kpot | a54703b0d051cd66f67789f37e65ba3a7960bb22f3150199037d51c4944b7472

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
Size

2.5MB
MD5

334d46a202316f4a08a77645a1c884e0
SHA1

93cfa69eae5680766764af6ae42dea0415588b40
SHA256

a54703b0d051cd66f67789f37e65ba3a7960bb22f3150199037d51c4944b7472
SHA512

baa737e3d32145937ecd45ef927c8c0122b153005878f6db844bc9f0108a96242523ddbacb7901e4da1641ee287ac867cbdb41304ffc72f2aec61722e8e8b1f0
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eoKw:BemTLkNdfE0pZrwZ

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000500000002328f-4.dat	family_kpot
behavioral2/files/0x000800000002341d-10.dat	family_kpot
behavioral2/files/0x0007000000023421-14.dat	family_kpot
behavioral2/files/0x0007000000023422-24.dat	family_kpot
behavioral2/files/0x0007000000023423-32.dat	family_kpot
behavioral2/files/0x0007000000023424-33.dat	family_kpot
behavioral2/files/0x0007000000023425-44.dat	family_kpot
behavioral2/files/0x0007000000023427-54.dat	family_kpot
behavioral2/files/0x0007000000023428-64.dat	family_kpot
behavioral2/files/0x0007000000023426-62.dat	family_kpot
behavioral2/files/0x0007000000023429-68.dat	family_kpot
behavioral2/files/0x000700000002342b-74.dat	family_kpot
behavioral2/files/0x000700000002342d-81.dat	family_kpot
behavioral2/files/0x000700000002342f-93.dat	family_kpot
behavioral2/files/0x0007000000023432-106.dat	family_kpot
behavioral2/files/0x0007000000023437-131.dat	family_kpot
behavioral2/files/0x0007000000023439-146.dat	family_kpot
behavioral2/files/0x000700000002343f-171.dat	family_kpot
behavioral2/files/0x000700000002343e-168.dat	family_kpot
behavioral2/files/0x000700000002343d-166.dat	family_kpot
behavioral2/files/0x000700000002343c-162.dat	family_kpot
behavioral2/files/0x000700000002343b-156.dat	family_kpot
behavioral2/files/0x000700000002343a-152.dat	family_kpot
behavioral2/files/0x0007000000023438-142.dat	family_kpot
behavioral2/files/0x0007000000023436-132.dat	family_kpot
behavioral2/files/0x0007000000023435-126.dat	family_kpot
behavioral2/files/0x0007000000023434-121.dat	family_kpot
behavioral2/files/0x0007000000023433-117.dat	family_kpot
behavioral2/files/0x0007000000023431-107.dat	family_kpot
behavioral2/files/0x0007000000023430-101.dat	family_kpot
behavioral2/files/0x000700000002342e-91.dat	family_kpot
behavioral2/files/0x000700000002342c-82.dat	family_kpot
behavioral2/files/0x000800000002341e-41.dat	family_kpot

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 14916 created 14720	14916	WerFaultSecure.exe	753

