windows\System\YVNSSSE.exe
  2⤵
  PID:12420
- C:\Windows\System\bVcpaTx.exe
  C:\Windows\System\bVcpaTx.exe
  2⤵
  PID:12444
- C:\Windows\System\jPlbeQe.exe
  C:\Windows\System\jPlbeQe.exe
  2⤵
  PID:12472
- C:\Windows\System\GMVmuyl.exe
  C:\Windows\System\GMVmuyl.exe
  2⤵
  PID:12488
- C:\Windows\System\KbwPeAz.exe
  C:\Windows\System\KbwPeAz.exe
  2⤵
  PID:12520
- C:\Windows\System\TnONeno.exe
  C:\Windows\System\TnONeno.exe
  2⤵
  PID:12552
- C:\Windows\System\TaqKUof.exe
  C:\Windows\System\TaqKUof.exe
  2⤵
  PID:12572
- C:\Windows\System\AITOVrS.exe
  C:\Windows\System\AITOVrS.exe
  2⤵
  PID:12596
- C:\Windows\System\oZaYbcR.exe
  C:\Windows\System\oZaYbcR.exe
  2⤵
  PID:12620
- C:\Windows\System\Eaeyqnk.exe
  C:\Windows\System\Eaeyqnk.exe
  2⤵
  PID:12676
- C:\Windows\System\qxCqTHP.exe
  C:\Windows\System\qxCqTHP.exe
  2⤵
  PID:12716
- C:\Windows\System\XstwZcs.exe
  C:\Windows\System\XstwZcs.exe
  2⤵
  PID:12736
- C:\Windows\System\wiZUcdb.exe
  C:\Windows\System\wiZUcdb.exe
  2⤵
  PID:12760
- C:\Windows\System\zdNUgaz.exe
  C:\Windows\System\zdNUgaz.exe
  2⤵
  PID:12784
- C:\Windows\System\AOsKsba.exe
  C:\Windows\System\AOsKsba.exe
  2⤵
  PID:12804
- C:\Windows\System\fDEANPo.exe
  C:\Windows\System\fDEANPo.exe
  2⤵
  PID:12836
- C:\Windows\System\xCvFWpk.exe
  C:\Windows\System\xCvFWpk.exe
  2⤵
  PID:12936
- C:\Windows\System\PWKMtaB.exe
  C:\Windows\System\PWKMtaB.exe
  2⤵
  PID:12960
- C:\Windows\System\HiRlfAL.exe
  C:\Windows\System\HiRlfAL.exe
  2⤵
  PID:12976
- C:\Windows\System\swwBPjF.exe
  C:\Windows\System\swwBPjF.exe
  2⤵
  PID:13016
- C:\Windows\System\JiaBavl.exe
  C:\Windows\System\JiaBavl.exe
  2⤵
  PID:13040
- C:\Windows\System\RTLvuLJ.exe
  C:\Windows\System\RTLvuLJ.exe
  2⤵
  PID:13068
- C:\Windows\System\BrYOWNz.exe
  C:\Windows\System\BrYOWNz.exe
  2⤵
  PID:13100
- C:\Windows\System\jhhGlKG.exe
  C:\Windows\System\jhhGlKG.exe
  2⤵
  PID:13116
- C:\Windows\System\McdeoYh.exe
  C:\Windows\System\McdeoYh.exe
  2⤵
  PID:13156
- C:\Windows\System\hSiVRQd.exe
  C:\Windows\System\hSiVRQd.exe
  2⤵
  PID:13172
- C:\Windows\System\jPbomnx.exe
  C:\Windows\System\jPbomnx.exe
  2⤵
  PID:13196
- C:\Windows\System\wmTVUbO.exe
  C:\Windows\System\wmTVUbO.exe
  2⤵
  PID:13216
- C:\Windows\System\FCnPdtB.exe
  C:\Windows\System\FCnPdtB.exe
  2⤵
  PID:13244
- C:\Windows\System\DTVoPuW.exe
  C:\Windows\System\DTVoPuW.exe
  2⤵
  PID:13272
- C:\Windows\System\ObWsRbc.exe
  C:\Windows\System\ObWsRbc.exe
  2⤵
  PID:12268
- C:\Windows\System\QNOwqZs.exe
  C:\Windows\System\QNOwqZs.exe
  2⤵
  PID:12136
- C:\Windows\System\cOigEoD.exe
  C:\Windows\System\cOigEoD.exe
  2⤵
  PID:12344
- C:\Windows\System\dgoSZgm.exe
  C:\Windows\System\dgoSZgm.exe
  2⤵
  PID:3392
- C:\Windows\System\GvmwsQg.exe
  C:\Windows\System\GvmwsQg.exe
  2⤵
  PID:4052
- C:\Windows\System\dneTJDt.exe
  C:\Windows\System\dneTJDt.exe
  2⤵
  PID:12532
- C:\Windows\System\nXbQLSh.exe
  C:\Windows\System\nXbQLSh.exe
  2⤵
  PID:12536
- C:\Windows\System\tgRLXqo.exe
  C:\Windows\System\tgRLXqo.exe
  2⤵
  PID:12660
- C:\Windows\System\TcpjUPn.exe
  C:\Windows\System\TcpjUPn.exe
  2⤵
  PID:12584
- C:\Windows\System\FPsHugx.exe
  C:\Windows\System\FPsHugx.exe
  2⤵
  PID:12792
- C:\Windows\System\axTMmyV.exe
  C:\Windows\System\axTMmyV.exe
  2⤵
  PID:12832
- C:\Windows\System\gHPBEMi.exe
  C:\Windows\System\gHPBEMi.exe
  2⤵
  PID:12928
- C:\Windows\System\OzlZBhU.exe
  C:\Windows\System\OzlZBhU.exe
  2⤵
  PID:12972
- C:\Windows\System\bznXZIK.exe
  C:\Windows\System\bznXZIK.exe
  2⤵
  PID:12988
- C:\Windows\System\vwhlCVA.exe
  C:\Windows\System\vwhlCVA.exe
  2⤵
  PID:13056
- C:\Windows\System\DxzAljX.exe
  C:\Windows\System\DxzAljX.exe
  2⤵
  PID:13096
- C:\Windows\System\ZBiALWk.exe
  C:\Windows\System\ZBiALWk.exe
  2⤵
  PID:13164
- C:\Windows\System\VLXAnGO.exe
  C:\Windows\System\VLXAnGO.exe
  2⤵
  PID:13268
- C:\Windows\System\HbOuHbp.exe
  C:\Windows\System\HbOuHbp.exe
  2⤵
  PID:13296
- C:\Windows\System\YijPTWD.exe
  C:\Windows\System\YijPTWD.exe
  2⤵
  PID:11528
- C:\Windows\System\EkBYSLZ.exe
  C:\Windows\System\EkBYSLZ.exe
  2⤵
  PID:12480
- C:\Windows\System\tAAyanK.exe
  C:\Windows\System\tAAyanK.exe
  2⤵
  PID:12608
- C:\Windows\System\Yoowcwg.exe
  C:\Windows\System\Yoowcwg.exe
  2⤵
  PID:13004
- C:\Windows\System\gXHIEIq.exe
  C:\Windows\System\gXHIEIq.exe
  2⤵
  PID:13148
- C:\Windows\System\kTcTWcj.exe
  C:\Windows\System\kTcTWcj.exe
  2⤵
  PID:13236
- C:\Windows\System\gcHHmBX.exe
  C:\Windows\System\gcHHmBX.exe
  2⤵
  PID:13288
- C:\Windows\System\tUPolXE.exe
  C:\Windows\System\tUPolXE.exe
  2⤵
  PID:12208
- C:\Windows\System\VLAMKnu.exe
  C:\Windows\System\VLAMKnu.exe
  2⤵
  PID:13048
- C:\Windows\System\tQUKmLa.exe
  C:\Windows\System\tQUKmLa.exe
  2⤵
  PID:12380
- C:\Windows\System\cLAxgAm.exe
  C:\Windows\System\cLAxgAm.exe
  2⤵
  PID:12456
- C:\Windows\System\cONKPFp.exe
  C:\Windows\System\cONKPFp.exe
  2⤵
  PID:13324
- C:\Windows\System\faSLzRj.exe
  C:\Windows\System\faSLzRj.exe
  2⤵
  PID:13356
- C:\Windows\System\nfMWtmL.exe
  C:\Windows\System\nfMWtmL.exe
  2⤵
  PID:13388
- C:\Windows\System\YIsglFy.exe
  C:\Windows\System\YIsglFy.exe
  2⤵
  PID:13416
- C:\Windows\System\hVAxIKE.exe
  C:\Windows\System\hVAxIKE.exe
  2⤵
  PID:13432
- C:\Windows\System\yaqvnxD.exe
  C:\Windows\System\yaqvnxD.exe
  2⤵
  PID:13460
- C:\Windows\System\YdEBnqJ.exe
  C:\Windows\System\YdEBnqJ.exe
  2⤵
  PID:13488
- C:\Windows\System\xkKOPeR.exe
  C:\Windows\System\xkKOPeR.exe
  2⤵
  PID:13512
- C:\Windows\System\iblvwTO.exe
  C:\Windows\System\iblvwTO.exe
  2⤵
  PID:13540
- C:\Windows\System\vMzMfGc.exe
  C:\Windows\System\vMzMfGc.exe
  2⤵
  PID:13568
- C:\Windows\System\IVnvqRS.exe
  C:\Windows\System\IVnvqRS.exe
  2⤵
  PID:13604
- C:\Windows\System\dICrtQA.exe
  C:\Windows\System\dICrtQA.exe
  2⤵
  PID:13628
- C:\Windows\System\rGECDsN.exe
  C:\Windows\System\rGECDsN.exe
  2⤵
  PID:13652
- C:\Windows\System\CIvlSVO.exe
  C:\Windows\System\CIvlSVO.exe
  2⤵
  PID:13672
- C:\Windows\System\kONOYBk.exe
  C:\Windows\System\kONOYBk.exe
  2⤵
  PID:13704
- C:\Windows\System\iuSHHwJ.exe
  C:\Windows\System\iuSHHwJ.exe
  2⤵
  PID:13732
- C:\Windows\System\EzCoZvk.exe
  C:\Windows\System\EzCoZvk.exe
  2⤵
  PID:13764
- C:\Windows\System\YGLURid.exe
  C:\Windows\System\YGLURid.exe
  2⤵
  PID:13784
- C:\Windows\System\iznlWjI.exe
  C:\Windows\System\iznlWjI.exe
  2⤵
  PID:13812
- C:\Windows\System\xfDzOOL.exe