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4964-0-0x00007FF6A35B0000-0x00007FF6A3904000-memory.dmp	xmrig
behavioral2/files/0x000500000002328f-4.dat	xmrig
behavioral2/files/0x000800000002341d-10.dat	xmrig
behavioral2/files/0x0007000000023421-14.dat	xmrig
behavioral2/memory/2892-12-0x00007FF662C40000-0x00007FF662F94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023422-24.dat	xmrig
behavioral2/memory/2484-20-0x00007FF6DB6D0000-0x00007FF6DBA24000-memory.dmp	xmrig
behavioral2/memory/4536-15-0x00007FF7E3140000-0x00007FF7E3494000-memory.dmp	xmrig
behavioral2/memory/1884-30-0x00007FF67A280000-0x00007FF67A5D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-32.dat	xmrig
behavioral2/files/0x0007000000023424-33.dat	xmrig
behavioral2/files/0x0007000000023425-44.dat	xmrig
behavioral2/memory/1740-48-0x00007FF7C1F80000-0x00007FF7C22D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-54.dat	xmrig
behavioral2/files/0x0007000000023428-64.dat	xmrig
behavioral2/files/0x0007000000023426-62.dat	xmrig
behavioral2/files/0x0007000000023429-68.dat	xmrig
behavioral2/files/0x000700000002342b-74.dat	xmrig
behavioral2/files/0x000700000002342d-81.dat	xmrig
behavioral2/files/0x000700000002342f-93.dat	xmrig
behavioral2/files/0x0007000000023432-106.dat	xmrig
behavioral2/files/0x0007000000023437-131.dat	xmrig
behavioral2/files/0x0007000000023439-146.dat	xmrig
behavioral2/files/0x000700000002343f-171.dat	xmrig
behavioral2/files/0x000700000002343e-168.dat	xmrig
behavioral2/files/0x000700000002343d-166.dat	xmrig
behavioral2/files/0x000700000002343c-162.dat	xmrig
behavioral2/files/0x000700000002343b-156.dat	xmrig
behavioral2/files/0x000700000002343a-152.dat	xmrig
behavioral2/files/0x0007000000023438-142.dat	xmrig
behavioral2/files/0x0007000000023436-132.dat	xmrig
behavioral2/files/0x0007000000023435-126.dat	xmrig
behavioral2/files/0x0007000000023434-121.dat	xmrig
behavioral2/files/0x0007000000023433-117.dat	xmrig
behavioral2/files/0x0007000000023431-107.dat	xmrig
behavioral2/files/0x0007000000023430-101.dat	xmrig
behavioral2/files/0x000700000002342e-91.dat	xmrig
behavioral2/files/0x000700000002342c-82.dat	xmrig
behavioral2/memory/2096-57-0x00007FF646DA0000-0x00007FF6470F4000-memory.dmp	xmrig
behavioral2/files/0x000800000002341e-41.dat	xmrig
behavioral2/memory/2464-40-0x00007FF7DD440000-0x00007FF7DD794000-memory.dmp	xmrig
behavioral2/memory/1376-36-0x00007FF608520000-0x00007FF608874000-memory.dmp	xmrig
behavioral2/memory/4996-739-0x00007FF70CED0000-0x00007FF70D224000-memory.dmp	xmrig
behavioral2/memory/1504-756-0x00007FF6336A0000-0x00007FF6339F4000-memory.dmp	xmrig
behavioral2/memory/4508-751-0x00007FF7B9CB0000-0x00007FF7BA004000-memory.dmp	xmrig
behavioral2/memory/4336-744-0x00007FF799B00000-0x00007FF799E54000-memory.dmp	xmrig
behavioral2/memory/4308-735-0x00007FF7AC010000-0x00007FF7AC364000-memory.dmp	xmrig
behavioral2/memory/2208-790-0x00007FF64B670000-0x00007FF64B9C4000-memory.dmp	xmrig
behavioral2/memory/3792-802-0x00007FF75C560000-0x00007FF75C8B4000-memory.dmp	xmrig
behavioral2/memory/1204-807-0x00007FF751860000-0x00007FF751BB4000-memory.dmp	xmrig
behavioral2/memory/4412-813-0x00007FF67F1B0000-0x00007FF67F504000-memory.dmp	xmrig
behavioral2/memory/5104-818-0x00007FF7C7BD0000-0x00007FF7C7F24000-memory.dmp	xmrig
behavioral2/memory/1308-822-0x00007FF63C370000-0x00007FF63C6C4000-memory.dmp	xmrig
behavioral2/memory/5040-821-0x00007FF6ADE70000-0x00007FF6AE1C4000-memory.dmp	xmrig
behavioral2/memory/2620-817-0x00007FF7DFC50000-0x00007FF7DFFA4000-memory.dmp	xmrig
behavioral2/memory/3124-804-0x00007FF79F2A0000-0x00007FF79F5F4000-memory.dmp	xmrig
behavioral2/memory/968-799-0x00007FF6EB0A0000-0x00007FF6EB3F4000-memory.dmp	xmrig
behavioral2/memory/2556-795-0x00007FF64A120000-0x00007FF64A474000-memory.dmp	xmrig
behavioral2/memory/3948-787-0x00007FF77F8E0000-0x00007FF77FC34000-memory.dmp	xmrig
behavioral2/memory/4500-784-0x00007FF7917A0000-0x00007FF791AF4000-memory.dmp	xmrig
behavioral2/memory/5096-778-0x00007FF62EDB0000-0x00007FF62F104000-memory.dmp	xmrig
behavioral2/memory/5116-772-0x00007FF6E9040000-0x00007FF6E9394000-memory.dmp	xmrig
behavioral2/memory/1364-765-0x00007FF7152F0000-0x00007FF715644000-memory.dmp	xmrig
behavioral2/memory/4964-1201-0x00007FF6A35B0000-0x00007FF6A3904000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2892	LzspNBF.exe
4536	zJUoXWd.exe
2484	JWumNkL.exe
1884	jBmRPXz.exe
1376	DcyaJUA.exe
2464	ETgWUIG.exe
1740	HRNuXaL.exe
2096	bwVtnIp.exe
1308	MgZOpig.exe
4308	jKvfOAy.exe
4996	TzqXDPi.exe
4336	AgbvBQC.exe
4508	QOCzutR.exe
1504	xIXGJqw.exe
1364	dbvNUSf.exe
5116	bfebFth.exe
5096	hfUcADZ.exe
4500	GjoBRED.exe
3948	MiYJEry.exe
2208	TJcAzyR.exe
2556	BoqyWwh.exe
968	lWAVYOn.exe
3792	VSXWWji.exe
3124	jiDrlVa.exe
1204	fXSHtcF.exe
4412	AbYUGEC.exe
2620	qyVnOOU.exe
5104	NJyrdjl.exe
5040	xgCiNXo.exe
3860	KwqZbMM.exe
1368	FXOAqRl.exe
4560	PxuTWGd.exe
4888	wHrielO.exe
2344	JZZEDZs.exe
3908	eBeAzco.exe
1292	TryaNZj.exe
2624	ORIfnkW.exe
4948	rqoKKXn.exe
3436	jKHaiJb.exe
4424	VAAnZMw.exe
2748	FGVAJsZ.exe
3036	kfsQglC.exe
5020	XJgjMzB.exe
3076	RqMJDBF.exe
1668	XQgwnRP.exe
1200	iePUAoC.exe
4228	wrZTIok.exe
4324	gDRLOjQ.exe
4644	TjbPtJl.exe
2080	xVHAMDu.exe
2728	yAvTTUT.exe
2172	JsSNrnL.exe
1900	fNcaipg.exe
1140	bUvniHo.exe
4232	nVvfzXc.exe
400	BkQkSxM.exe
4404	QppTQEn.exe
1288	QbeZTqz.exe
4476	xzUuQLF.exe
3856	iHtghPM.exe
4088	hoxSGHM.exe
644	gQLULDQ.exe
1656	lMsoPxk.exe
3584	FAFjida.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4964-0-0x00007FF6A35B0000-0x00007FF6A3904000-memory.dmp	upx
behavioral2/files/0x000500000002328f-4.dat	upx
behavioral2/files/0x000800000002341d-10.dat	upx
behavioral2/files/0x0007000000023421-14.dat	upx
behavioral2/memory/2892-12-0x00007FF662C40000-0x00007FF662F94000-memory.dmp	upx
behavioral2/files/0x0007000000023422-24.dat	upx
behavioral2/memory/2484-20-0x00007FF6DB6D0000-0x00007FF6DBA24000-memory.dmp	upx
behavioral2/memory/4536-15-0x00007FF7E3140000-0x00007FF7E3494000-memory.dmp	upx
behavioral2/memory/1884-30-0x00007FF67A280000-0x00007FF67A5D4000-memory.dmp	upx
behavioral2/files/0x0007000000023423-32.dat	upx
behavioral2/files/0x0007000000023424-33.dat	upx
behavioral2/files/0x0007000000023425-44.dat	upx
behavioral2/memory/1740-48-0x00007FF7C1F80000-0x00007FF7C22D4000-memory.dmp	upx
behavioral2/files/0x0007000000023427-54.dat	upx
behavioral2/files/0x0007000000023428-64.dat	upx
behavioral2/files/0x0007000000023426-62.dat	upx
behavioral2/files/0x0007000000023429-68.dat	upx
behavioral2/files/0x000700000002342b-74.dat	upx
behavioral2/files/0x000700000002342d-81.dat	upx
behavioral2/files/0x000700000002342f-93.dat	upx
behavioral2/files/0x0007000000023432-106.dat	upx
behavioral2/files/0x0007000000023437-131.dat	upx
behavioral2/files/0x0007000000023439-146.dat	upx
behavioral2/files/0x000700000002343f-171.dat	upx
behavioral2/files/0x000700000002343e-168.dat	upx
behavioral2/files/0x000700000002343d-166.dat	upx
behavioral2/files/0x000700000002343c-162.dat	upx
behavioral2/files/0x000700000002343b-156.dat	upx
behavioral2/files/0x000700000002343a-152.dat	upx
behavioral2/files/0x0007000000023438-142.dat	upx
behavioral2/files/0x0007000000023436-132.dat	upx
behavioral2/files/0x0007000000023435-126.dat	upx
behavioral2/files/0x0007000000023434-121.dat	upx
behavioral2/files/0x0007000000023433-117.dat	upx
behavioral2/files/0x0007000000023431-107.dat	upx
behavioral2/files/0x0007000000023430-101.dat	upx
behavioral2/files/0x000700000002342e-91.dat	upx
behavioral2/files/0x000700000002342c-82.dat	upx
behavioral2/memory/2096-57-0x00007FF646DA0000-0x00007FF6470F4000-memory.dmp	upx
behavioral2/files/0x000800000002341e-41.dat	upx
behavioral2/memory/2464-40-0x00007FF7DD440000-0x00007FF7DD794000-memory.dmp	upx
behavioral2/memory/1376-36-0x00007FF608520000-0x00007FF608874000-memory.dmp	upx
behavioral2/memory/4996-739-0x00007FF70CED0000-0x00007FF70D224000-memory.dmp	upx
behavioral2/memory/1504-756-0x00007FF6336A0000-0x00007FF6339F4000-memory.dmp	upx
behavioral2/memory/4508-751-0x00007FF7B9CB0000-0x00007FF7BA004000-memory.dmp	upx
behavioral2/memory/4336-744-0x00007FF799B00000-0x00007FF799E54000-memory.dmp	upx
behavioral2/memory/4308-735-0x00007FF7AC010000-0x00007FF7AC364000-memory.dmp	upx
behavioral2/memory/2208-790-0x00007FF64B670000-0x00007FF64B9C4000-memory.dmp	upx
behavioral2/memory/3792-802-0x00007FF75C560000-0x00007FF75C8B4000-memory.dmp	upx
behavioral2/memory/1204-807-0x00007FF751860000-0x00007FF751BB4000-memory.dmp	upx
behavioral2/memory/4412-813-0x00007FF67F1B0000-0x00007FF67F504000-memory.dmp	upx
behavioral2/memory/5104-818-0x00007FF7C7BD0000-0x00007FF7C7F24000-memory.dmp	upx
behavioral2/memory/1308-822-0x00007FF63C370000-0x00007FF63C6C4000-memory.dmp	upx
behavioral2/memory/5040-821-0x00007FF6ADE70000-0x00007FF6AE1C4000-memory.dmp	upx
behavioral2/memory/2620-817-0x00007FF7DFC50000-0x00007FF7DFFA4000-memory.dmp	upx
behavioral2/memory/3124-804-0x00007FF79F2A0000-0x00007FF79F5F4000-memory.dmp	upx
behavioral2/memory/968-799-0x00007FF6EB0A0000-0x00007FF6EB3F4000-memory.dmp	upx
behavioral2/memory/2556-795-0x00007FF64A120000-0x00007FF64A474000-memory.dmp	upx
behavioral2/memory/3948-787-0x00007FF77F8E0000-0x00007FF77FC34000-memory.dmp	upx
behavioral2/memory/4500-784-0x00007FF7917A0000-0x00007FF791AF4000-memory.dmp	upx
behavioral2/memory/5096-778-0x00007FF62EDB0000-0x00007FF62F104000-memory.dmp	upx
behavioral2/memory/5116-772-0x00007FF6E9040000-0x00007FF6E9394000-memory.dmp	upx
behavioral2/memory/1364-765-0x00007FF7152F0000-0x00007FF715644000-memory.dmp	upx
behavioral2/memory/4964-1201-0x00007FF6A35B0000-0x00007FF6A3904000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VxDncXl.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\fcpvByv.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\ItsYtiO.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\xzValUp.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\lXaTjhk.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\GjoBRED.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\TjbPtJl.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\GLyJjQw.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\JNnyRrx.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\CmCqqLE.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\AUWplzw.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\BSYnhdn.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\dQJglIQ.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\QthubmK.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\XgWMuWn.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\xTXJpdI.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\fBMEpaA.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\bsZKtBT.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\plVNcuX.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\yxWcQKP.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\JWumNkL.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\yAvTTUT.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\OCZFVbR.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\wxKKGqN.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\HLYSAld.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\ELzhPKP.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\gmMyQGt.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\abkOWqI.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\busqKKa.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\epNBeXh.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\ocCqtLC.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\mUeOMHY.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\hMziHFb.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\gkPbCmt.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\xkvUmiJ.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\doHAySD.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\ecHvNvG.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\TiWuHzM.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\iFkCOgv.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\UNDHplm.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\iYPcvrt.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\DQYZApi.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\FXOAqRl.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\lMsoPxk.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\QurvRzM.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\yBdPSlC.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\dWAtqvk.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\jHLCRbv.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\dBQKMZM.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\BvVJWLZ.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\BVSkxPo.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\lAxNfSu.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\eBeAzco.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\TyGdtvm.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\IoDfLNv.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\hoxSGHM.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\KibmLUu.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\qdtUfqR.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\NJyrdjl.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\JsSNrnL.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\HonSQCV.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\zjMVGkm.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\LenqGrv.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
File created	C:\Windows\System\xXwJwqf.exe	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
15076	WerFaultSecure.exe
15076	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 2892	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	84
PID 4964 wrote to memory of 2892	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	84
PID 4964 wrote to memory of 4536	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	85
PID 4964 wrote to memory of 4536	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	85
PID 4964 wrote to memory of 2484	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	86
PID 4964 wrote to memory of 2484	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	86
PID 4964 wrote to memory of 1884	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	87
PID 4964 wrote to memory of 1884	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	87
PID 4964 wrote to memory of 2464	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	88
PID 4964 wrote to memory of 2464	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	88
PID 4964 wrote to memory of 1376	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	89
PID 4964 wrote to memory of 1376	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	89