  C:\Windows\System\xfDzOOL.exe
  2⤵
  PID:13836
- C:\Windows\System\NBuRemD.exe
  C:\Windows\System\NBuRemD.exe
  2⤵
  PID:13868
- C:\Windows\System\bfAouAR.exe
  C:\Windows\System\bfAouAR.exe
  2⤵
  PID:13892
- C:\Windows\System\nNsdFvh.exe
  C:\Windows\System\nNsdFvh.exe
  2⤵
  PID:13924
- C:\Windows\System\XsKTyId.exe
  C:\Windows\System\XsKTyId.exe
  2⤵
  PID:13944
- C:\Windows\System\CfzLobw.exe
  C:\Windows\System\CfzLobw.exe
  2⤵
  PID:13980
- C:\Windows\System\imyVaIu.exe
  C:\Windows\System\imyVaIu.exe
  2⤵
  PID:14012
- C:\Windows\System\rjPirrc.exe
  C:\Windows\System\rjPirrc.exe
  2⤵
  PID:14048
- C:\Windows\System\eXwCicT.exe
  C:\Windows\System\eXwCicT.exe
  2⤵
  PID:14084
- C:\Windows\System\nOINGNJ.exe
  C:\Windows\System\nOINGNJ.exe
  2⤵
  PID:14116
- C:\Windows\System\FmneOYS.exe
  C:\Windows\System\FmneOYS.exe
  2⤵
  PID:14144
- C:\Windows\System\zQsVvDL.exe
  C:\Windows\System\zQsVvDL.exe
  2⤵
  PID:14172
- C:\Windows\System\lfZJUkX.exe
  C:\Windows\System\lfZJUkX.exe
  2⤵
  PID:14192
- C:\Windows\System\cZmmUSy.exe
  C:\Windows\System\cZmmUSy.exe
  2⤵
  PID:14228
- C:\Windows\System\qWDYERv.exe
  C:\Windows\System\qWDYERv.exe
  2⤵
  PID:14272
- C:\Windows\System\YsqaFVK.exe
  C:\Windows\System\YsqaFVK.exe
  2⤵
  PID:14292
- C:\Windows\System\nGFUCph.exe
  C:\Windows\System\nGFUCph.exe
  2⤵
  PID:14324
- C:\Windows\System\cyVvrvr.exe
  C:\Windows\System\cyVvrvr.exe
  2⤵
  PID:13352
- C:\Windows\System\kCTNEVG.exe
  C:\Windows\System\kCTNEVG.exe
  2⤵
  PID:13428
- C:\Windows\System\SJzFVvD.exe
  C:\Windows\System\SJzFVvD.exe
  2⤵
  PID:13452
- C:\Windows\System\emssQTv.exe
  C:\Windows\System\emssQTv.exe
  2⤵
  PID:13588
- C:\Windows\System\ijvrwOZ.exe
  C:\Windows\System\ijvrwOZ.exe
  2⤵
  PID:13620
- C:\Windows\System\daCTJDV.exe
  C:\Windows\System\daCTJDV.exe
  2⤵
  PID:13700
- C:\Windows\System\AIFMXCT.exe
  C:\Windows\System\AIFMXCT.exe
  2⤵
  PID:13756
- C:\Windows\System\owqLqOn.exe
  C:\Windows\System\owqLqOn.exe
  2⤵
  PID:13828
- C:\Windows\System\feGkITo.exe
  C:\Windows\System\feGkITo.exe
  2⤵
  PID:13880
- C:\Windows\System\txTmArQ.exe
  C:\Windows\System\txTmArQ.exe
  2⤵
  PID:14028
- C:\Windows\System\dmNmMTW.exe
  C:\Windows\System\dmNmMTW.exe
  2⤵
  PID:13992
- C:\Windows\System\RmgpMrl.exe
  C:\Windows\System\RmgpMrl.exe
  2⤵
  PID:14164
- C:\Windows\System\IjnWdrT.exe
  C:\Windows\System\IjnWdrT.exe
  2⤵
  PID:14204
- C:\Windows\System\xZDeYMl.exe
  C:\Windows\System\xZDeYMl.exe
  2⤵
  PID:13348
- C:\Windows\System\UhyZULZ.exe
  C:\Windows\System\UhyZULZ.exe
  2⤵
  PID:14304
- C:\Windows\System\vJoRisP.exe
  C:\Windows\System\vJoRisP.exe
  2⤵
  PID:13692
- C:\Windows\System\KYJSrSV.exe
  C:\Windows\System\KYJSrSV.exe
  2⤵
  PID:13888
- C:\Windows\System\YFyHmoV.exe
  C:\Windows\System\YFyHmoV.exe
  2⤵
  PID:14076
- C:\Windows\System\jHPYEkQ.exe
  C:\Windows\System\jHPYEkQ.exe
  2⤵
  PID:14156
- C:\Windows\System\pYBNjMN.exe
  C:\Windows\System\pYBNjMN.exe
  2⤵
  PID:13476
- C:\Windows\System\IxAxViD.exe
  C:\Windows\System\IxAxViD.exe
  2⤵
  PID:14340
- C:\Windows\System\lHeeIzd.exe
  C:\Windows\System\lHeeIzd.exe
  2⤵
  PID:14372
- C:\Windows\System\CUIaXRN.exe
  C:\Windows\System\CUIaXRN.exe
  2⤵
  PID:14400

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14964

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 8 -i 8 -h 436 -j 452 -s 460 -d 15044
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:15132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ANvUqYO.exe

Filesize
2.0MB

MD5
8f2aa3acd7f86b372c3f207f37c9197f

SHA1
4453f85ea376787c849738ca8423b25ebe6c6798

SHA256
39bc684aafb8c1e7167175363cf5615594f2b958bf2162ac964f8766ec4d7d0d

SHA512
b018816cdd1daf95c57d43d71a454b25490a8bd2bd101d7e9076e205bb9ce5919d7a01372b8656874d7fc5c4dcab03a631b626960dd84d44615b9bb00844eef2

Download Submit
C:\Windows\System\CLWlXNB.exe

Filesize
2.0MB

MD5
f595903370406dcc441d52c1d95440b5

SHA1
812728fe68b18c2c97a47f6fcaacdc38ec3a07d0

SHA256
d82b8e8f12fb8f146d01e3b533f20547348eaf5710f383c374f320c23fb81083

SHA512
3206745566f160794ce213a737ad96911c055a6e11cbae014bf27ba7a0d982e3de94720142dbffce4210e87157dea3a39bace9a8db2a1ae54492c99230a3c07f

Download Submit
C:\Windows\System\DUoaxJJ.exe

Filesize
2.0MB

MD5
efba97d80e43c3aa0335923f45a0caab

SHA1
3c25e18f45f19b6d37e9aa525acce2b49ca4f84a

SHA256
13c257dea817c7441f766caaa27eabf8634a07eaf3969365205bdcd21cd2eb3f

SHA512
53e1e6f41e0ac0c55db2fb560fc50c0b891d85a250a9ee2f4fbbcdb16d366ca59b553174f1cdf3ee2a1acad08f2e5d8fefd05208950a8baf54e9c46879e70c6f

Download Submit
C:\Windows\System\DfqlABq.exe

Filesize
2.0MB

MD5
e898978f82f479c5647ceca3a2b43fb5

SHA1
43795ed5e8860a753ca87a03aed2659d2ef4091f

SHA256
c0ea755c3e5511e01f21a7f091c7f884d8ad2d6c9088461d6ac6eb36a9e8d50b

SHA512
334ad507b7b7708b821bc65c8f44b8a660242a615c0a9842828f2bf5b56ad51697f1c74e06c02f4bf6c7a56bb0d541474d059770355b482e887934d863217044

Download Submit
C:\Windows\System\DyEaQDL.exe

Filesize
2.0MB

MD5
46d99a0174505510cf4824e537656d31

SHA1
3bb8dd6d5706d3283ef5930529fb116ddce25a23

SHA256
f265e4facc5f529d5f4bdd4155274bea322d1cec13803ab2631e92b1cd159c66

SHA512
7a4c0a69462c723702d31dafa863bc7720079e60fc04866d5d56b5698ab261079bb898777023001d7c4f7d0ed411d6bf65afa127b8c50d7731dd85bbf4254c6e

Download Submit
C:\Windows\System\GNTCNKS.exe

Filesize
2.0MB

MD5
6bfd8ec5b243a8322274c8212da20d15

SHA1
cd48a365dda7a062586a17557181671640da9f9c

SHA256
737263c7c11af8ff4fd04a457ad641bbf727751ba01349b2fafb2abc5fe5fe86

SHA512
416acdcd9ba713a30576c6c8a5ffaa171d5d256cfdc691c3fcf28728f5cd12f9bf983cf69cf833d03b50ab980063f66553e2637f3339ac1f55340e35a4bf4b53

Download Submit
C:\Windows\System\IiVbSrP.exe

Filesize
2.0MB

MD5
73f8277e836cb4b955cff0eed198fc5e

SHA1
10e4ebd17c6230e3fe7079da489155a3188904b3

SHA256
584efd29dbcaa081d069ad85712f10220265a6f311ae6fa8738f44e0fe31500b

SHA512
1a5cd9761c597fc033e2a130eea63386937ad49e0dfc02a41f327516fac0280d966d65d344fb522fdafc0710253fe5ea44837842d9cc1748f4f2593fc0246d4a

Download Submit
C:\Windows\System\JCgMSJB.exe

Filesize
2.0MB

MD5
c12a7dfd98e5518dbe03b434b3da69ea

SHA1
7fc30ecbba198df147ca79c4bedd5299e3d4a54c

SHA256
a943582ce64ca20c8589d7eac2d724b8d7f6bb2a9229ed186779cbac9df1d10b

SHA512
98ea834102de9a537fafef8d5e2e1a9471cd4078c689bdcb78141afdc26bc601a0fac3fd4455b41171a3f8de7714a6d2fa030bb046ccc20aecfdf9b76412c50b