PID 4964 wrote to memory of 1740	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	90
PID 4964 wrote to memory of 1740	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	90
PID 4964 wrote to memory of 2096	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	91
PID 4964 wrote to memory of 2096	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	91
PID 4964 wrote to memory of 1308	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	92
PID 4964 wrote to memory of 1308	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	92
PID 4964 wrote to memory of 4308	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	93
PID 4964 wrote to memory of 4308	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	93
PID 4964 wrote to memory of 4996	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	94
PID 4964 wrote to memory of 4996	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	94
PID 4964 wrote to memory of 4336	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	95
PID 4964 wrote to memory of 4336	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	95
PID 4964 wrote to memory of 4508	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	96
PID 4964 wrote to memory of 4508	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	96
PID 4964 wrote to memory of 1504	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	97
PID 4964 wrote to memory of 1504	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	97
PID 4964 wrote to memory of 1364	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	98
PID 4964 wrote to memory of 1364	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	98
PID 4964 wrote to memory of 5116	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	99
PID 4964 wrote to memory of 5116	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	99
PID 4964 wrote to memory of 5096	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	100
PID 4964 wrote to memory of 5096	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	100
PID 4964 wrote to memory of 4500	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	101
PID 4964 wrote to memory of 4500	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	101
PID 4964 wrote to memory of 3948	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	102
PID 4964 wrote to memory of 3948	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	102
PID 4964 wrote to memory of 2208	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	103
PID 4964 wrote to memory of 2208	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	103
PID 4964 wrote to memory of 2556	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	104
PID 4964 wrote to memory of 2556	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	104
PID 4964 wrote to memory of 968	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	105
PID 4964 wrote to memory of 968	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	105
PID 4964 wrote to memory of 3792	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	106
PID 4964 wrote to memory of 3792	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	106
PID 4964 wrote to memory of 3124	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	107
PID 4964 wrote to memory of 3124	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	107
PID 4964 wrote to memory of 1204	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	108
PID 4964 wrote to memory of 1204	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	108
PID 4964 wrote to memory of 4412	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	109
PID 4964 wrote to memory of 4412	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	109
PID 4964 wrote to memory of 2620	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	110
PID 4964 wrote to memory of 2620	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	110
PID 4964 wrote to memory of 5104	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	111
PID 4964 wrote to memory of 5104	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	111
PID 4964 wrote to memory of 5040	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	112
PID 4964 wrote to memory of 5040	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	112
PID 4964 wrote to memory of 3860	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	113
PID 4964 wrote to memory of 3860	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	113
PID 4964 wrote to memory of 1368	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	114
PID 4964 wrote to memory of 1368	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	114
PID 4964 wrote to memory of 4560	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	115
PID 4964 wrote to memory of 4560	4964	334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\334d46a202316f4a08a77645a1c884e0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Windows\System\LzspNBF.exe
  C:\Windows\System\LzspNBF.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\zJUoXWd.exe
  C:\Windows\System\zJUoXWd.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\JWumNkL.exe
  C:\Windows\System\JWumNkL.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\jBmRPXz.exe
  C:\Windows\System\jBmRPXz.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ETgWUIG.exe
  C:\Windows\System\ETgWUIG.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\DcyaJUA.exe
  C:\Windows\System\DcyaJUA.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\HRNuXaL.exe
  C:\Windows\System\HRNuXaL.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\bwVtnIp.exe
  C:\Windows\System\bwVtnIp.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\MgZOpig.exe
  C:\Windows\System\MgZOpig.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\jKvfOAy.exe
  C:\Windows\System\jKvfOAy.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\TzqXDPi.exe
  C:\Windows\System\TzqXDPi.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\AgbvBQC.exe
  C:\Windows\System\AgbvBQC.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\QOCzutR.exe
  C:\Windows\System\QOCzutR.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\xIXGJqw.exe
  C:\Windows\System\xIXGJqw.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\dbvNUSf.exe
  C:\Windows\System\dbvNUSf.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\bfebFth.exe
  C:\Windows\System\bfebFth.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\hfUcADZ.exe
  C:\Windows\System\hfUcADZ.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\GjoBRED.exe
  C:\Windows\System\GjoBRED.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\MiYJEry.exe
  C:\Windows\System\MiYJEry.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\TJcAzyR.exe
  C:\Windows\System\TJcAzyR.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\BoqyWwh.exe
  C:\Windows\System\BoqyWwh.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\lWAVYOn.exe
  C:\Windows\System\lWAVYOn.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\VSXWWji.exe
  C:\Windows\System\VSXWWji.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\jiDrlVa.exe
  C:\Windows\System\jiDrlVa.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\fXSHtcF.exe
  C:\Windows\System\fXSHtcF.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\AbYUGEC.exe
  C:\Windows\System\AbYUGEC.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\qyVnOOU.exe
  C:\Windows\System\qyVnOOU.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\NJyrdjl.exe
  C:\Windows\System\NJyrdjl.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\xgCiNXo.exe
  C:\Windows\System\xgCiNXo.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\KwqZbMM.exe
  C:\Windows\System\KwqZbMM.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\FXOAqRl.exe
  C:\Windows\System\FXOAqRl.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\PxuTWGd.exe
  C:\Windows\System\PxuTWGd.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\wHrielO.exe
  C:\Windows\System\wHrielO.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\JZZEDZs.exe
  C:\Windows\System\JZZEDZs.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\eBeAzco.exe
  C:\Windows\System\eBeAzco.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\TryaNZj.exe
  C:\Windows\System\TryaNZj.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\ORIfnkW.exe
  C:\Windows\System\ORIfnkW.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\rqoKKXn.exe
  C:\Windows\System\rqoKKXn.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\jKHaiJb.exe
  C:\Windows\System\jKHaiJb.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\VAAnZMw.exe
  C:\Windows\System\VAAnZMw.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\FGVAJsZ.exe
  C:\Windows\System\FGVAJsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\kfsQglC.exe
  C:\Windows\System\kfsQglC.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\XJgjMzB.exe
  C:\Windows\System\XJgjMzB.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\RqMJDBF.exe
  C:\Windows\System\RqMJDBF.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\XQgwnRP.exe
  C:\Windows\System\XQgwnRP.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\iePUAoC.exe
  C:\Windows\System\iePUAoC.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\wrZTIok.exe
  C:\Windows\System\wrZTIok.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\gDRLOjQ.exe
  C:\Windows\System\gDRLOjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\TjbPtJl.exe
  C:\Windows\System\TjbPtJl.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\xVHAMDu.exe
  C:\Windows\System\xVHAMDu.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\yAvTTUT.exe
  C:\Windows\System\yAvTTUT.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\JsSNrnL.exe
  C:\Windows\System\JsSNrnL.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\fNcaipg.exe
  C:\Windows\System\fNcaipg.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\bUvniHo.exe
  C:\Windows\System\bUvniHo.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\nVvfzXc.exe
  C:\Windows\System\nVvfzXc.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\BkQkSxM.exe
  C:\Windows\System\BkQkSxM.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\QppTQEn.exe
  C:\Windows\System\QppTQEn.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\QbeZTqz.exe
  C:\Windows\System\QbeZTqz.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\xzUuQLF.exe
  C:\Windows\System\xzUuQLF.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\iHtghPM.exe
  C:\Windows\System\iHtghPM.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\hoxSGHM.exe
  C:\Windows\System\hoxSGHM.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\gQLULDQ.exe
  C:\Windows\System\gQLULDQ.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\lMsoPxk.exe
  C:\Windows\System\lMsoPxk.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\FAFjida.exe
  C:\Windows\System\FAFjida.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\RbodtWQ.exe
  C:\Windows\System\RbodtWQ.exe
  2⤵
  PID:4184
- C:\Windows\System\CiTzclL.exe
  C:\Windows\System\CiTzclL.exe
  2⤵
  PID:3684
- C:\Windows\System\lljyqtH.exe
  C:\Windows\System\lljyqtH.exe
  2⤵
  PID:4520
- C:\Windows\System\KFISCoj.exe
  C:\Windows\System\KFISCoj.exe
  2⤵
  PID:2280
- C:\Windows\System\ZnEILMc.exe
  C:\Windows\System\ZnEILMc.exe
  2⤵
  PID:1228
- C:\Windows\System\nkFkaHK.exe
  C:\Windows\System\nkFkaHK.exe
  2⤵
  PID:3112
- C:\Windows\System\KibmLUu.exe
  C:\Windows\System\KibmLUu.exe
  2⤵
  PID:1096
- C:\Windows\System\vfFlVvP.exe
  C:\Windows\System\vfFlVvP.exe
  2⤵
  PID:3760
- C:\Windows\System\QGMgvPw.exe
  C:\Windows\System\QGMgvPw.exe
  2⤵
  PID:3016
- C:\Windows\System\kSXdDRS.exe
  C:\Windows\System\kSXdDRS.exe
  2⤵
  PID:3156
- C:\Windows\System\cPnbUof.exe
  C:\Windows\System\cPnbUof.exe
  2⤵
  PID:1580
- C:\Windows\System\UwdUNan.exe
  C:\Windows\System\UwdUNan.exe
  2⤵
  PID:4376
- C:\Windows\System\lyCjJDr.exe
  C:\Windows\System\lyCjJDr.exe
  2⤵
  PID:2912
- C:\Windows\System\DpduagG.exe
  C:\Windows\System\DpduagG.exe
  2⤵
  PID:2908
- C:\Windows\System\VPqekmY.exe
  C:\Windows\System\VPqekmY.exe
  2⤵
  PID:2712
- C:\Windows\System\dcdmxmy.exe
  C:\Windows\System\dcdmxmy.exe
  2⤵
  PID:5124
- C:\Windows\System\klmHjTD.exe
  C:\Windows\System\klmHjTD.exe
  2⤵
  PID:5152
- C:\Windows\System\UhZAbeV.exe
  C:\Windows\System\UhZAbeV.exe
  2⤵
  PID:5180
- C:\Windows\System\dBQKMZM.exe
  C:\Windows\System\dBQKMZM.exe
  2⤵
  PID:5208
- C:\Windows\System\ltsPfwt.exe
  C:\Windows\System\ltsPfwt.exe
  2⤵
  PID:5236
- C:\Windows\System\slburJn.exe
  C:\Windows\System\slburJn.exe
  2⤵
  PID:5264
- C:\Windows\System\mUeOMHY.exe
  C:\Windows\System\mUeOMHY.exe
  2⤵
  PID:5292
- C:\Windows\System\GpJqvIH.exe
  C:\Windows\System\GpJqvIH.exe
  2⤵
  PID:5320
- C:\Windows\System\uPJLEXg.exe
  C:\Windows\System\uPJLEXg.exe
  2⤵
  PID:5348
- C:\Windows\System\hHltDww.exe
  C:\Windows\System\hHltDww.exe
  2⤵
  PID:5376
- C:\Windows\System\hKTHbxD.exe
  C:\Windows\System\hKTHbxD.exe
  2⤵
  PID:5404
- C:\Windows\System\DtwoJHa.exe
  C:\Windows\System\DtwoJHa.exe
  2⤵
  PID:5432
- C:\Windows\System\ETfUZRw.exe
  C:\Windows\System\ETfUZRw.exe
  2⤵
  PID:5460
- C:\Windows\System\BHnqNzy.exe
  C:\Windows\System\BHnqNzy.exe
  2⤵
  PID:5488
- C:\Windows\System\RwIcsxZ.exe
  C:\Windows\System\RwIcsxZ.exe
  2⤵
  PID:5516
- C:\Windows\System\FdtDhjM.exe
  C:\Windows\System\FdtDhjM.exe
  2⤵
  PID:5544
- C:\Windows\System\wwVQnhR.exe
  C:\Windows\System\wwVQnhR.exe
  2⤵
  PID:5572
- C:\Windows\System\hMziHFb.exe
  C:\Windows\System\hMziHFb.exe
  2⤵
  PID:5600
- C:\Windows\System\ZzWdKbV.exe
  C:\Windows\System\ZzWdKbV.exe
  2⤵
  PID:5628
- C:\Windows\System\ySwJJRd.exe
  C:\Windows\System\ySwJJRd.exe
  2⤵
  PID:5656
- C:\Windows\System\dQJglIQ.exe
  C:\Windows\System\dQJglIQ.exe
  2⤵
  PID:5684
- C:\Windows\System\VWHvDMp.exe
  C:\Windows\System\VWHvDMp.exe
  2⤵
  PID:5712
- C:\Windows\System\zHgwQMa.exe
  C:\Windows\System\zHgwQMa.exe
  2⤵
  PID:5740
- C:\Windows\System\QurvRzM.exe
  C:\Windows\System\QurvRzM.exe
  2⤵
  PID:5768
- C:\Windows\System\lRxkJOP.exe
  C:\Windows\System\lRxkJOP.exe
  2⤵
  PID:5796
- C:\Windows\System\LgeIplI.exe
  C:\Windows\System\LgeIplI.exe
  2⤵
  PID:5824
- C:\Windows\System\frbtZsK.exe
  C:\Windows\System\frbtZsK.exe
  2⤵
  PID:5852
- C:\Windows\System\itsBMli.exe
  C:\Windows\System\itsBMli.exe
  2⤵
  PID:5880
- C:\Windows\System\DZLQRgA.exe
  C:\Windows\System\DZLQRgA.exe
  2⤵
  PID:5908
- C:\Windows\System\ZmspriT.exe
  C:\Windows\System\ZmspriT.exe
  2⤵
  PID:5936
- C:\Windows\System\llTKsqn.exe
  C:\Windows\System\llTKsqn.exe
  2⤵
  PID:5964
- C:\Windows\System\DVAAsTG.exe
  C:\Windows\System\DVAAsTG.exe
  2⤵
  PID:5992
- C:\Windows\System\JVagixt.exe
  C:\Windows\System\JVagixt.exe
  2⤵
  PID:6016