Download Submit
C:\Windows\System\LJZLovp.exe

Filesize
2.0MB

MD5
ef8e8282606ce767cc34360dacce3ea0

SHA1
1f5550761a56cdd773ea5293a8296252b80bda3a

SHA256
3d1bc6d2f1ceaa7bdca45fb67fff12a795ecb1571461545059302bb77cbbd259

SHA512
42af47bdd20d89f6c3b351fb04dcdd0fc06ccedf3e9743d0c960042a402cfe7a5009dd285327d59073f4835d4dedba00ef9f6aabe71d393cc56b4f6f8c2006d5

Download Submit
C:\Windows\System\OzAvCzQ.exe

Filesize
2.0MB

MD5
3a2e51d2b8cd9a26374c91906075118e

SHA1
48ba23dbe21f5126d74283fe1cc63ec0eff5cf22

SHA256
9a5e2bdb5cf50ee2d7c0c1048d35d4e5b09e1f02b3c76a1d5bb16f87a2cea17b

SHA512
24f1e1cd70f80553fefec6f41d2462af6f14c848e58a4bd812d3f2e386233063c27b32ba54efa61fe9a2ce25501a92b8ca8b1d54b9e634350b60f803e532f0d2

Download Submit
C:\Windows\System\PSTGMjO.exe

Filesize
2.0MB

MD5
5dd7eaa2b8c656e95e5cfedec4b7ac23

SHA1
79d6dd68180b9bc242eda1a6064d3ea568c8f114

SHA256
f78ef920e0ddac3a521dfe2d6ee19e4f359e4212c039faa8567681bab4464e6a

SHA512
559acd3a45619a4045ef60a8b1396ffe5a8781bc128c5c4267e758b2f855e42d651cb5b8cd50ee18c0240e4b1dfa290c829b9394088e6bfd866b0ca54defc189

Download Submit
C:\Windows\System\RwLZNHb.exe

Filesize
2.0MB

MD5
5512f144679c37b003ac55b2fba94cf3

SHA1
e06760a59d90eb6acf26ec38a36a44e8d2f8320a

SHA256
9ce901d5e736062a0d6319e1af32333a44b3c3c6440c79713e6846c0ac418247

SHA512
81ea9d0bf8c82a4ac24a1210b94215c2fb5ee6bdccd87e2cc7ea7227756e39b2052a74cf7124fb629720c2a4aec9277d2416b52efdae9f55b51570387b6f4fe3

Download Submit
C:\Windows\System\UaWrHxP.exe

Filesize
2.0MB

MD5
7f3549fb5c4982f6837454b5ebd95698

SHA1
166baf0d0b7064f91dd7bc249cc7bfdfa32729d0

SHA256
018ea7db0fac566ae910782671649f319676d581632a18d3679bb7d33f0f19a2

SHA512
06904fd139ba2b3c6ddfcafc5676010227940b6372affb4ea722c0c456b627615bce333d35920948635c4a1a9af39c6edc60de34cbe50428b254eb94b6f565f0

Download Submit
C:\Windows\System\VKNvRhQ.exe

Filesize
2.0MB

MD5
0cfffb9bccc9578afa25edde126bf8dd

SHA1
e6e4ada29c659bdcebef748280d6ec92bd878542

SHA256
fdc7e53d0e761973b2c70d8a713252b28e8ba7a874a5e325cee5c6c44cacf048

SHA512
8a3a5fe684bb1352a30d0162fd329af3a2b2e74a0bae48708d6f462f850daed9b6aca6a53908ed1ef99961c7c786dfa1b535086646642049a699ec774934b1bf

Download Submit
C:\Windows\System\VjSCMCx.exe

Filesize
2.0MB

MD5
4066bec904cb7dc536661a523013e9f1

SHA1
4ec9dce8bdffdee568f844bebccdacad220755d8

SHA256
df95997a0f698a22c2044b8a55c5ba1ad22be51cb5bc49df7fc060a68e855289

SHA512
e475cd253be99a32a1d61f549144d9a4dbfa395c019e4911ac02abe7b7be9fdd537eb93457352988b6440f43f4be9faf30fd68cc45261eff72abcab409a497e3

Download Submit
C:\Windows\System\WCFXfdh.exe

Filesize
2.0MB

MD5
05b5f8aa4454bf2ef452284eadabb841

SHA1
cf9c2fca43534fd05556dbae7ce5dbf1d59a6787

SHA256
6d9c4fe2d948795aa6c9a589b2e2b32466c0fb6c10e81841c2cf2d2592135d47

SHA512
bd5566212639d91fa608dde098aaf2ea4bd314c365650763f2188ecbb7bf41da0f9ce15885615a06e3bd2758ffb5082b216c3cd69c397e2ce93f125b1a3e6d64

Download Submit
C:\Windows\System\WFrVxFZ.exe

Filesize
2.0MB

MD5
e7b364983f2a77e7df8854bd9e837b22

SHA1
7f396e54a1abc41afee34afc0577416fd5dc7837

SHA256
c00aba07cb95255c7e7681586019cdd3d7cb9fa065ac8dc2d4f1d10329ecf506

SHA512
c21f04fbb7e0e4c8e90a70b13dbe2b9d8993715eb615d00582cba4842eef5eda7d4ee959f9cb6840b94a64ae46db73f9d5748ad21bbef359c12784d7bf2a911d

Download Submit
C:\Windows\System\XYronMK.exe

Filesize
2.0MB

MD5
736fb1d51a8522d0c8d177786fc3217c

SHA1
8f260552b47dedcf5f8296f5b5d1966fd9891795

SHA256
4fc76822efdc10eb1ea0f7bdd03018b869217a0d77a65ca5d8a13bad6c007134

SHA512
592fcfc8cdf7b7fbdb850971f02c98d0a880ccbae94117a81c52d329d0a50c12ba35b46fd1ce73e736d4aa2cbd5a9f0636d36feb0f434debf3b43a30f21be574

Download Submit
C:\Windows\System\cZALjBc.exe

Filesize
2.0MB

MD5
b534bff77c1412368b8ed149c09cd850

SHA1
6d7a2d0a860b776d3fcd1f5c185e85fb43662e74

SHA256
8483a6327b43d214d9f12a21dc0be95b9db56d3039ecef5b0c2194997858b478

SHA512
55fbeecd4e599fe07c90726138bb9863868a8d734f2d2920930c481d53c2e2d6cdfeec37e9a2f75137006a531c2057a617d30f97cba8f282094630d94d21dbb6

Download Submit
C:\Windows\System\dfLEUne.exe

Filesize
2.0MB

MD5
9ed08a20cca2b8f405c0d24d639b9bd6

SHA1
59c097a3addd7e11b9accdce451938a38d57f7f2

SHA256
7be09e2085ef111a442ef8df3c758a69586ac6ad390791fc6406d46b4eb70d5a

SHA512
cc265de965c982516513047e14a987643fa4e232bbed1dbe3c998ffc9ed5f4feefbc28b81eb6559b21ba32a4e6ff00e72d4b129808bcb51ff49ca8c41d9027a2

Download Submit
C:\Windows\System\eXtXSDa.exe

Filesize
2.0MB

MD5
44817a3ac6321d4e97f511c0de06393c

SHA1
00a3ea3f167d81d3f95db8e6b22f9a32ab3b4ec8

SHA256
5c203a9fe8281c82a3fcb3ce7595772ad1e18fc881612e8b8503744428669029

SHA512
43dee06107e9152f64d6c918175b1bbecb3c01d1d49f64d87a10c4c696126d20ecb356c25d36d9fcde5225f827f5c018e9461279f7e779bc4acc87445fa0a4ae

Download Submit
C:\Windows\System\hFFgXhC.exe

Filesize
2.0MB

MD5
4b26be8454d30229452fc327393fcf50

SHA1
e3f2f338c83efe86392a4ff73885d27c1495c279

SHA256
33c0e29e29ec87969964d83f8a052b707a90eff9e783b130a9844660a1e1edb6

SHA512
61257684594c9578e9ab918168e561e7085ec20ef5c6172b10255f7a65819d7a6810e5ec55de1ad8578974d768390f2cfa1fcd44b996294cf962cb7302f29330

Download Submit
C:\Windows\System\iSKXhxT.exe

Filesize
2.0MB

MD5
856fdfc7074752951bb7b5c375a649ad

SHA1
5d44ce546f1e4536395f868b9e63b13bfbcb54ab

SHA256
b9b76effd4761097b1874ac02cd2285e951fc9abd10e10cdfebf911d52a4893f

SHA512
e9efd8a797d59d8af75ac13eda725dc8df947388b85317c4a51e90a0e767cc0056443cf2a153f622031d0bd0772a867e61b9977af66d997ddcb1b3445eabdc99

Download Submit
C:\Windows\System\lhAtlbk.exe

Filesize
2.0MB

MD5
173b11ec063d18a0fdbf8be8311e45d8

SHA1
c6c8bd44e820014651dc7fb9d7a740e7e0316080

SHA256
27db6cefe0a8202bbb873248ed5cc3d833f224485ce792e65386b585f686306f

SHA512
4b878bb987dd1796e9fc173a6f41a9b0ef020a12ea171b9a8ed5bd3b0def609f5fc6b0dff55527cb0b65f5d974fbbafb7ad286e7d47dec0571eb7294cf009bf0

Download Submit
C:\Windows\System\mVnmVDN.exe

Filesize
2.0MB

MD5
0b08f64b6618bf1ea27e03e58206029a

SHA1
7a3091feae529f0a2d7e4aea1ffbae2e4f5e9aa0

SHA256
2fdf89de2ecc9f80e51b9f28e35898a7e3a3a4c43ac8ae8b5bd8b2d03be869fc

SHA512
4a1ea2ab73e3bfdba444e48f78692213b277f0682d076dfebe6b9492f1c40f656a66a75e0489dddff819e86023ae15e7ce310886a2a611408a3e0471c1f2810e