- C:\Windows\System\uexGRjH.exe
  C:\Windows\System\uexGRjH.exe
  2⤵
  PID:6044
- C:\Windows\System\otVAtMi.exe
  C:\Windows\System\otVAtMi.exe
  2⤵
  PID:6076
- C:\Windows\System\AFIJwWu.exe
  C:\Windows\System\AFIJwWu.exe
  2⤵
  PID:6104
- C:\Windows\System\zJaAjrI.exe
  C:\Windows\System\zJaAjrI.exe
  2⤵
  PID:6132
- C:\Windows\System\InAdSrF.exe
  C:\Windows\System\InAdSrF.exe
  2⤵
  PID:4288
- C:\Windows\System\cvaQHGp.exe
  C:\Windows\System\cvaQHGp.exe
  2⤵
  PID:3916
- C:\Windows\System\ePLVasw.exe
  C:\Windows\System\ePLVasw.exe
  2⤵
  PID:4472
- C:\Windows\System\lbrIXCb.exe
  C:\Windows\System\lbrIXCb.exe
  2⤵
  PID:5092
- C:\Windows\System\EtWTUJl.exe
  C:\Windows\System\EtWTUJl.exe
  2⤵
  PID:4576
- C:\Windows\System\fSLmCck.exe
  C:\Windows\System\fSLmCck.exe
  2⤵
  PID:3848
- C:\Windows\System\hKapLhX.exe
  C:\Windows\System\hKapLhX.exe
  2⤵
  PID:5172
- C:\Windows\System\WsQLwhm.exe
  C:\Windows\System\WsQLwhm.exe
  2⤵
  PID:5228
- C:\Windows\System\mdbacLd.exe
  C:\Windows\System\mdbacLd.exe
  2⤵
  PID:5308
- C:\Windows\System\NfbZrcE.exe
  C:\Windows\System\NfbZrcE.exe
  2⤵
  PID:5368
- C:\Windows\System\VHrTCJg.exe
  C:\Windows\System\VHrTCJg.exe
  2⤵
  PID:5444
- C:\Windows\System\gLjefVG.exe
  C:\Windows\System\gLjefVG.exe
  2⤵
  PID:5504
- C:\Windows\System\WOPFDlK.exe
  C:\Windows\System\WOPFDlK.exe
  2⤵
  PID:5564
- C:\Windows\System\aWVgYvm.exe
  C:\Windows\System\aWVgYvm.exe
  2⤵
  PID:5640
- C:\Windows\System\KkyvFKb.exe
  C:\Windows\System\KkyvFKb.exe
  2⤵
  PID:5700
- C:\Windows\System\gkPbCmt.exe
  C:\Windows\System\gkPbCmt.exe
  2⤵
  PID:5760
- C:\Windows\System\zcGHWeD.exe
  C:\Windows\System\zcGHWeD.exe
  2⤵
  PID:5836
- C:\Windows\System\nnlqUSn.exe
  C:\Windows\System\nnlqUSn.exe
  2⤵
  PID:5896
- C:\Windows\System\pVReAnv.exe
  C:\Windows\System\pVReAnv.exe
  2⤵
  PID:5956
- C:\Windows\System\XqoXHVN.exe
  C:\Windows\System\XqoXHVN.exe
  2⤵
  PID:6032
- C:\Windows\System\XzDyGJi.exe
  C:\Windows\System\XzDyGJi.exe
  2⤵
  PID:6092
- C:\Windows\System\aKJYsVi.exe
  C:\Windows\System\aKJYsVi.exe
  2⤵
  PID:4740
- C:\Windows\System\GLyJjQw.exe
  C:\Windows\System\GLyJjQw.exe
  2⤵
  PID:2152
- C:\Windows\System\QKWtqNB.exe
  C:\Windows\System\QKWtqNB.exe
  2⤵
  PID:1492
- C:\Windows\System\vnDRWDy.exe
  C:\Windows\System\vnDRWDy.exe
  2⤵
  PID:5224
- C:\Windows\System\sEHBBza.exe
  C:\Windows\System\sEHBBza.exe
  2⤵
  PID:5396
- C:\Windows\System\TaShZmL.exe
  C:\Windows\System\TaShZmL.exe
  2⤵
  PID:5536
- C:\Windows\System\pPxiUOr.exe
  C:\Windows\System\pPxiUOr.exe
  2⤵
  PID:5676
- C:\Windows\System\CSdRorC.exe
  C:\Windows\System\CSdRorC.exe
  2⤵
  PID:5864
- C:\Windows\System\MQAwpyE.exe
  C:\Windows\System\MQAwpyE.exe
  2⤵
  PID:6004
- C:\Windows\System\IwbJvym.exe
  C:\Windows\System\IwbJvym.exe
  2⤵
  PID:6164
- C:\Windows\System\iDApEdz.exe
  C:\Windows\System\iDApEdz.exe
  2⤵
  PID:6192
- C:\Windows\System\IXSbOgA.exe
  C:\Windows\System\IXSbOgA.exe
  2⤵
  PID:6220
- C:\Windows\System\bMNyxhG.exe
  C:\Windows\System\bMNyxhG.exe
  2⤵
  PID:6248
- C:\Windows\System\WnjOVKK.exe
  C:\Windows\System\WnjOVKK.exe
  2⤵
  PID:6276
- C:\Windows\System\iwRIrnW.exe
  C:\Windows\System\iwRIrnW.exe
  2⤵
  PID:6304
- C:\Windows\System\SXQjext.exe
  C:\Windows\System\SXQjext.exe
  2⤵
  PID:6332
- C:\Windows\System\ninPWAQ.exe
  C:\Windows\System\ninPWAQ.exe
  2⤵
  PID:6364
- C:\Windows\System\SViCPSU.exe
  C:\Windows\System\SViCPSU.exe
  2⤵
  PID:6388
- C:\Windows\System\BvVJWLZ.exe
  C:\Windows\System\BvVJWLZ.exe
  2⤵
  PID:6416
- C:\Windows\System\aOuHpzd.exe
  C:\Windows\System\aOuHpzd.exe
  2⤵
  PID:6444
- C:\Windows\System\UhLHnXD.exe
  C:\Windows\System\UhLHnXD.exe
  2⤵
  PID:6472
- C:\Windows\System\wCHqpVp.exe
  C:\Windows\System\wCHqpVp.exe
  2⤵
  PID:6500
- C:\Windows\System\SjeSHmR.exe
  C:\Windows\System\SjeSHmR.exe
  2⤵
  PID:6528
- C:\Windows\System\uEuGNVW.exe
  C:\Windows\System\uEuGNVW.exe
  2⤵
  PID:6556
- C:\Windows\System\aqsPrQZ.exe
  C:\Windows\System\aqsPrQZ.exe
  2⤵
  PID:6584
- C:\Windows\System\YTwsewz.exe
  C:\Windows\System\YTwsewz.exe
  2⤵
  PID:6612
- C:\Windows\System\PkIpFAT.exe
  C:\Windows\System\PkIpFAT.exe
  2⤵
  PID:6640
- C:\Windows\System\WzNFFQn.exe
  C:\Windows\System\WzNFFQn.exe
  2⤵
  PID:6668
- C:\Windows\System\abkOWqI.exe
  C:\Windows\System\abkOWqI.exe
  2⤵
  PID:6696
- C:\Windows\System\cVophqw.exe
  C:\Windows\System\cVophqw.exe
  2⤵
  PID:6724
- C:\Windows\System\qWVfjcL.exe
  C:\Windows\System\qWVfjcL.exe
  2⤵
  PID:6752
- C:\Windows\System\YHLXCAa.exe
  C:\Windows\System\YHLXCAa.exe
  2⤵
  PID:6780
- C:\Windows\System\PIgnVxj.exe
  C:\Windows\System\PIgnVxj.exe
  2⤵
  PID:6808
- C:\Windows\System\TiWuHzM.exe
  C:\Windows\System\TiWuHzM.exe
  2⤵
  PID:6836
- C:\Windows\System\gCDuwXe.exe
  C:\Windows\System\gCDuwXe.exe
  2⤵
  PID:6864
- C:\Windows\System\rWXQfis.exe
  C:\Windows\System\rWXQfis.exe
  2⤵
  PID:6892
- C:\Windows\System\rszWVti.exe
  C:\Windows\System\rszWVti.exe
  2⤵
  PID:6920
- C:\Windows\System\BRAXBRL.exe
  C:\Windows\System\BRAXBRL.exe
  2⤵
  PID:6948
- C:\Windows\System\QfWTcCW.exe
  C:\Windows\System\QfWTcCW.exe
  2⤵
  PID:6976
- C:\Windows\System\HwYpvKc.exe
  C:\Windows\System\HwYpvKc.exe
  2⤵
  PID:7004
- C:\Windows\System\ASJpEgb.exe
  C:\Windows\System\ASJpEgb.exe
  2⤵
  PID:7032
- C:\Windows\System\DDgRhia.exe
  C:\Windows\System\DDgRhia.exe
  2⤵
  PID:7060
- C:\Windows\System\XlSyRPb.exe
  C:\Windows\System\XlSyRPb.exe
  2⤵
  PID:7088
- C:\Windows\System\HBaVdoP.exe
  C:\Windows\System\HBaVdoP.exe
  2⤵
  PID:7116
- C:\Windows\System\wsVVwSR.exe
  C:\Windows\System\wsVVwSR.exe
  2⤵
  PID:7144
- C:\Windows\System\IZLCqaO.exe
  C:\Windows\System\IZLCqaO.exe
  2⤵
  PID:6068
- C:\Windows\System\hawzcab.exe
  C:\Windows\System\hawzcab.exe
  2⤵
  PID:2176
- C:\Windows\System\eATPGSB.exe
  C:\Windows\System\eATPGSB.exe
  2⤵
  PID:5340
- C:\Windows\System\IaLFVxK.exe
  C:\Windows\System\IaLFVxK.exe
  2⤵
  PID:5752
- C:\Windows\System\qaLKRyd.exe
  C:\Windows\System\qaLKRyd.exe
  2⤵
  PID:6152
- C:\Windows\System\tgoeUri.exe
  C:\Windows\System\tgoeUri.exe
  2⤵
  PID:6204
- C:\Windows\System\znjBBaq.exe
  C:\Windows\System\znjBBaq.exe
  2⤵
  PID:6264
- C:\Windows\System\FwjiImq.exe
  C:\Windows\System\FwjiImq.exe
  2⤵
  PID:6324
- C:\Windows\System\QthubmK.exe
  C:\Windows\System\QthubmK.exe
  2⤵
  PID:6380
- C:\Windows\System\xvHcfwH.exe
  C:\Windows\System\xvHcfwH.exe
  2⤵
  PID:6436
- C:\Windows\System\GITodDK.exe
  C:\Windows\System\GITodDK.exe
  2⤵
  PID:6512
- C:\Windows\System\PYgzXHE.exe
  C:\Windows\System\PYgzXHE.exe
  2⤵
  PID:6572
- C:\Windows\System\kAPDwZX.exe
  C:\Windows\System\kAPDwZX.exe
  2⤵
  PID:6632
- C:\Windows\System\uqqIvIm.exe
  C:\Windows\System\uqqIvIm.exe
  2⤵
  PID:6688
- C:\Windows\System\GNjYYON.exe
  C:\Windows\System\GNjYYON.exe
  2⤵
  PID:6764
- C:\Windows\System\ewFzjPC.exe
  C:\Windows\System\ewFzjPC.exe
  2⤵
  PID:6824
- C:\Windows\System\ervhjim.exe
  C:\Windows\System\ervhjim.exe
  2⤵
  PID:6884
- C:\Windows\System\JBobvGz.exe
  C:\Windows\System\JBobvGz.exe
  2⤵
  PID:6960
- C:\Windows\System\mqigGwP.exe
  C:\Windows\System\mqigGwP.exe
  2⤵
  PID:2028
- C:\Windows\System\snFCEnn.exe
  C:\Windows\System\snFCEnn.exe
  2⤵
  PID:7072
- C:\Windows\System\xkvUmiJ.exe
  C:\Windows\System\xkvUmiJ.exe
  2⤵
  PID:1000
- C:\Windows\System\DGsJoxG.exe
  C:\Windows\System\DGsJoxG.exe
  2⤵
  PID:2968
- C:\Windows\System\ytPJAKJ.exe
  C:\Windows\System\ytPJAKJ.exe
  2⤵
  PID:3596
- C:\Windows\System\UaWTQCE.exe
  C:\Windows\System\UaWTQCE.exe
  2⤵
  PID:1068
- C:\Windows\System\hIehufR.exe
  C:\Windows\System\hIehufR.exe
  2⤵
  PID:6232
- C:\Windows\System\COQovoR.exe
  C:\Windows\System\COQovoR.exe
  2⤵
  PID:6372
- C:\Windows\System\TxccaIw.exe
  C:\Windows\System\TxccaIw.exe
  2⤵
  PID:6488
- C:\Windows\System\AglvqlH.exe
  C:\Windows\System\AglvqlH.exe
  2⤵
  PID:6660
- C:\Windows\System\vAvmOGk.exe
  C:\Windows\System\vAvmOGk.exe
  2⤵
  PID:6792
- C:\Windows\System\iFkCOgv.exe
  C:\Windows\System\iFkCOgv.exe
  2⤵
  PID:6916
- C:\Windows\System\JNnyRrx.exe
  C:\Windows\System\JNnyRrx.exe
  2⤵
  PID:6996
- C:\Windows\System\mLcLcTe.exe
  C:\Windows\System\mLcLcTe.exe
  2⤵
  PID:2860
- C:\Windows\System\igWlPkw.exe
  C:\Windows\System\igWlPkw.exe
  2⤵
  PID:2596
- C:\Windows\System\DSzoNqc.exe
  C:\Windows\System\DSzoNqc.exe
  2⤵
  PID:2424
- C:\Windows\System\WcjkXDw.exe
  C:\Windows\System\WcjkXDw.exe
  2⤵
  PID:6296
- C:\Windows\System\CmqUcCa.exe
  C:\Windows\System\CmqUcCa.exe
  2⤵
  PID:6484
- C:\Windows\System\JJBOhwW.exe
  C:\Windows\System\JJBOhwW.exe
  2⤵
  PID:5036
- C:\Windows\System\WHiGIKI.exe
  C:\Windows\System\WHiGIKI.exe
  2⤵
  PID:512
- C:\Windows\System\keTGwBg.exe
  C:\Windows\System\keTGwBg.exe
  2⤵
  PID:6428
- C:\Windows\System\JadiHdY.exe
  C:\Windows\System\JadiHdY.exe
  2⤵
  PID:6184
- C:\Windows\System\LtOoOAA.exe
  C:\Windows\System\LtOoOAA.exe
  2⤵
  PID:6600
- C:\Windows\System\dHtaGSO.exe
  C:\Windows\System\dHtaGSO.exe
  2⤵
  PID:4524
- C:\Windows\System\qzSRkCj.exe
  C:\Windows\System\qzSRkCj.exe
  2⤵
  PID:3512
- C:\Windows\System\vSxiMgi.exe
  C:\Windows\System\vSxiMgi.exe
  2⤵
  PID:3976
- C:\Windows\System\TFysiqR.exe
  C:\Windows\System\TFysiqR.exe
  2⤵
  PID:7172
- C:\Windows\System\MDbFbBF.exe
  C:\Windows\System\MDbFbBF.exe
  2⤵
  PID:7200
- C:\Windows\System\IYNVniC.exe
  C:\Windows\System\IYNVniC.exe
  2⤵
  PID:7220
- C:\Windows\System\BKkDyNo.exe
  C:\Windows\System\BKkDyNo.exe
  2⤵
  PID:7248
- C:\Windows\System\busqKKa.exe
  C:\Windows\System\busqKKa.exe
  2⤵
  PID:7300
- C:\Windows\System\xIacZLz.exe
  C:\Windows\System\xIacZLz.exe
  2⤵
  PID:7320
- C:\Windows\System\oqULtLp.exe
  C:\Windows\System\oqULtLp.exe
  2⤵
  PID:7352
- C:\Windows\System\FJTzocn.exe
  C:\Windows\System\FJTzocn.exe
  2⤵
  PID:7412
- C:\Windows\System\hfXMZCt.exe
  C:\Windows\System\hfXMZCt.exe
  2⤵
  PID:7440
- C:\Windows\System\laGRNfR.exe
  C:\Windows\System\laGRNfR.exe
  2⤵
  PID:7472
- C:\Windows\System\yWXFhlJ.exe
  C:\Windows\System\yWXFhlJ.exe
  2⤵
  PID:7496
- C:\Windows\System\NVTvjVw.exe
  C:\Windows\System\NVTvjVw.exe
  2⤵
  PID:7520
- C:\Windows\System\qUgfIZx.exe
  C:\Windows\System\qUgfIZx.exe
  2⤵
  PID:7556
- C:\Windows\System\PXILqFr.exe
  C:\Windows\System\PXILqFr.exe
  2⤵
  PID:7588
- C:\Windows\System\UNDHplm.exe
  C:\Windows\System\UNDHplm.exe
  2⤵
  PID:7616
- C:\Windows\System\doHAySD.exe
  C:\Windows\System\doHAySD.exe
  2⤵
  PID:7648
- C:\Windows\System\rhOrZda.exe
  C:\Windows\System\rhOrZda.exe
  2⤵
  PID:7696
- C:\Windows\System\zruXwIx.exe
  C:\Windows\System\zruXwIx.exe
  2⤵
  PID:7720
- C:\Windows\System\TIKrDAY.exe
  C:\Windows\System\TIKrDAY.exe
  2⤵
  PID:7860
- C:\Windows\System\PYgdPze.exe
  C:\Windows\System\PYgdPze.exe
  2⤵
  PID:7888
- C:\Windows\System\wloLIFP.exe
  C:\Windows\System\wloLIFP.exe
  2⤵
  PID:7904
- C:\Windows\System\PijXkcz.exe
  C:\Windows\System\PijXkcz.exe
  2⤵
  PID:7924
- C:\Windows\System\ElsiFYH.exe
  C:\Windows\System\ElsiFYH.exe
  2⤵
  PID:7972
- C:\Windows\System\xLpVngn.exe
  C:\Windows\System\xLpVngn.exe
  2⤵
  PID:7992
- C:\Windows\System\EfCFyRA.exe
  C:\Windows\System\EfCFyRA.exe
  2⤵
  PID:8016
- C:\Windows\System\fvwQkqk.exe
  C:\Windows\System\fvwQkqk.exe
  2⤵
  PID:8044
- C:\Windows\System\ydlxGvL.exe
  C:\Windows\System\ydlxGvL.exe
  2⤵
  PID:8064
- C:\Windows\System\AvYbDpe.exe
  C:\Windows\System\AvYbDpe.exe
  2⤵
  PID:8100
- C:\Windows\System\WuokkYW.exe
  C:\Windows\System\WuokkYW.exe
  2⤵
  PID:8132
- C:\Windows\System\CDOilNP.exe
  C:\Windows\System\CDOilNP.exe
  2⤵
  PID:8176
- C:\Windows\System\hkbzZDl.exe
  C:\Windows\System\hkbzZDl.exe
  2⤵
  PID:1592
- C:\Windows\System\mNCsNGD.exe
  C:\Windows\System\mNCsNGD.exe
  2⤵
  PID:6548
- C:\Windows\System\AYCYVyz.exe
  C:\Windows\System\AYCYVyz.exe
  2⤵
  PID:7264
- C:\Windows\System\OCZFVbR.exe
  C:\Windows\System\OCZFVbR.exe
  2⤵
  PID:7316
- C:\Windows\System\KHazVyg.exe
  C:\Windows\System\KHazVyg.exe
  2⤵
  PID:7396
- C:\Windows\System\TEVVvsT.exe
  C:\Windows\System\TEVVvsT.exe
  2⤵
  PID:7460
- C:\Windows\System\XgWMuWn.exe
  C:\Windows\System\XgWMuWn.exe
  2⤵
  PID:7536
- C:\Windows\System\chTEKtx.exe
  C:\Windows\System\chTEKtx.exe
  2⤵
  PID:7636
- C:\Windows\System\DkZtfXm.exe
  C:\Windows\System\DkZtfXm.exe
  2⤵
  PID:7708
- C:\Windows\System\olrsLYD.exe
  C:\Windows\System\olrsLYD.exe
  2⤵
  PID:7428
- C:\Windows\System\xCmZYHS.exe
  C:\Windows\System\xCmZYHS.exe
  2⤵
  PID:7184
- C:\Windows\System\RaCVndl.exe
  C:\Windows\System\RaCVndl.exe
  2⤵
  PID:4432
- C:\Windows\System\ODsnUYM.exe
  C:\Windows\System\ODsnUYM.exe
  2⤵
  PID:7848
- C:\Windows\System\DCQahtp.exe
  C:\Windows\System\DCQahtp.exe
  2⤵
  PID:7516
- C:\Windows\System\eYdElhI.exe
  C:\Windows\System\eYdElhI.exe
  2⤵
  PID:7704
- C:\Windows\System\MBVzApS.exe
  C:\Windows\System\MBVzApS.exe
  2⤵
  PID:7880
- C:\Windows\System\rzqpFij.exe
  C:\Windows\System\rzqpFij.exe
  2⤵
  PID:7956
- C:\Windows\System\GIobiCV.exe
  C:\Windows\System\GIobiCV.exe
  2⤵
  PID:8028
- C:\Windows\System\QtqMzYi.exe
  C:\Windows\System\QtqMzYi.exe
  2⤵
  PID:8088
- C:\Windows\System\ZEUkavx.exe
  C:\Windows\System\ZEUkavx.exe
  2⤵
  PID:8148
- C:\Windows\System\wICPHUr.exe
  C:\Windows\System\wICPHUr.exe
  2⤵
  PID:1604
- C:\Windows\System\VsTLTSg.exe
  C:\Windows\System\VsTLTSg.exe
  2⤵
  PID:7196
- C:\Windows\System\MTEgvbv.exe
  C:\Windows\System\MTEgvbv.exe
  2⤵
  PID:7508
- C:\Windows\System\GUzULYK.exe
  C:\Windows\System\GUzULYK.exe
  2⤵
  PID:7580
- C:\Windows\System\VJuRAat.exe
  C:\Windows\System\VJuRAat.exe
  2⤵
  PID:7812
- C:\Windows\System\SPzwyzf.exe
  C:\Windows\System\SPzwyzf.exe
  2⤵
  PID:7844
- C:\Windows\System\uabfVRB.exe
  C:\Windows\System\uabfVRB.exe
  2⤵
  PID:7884
- C:\Windows\System\uNYiINi.exe
  C:\Windows\System\uNYiINi.exe
  2⤵
  PID:7968
- C:\Windows\System\cqmTqZK.exe
  C:\Windows\System\cqmTqZK.exe
  2⤵
  PID:8164
- C:\Windows\System\eJLEwwj.exe
  C:\Windows\System\eJLEwwj.exe
  2⤵
  PID:7384
- C:\Windows\System\srpuFst.exe
  C:\Windows\System\srpuFst.exe
  2⤵
  PID:1680
- C:\Windows\System\BEKMoIO.exe
  C:\Windows\System\BEKMoIO.exe
  2⤵
  PID:7660
- C:\Windows\System\xtisUkL.exe
  C:\Windows\System\xtisUkL.exe
  2⤵
  PID:8120
- C:\Windows\System\baHPUaX.exe
  C:\Windows\System\baHPUaX.exe
  2⤵
  PID:7484
- C:\Windows\System\vsCyNXv.exe
  C:\Windows\System\vsCyNXv.exe
  2⤵
  PID:3600
- C:\Windows\System\wxKKGqN.exe
  C:\Windows\System\wxKKGqN.exe
  2⤵
  PID:7856
- C:\Windows\System\CfuiPWs.exe
  C:\Windows\System\CfuiPWs.exe
  2⤵
  PID:3304
- C:\Windows\System\mnxgDUi.exe
  C:\Windows\System\mnxgDUi.exe
  2⤵
  PID:8208
- C:\Windows\System\NupbUmy.exe
  C:\Windows\System\NupbUmy.exe
  2⤵
  PID:8236
- C:\Windows\System\UCeKaGL.exe
  C:\Windows\System\UCeKaGL.exe
  2⤵
  PID:8268
- C:\Windows\System\LjVekaD.exe
  C:\Windows\System\LjVekaD.exe
  2⤵
  PID:8304
- C:\Windows\System\rrYhrfw.exe
  C:\Windows\System\rrYhrfw.exe
  2⤵
  PID:8332
- C:\Windows\System\jddAaBe.exe
  C:\Windows\System\jddAaBe.exe
  2⤵
  PID:8352
- C:\Windows\System\QZKjyIf.exe
  C:\Windows\System\QZKjyIf.exe
  2⤵
  PID:8376
- C:\Windows\System\zCOnHOy.exe
  C:\Windows\System\zCOnHOy.exe
  2⤵
  PID:8404
- C:\Windows\System\pRALaFT.exe
  C:\Windows\System\pRALaFT.exe
  2⤵
  PID:8432
- C:\Windows\System\XqLGHJW.exe
  C:\Windows\System\XqLGHJW.exe
  2⤵
  PID:8460
- C:\Windows\System\MafOUTF.exe
  C:\Windows\System\MafOUTF.exe
  2⤵
  PID:8552
- C:\Windows\System\EwqINdH.exe
  C:\Windows\System\EwqINdH.exe
  2⤵
  PID:8572
- C:\Windows\System\jngRgHw.exe
  C:\Windows\System\jngRgHw.exe
  2⤵
  PID:8596
- C:\Windows\System\kQdmcWb.exe
  C:\Windows\System\kQdmcWb.exe
  2⤵
  PID:8624
- C:\Windows\System\OUucYNw.exe
  C:\Windows\System\OUucYNw.exe
  2⤵
  PID:8652
- C:\Windows\System\IvUjtqG.exe
  C:\Windows\System\IvUjtqG.exe
  2⤵
  PID:8680
- C:\Windows\System\BDrZvMJ.exe
  C:\Windows\System\BDrZvMJ.exe
  2⤵
  PID:8708
- C:\Windows\System\cbkQWoJ.exe
  C:\Windows\System\cbkQWoJ.exe
  2⤵
  PID:8736
- C:\Windows\System\KjQQeSj.exe
  C:\Windows\System\KjQQeSj.exe
  2⤵
  PID:8756
- C:\Windows\System\xtBdxjX.exe
  C:\Windows\System\xtBdxjX.exe
  2⤵
  PID:8788
- C:\Windows\System\wwgXFSV.exe
  C:\Windows\System\wwgXFSV.exe
  2⤵
  PID:8820
- C:\Windows\System\nkipWne.exe
  C:\Windows\System\nkipWne.exe
  2⤵
  PID:8836
- C:\Windows\System\xEMmWil.exe
  C:\Windows\System\xEMmWil.exe
  2⤵
  PID:8864
- C:\Windows\System\OfiONnc.exe
  C:\Windows\System\OfiONnc.exe
  2⤵
  PID:8904
- C:\Windows\System\PyUbygQ.exe
  C:\Windows\System\PyUbygQ.exe
  2⤵
  PID:8932
- C:\Windows\System\nFruDOA.exe
  C:\Windows\System\nFruDOA.exe
  2⤵
  PID:8948
- C:\Windows\System\loavPEj.exe
  C:\Windows\System\loavPEj.exe
  2⤵
  PID:8980
- C:\Windows\System\gfTCOjt.exe
  C:\Windows\System\gfTCOjt.exe
  2⤵
  PID:9016
- C:\Windows\System\SweSLbe.exe
  C:\Windows\System\SweSLbe.exe
  2⤵
  PID:9044
- C:\Windows\System\EVDWOKH.exe
  C:\Windows\System\EVDWOKH.exe
  2⤵
  PID:9060
- C:\Windows\System\OtsdAea.exe
  C:\Windows\System\OtsdAea.exe
  2⤵
  PID:9100
- C:\Windows\System\QiKbNgX.exe
  C:\Windows\System\QiKbNgX.exe
  2⤵
  PID:9116
- C:\Windows\System\QGulMFu.exe
  C:\Windows\System\QGulMFu.exe
  2⤵
  PID:9156
- C:\Windows\System\zbAHHyu.exe
  C:\Windows\System\zbAHHyu.exe
  2⤵
  PID:9184
- C:\Windows\System\deYvlvH.exe
  C:\Windows\System\deYvlvH.exe
  2⤵
  PID:8196
- C:\Windows\System\UQEOFzy.exe
  C:\Windows\System\UQEOFzy.exe
  2⤵
  PID:8228
- C:\Windows\System\pvHZxok.exe
  C:\Windows\System\pvHZxok.exe
  2⤵
  PID:8292
- C:\Windows\System\ncTkNjw.exe
  C:\Windows\System\ncTkNjw.exe
  2⤵
  PID:8368
- C:\Windows\System\qgsBDeB.exe
  C:\Windows\System\qgsBDeB.exe
  2⤵
  PID:8420
- C:\Windows\System\vSgunFH.exe
  C:\Windows\System\vSgunFH.exe
  2⤵
  PID:4812
- C:\Windows\System\dRzvCCD.exe
  C:\Windows\System\dRzvCCD.exe
  2⤵
  PID:8528
- C:\Windows\System\WfJrufy.exe
  C:\Windows\System\WfJrufy.exe
  2⤵
  PID:8616
- C:\Windows\System\niIUlkr.exe
  C:\Windows\System\niIUlkr.exe
  2⤵
  PID:8648
- C:\Windows\System\iMxXxoZ.exe
  C:\Windows\System\iMxXxoZ.exe
  2⤵
  PID:8700
- C:\Windows\System\BVSkxPo.exe
  C:\Windows\System\BVSkxPo.exe
  2⤵
  PID:8764
- C:\Windows\System\RGbQsUQ.exe
  C:\Windows\System\RGbQsUQ.exe
  2⤵
  PID:8880
- C:\Windows\System\IXQlWvB.exe
  C:\Windows\System\IXQlWvB.exe
  2⤵
  PID:8916
- C:\Windows\System\IcUCEnB.exe
  C:\Windows\System\IcUCEnB.exe
  2⤵
  PID:9008
- C:\Windows\System\HonSQCV.exe
  C:\Windows\System\HonSQCV.exe
  2⤵
  PID:9056
- C:\Windows\System\VxDncXl.exe
  C:\Windows\System\VxDncXl.exe
  2⤵
  PID:9140
- C:\Windows\System\lXaTjhk.exe
  C:\Windows\System\lXaTjhk.exe
  2⤵
  PID:9200
- C:\Windows\System\UQiaqZN.exe
  C:\Windows\System\UQiaqZN.exe
  2⤵
  PID:8256
- C:\Windows\System\zBaoHyN.exe
  C:\Windows\System\zBaoHyN.exe
  2⤵
  PID:8448
- C:\Windows\System\HADydMP.exe
  C:\Windows\System\HADydMP.exe
  2⤵
  PID:2188
- C:\Windows\System\NJGZItl.exe
  C:\Windows\System\NJGZItl.exe
  2⤵
  PID:2964
- C:\Windows\System\sfgiToG.exe
  C:\Windows\System\sfgiToG.exe
  2⤵
  PID:8784
- C:\Windows\System\CmCqqLE.exe
  C:\Windows\System\CmCqqLE.exe
  2⤵
  PID:8988
- C:\Windows\System\dnwkANo.exe
  C:\Windows\System\dnwkANo.exe
  2⤵
  PID:9112
- C:\Windows\System\yBdPSlC.exe
  C:\Windows\System\yBdPSlC.exe
  2⤵
  PID:7284
- C:\Windows\System\zReCqbk.exe
  C:\Windows\System\zReCqbk.exe
  2⤵
  PID:4024
- C:\Windows\System\nbUeXHA.exe
  C:\Windows\System\nbUeXHA.exe
  2⤵
  PID:8812
- C:\Windows\System\cPBtYPy.exe
  C:\Windows\System\cPBtYPy.exe
  2⤵
  PID:8392
- C:\Windows\System\nRRCKID.exe
  C:\Windows\System\nRRCKID.exe
  2⤵
  PID:9052
- C:\Windows\System\yeiJPSX.exe
  C:\Windows\System\yeiJPSX.exe
  2⤵
  PID:8672
- C:\Windows\System\TelhQIS.exe
  C:\Windows\System\TelhQIS.exe
  2⤵
  PID:9248
- C:\Windows\System\TMdXfyR.exe
  C:\Windows\System\TMdXfyR.exe
  2⤵
  PID:9276
- C:\Windows\System\VeQWuno.exe
  C:\Windows\System\VeQWuno.exe
  2⤵
  PID:9292
- C:\Windows\System\NnKYBaP.exe
  C:\Windows\System\NnKYBaP.exe
  2⤵
  PID:9320
- C:\Windows\System\XmwUsAU.exe
  C:\Windows\System\XmwUsAU.exe
  2⤵
  PID:9356
- C:\Windows\System\bgxJrus.exe
  C:\Windows\System\bgxJrus.exe
  2⤵
  PID:9376
- C:\Windows\System\zuKwpZf.exe
  C:\Windows\System\zuKwpZf.exe
  2⤵
  PID:9408
- C:\Windows\System\JzbLcKb.exe
  C:\Windows\System\JzbLcKb.exe
  2⤵
  PID:9448
- C:\Windows\System\JvszqxV.exe
  C:\Windows\System\JvszqxV.exe
  2⤵
  PID:9476
- C:\Windows\System\aSXkEBk.exe
  C:\Windows\System\aSXkEBk.exe
  2⤵
  PID:9504
- C:\Windows\System\NbltEgu.exe
  C:\Windows\System\NbltEgu.exe
  2⤵
  PID:9532
- C:\Windows\System\rOFaRSe.exe
  C:\Windows\System\rOFaRSe.exe
  2⤵
  PID:9560
- C:\Windows\System\vmmjBSJ.exe
  C:\Windows\System\vmmjBSJ.exe
  2⤵
  PID:9588
- C:\Windows\System\zbPvWmf.exe
  C:\Windows\System\zbPvWmf.exe
  2⤵
  PID:9620
- C:\Windows\System\UUKBhTV.exe
  C:\Windows\System\UUKBhTV.exe
  2⤵
  PID:9648
- C:\Windows\System\mPFQNTM.exe
  C:\Windows\System\mPFQNTM.exe
  2⤵
  PID:9684
- C:\Windows\System\ydqMZyH.exe
  C:\Windows\System\ydqMZyH.exe
  2⤵
  PID:9716
- C:\Windows\System\LNZAZgW.exe
  C:\Windows\System\LNZAZgW.exe
  2⤵
  PID:9740
- C:\Windows\System\ahgbAtD.exe
  C:\Windows\System\ahgbAtD.exe
  2⤵
  PID:9780
- C:\Windows\System\dnPfGvy.exe
  C:\Windows\System\dnPfGvy.exe
  2⤵
  PID:9824
- C:\Windows\System\kOKvZfv.exe
  C:\Windows\System\kOKvZfv.exe
  2⤵
  PID:9848
- C:\Windows\System\TKNyqUR.exe
  C:\Windows\System\TKNyqUR.exe
  2⤵
  PID:9880
- C:\Windows\System\tkcUFTn.exe
  C:\Windows\System\tkcUFTn.exe
  2⤵
  PID:9908
- C:\Windows\System\HLYSAld.exe
  C:\Windows\System\HLYSAld.exe
  2⤵
  PID:9936
- C:\Windows\System\MLtObbk.exe
  C:\Windows\System\MLtObbk.exe
  2⤵
  PID:9972
- C:\Windows\System\TzSkTlI.exe
  C:\Windows\System\TzSkTlI.exe
  2⤵
  PID:10000
- C:\Windows\System\FiAtErE.exe
  C:\Windows\System\FiAtErE.exe
  2⤵
  PID:10032
- C:\Windows\System\aQPgkEv.exe
  C:\Windows\System\aQPgkEv.exe
  2⤵
  PID:10060
- C:\Windows\System\STIVbEd.exe
  C:\Windows\System\STIVbEd.exe
  2⤵
  PID:10088
- C:\Windows\System\KjrCGVv.exe
  C:\Windows\System\KjrCGVv.exe
  2⤵
  PID:10104
- C:\Windows\System\IicIlPI.exe
  C:\Windows\System\IicIlPI.exe
  2⤵
  PID:10148
- C:\Windows\System\WZdUxYm.exe
  C:\Windows\System\WZdUxYm.exe
  2⤵
  PID:10176
- C:\Windows\System\RvWGfTz.exe
  C:\Windows\System\RvWGfTz.exe
  2⤵
  PID:10204
- C:\Windows\System\pFnpBPn.exe
  C:\Windows\System\pFnpBPn.exe
  2⤵
  PID:10232
- C:\Windows\System\iYPcvrt.exe
  C:\Windows\System\iYPcvrt.exe
  2⤵
  PID:9148
- C:\Windows\System\QbDeAcp.exe
  C:\Windows\System\QbDeAcp.exe
  2⤵
  PID:9316
- C:\Windows\System\bCOvSWd.exe
  C:\Windows\System\bCOvSWd.exe
  2⤵
  PID:9372
- C:\Windows\System\RjLghVi.exe
  C:\Windows\System\RjLghVi.exe
  2⤵
  PID:3268
- C:\Windows\System\TsuARgg.exe
  C:\Windows\System\TsuARgg.exe
  2⤵
  PID:9468
- C:\Windows\System\FyuuaUS.exe
  C:\Windows\System\FyuuaUS.exe
  2⤵
  PID:9544
- C:\Windows\System\CmxBdXE.exe
  C:\Windows\System\CmxBdXE.exe
  2⤵
  PID:9612
- C:\Windows\System\lAxNfSu.exe
  C:\Windows\System\lAxNfSu.exe
  2⤵
  PID:9676
- C:\Windows\System\TWhidid.exe
  C:\Windows\System\TWhidid.exe
  2⤵
  PID:9748
- C:\Windows\System\tDpsqPl.exe
  C:\Windows\System\tDpsqPl.exe
  2⤵
  PID:9768
- C:\Windows\System\dyBfDJr.exe
  C:\Windows\System\dyBfDJr.exe
  2⤵
  PID:9860
- C:\Windows\System\MEGuzAr.exe
  C:\Windows\System\MEGuzAr.exe
  2⤵
  PID:9956
- C:\Windows\System\NwwhwDQ.exe
  C:\Windows\System\NwwhwDQ.exe
  2⤵
  PID:10020
- C:\Windows\System\AAfSIZX.exe
  C:\Windows\System\AAfSIZX.exe
  2⤵
  PID:10072
- C:\Windows\System\cbaSaqw.exe
  C:\Windows\System\cbaSaqw.exe
  2⤵
  PID:10172
- C:\Windows\System\WSiFGHl.exe
  C:\Windows\System\WSiFGHl.exe
  2⤵
  PID:9268
- C:\Windows\System\eHabvwy.exe
  C:\Windows\System\eHabvwy.exe
  2⤵
  PID:9368
- C:\Windows\System\lWdSeIq.exe
  C:\Windows\System\lWdSeIq.exe
  2⤵
  PID:9528
- C:\Windows\System\WXXHDgv.exe
  C:\Windows\System\WXXHDgv.exe
  2⤵
  PID:9812
- C:\Windows\System\iiBaoie.exe
  C:\Windows\System\iiBaoie.exe
  2⤵
  PID:9992
- C:\Windows\System\zwUJaqX.exe
  C:\Windows\System\zwUJaqX.exe
  2⤵
  PID:10116
- C:\Windows\System\WZDifCN.exe
  C:\Windows\System\WZDifCN.exe
  2⤵
  PID:9388
- C:\Windows\System\JnZDZoP.exe
  C:\Windows\System\JnZDZoP.exe
  2⤵
  PID:9896
- C:\Windows\System\tGrxoGZ.exe
  C:\Windows\System\tGrxoGZ.exe
  2⤵
  PID:10044
- C:\Windows\System\dTXEHpP.exe
  C:\Windows\System\dTXEHpP.exe
  2⤵
  PID:9304
- C:\Windows\System\gEOMcyf.exe
  C:\Windows\System\gEOMcyf.exe
  2⤵
  PID:9984
- C:\Windows\System\IRvzZWp.exe
  C:\Windows\System\IRvzZWp.exe
  2⤵
  PID:10264
- C:\Windows\System\WPZuJhU.exe
  C:\Windows\System\WPZuJhU.exe
  2⤵
  PID:10308
- C:\Windows\System\hkkdTOb.exe
  C:\Windows\System\hkkdTOb.exe
  2⤵
  PID:10328
- C:\Windows\System\btQdKXm.exe
  C:\Windows\System\btQdKXm.exe
  2⤵
  PID:10356
- C:\Windows\System\mlNxMww.exe
  C:\Windows\System\mlNxMww.exe
  2⤵
  PID:10408
- C:\Windows\System\DSizjMR.exe
  C:\Windows\System\DSizjMR.exe
  2⤵
  PID:10424
- C:\Windows\System\jtArWrw.exe
  C:\Windows\System\jtArWrw.exe
  2⤵
  PID:10476
- C:\Windows\System\rtQSPHt.exe
  C:\Windows\System\rtQSPHt.exe
  2⤵
  PID:10520
- C:\Windows\System\jRRJVrN.exe
  C:\Windows\System\jRRJVrN.exe
  2⤵
  PID:10560
- C:\Windows\System\AzwUGVB.exe
  C:\Windows\System\AzwUGVB.exe
  2⤵
  PID:10592
- C:\Windows\System\VyOipvh.exe
  C:\Windows\System\VyOipvh.exe
  2⤵
  PID:10620
- C:\Windows\System\YROIkkk.exe
  C:\Windows\System\YROIkkk.exe
  2⤵
  PID:10640
- C:\Windows\System\sEBKUCQ.exe
  C:\Windows\System\sEBKUCQ.exe
  2⤵
  PID:10664
- C:\Windows\System\pxnfaOh.exe
  C:\Windows\System\pxnfaOh.exe
  2⤵
  PID:10712
- C:\Windows\System\YMNfTzw.exe
  C:\Windows\System\YMNfTzw.exe
  2⤵
  PID:10752
- C:\Windows\System\VmceHPb.exe
  C:\Windows\System\VmceHPb.exe
  2⤵
  PID:10780
- C:\Windows\System\kBXPkkj.exe
  C:\Windows\System\kBXPkkj.exe
  2⤵
  PID:10828
- C:\Windows\System\qfTpzpz.exe
  C:\Windows\System\qfTpzpz.exe
  2⤵
  PID:10848
- C:\Windows\System\dGXJHOZ.exe
  C:\Windows\System\dGXJHOZ.exe
  2⤵
  PID:10876
- C:\Windows\System\ecHvNvG.exe
  C:\Windows\System\ecHvNvG.exe
  2⤵
  PID:10932
- C:\Windows\System\zpmLnFj.exe
  C:\Windows\System\zpmLnFj.exe
  2⤵
  PID:10988
- C:\Windows\System\qFmcCpB.exe
  C:\Windows\System\qFmcCpB.exe
  2⤵
  PID:11008
- C:\Windows\System\nrZgpEw.exe
  C:\Windows\System\nrZgpEw.exe
  2⤵
  PID:11044
- C:\Windows\System\IIYqwnm.exe
  C:\Windows\System\IIYqwnm.exe
  2⤵
  PID:11064
- C:\Windows\System\xsiMcaB.exe
  C:\Windows\System\xsiMcaB.exe
  2⤵
  PID:11112
- C:\Windows\System\sQWOAvz.exe
  C:\Windows\System\sQWOAvz.exe
  2⤵
  PID:11128
- C:\Windows\System\dWAtqvk.exe
  C:\Windows\System\dWAtqvk.exe
  2⤵
  PID:11160
- C:\Windows\System\lXBXiCC.exe
  C:\Windows\System\lXBXiCC.exe
  2⤵
  PID:11196
- C:\Windows\System\NuKGgQW.exe
  C:\Windows\System\NuKGgQW.exe
  2⤵
  PID:11212
- C:\Windows\System\uXNtsMD.exe
  C:\Windows\System\uXNtsMD.exe
  2⤵
  PID:11228
- C:\Windows\System\icxVFgw.exe
  C:\Windows\System\icxVFgw.exe
  2⤵
  PID:11260
- C:\Windows\System\vIfGDJs.exe
  C:\Windows\System\vIfGDJs.exe
  2⤵
  PID:10300
- C:\Windows\System\oTIfHyA.exe
  C:\Windows\System\oTIfHyA.exe
  2⤵
  PID:10380
- C:\Windows\System\EpEANyw.exe
  C:\Windows\System\EpEANyw.exe
  2⤵
  PID:10456
- C:\Windows\System\OyvoyHm.exe
  C:\Windows\System\OyvoyHm.exe
  2⤵
  PID:10576
- C:\Windows\System\qtmcHzZ.exe
  C:\Windows\System\qtmcHzZ.exe
  2⤵
  PID:10648
- C:\Windows\System\QDDymmy.exe
  C:\Windows\System\QDDymmy.exe
  2⤵
  PID:10688
- C:\Windows\System\PyOTgBu.exe
  C:\Windows\System\PyOTgBu.exe
  2⤵
  PID:10796
- C:\Windows\System\MqQKzqA.exe
  C:\Windows\System\MqQKzqA.exe
  2⤵
  PID:10896
- C:\Windows\System\XZTytxC.exe
  C:\Windows\System\XZTytxC.exe
  2⤵
  PID:11004
- C:\Windows\System\PKmjeTK.exe
  C:\Windows\System\PKmjeTK.exe
  2⤵
  PID:11088
- C:\Windows\System\xXwJwqf.exe
  C:\Windows\System\xXwJwqf.exe
  2⤵
  PID:11180
- C:\Windows\System\SXkYjCN.exe
  C:\Windows\System\SXkYjCN.exe
  2⤵
  PID:11220
- C:\Windows\System\hiCdPit.exe
  C:\Windows\System\hiCdPit.exe
  2⤵
  PID:10284
- C:\Windows\System\PnIKJon.exe
  C:\Windows\System\PnIKJon.exe
  2⤵
  PID:10552
- C:\Windows\System\fcpvByv.exe
  C:\Windows\System\fcpvByv.exe
  2⤵
  PID:10588
- C:\Windows\System\YMIrcjy.exe
  C:\Windows\System\YMIrcjy.exe
  2⤵
  PID:10872
- C:\Windows\System\iAUVwej.exe
  C:\Windows\System\iAUVwej.exe
  2⤵
  PID:11124
- C:\Windows\System\qAvQkLv.exe
  C:\Windows\System\qAvQkLv.exe
  2⤵
  PID:11204
- C:\Windows\System\YCrVOip.exe
  C:\Windows\System\YCrVOip.exe
  2⤵
  PID:10420
- C:\Windows\System\icBxrgU.exe
  C:\Windows\System\icBxrgU.exe
  2⤵
  PID:10772
- C:\Windows\System\qdtUfqR.exe
  C:\Windows\System\qdtUfqR.exe
  2⤵
  PID:10768
- C:\Windows\System\AUWplzw.exe
  C:\Windows\System\AUWplzw.exe
  2⤵
  PID:11288
- C:\Windows\System\GBtPlwT.exe
  C:\Windows\System\GBtPlwT.exe
  2⤵
  PID:11324
- C:\Windows\System\PXtotJJ.exe
  C:\Windows\System\PXtotJJ.exe
  2⤵
  PID:11364
- C:\Windows\System\SeJOLdy.exe
  C:\Windows\System\SeJOLdy.exe
  2⤵
  PID:11392
- C:\Windows\System\BGavyEx.exe
  C:\Windows\System\BGavyEx.exe
  2⤵
  PID:11412
- C:\Windows\System\epNBeXh.exe
  C:\Windows\System\epNBeXh.exe
  2⤵
  PID:11440
- C:\Windows\System\waGARXe.exe
  C:\Windows\System\waGARXe.exe
  2⤵
  PID:11468
- C:\Windows\System\FbtwHOw.exe
  C:\Windows\System\FbtwHOw.exe
  2⤵
  PID:11508
- C:\Windows\System\TqHNNoQ.exe
  C:\Windows\System\TqHNNoQ.exe
  2⤵