Download Submit
C:\Windows\System\nqAXuxf.exe

Filesize
2.0MB

MD5
dbb6fde47bfd68b557401097e58e9593

SHA1
be32b053174ba3784d09702e8666d2e346430a10

SHA256
cb7b7f830af08d501136f2b7dd2cb941af442d282a0c6456fd00f8a2af01a564

SHA512
9001e8ad2f352ea042ad97280529a837feb820da8b98a0ffe69b74c2b0327609967d85a54839c4d3906e00f961a12878a5a837ce79082ac471513923e809915a

Download Submit
C:\Windows\System\qVgocjI.exe

Filesize
2.0MB

MD5
2d6c0c51df0c560a97960c05c5146b4c

SHA1
a65e3288ae25810c39897bed464f11edbe287ccb

SHA256
eb4a754db91e727c093f67e14113c929228fa04012896f92c53918a17ea95f0d

SHA512
307e807e1e79b3aa6c905e27ed22dafc470278c34417fa295e6a4ebfdbe59890d49f96ede884445e862b58d644324dc2a19bc8360db6cc6e9e898d5c08de582a

Download Submit
C:\Windows\System\rBlUlin.exe

Filesize
2.0MB

MD5
704c07bd14849d674893dfab249453d5

SHA1
666cf14635420726281a6bf22bcae192f58c9fb1

SHA256
1723844cbde61c0a07cbb4f9f28004b26aa74e5e17855b51b395ec1b8137ef6e

SHA512
75cf7763249b0a4fecf7b9bfb7bfdb957d4ad0154e9914b663d9cf1c71f471def9697a5f532615673a3cc8f824643992bcab7f7a5732f329e20948e0baed162a

Download Submit
C:\Windows\System\rbQEHdy.exe

Filesize
2.0MB

MD5
6f1dcca29d347f2146191bbeee8f0dc3

SHA1
1200a28c3aff5ab3e10a99e70272740d702b94a1

SHA256
4a528f89fc12e1bc366c5dee9d24f3706709603208711d69e2c0e5b88e9e3870

SHA512
41746bb9d5641e1b542e0abb76d07dcfaeeed3d11cc0a041d86a7e14cd187efeb8b9cf786159c06c0fd2a6ac40d4256aeab5d047a8b284c2c8bfb5f08cf3fdb5

Download Submit
C:\Windows\System\sZjoCdl.exe

Filesize
2.0MB

MD5
5a85fa8ef51d50fd11f897fbac2caee6

SHA1
6036461c5653470dd4aacd45ed9ece0e21d00310

SHA256
10033e97b641f77ca430f7a918406630152e4ce5a6d038762861044023c6650b

SHA512
9843a8add2371dfc643661f6c045f49d309ec4c47493394a496f735d23b41aae75192eca64e4e818271a1f1168b7b7d2a4d96f2bef215403dc1ab83e6bebb420

Download Submit
C:\Windows\System\wrNciPw.exe

Filesize
2.0MB

MD5
b54aff948564dd1a84ff416cb4618378

SHA1
3118a04f286b51fd105cf29bfec00914ae79f780

SHA256
aafb40bf2b6b777e2b1f8b49f06af711b6350a545546bd484f74da8bd78819eb

SHA512
3c96731211ff530b60de8c9869917836511e932fbbdca7261e5862bd8a0c2a1c5b55979a427407af2d73f9fbb73682181987b594753835e1611ae7dc200d3b08

Download Submit
C:\Windows\System\yOhWkOS.exe

Filesize
2.0MB

MD5
6ef32ca13a94c54911afb77fcd4f4285

SHA1
6fba07952c556fcb5e7313bc17c021dcd758068c

SHA256
bef2b9bdf41908d507c5dd04712b642ebee8e313c6a51a9cc9e968a34103c246

SHA512
e1e3a256652ed1df9476b83c42f4ea56059a466b6db0e9648aa1be191c147c6bd64de3f16da50af2f927575f3aa279ef050dfe11fe5d0cc040f319146354e9cd

Download Submit
memory/64-2169-0x00007FF6E7460000-0x00007FF6E77B4000-memory.dmp

Filesize
3.3MB

Download
memory/64-183-0x00007FF6E7460000-0x00007FF6E77B4000-memory.dmp

Filesize
3.3MB

Download
memory/392-2168-0x00007FF68B810000-0x00007FF68BB64000-memory.dmp

Filesize
3.3MB

Download
memory/392-2135-0x00007FF68B810000-0x00007FF68BB64000-memory.dmp

Filesize
3.3MB

Download
memory/392-158-0x00007FF68B810000-0x00007FF68BB64000-memory.dmp

Filesize
3.3MB

Download
memory/464-182-0x00007FF721D30000-0x00007FF722084000-memory.dmp

Filesize
3.3MB

Download
memory/464-2173-0x00007FF721D30000-0x00007FF722084000-memory.dmp

Filesize
3.3MB

Download
memory/1248-0-0x00007FF7D1F70000-0x00007FF7D22C4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-1-0x000001D04FAA0000-0x000001D04FAB0000-memory.dmp

Filesize
64KB

Download
memory/1388-185-0x00007FF650540000-0x00007FF650894000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2171-0x00007FF650540000-0x00007FF650894000-memory.dmp