  PID:11536
- C:\Windows\System\MQKeyXB.exe
  C:\Windows\System\MQKeyXB.exe
  2⤵
  PID:11564
- C:\Windows\System\Jmrribc.exe
  C:\Windows\System\Jmrribc.exe
  2⤵
  PID:11596
- C:\Windows\System\FhKWExZ.exe
  C:\Windows\System\FhKWExZ.exe
  2⤵
  PID:11624
- C:\Windows\System\zjMVGkm.exe
  C:\Windows\System\zjMVGkm.exe
  2⤵
  PID:11640
- C:\Windows\System\FkUVGZK.exe
  C:\Windows\System\FkUVGZK.exe
  2⤵
  PID:11680
- C:\Windows\System\zhIkZBB.exe
  C:\Windows\System\zhIkZBB.exe
  2⤵
  PID:11696
- C:\Windows\System\pRAYMwh.exe
  C:\Windows\System\pRAYMwh.exe
  2⤵
  PID:11724
- C:\Windows\System\BSaEIZs.exe
  C:\Windows\System\BSaEIZs.exe
  2⤵
  PID:11752
- C:\Windows\System\XCbbFmX.exe
  C:\Windows\System\XCbbFmX.exe
  2⤵
  PID:11772
- C:\Windows\System\WSuCwpM.exe
  C:\Windows\System\WSuCwpM.exe
  2⤵
  PID:11828
- C:\Windows\System\TahUipF.exe
  C:\Windows\System\TahUipF.exe
  2⤵
  PID:11844
- C:\Windows\System\NNRkdla.exe
  C:\Windows\System\NNRkdla.exe
  2⤵
  PID:11884
- C:\Windows\System\nncIhYD.exe
  C:\Windows\System\nncIhYD.exe
  2⤵
  PID:11912
- C:\Windows\System\GUrmSVx.exe
  C:\Windows\System\GUrmSVx.exe
  2⤵
  PID:11948
- C:\Windows\System\kMHYndx.exe
  C:\Windows\System\kMHYndx.exe
  2⤵
  PID:11976
- C:\Windows\System\eTyRWkO.exe
  C:\Windows\System\eTyRWkO.exe
  2⤵
  PID:12004
- C:\Windows\System\qucYVMo.exe
  C:\Windows\System\qucYVMo.exe
  2⤵
  PID:12032
- C:\Windows\System\kejuqBd.exe
  C:\Windows\System\kejuqBd.exe
  2⤵
  PID:12060
- C:\Windows\System\yFbPWhy.exe
  C:\Windows\System\yFbPWhy.exe
  2⤵
  PID:12088
- C:\Windows\System\BOFpfdE.exe
  C:\Windows\System\BOFpfdE.exe
  2⤵
  PID:12108
- C:\Windows\System\HcZNoWc.exe
  C:\Windows\System\HcZNoWc.exe
  2⤵
  PID:12132
- C:\Windows\System\tjHNrBW.exe
  C:\Windows\System\tjHNrBW.exe
  2⤵
  PID:12160
- C:\Windows\System\WVcMrJQ.exe
  C:\Windows\System\WVcMrJQ.exe
  2⤵
  PID:12200
- C:\Windows\System\bjeSKQd.exe
  C:\Windows\System\bjeSKQd.exe
  2⤵
  PID:12216
- C:\Windows\System\zTjIkSC.exe
  C:\Windows\System\zTjIkSC.exe
  2⤵
  PID:12232
- C:\Windows\System\ixlXGtU.exe
  C:\Windows\System\ixlXGtU.exe
  2⤵
  PID:12256
- C:\Windows\System\TAiLbvh.exe
  C:\Windows\System\TAiLbvh.exe
  2⤵
  PID:12284
- C:\Windows\System\vHMjzUH.exe
  C:\Windows\System\vHMjzUH.exe
  2⤵
  PID:11300
- C:\Windows\System\jAxnCBa.exe
  C:\Windows\System\jAxnCBa.exe
  2⤵
  PID:11428
- C:\Windows\System\sfspvZW.exe
  C:\Windows\System\sfspvZW.exe
  2⤵
  PID:11460
- C:\Windows\System\ELzhPKP.exe
  C:\Windows\System\ELzhPKP.exe
  2⤵
  PID:11552
- C:\Windows\System\NBiIrhO.exe
  C:\Windows\System\NBiIrhO.exe
  2⤵
  PID:11592
- C:\Windows\System\tKASucr.exe
  C:\Windows\System\tKASucr.exe
  2⤵
  PID:11636
- C:\Windows\System\EjguEXl.exe
  C:\Windows\System\EjguEXl.exe
  2⤵
  PID:11796
- C:\Windows\System\GLUzrff.exe
  C:\Windows\System\GLUzrff.exe
  2⤵
  PID:11900
- C:\Windows\System\nreaJoo.exe
  C:\Windows\System\nreaJoo.exe
  2⤵
  PID:11972
- C:\Windows\System\wgoUbqo.exe
  C:\Windows\System\wgoUbqo.exe
  2⤵
  PID:12016
- C:\Windows\System\Phyfhtp.exe
  C:\Windows\System\Phyfhtp.exe
  2⤵
  PID:12052
- C:\Windows\System\ydSBhhk.exe
  C:\Windows\System\ydSBhhk.exe
  2⤵
  PID:12120
- C:\Windows\System\yxPxDBX.exe
  C:\Windows\System\yxPxDBX.exe
  2⤵
  PID:12224
- C:\Windows\System\tJNAgrU.exe
  C:\Windows\System\tJNAgrU.exe
  2⤵
  PID:12276
- C:\Windows\System\gtXuPES.exe
  C:\Windows\System\gtXuPES.exe
  2⤵
  PID:11380
- C:\Windows\System\FpXGejK.exe
  C:\Windows\System\FpXGejK.exe
  2⤵
  PID:11524
- C:\Windows\System\nClohKn.exe
  C:\Windows\System\nClohKn.exe
  2⤵
  PID:11612
- C:\Windows\System\SjMdOuZ.exe
  C:\Windows\System\SjMdOuZ.exe
  2⤵
  PID:8500
- C:\Windows\System\RdCGXFR.exe
  C:\Windows\System\RdCGXFR.exe
  2⤵
  PID:11736
- C:\Windows\System\VnwhEyA.exe
  C:\Windows\System\VnwhEyA.exe
  2⤵
  PID:11944
- C:\Windows\System\CWnbiLz.exe
  C:\Windows\System\CWnbiLz.exe
  2⤵
  PID:12076
- C:\Windows\System\kzCBsiI.exe
  C:\Windows\System\kzCBsiI.exe
  2⤵
  PID:12148
- C:\Windows\System\LGZIWic.exe
  C:\Windows\System\LGZIWic.exe
  2⤵
  PID:11504
- C:\Windows\System\PVnNwSP.exe
  C:\Windows\System\PVnNwSP.exe
  2⤵
  PID:8504
- C:\Windows\System\dzSaJTa.exe
  C:\Windows\System\dzSaJTa.exe
  2⤵
  PID:12212
- C:\Windows\System\ttSaYGI.exe
  C:\Windows\System\ttSaYGI.exe
  2⤵
  PID:11744
- C:\Windows\System\SydNTqX.exe
  C:\Windows\System\SydNTqX.exe
  2⤵
  PID:12292
- C:\Windows\System\FXcvOmP.exe
  C:\Windows\System\FXcvOmP.exe
  2⤵
  PID:12328
- C:\Windows\System\vYxDcpD.exe
  C:\Windows\System\vYxDcpD.exe
  2⤵
  PID:12360
- C:\Windows\System\prEYuSj.exe
  C:\Windows\System\prEYuSj.exe
  2⤵
  PID:12392
- C:\Windows\System\WEyEjan.exe
  C:\Windows\System\WEyEjan.exe
  2⤵
  PID:12420
- C:\Windows\System\SlgaFGA.exe
  C:\Windows\System\SlgaFGA.exe
  2⤵
  PID:12440
- C:\Windows\System\mNrxQkv.exe
  C:\Windows\System\mNrxQkv.exe
  2⤵
  PID:12460
- C:\Windows\System\TEfIvyc.exe
  C:\Windows\System\TEfIvyc.exe
  2⤵
  PID:12488
- C:\Windows\System\pKxypZM.exe
  C:\Windows\System\pKxypZM.exe
  2⤵
  PID:12520
- C:\Windows\System\BSYnhdn.exe
  C:\Windows\System\BSYnhdn.exe
  2⤵
  PID:12556
- C:\Windows\System\BXWVemA.exe
  C:\Windows\System\BXWVemA.exe
  2⤵
  PID:12596
- C:\Windows\System\yhFTNSu.exe
  C:\Windows\System\yhFTNSu.exe
  2⤵
  PID:12616
- C:\Windows\System\pNArFgQ.exe
  C:\Windows\System\pNArFgQ.exe
  2⤵
  PID:12652
- C:\Windows\System\oRDrVlh.exe
  C:\Windows\System\oRDrVlh.exe
  2⤵
  PID:12680
- C:\Windows\System\iBcBCFo.exe
  C:\Windows\System\iBcBCFo.exe
  2⤵
  PID:12696
- C:\Windows\System\SJElqlN.exe
  C:\Windows\System\SJElqlN.exe
  2⤵
  PID:12724
- C:\Windows\System\bVXPcNN.exe
  C:\Windows\System\bVXPcNN.exe
  2⤵
  PID:12764
- C:\Windows\System\NSCbVfM.exe
  C:\Windows\System\NSCbVfM.exe
  2⤵
  PID:12792
- C:\Windows\System\PZfYZLr.exe
  C:\Windows\System\PZfYZLr.exe
  2⤵
  PID:12816
- C:\Windows\System\RwsqQRk.exe
  C:\Windows\System\RwsqQRk.exe
  2⤵
  PID:12836
- C:\Windows\System\CnGHCqt.exe
  C:\Windows\System\CnGHCqt.exe
  2⤵
  PID:12876
- C:\Windows\System\LenqGrv.exe
  C:\Windows\System\LenqGrv.exe
  2⤵
  PID:12908
- C:\Windows\System\UizMEWH.exe
  C:\Windows\System\UizMEWH.exe
  2⤵
  PID:12936
- C:\Windows\System\SAfzPQp.exe
  C:\Windows\System\SAfzPQp.exe
  2⤵
  PID:12964
- C:\Windows\System\KJTjcoE.exe
  C:\Windows\System\KJTjcoE.exe
  2⤵
  PID:12992
- C:\Windows\System\ZrmEFpz.exe
  C:\Windows\System\ZrmEFpz.exe
  2⤵
  PID:13016
- C:\Windows\System\XmrUyjS.exe
  C:\Windows\System\XmrUyjS.exe
  2⤵
  PID:13048
- C:\Windows\System\zOkWFjB.exe
  C:\Windows\System\zOkWFjB.exe
  2⤵
  PID:13076
- C:\Windows\System\dwoSrZL.exe
  C:\Windows\System\dwoSrZL.exe
  2⤵
  PID:13104
- C:\Windows\System\qnbbybL.exe
  C:\Windows\System\qnbbybL.exe
  2⤵
  PID:13120
- C:\Windows\System\sPGEtAt.exe
  C:\Windows\System\sPGEtAt.exe
  2⤵
  PID:13144
- C:\Windows\System\siKXLqU.exe
  C:\Windows\System\siKXLqU.exe
  2⤵
  PID:13176
- C:\Windows\System\UHgJvZi.exe
  C:\Windows\System\UHgJvZi.exe
  2⤵
  PID:13208
- C:\Windows\System\fDyClJy.exe
  C:\Windows\System\fDyClJy.exe
  2⤵
  PID:13240
- C:\Windows\System\RwxkDcw.exe
  C:\Windows\System\RwxkDcw.exe
  2⤵
  PID:13260
- C:\Windows\System\LsUDLsF.exe
  C:\Windows\System\LsUDLsF.exe
  2⤵
  PID:13300
- C:\Windows\System\VUvPhop.exe
  C:\Windows\System\VUvPhop.exe
  2⤵
  PID:12324
- C:\Windows\System\UqchDwO.exe
  C:\Windows\System\UqchDwO.exe
  2⤵
  PID:12388
- C:\Windows\System\CHtcZcF.exe
  C:\Windows\System\CHtcZcF.exe
  2⤵
  PID:12452
- C:\Windows\System\SPDlWOF.exe
  C:\Windows\System\SPDlWOF.exe
  2⤵
  PID:12512
- C:\Windows\System\mrUehzj.exe
  C:\Windows\System\mrUehzj.exe
  2⤵
  PID:12576
- C:\Windows\System\VloRDAx.exe
  C:\Windows\System\VloRDAx.exe
  2⤵
  PID:12644
- C:\Windows\System\MZLXrzF.exe
  C:\Windows\System\MZLXrzF.exe
  2⤵
  PID:12688
- C:\Windows\System\yIYuiZW.exe
  C:\Windows\System\yIYuiZW.exe
  2⤵
  PID:12760
- C:\Windows\System\kztZWeC.exe
  C:\Windows\System\kztZWeC.exe
  2⤵
  PID:12808
- C:\Windows\System\SsgMAJj.exe
  C:\Windows\System\SsgMAJj.exe
  2⤵
  PID:12872
- C:\Windows\System\LNWqbcX.exe
  C:\Windows\System\LNWqbcX.exe
  2⤵
  PID:12932
- C:\Windows\System\VkOlttt.exe
  C:\Windows\System\VkOlttt.exe
  2⤵
  PID:13000
- C:\Windows\System\TyGdtvm.exe
  C:\Windows\System\TyGdtvm.exe
  2⤵
  PID:13088
- C:\Windows\System\kPLLxSD.exe
  C:\Windows\System\kPLLxSD.exe
  2⤵
  PID:13132
- C:\Windows\System\ICwYNRT.exe
  C:\Windows\System\ICwYNRT.exe
  2⤵
  PID:13224
- C:\Windows\System\ZTMBdSj.exe
  C:\Windows\System\ZTMBdSj.exe
  2⤵
  PID:13296
- C:\Windows\System\BwIwucp.exe
  C:\Windows\System\BwIwucp.exe
  2⤵
  PID:12432
- C:\Windows\System\ucCFNhv.exe
  C:\Windows\System\ucCFNhv.exe
  2⤵
  PID:12504
- C:\Windows\System\djSzgUU.exe
  C:\Windows\System\djSzgUU.exe
  2⤵
  PID:12672
- C:\Windows\System\Ukmaooz.exe
  C:\Windows\System\Ukmaooz.exe
  2⤵
  PID:12852
- C:\Windows\System\LBtsfwG.exe
  C:\Windows\System\LBtsfwG.exe
  2⤵
  PID:13156
- C:\Windows\System\vYFqsFI.exe
  C:\Windows\System\vYFqsFI.exe
  2⤵
  PID:13276
- C:\Windows\System\dDWLZNa.exe
  C:\Windows\System\dDWLZNa.exe
  2⤵
  PID:12612
- C:\Windows\System\ocCqtLC.exe
  C:\Windows\System\ocCqtLC.exe
  2⤵
  PID:13092
- C:\Windows\System\rlwYDUe.exe
  C:\Windows\System\rlwYDUe.exe
  2⤵
  PID:12744
- C:\Windows\System\HcbFUXm.exe
  C:\Windows\System\HcbFUXm.exe
  2⤵
  PID:13228
- C:\Windows\System\gmMyQGt.exe
  C:\Windows\System\gmMyQGt.exe
  2⤵
  PID:13328
- C:\Windows\System\ItsYtiO.exe
  C:\Windows\System\ItsYtiO.exe
  2⤵
  PID:13364
- C:\Windows\System\YzihEgg.exe
  C:\Windows\System\YzihEgg.exe
  2⤵
  PID:13384
- C:\Windows\System\ZtiAfMN.exe
  C:\Windows\System\ZtiAfMN.exe
  2⤵
  PID:13400
- C:\Windows\System\dDhFeTA.exe
  C:\Windows\System\dDhFeTA.exe
  2⤵
  PID:13452
- C:\Windows\System\fvnZfUt.exe
  C:\Windows\System\fvnZfUt.exe
  2⤵
  PID:13476
- C:\Windows\System\eihoIhu.exe
  C:\Windows\System\eihoIhu.exe
  2⤵
  PID:13496
- C:\Windows\System\RjQRIvH.exe
  C:\Windows\System\RjQRIvH.exe
  2⤵
  PID:13520
- C:\Windows\System\kxukFVh.exe
  C:\Windows\System\kxukFVh.exe
  2⤵
  PID:13556
- C:\Windows\System\Fckmnwz.exe
  C:\Windows\System\Fckmnwz.exe
  2⤵
  PID:13592
- C:\Windows\System\cFbgtgM.exe
  C:\Windows\System\cFbgtgM.exe
  2⤵
  PID:13612
- C:\Windows\System\taaYfTD.exe
  C:\Windows\System\taaYfTD.exe
  2⤵
  PID:13652
- C:\Windows\System\xzValUp.exe
  C:\Windows\System\xzValUp.exe
  2⤵
  PID:13680
- C:\Windows\System\PQBvhJC.exe
  C:\Windows\System\PQBvhJC.exe
  2⤵
  PID:13704
- C:\Windows\System\DBcFTkt.exe
  C:\Windows\System\DBcFTkt.exe
  2⤵
  PID:13724
- C:\Windows\System\nYHwqiH.exe
  C:\Windows\System\nYHwqiH.exe
  2⤵
  PID:13752
- C:\Windows\System\nRxmhol.exe
  C:\Windows\System\nRxmhol.exe
  2⤵
  PID:13792
- C:\Windows\System\PrrvkXA.exe
  C:\Windows\System\PrrvkXA.exe
  2⤵
  PID:13816
- C:\Windows\System\LUHlcWQ.exe
  C:\Windows\System\LUHlcWQ.exe
  2⤵
  PID:13836
- C:\Windows\System\xTXJpdI.exe
  C:\Windows\System\xTXJpdI.exe
  2⤵
  PID:13868
- C:\Windows\System\IoDfLNv.exe
  C:\Windows\System\IoDfLNv.exe
  2⤵
  PID:13908
- C:\Windows\System\vtdFTMr.exe
  C:\Windows\System\vtdFTMr.exe
  2⤵
  PID:13924
- C:\Windows\System\PNphOOS.exe
  C:\Windows\System\PNphOOS.exe
  2⤵
  PID:13952
- C:\Windows\System\qAFLzNQ.exe
  C:\Windows\System\qAFLzNQ.exe
  2⤵
  PID:13980
- C:\Windows\System\kjzSSFp.exe
  C:\Windows\System\kjzSSFp.exe
  2⤵
  PID:14016
- C:\Windows\System\iJwLoAb.exe
  C:\Windows\System\iJwLoAb.exe
  2⤵
  PID:14048
- C:\Windows\System\CxrrYME.exe
  C:\Windows\System\CxrrYME.exe
  2⤵
  PID:14076
- C:\Windows\System\bLczDng.exe
  C:\Windows\System\bLczDng.exe
  2⤵
  PID:14104
- C:\Windows\System\riAariY.exe
  C:\Windows\System\riAariY.exe
  2⤵
  PID:14132
- C:\Windows\System\XxkbSmV.exe
  C:\Windows\System\XxkbSmV.exe
  2⤵
  PID:14160
- C:\Windows\System\nzahklV.exe
  C:\Windows\System\nzahklV.exe
  2⤵
  PID:14188
- C:\Windows\System\NLfnTqj.exe
  C:\Windows\System\NLfnTqj.exe
  2⤵
  PID:14212
- C:\Windows\System\MEZhCOb.exe
  C:\Windows\System\MEZhCOb.exe
  2⤵
  PID:14244
- C:\Windows\System\zgEuapB.exe
  C:\Windows\System\zgEuapB.exe
  2⤵
  PID:14272
- C:\Windows\System\fBMEpaA.exe
  C:\Windows\System\fBMEpaA.exe
  2⤵
  PID:14300
- C:\Windows\System\utrmuRg.exe
  C:\Windows\System\utrmuRg.exe
  2⤵
  PID:14328
- C:\Windows\System\bsZKtBT.exe
  C:\Windows\System\bsZKtBT.exe
  2⤵
  PID:13352
- C:\Windows\System\PkRuTCS.exe
  C:\Windows\System\PkRuTCS.exe
  2⤵
  PID:13428
- C:\Windows\System\uYbhTLO.exe
  C:\Windows\System\uYbhTLO.exe
  2⤵
  PID:13448
- C:\Windows\System\tHtudGh.exe
  C:\Windows\System\tHtudGh.exe
  2⤵
  PID:13544
- C:\Windows\System\jHLCRbv.exe
  C:\Windows\System\jHLCRbv.exe
  2⤵
  PID:13584
- C:\Windows\System\HkeGyBQ.exe
  C:\Windows\System\HkeGyBQ.exe
  2⤵
  PID:13676
- C:\Windows\System\fJVOham.exe
  C:\Windows\System\fJVOham.exe
  2⤵
  PID:1608
- C:\Windows\System\OOvLmlO.exe
  C:\Windows\System\OOvLmlO.exe
  2⤵
  PID:13720
- C:\Windows\System\CBwFwJl.exe
  C:\Windows\System\CBwFwJl.exe
  2⤵
  PID:13808
- C:\Windows\System\TsbqGeP.exe
  C:\Windows\System\TsbqGeP.exe
  2⤵
  PID:13852
- C:\Windows\System\APbyoWv.exe
  C:\Windows\System\APbyoWv.exe
  2⤵
  PID:13944
- C:\Windows\System\kgNFvZu.exe
  C:\Windows\System\kgNFvZu.exe
  2⤵
  PID:13992
- C:\Windows\System\hCRcwab.exe
  C:\Windows\System\hCRcwab.exe
  2⤵
  PID:14068
- C:\Windows\System\zMmXlum.exe
  C:\Windows\System\zMmXlum.exe
  2⤵
  PID:14152
- C:\Windows\System\KmCbKlu.exe
  C:\Windows\System\KmCbKlu.exe
  2⤵
  PID:14172
- C:\Windows\System\bUaAVRO.exe
  C:\Windows\System\bUaAVRO.exe
  2⤵
  PID:14228
- C:\Windows\System\AmNnQSw.exe
  C:\Windows\System\AmNnQSw.exe
  2⤵
  PID:14284
- C:\Windows\System\QXAOnqp.exe
  C:\Windows\System\QXAOnqp.exe
  2⤵
  PID:13376
- C:\Windows\System\WAwDpDr.exe
  C:\Windows\System\WAwDpDr.exe
  2⤵
  PID:13508
- C:\Windows\System\yyCExMS.exe
  C:\Windows\System\yyCExMS.exe
  2⤵
  PID:13692
- C:\Windows\System\HRdYxdB.exe
  C:\Windows\System\HRdYxdB.exe
  2⤵
  PID:13568
- C:\Windows\System\nmKlQZd.exe
  C:\Windows\System\nmKlQZd.exe
  2⤵
  PID:14096
- C:\Windows\System\bofCBcB.exe
  C:\Windows\System\bofCBcB.exe
  2⤵
  PID:14268
- C:\Windows\System\umvpLLY.exe
  C:\Windows\System\umvpLLY.exe
  2⤵
  PID:13444
- C:\Windows\System\jfVvQNA.exe
  C:\Windows\System\jfVvQNA.exe
  2⤵
  PID:13884
- C:\Windows\System\EkDLrke.exe
  C:\Windows\System\EkDLrke.exe
  2⤵
  PID:14340
- C:\Windows\System\PsqpTsM.exe
  C:\Windows\System\PsqpTsM.exe
  2⤵
  PID:14388
- C:\Windows\System\OJKZyQm.exe
  C:\Windows\System\OJKZyQm.exe
  2⤵
  PID:14412
- C:\Windows\System\VWcEjXB.exe
  C:\Windows\System\VWcEjXB.exe
  2⤵
  PID:14428
- C:\Windows\System\flXoZct.exe
  C:\Windows\System\flXoZct.exe
  2⤵
  PID:14460

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv taJF2tSjREOpMr9egNyJ+w.0.2
1⤵
PID:14720
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 14720 -s 1020
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:15076

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 14720 -i 14720 -h 448 -j 468 -s 492 -d 14848
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:14916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AbYUGEC.exe

Filesize
2.5MB

MD5
1ee7de600f3dc568d6c63153be28bc50

SHA1
b42fd05ccdaacda55ef62d5065d44a8193cc93f0

SHA256
bb85695bccb489605b0872e2a1cf69ae7ad994934a20b76ad8fd14d3857e35c2

SHA512
fae5fecd9ad7f2a09cd2cf8ca66f6919aaae1942d9d85c3be90276eacf6f7ec568906614152b37b62c52ea31712e29a4d5fcb0537934310c4e6a28e408969ee7

Download Submit
C:\Windows\System\AgbvBQC.exe

Filesize
2.5MB

MD5
d2630fc19b5af0f032336a5e0d9d17a6

SHA1
8d51a860b51e5b79597e8f9e8eca2381265f5b9a

SHA256
53b385504b9910fd946773e907aa0cb79edb2c271fdab1ceee587c2c49f6c048

SHA512
d1b08df75959d4e9629175938355e86dfc6aaf796e21e4f22bf26f1830b57da82468e764853c294d1010f5ebbf65c40fbc42c9e8adfba61dd888f6d0ebde35d0

Download Submit
C:\Windows\System\BoqyWwh.exe

Filesize
2.5MB

MD5
ed716cb1fd01066a51d891ffa2145962

SHA1
3918acaf935ec978f14f57173eb1aadce5c1f9c5

SHA256
57f3802fa8142b3d2585dd01127a1a4914bf5d440705adfb39c6537a95122a4c

SHA512
034a30377c545d7aaa6975c7ecf8aaadb8cdc11a7904f0be4b847d720b16bf6da3e140dc9293954936eb2aae931fbfbb806ddb826f07c7e7e2e59047b667836a

Download Submit
C:\Windows\System\DcyaJUA.exe

Filesize
2.5MB

MD5
771a9884f943652cb15ebbf19e9cf213

SHA1
a14224e5de5bef5a62ef6853c9f05e8ce6b57bfe

SHA256
93c7e21dc869568399338a3ca3929d61d02108ca6251ac72c94419c982b24d47

SHA512
532a7023032119f75b6c97c4cf2ccca21b89e0743a13f86d98ba1b1ab6a70d954f4a008a37c7bb088ec7fc8fb850be564ed5252f39a0beb0ab4d910297bf7d1d

Download Submit
C:\Windows\System\ETgWUIG.exe

Filesize
2.5MB

MD5
00f7911d9698db0b15d8f7d0df19cdaa

SHA1
a824a62d917e8c61b6036b83bd5ff52273a27210

SHA256
68bbb37ca2444f3f606ecf9148e9052c1f137276493a762df50f527385376f9b

SHA512
555b939ccf7459f0c238a9147f3bb9f7ae38b89329ba669350175ab803836e466841bfaea3b36086666f989eedc8fb886cdabf40c2adddbded3101e66d2e08fa

Download Submit
C:\Windows\System\FXOAqRl.exe

Filesize
2.5MB

MD5
4a22b3dee6bbf477740722b4ee8bf87d

SHA1
4eb72cd7de3a0b2979343deed0ea2a2543320db3

SHA256
dc7ebc7904d09bff17011f83bd7e91b99d63b141431df99fb9dc7661e76606a5

SHA512
1b2cb5a484019836b5c536ef3a3bf605ac6c8935d091e9bb283009c383422075b6ef4a4e6cc4ce9359de9a8943d311995592bdea12d92718bdeb56e9d2971b1b

Download Submit
C:\Windows\System\GjoBRED.exe

Filesize
2.5MB

MD5
59adbd9e1260d743d675ee2de20c6b63

SHA1
cced12f7467f0c72699588dd5e2245ec9b5bb10c

SHA256
2599b31f052d6d267b9e76e1156b650e898f81373df7fd9eee7e45735f8ef822

SHA512
cdc9187af927bc54799e6b5acb2639414668e811995fa89dc1f1ab7babfa501de610f4425f16c82256a46555a6af97d6ba130dac83814f09569d64241959df6f

Download Submit
C:\Windows\System\HRNuXaL.exe

Filesize
2.5MB

MD5
c75aa0c87a3cc46c10e760b49e1c717e

SHA1
740c5ffbe5fd6ca4e050fc8418b755336ce491e5

SHA256
f0a726377c0d7ab0eb4585b7845f1c1ebce68dc225196c3a5b5a9adafd8f524e

SHA512
bb71b7970e80fc619ef0b8044caac118309034185db9e554323984ffe51fb890d9757efa48cb7992fe6027c4c31fb86346696d23e4683a816afe00c4142c2a5e

Download Submit
C:\Windows\System\JWumNkL.exe

Filesize
2.5MB

MD5
d219be37032a94d0363753163d21b25c

SHA1
79115402e6929b4243dc3902cd0bb7bcd77331df

SHA256
5259219c9f311f5f3ec74fdc2d49886f30bbf3b50d5d56c6d21e124c21f49ccd

SHA512
16e3eb7c01f9f39180a851dbde31e7a2a8680777a601fc353142cdc41c7657378fcecf2f1a142970b4e8b15ecea7ed06257f0d57a027650b345b115d3fd070dc

Download Submit
C:\Windows\System\KwqZbMM.exe

Filesize
2.5MB

MD5
ae318cbc096362dcffca0fecb4cba307

SHA1
5806118e4be2ff82b52d112a168ec53f3d0bc8bb

SHA256
361bff1fea4d2ba3ed9bdd197937d7feb1dbe4d035cfb977c1d66d3ffc1aa9e0

SHA512
686d572d5860cab7695b4525032509f51d6b1a83e90c163662caaab808244f2d0302cc1dbb7169a6c5b04423671307a5fce73290646cbe8a57c0c6bf1a6f8664

Download Submit
C:\Windows\System\LzspNBF.exe

Filesize
2.5MB

MD5
edfb08351f770dbe62a1b4847fda6a0a

SHA1
558254b325cf79e7aab9d7376c09b3edd53ebe55

SHA256
4b1f898dce6b8c99dc63ab4b6ad458237ea1f42205dca3186befa1180c6f3b91

SHA512
56b10af6e567a64043f619c72dcea7571e9d37e290c58ea3879cad0e91c5464f96f6baee1ed45a3328c0fd6fce2aee2cc1f213fdad0f0fd558b3d8a693e95696

Download Submit
C:\Windows\System\MgZOpig.exe

Filesize
2.5MB

MD5
c01823d562ea2fe07d6554252f4ddeed

SHA1
69ccd3265e1f4bd485e1b7d1eef6f10b831aac16

SHA256
565c2f1e42933c51f8ecef56938bd6dfa9c4442b70c56bac8416decf8476f504

SHA512
b6752793d30e37f402851bf09fb7592a0557b7994621bc02bddaa11b373f44d7074627bc6d2faf548a65e6e1a782b4210576246d7e9a54e4f38bdcd9016268c2

Download Submit
C:\Windows\System\MiYJEry.exe

Filesize
2.5MB

MD5
2c04381952e089701809e008ebc93c4e

SHA1
52b9cc2d97ee981ca9ac6901f970eca1741d8d9a

SHA256
16102fe212a61e9a83cbd1206e07da5aa910b5f3ee9113055b62505bd13bcaf5

SHA512
0b37644735da20b8fec946c447e014df8a3b064cf2050299e663850263d14a1f5cebc59f93fb17525b80d6fb273d24e1243d9f5753b4a1e4a74e9bc010bfadf8

Download Submit
C:\Windows\System\NJyrdjl.exe

Filesize
2.5MB

MD5
cf4a0c9b6c5ab9ab88c277ac9efe3f34

SHA1
77ff8c2bba9239327914446bab44f3fb8c399177

SHA256
6bb101f2c15ae386b60dd242a93ea8c59c013a095af3ae2a6056b82f03bb5060

SHA512
8e35834f2c064a03a0bf26ef2f99a0db62df3b849c37d0d073b612e6963c551d20c343d48ef3efe013a954940a01cbf2883cb908ca4bb877838b46b01d2159e7

Download Submit
C:\Windows\System\PxuTWGd.exe

Filesize
2.5MB

MD5
ccf16c293eedb3449bc42cd131dd31a4

SHA1
79a01b805623d0878534212f6dd53ba0eaa78d86

SHA256
e365d1a13b9f6126111642e097888bb48c5d898974066d4b40b304f30ed316c6

SHA512
43fc348fad455bdc8ad4463922daa71bf964a41cd289c23d95783ea71e38e3d5533a3fb43a865d428d7c8e20e49452a38aa16b486a548d42a7b6387c95c979a1