Filesize
3.3MB

Download
memory/1492-178-0x00007FF724320000-0x00007FF724674000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2164-0x00007FF724320000-0x00007FF724674000-memory.dmp

Filesize
3.3MB

Download
memory/1564-180-0x00007FF7BE220000-0x00007FF7BE574000-memory.dmp

Filesize
3.3MB

Download
memory/1564-2166-0x00007FF7BE220000-0x00007FF7BE574000-memory.dmp

Filesize
3.3MB

Download
memory/1644-187-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2148-0x00007FF6A6790000-0x00007FF6A6AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2170-0x00007FF6255E0000-0x00007FF625934000-memory.dmp

Filesize
3.3MB

Download
memory/2016-181-0x00007FF6255E0000-0x00007FF625934000-memory.dmp

Filesize
3.3MB

Download
memory/2068-146-0x00007FF6172C0000-0x00007FF617614000-memory.dmp

Filesize
3.3MB

Download
memory/2068-2154-0x00007FF6172C0000-0x00007FF617614000-memory.dmp

Filesize
3.3MB

Download
memory/2072-89-0x00007FF71E7A0000-0x00007FF71EAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2149-0x00007FF71E7A0000-0x00007FF71EAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-159-0x00007FF63B1E0000-0x00007FF63B534000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2155-0x00007FF63B1E0000-0x00007FF63B534000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2160-0x00007FF6FDDE0000-0x00007FF6FE134000-memory.dmp

Filesize
3.3MB

Download
memory/2488-177-0x00007FF6FDDE0000-0x00007FF6FE134000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2157-0x00007FF750090000-0x00007FF7503E4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-118-0x00007FF750090000-0x00007FF7503E4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2134-0x00007FF750090000-0x00007FF7503E4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2153-0x00007FF6096D0000-0x00007FF609A24000-memory.dmp

Filesize
3.3MB

Download
memory/2656-145-0x00007FF6096D0000-0x00007FF609A24000-memory.dmp

Filesize
3.3MB

Download
memory/2944-186-0x00007FF714A30000-0x00007FF714D84000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2172-0x00007FF714A30000-0x00007FF714D84000-memory.dmp

Filesize
3.3MB

Download
memory/2964-189-0x00007FF7CE220000-0x00007FF7CE574000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2161-0x00007FF7CE220000-0x00007FF7CE574000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2146-0x00007FF640DB0000-0x00007FF641104000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2132-0x00007FF640DB0000-0x00007FF641104000-memory.dmp

Filesize
3.3MB

Download
memory/2988-22-0x00007FF640DB0000-0x00007FF641104000-memory.dmp

Filesize
3.3MB

Download
memory/3520-10-0x00007FF611A10000-0x00007FF611D64000-memory.dmp

Filesize
3.3MB

Download
memory/3520-2131-0x00007FF611A10000-0x00007FF611D64000-memory.dmp

Filesize
3.3MB

Download
memory/3520-2147-0x00007FF611A10000-0x00007FF611D64000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2152-0x00007FF6D7E90000-0x00007FF6D81E4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-188-0x00007FF6D7E90000-0x00007FF6D81E4000-memory.dmp

Filesize
3.3MB

Download
memory/3736-70-0x00007FF6D0D40000-0x00007FF6D1094000-memory.dmp

Filesize
3.3MB

Download
memory/3736-2133-0x00007FF6D0D40000-0x00007FF6D1094000-memory.dmp

Filesize
3.3MB

Download
memory/3736-2151-0x00007FF6D0D40000-0x00007FF6D1094000-memory.dmp

Filesize
3.3MB

Download
memory/3760-48-0x00007FF7EAEF0000-0x00007FF7EB244000-memory.dmp

Filesize
3.3MB

Download
memory/3760-2150-0x00007FF7EAEF0000-0x00007FF7EB244000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2167-0x00007FF611B50000-0x00007FF611EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-179-0x00007FF611B50000-0x00007FF611EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-175-0x00007FF71D340000-0x00007FF71D694000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2159-0x00007FF71D340000-0x00007FF71D694000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2145-0x00007FF6B8000000-0x00007FF6B8354000-memory.dmp

Filesize
3.3MB

Download
memory/4524-31-0x00007FF6B8000000-0x00007FF6B8354000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2163-0x00007FF7BC490000-0x00007FF7BC7E4000-memory.dmp

Filesize
3.3MB

Download
memory/4684-164-0x00007FF7BC490000-0x00007FF7BC7E4000-memory.dmp

Filesize
3.3MB

Download
memory/4844-191-0x00007FF6A1170000-0x00007FF6A14C4000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2156-0x00007FF6A1170000-0x00007FF6A14C4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2158-0x00007FF7E2530000-0x00007FF7E2884000-memory.dmp

Filesize
3.3MB

Download
memory/4892-184-0x00007FF7E2530000-0x00007FF7E2884000-memory.dmp

Filesize
3.3MB

Download
memory/5012-176-0x00007FF6515E0000-0x00007FF651934000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2165-0x00007FF6515E0000-0x00007FF651934000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2162-0x00007FF6441A0000-0x00007FF6444F4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-190-0x00007FF6441A0000-0x00007FF6444F4000-memory.dmp

Filesize
3.3MB

Download