Download Submit
C:\Windows\System\QOCzutR.exe

Filesize
2.5MB

MD5
6f6abca9617b10fb9748e0eab966bc56

SHA1
f427cb02d3174e8ec634a57a2ac4c0e8de771dd0

SHA256
1235030ebf058fdc89ddb6d088673b5c747c4f1237f7f358fbc74725dc0a53f1

SHA512
dc38a796fc987f220db6b5d035290aa522555eaccced0e3a028410df6d462b29bc7b4275d969bbb25a304f52a0eebe460291bcc30b32a9edeedc4bd037db4c24

Download Submit
C:\Windows\System\TJcAzyR.exe

Filesize
2.5MB

MD5
ec3dabb9da897487cc6cf533c8bbbf75

SHA1
3d8d909673729dd5a626447ba6066712ea58a986

SHA256
ac34b66b9f008c90ec15867787318a011774ed169365e4d6f77ab4ae53bb6f3d

SHA512
96f22883d56783143f9454a8e3b32b0179e8c4978449a0283feec66957023867da360847fc5277dc062b7d21bc4748cc369a4f0f2763010bd895c1bf132ff891

Download Submit
C:\Windows\System\TzqXDPi.exe

Filesize
2.5MB

MD5
cfd0a4badb4670830e48d653ac785995

SHA1
d8dd1fb4e6953b03edcd36a06d8e3a9c49ea4e5b

SHA256
9dd13947cbe2e876e81ced7d0c215b2a771a822f39c2e3d9199380cb665e964b

SHA512
8bc7fc83d4d0ce8968ea539f4d714a28ba121161872bb1b7a7567cce8b5017fe34922515f2adcc29eb8f1a8afcd91054d8a855ab0f68b546dacb73528ede11ab

Download Submit
C:\Windows\System\VSXWWji.exe

Filesize
2.5MB

MD5
f114bd02c07172f19d69d3f11f3d4269

SHA1
75523c3928c8dccd3ed59e3cf10e967b7351e298

SHA256
32218ec1ea140c8f3a8704caec49de3aafafa0a1b267dca9801fe654fe594ea1

SHA512
0be555fe8a43141732dbe8dc97d3ce591682b0b59469044261940f243a793fb2504dece5ec1b7f23bc5bb1584d3f750d2ec7344a339d9c57b0d23ce354d060f9

Download Submit
C:\Windows\System\bfebFth.exe

Filesize
2.5MB

MD5
467f6467ea8337f711ae017e9ed4e13d

SHA1
f76f4c2426275fef8f2d95ec0f6208e6b7b72127

SHA256
b0c1b9756e237ebaf7ab608b9952ae445840cd9f872c7cc9d319bbd4dc012019

SHA512
fddac33995428baef5664c0eed0e997ff4f52e39696a1e241e48d69671db4d9ca936695319662de10913aea1b5b9f6e9bffca1679d6e02be3a75c173f16cfbf9

Download Submit
C:\Windows\System\bwVtnIp.exe

Filesize
2.5MB

MD5
5e083ea85564d52c7eb5091ebbfc1f0a

SHA1
cbcd129e23d18f8566ae4373c7e9524ace4124ee

SHA256
a32705376ef031bda4ef76e023a534bc7bc196842f7a15f904bffa9e00a7ec81

SHA512
2ea10b1a7a0c252752ac55946921dcedfe516c6056e8cf72de6675bd9b159a5d1075ac5f65bdd701595d5a5749c91dd58602c1ef31425604edfdfb0aef6d79ac

Download Submit
C:\Windows\System\dbvNUSf.exe

Filesize
2.5MB

MD5
fb9fd51fe5e8a3640b59ff69073c1ccf

SHA1
6fa999eea52bc1df5bdea5fb3c88c03fdb5eb86e

SHA256
68a3d02d8d7c7a7844814fd89791edf199f12c54feff4a95ac6fe4d1eae2cf3d

SHA512
da4a615faaa32c48da3a0b709027791ec34ce1cfa1fbb392ac49649730a85f19bed9bd765b746d32f9144e701e16200e06f623c6a303fd03410a93e5d35f8e3c

Download Submit
C:\Windows\System\fXSHtcF.exe

Filesize
2.5MB

MD5
a415237fec74a534c9110762f9d91930

SHA1
046147af8989aaca6fddffb7254a8171018243c2

SHA256
f385cc4f03e71a757af2355f50b3bec98144a925dbb6787101ea84f9778c4675

SHA512
e536268df5a71e4edf037e9829223696d1fbe7c4bab428343f970a5621c45bb5b234e3f62e374d5493f15c193e4062032c0287bef8ba0998dd29d3911e70d9fc

Download Submit
C:\Windows\System\hfUcADZ.exe

Filesize
2.5MB

MD5
c1f4dca1bbce0949daf06c9aa1e3743e

SHA1
8e9182f5fcba88268b797c1aac71f830f15ab169

SHA256
5b741d757b41d9fd98ec7dc0d2b2c6b052f0252e6ef225f33e1ddeeb60ca6d58

SHA512
38e51c20a74f693bf0a8994c12c54f35e449ea165edff2c1825614b315e851e6683d2b46d9f9f046a1850cc1393e6bb40cf58f145cdf84dbfae17f9b776dd592

Download Submit
C:\Windows\System\jBmRPXz.exe

Filesize
2.5MB

MD5
f5188b636bb2f08c8d056966700adf6e

SHA1
d42dd3369cf78f7eb05cfd7dda4af8c1fc2f43f5

SHA256
962e50dc52e4018bb1e2e514abef3c26794ac4bd9d893e55c8511b1596fc661d

SHA512
b561dfce0e85d19568a76df5d3d7803d90d2548ad669a973d979c7bbba77bfe70d93ee8f732659aede40b2f0bbbaf325551003e9cbc7f55c531d4608bc22a5f0

Download Submit
C:\Windows\System\jKvfOAy.exe

Filesize
2.5MB

MD5
07d1c8f6678bc432ea7d285ef063ab1d

SHA1
150c0367161a8ae4d60394953a88ea3f975a0e86

SHA256
655693e888fb9483c1b60c3ca2011b52a3c6429c9bbd498985369496bd24ba0a

SHA512
ed415331f2ace503757c4a5dbc647f368bc40e283d463b6dadbd360f0c8b6713144de4a25bf8a9eadcd78d809c98ab30c7903b8cf598e9353e30e009dfc1aff7

Download Submit
C:\Windows\System\jiDrlVa.exe

Filesize
2.5MB

MD5
4233a65944bf628fc3ea2a1437e047c5

SHA1
5121f92f7e1866d903812cdc781e496416f6b718

SHA256
a85bec94a84de7363781946c5c4decc61195160814ca9eb15a70176cd0ffeaba

SHA512
7ca35f33c4789e2fc5f25f1572b0a0de33edba673d45334d0d2ececb7672ea1c6606f771c13d4ba3679cfc383be2fbd5f48760a078ee0cab7f848273080f93bc

Download Submit
C:\Windows\System\lWAVYOn.exe

Filesize
2.5MB

MD5
3a049efca31a2074e3390a17dd347dc3

SHA1
ec28fc5b2241f36e44424a9627a8c84d5b506b3e

SHA256
303b68ce8fbfcf2d36df7b95f441e899c28fc9842a7b998c7a30e9feea987b85

SHA512
69ec3b535d99f0a802fe2730df976c76a7d51bc700a62a3e35e3a53893065d87ff5ccbbbc34d4c9f81326199ad22aec7b9f6a046ba4b2427b9721aa13036bd27

Download Submit
C:\Windows\System\qyVnOOU.exe

Filesize
2.5MB

MD5
3ca8bdc8bc96cec7260664f74a6ac533

SHA1
0f91cc0713e0e698cafa58114ab06788556c018a

SHA256
a112ac3a0f71d7b2e9e687a14f4fc47128ba73fc3f44c0bead5f6ab8ab82394c

SHA512
c5b30c3ee6112cecf4072828fb2a2e6560ec9ad6b6df526251ed57d6950f4dc74b5f10f4235cabfdd256afa2a501d39bd493c96e60438711463a76afd3d6c800

Download Submit
C:\Windows\System\wHrielO.exe

Filesize
2.5MB

MD5
df9b98510e83e7f5838748431881d40f

SHA1
bc643b3c33f5ef5404aede31b333341f89a7ae68

SHA256
126ae50a53de945de85fc75bc0fe06f9988ca2aa24d31e11bb1838b7b1d7810d

SHA512
2b1bc92a28760362652ed5d791a2f7dc57cfc5f36b060ffc2fe1222025aa07f77d140fe175df841a8cb3072698c4e2cc742ca9cd881fa2a0496b61f90253c4a4

Download Submit
C:\Windows\System\xIXGJqw.exe

Filesize
2.5MB

MD5
8ed9d6c1872cc2183fce519a5515e23e

SHA1
6ef760001358b807ed02b31186c87223c6598173

SHA256
acf46a5835a37a30322be93970e946a6933a98c8f160f8afea45f3d67c1b3e15

SHA512
64e80686c36c098790f29b641d907a4a31c5e212384ad9c41253d22da5b6e2f0d9cf4df447ebbaad6c9fcb6d1e27a60de51253ced21e3119f842eb1d138185b2

Download Submit
C:\Windows\System\xgCiNXo.exe

Filesize
2.5MB

MD5
23759475726c9819ddb587dd1240232c

SHA1
6907d1eecc1489d0c913e7101ca11687f8e934bf

SHA256
7c30a13b3b82f06bf51c8d56ba776e04ef6af0bdcff6fcd15481aff9e84779e8

SHA512
e30a7ac9300f532462f61fae436176e7bbc7a65dec680bc358dabc85d89511646f0511e10cee0a37d84a2ec4aa6c57b117ba2e8b33bd4f2c2a5ccc63a1b0e2d8

Download Submit
C:\Windows\System\zJUoXWd.exe

Filesize
2.5MB

MD5
5e88fd31fa328e75fb086e866937d3e4

SHA1
5d88c0fadd47f65131a7e770e62ed7c7516c5092

SHA256
c4f5dae55ae982dfbeaae48c94789616b9416ef1ba977ca6a5c03742b06bf6f3

SHA512
bc0f88bad0eee552e4b0f6f09013875cffef8bc6d41f10a89f3bd300308cb62763aa8f3708d73775f70e86034d9d39032743564bad967af9bcfb51d676d5a3f6

Download Submit
memory/968-799-0x00007FF6EB0A0000-0x00007FF6EB3F4000-memory.dmp

Filesize
3.3MB

Download
memory/968-2113-0x00007FF6EB0A0000-0x00007FF6EB3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2121-0x00007FF751860000-0x00007FF751BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1204-807-0x00007FF751860000-0x00007FF751BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-822-0x00007FF63C370000-0x00007FF63C6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-2107-0x00007FF63C370000-0x00007FF63C6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-765-0x00007FF7152F0000-0x00007FF715644000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2123-0x00007FF7152F0000-0x00007FF715644000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2102-0x00007FF608520000-0x00007FF608874000-memory.dmp

Filesize
3.3MB

Download
memory/1376-36-0x00007FF608520000-0x00007FF608874000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2096-0x00007FF608520000-0x00007FF608874000-memory.dmp

Filesize
3.3MB

Download
memory/1504-2119-0x00007FF6336A0000-0x00007FF6339F4000-memory.dmp

Filesize
3.3MB

Download
memory/1504-756-0x00007FF6336A0000-0x00007FF6339F4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-48-0x00007FF7C1F80000-0x00007FF7C22D4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-2103-0x00007FF7C1F80000-0x00007FF7C22D4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-2101-0x00007FF67A280000-0x00007FF67A5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-30-0x00007FF67A280000-0x00007FF67A5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2106-0x00007FF646DA0000-0x00007FF6470F4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-57-0x00007FF646DA0000-0x00007FF6470F4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2097-0x00007FF646DA0000-0x00007FF6470F4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-790-0x00007FF64B670000-0x00007FF64B9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2114-0x00007FF64B670000-0x00007FF64B9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2095-0x00007FF7DD440000-0x00007FF7DD794000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2104-0x00007FF7DD440000-0x00007FF7DD794000-memory.dmp

Filesize
3.3MB

Download
memory/2464-40-0x00007FF7DD440000-0x00007FF7DD794000-memory.dmp

Filesize
3.3MB

Download
memory/2484-20-0x00007FF6DB6D0000-0x00007FF6DBA24000-memory.dmp

Filesize
3.3MB

Download
memory/2484-2100-0x00007FF6DB6D0000-0x00007FF6DBA24000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2122-0x00007FF64A120000-0x00007FF64A474000-memory.dmp

Filesize
3.3MB

Download
memory/2556-795-0x00007FF64A120000-0x00007FF64A474000-memory.dmp

Filesize
3.3MB

Download
memory/2620-2124-0x00007FF7DFC50000-0x00007FF7DFFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-817-0x00007FF7DFC50000-0x00007FF7DFFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-12-0x00007FF662C40000-0x00007FF662F94000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2098-0x00007FF662C40000-0x00007FF662F94000-memory.dmp

Filesize
3.3MB

Download
memory/3124-804-0x00007FF79F2A0000-0x00007FF79F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3124-2110-0x00007FF79F2A0000-0x00007FF79F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3792-802-0x00007FF75C560000-0x00007FF75C8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2111-0x00007FF75C560000-0x00007FF75C8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2115-0x00007FF77F8E0000-0x00007FF77FC34000-memory.dmp

Filesize
3.3MB

Download
memory/3948-787-0x00007FF77F8E0000-0x00007FF77FC34000-memory.dmp

Filesize
3.3MB

Download
memory/4308-2105-0x00007FF7AC010000-0x00007FF7AC364000-memory.dmp

Filesize
3.3MB

Download
memory/4308-735-0x00007FF7AC010000-0x00007FF7AC364000-memory.dmp

Filesize
3.3MB

Download
memory/4336-744-0x00007FF799B00000-0x00007FF799E54000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2112-0x00007FF799B00000-0x00007FF799E54000-memory.dmp

Filesize
3.3MB

Download
memory/4412-813-0x00007FF67F1B0000-0x00007FF67F504000-memory.dmp

Filesize
3.3MB

Download
memory/4412-2120-0x00007FF67F1B0000-0x00007FF67F504000-memory.dmp

Filesize
3.3MB

Download
memory/4500-784-0x00007FF7917A0000-0x00007FF791AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2116-0x00007FF7917A0000-0x00007FF791AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4508-751-0x00007FF7B9CB0000-0x00007FF7BA004000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2109-0x00007FF7B9CB0000-0x00007FF7BA004000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2099-0x00007FF7E3140000-0x00007FF7E3494000-memory.dmp

Filesize
3.3MB

Download
memory/4536-15-0x00007FF7E3140000-0x00007FF7E3494000-memory.dmp

Filesize
3.3MB

Download
memory/4536-1927-0x00007FF7E3140000-0x00007FF7E3494000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1201-0x00007FF6A35B0000-0x00007FF6A3904000-memory.dmp

Filesize
3.3MB

Download
memory/4964-0-0x00007FF6A35B0000-0x00007FF6A3904000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1-0x000001AEDC620000-0x000001AEDC630000-memory.dmp

Filesize
64KB

Download
memory/4996-739-0x00007FF70CED0000-0x00007FF70D224000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2108-0x00007FF70CED0000-0x00007FF70D224000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2125-0x00007FF6ADE70000-0x00007FF6AE1C4000-memory.dmp

Filesize
3.3MB

Download
memory/5040-821-0x00007FF6ADE70000-0x00007FF6AE1C4000-memory.dmp

Filesize
3.3MB

Download
memory/5096-778-0x00007FF62EDB0000-0x00007FF62F104000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2117-0x00007FF62EDB0000-0x00007FF62F104000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2126-0x00007FF7C7BD0000-0x00007FF7C7F24000-memory.dmp

Filesize
3.3MB

Download
memory/5104-818-0x00007FF7C7BD0000-0x00007FF7C7F24000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2118-0x00007FF6E9040000-0x00007FF6E9394000-memory.dmp

Filesize
3.3MB

Download
memory/5116-772-0x00007FF6E9040000-0x00007FF6E9394000-memory.dmp

Filesize
3.3MB

Download