xmrig | da682639d67b3f152949bccca48605093ddce317da486f47755b0d5c812ec7fd

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
Size

1.6MB
MD5

9370a4884dca970228b6d2408b64c1d0
SHA1

27b9416b5c6120046c37de9ea6c6784ef7ca901a
SHA256

da682639d67b3f152949bccca48605093ddce317da486f47755b0d5c812ec7fd
SHA512

f7ca92f92801f604f7ba3bc3e7ad618f1c6599e51dbc7c2df7aeec072f3c5530c0c86fdcb4e71e0d722b151ec9eb32d7aa374f110f744d4822b5605ab86c7952
SSDEEP

24576:RVIl/WDGCi7/qkatXBF672E55I6PFw12TJ1tmyNJeo55FgrI1y4AMnXhtChZ7N71:ROdWCCi7/rahF3OioF5M+10CHqL5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 13512 created 3912	13512	WerFaultSecure.exe	78

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/1220-443-0x00007FF6CCC80000-0x00007FF6CCFD1000-memory.dmp	xmrig
behavioral2/memory/4180-456-0x00007FF7028B0000-0x00007FF702C01000-memory.dmp	xmrig
behavioral2/memory/1792-450-0x00007FF699E40000-0x00007FF69A191000-memory.dmp	xmrig
behavioral2/memory/5016-462-0x00007FF756710000-0x00007FF756A61000-memory.dmp	xmrig
behavioral2/memory/2136-470-0x00007FF713620000-0x00007FF713971000-memory.dmp	xmrig
behavioral2/memory/3040-474-0x00007FF6FF0D0000-0x00007FF6FF421000-memory.dmp	xmrig
behavioral2/memory/968-468-0x00007FF7B6A00000-0x00007FF7B6D51000-memory.dmp	xmrig
behavioral2/memory/1084-486-0x00007FF6792A0000-0x00007FF6795F1000-memory.dmp	xmrig
behavioral2/memory/1444-547-0x00007FF7F8D60000-0x00007FF7F90B1000-memory.dmp	xmrig
behavioral2/memory/2612-558-0x00007FF64AA50000-0x00007FF64ADA1000-memory.dmp	xmrig
behavioral2/memory/4036-555-0x00007FF60A510000-0x00007FF60A861000-memory.dmp	xmrig
behavioral2/memory/2184-554-0x00007FF603FB0000-0x00007FF604301000-memory.dmp	xmrig
behavioral2/memory/4032-552-0x00007FF7113C0000-0x00007FF711711000-memory.dmp	xmrig
behavioral2/memory/2708-499-0x00007FF7210E0000-0x00007FF721431000-memory.dmp	xmrig
behavioral2/memory/4996-493-0x00007FF601000000-0x00007FF601351000-memory.dmp	xmrig
behavioral2/memory/5028-485-0x00007FF66A350000-0x00007FF66A6A1000-memory.dmp	xmrig
behavioral2/memory/4488-447-0x00007FF7F5550000-0x00007FF7F58A1000-memory.dmp	xmrig
behavioral2/memory/2244-66-0x00007FF7EC5B0000-0x00007FF7EC901000-memory.dmp	xmrig
behavioral2/memory/1984-53-0x00007FF7F7570000-0x00007FF7F78C1000-memory.dmp	xmrig
behavioral2/memory/5020-48-0x00007FF7CE810000-0x00007FF7CEB61000-memory.dmp	xmrig
behavioral2/memory/4380-27-0x00007FF7E3FA0000-0x00007FF7E42F1000-memory.dmp	xmrig
behavioral2/memory/4788-15-0x00007FF7A61F0000-0x00007FF7A6541000-memory.dmp	xmrig
behavioral2/memory/1156-1866-0x00007FF6FB7A0000-0x00007FF6FBAF1000-memory.dmp	xmrig
behavioral2/memory/2632-1861-0x00007FF6288D0000-0x00007FF628C21000-memory.dmp	xmrig
behavioral2/memory/1180-2223-0x00007FF7C9AC0000-0x00007FF7C9E11000-memory.dmp	xmrig
behavioral2/memory/3572-2224-0x00007FF7D22D0000-0x00007FF7D2621000-memory.dmp	xmrig
behavioral2/memory/2244-2225-0x00007FF7EC5B0000-0x00007FF7EC901000-memory.dmp	xmrig
behavioral2/memory/2328-2240-0x00007FF759330000-0x00007FF759681000-memory.dmp	xmrig
behavioral2/memory/5092-2239-0x00007FF66B270000-0x00007FF66B5C1000-memory.dmp	xmrig
behavioral2/memory/4936-2262-0x00007FF7A6BA0000-0x00007FF7A6EF1000-memory.dmp	xmrig
behavioral2/memory/4788-2293-0x00007FF7A61F0000-0x00007FF7A6541000-memory.dmp	xmrig
behavioral2/memory/4380-2296-0x00007FF7E3FA0000-0x00007FF7E42F1000-memory.dmp	xmrig
behavioral2/memory/1156-2297-0x00007FF6FB7A0000-0x00007FF6FBAF1000-memory.dmp	xmrig
behavioral2/memory/3300-2299-0x00007FF66D9F0000-0x00007FF66DD41000-memory.dmp	xmrig
behavioral2/memory/1984-2304-0x00007FF7F7570000-0x00007FF7F78C1000-memory.dmp	xmrig
behavioral2/memory/3572-2307-0x00007FF7D22D0000-0x00007FF7D2621000-memory.dmp	xmrig
behavioral2/memory/1180-2305-0x00007FF7C9AC0000-0x00007FF7C9E11000-memory.dmp	xmrig
behavioral2/memory/2244-2309-0x00007FF7EC5B0000-0x00007FF7EC901000-memory.dmp	xmrig
behavioral2/memory/5020-2302-0x00007FF7CE810000-0x00007FF7CEB61000-memory.dmp	xmrig
behavioral2/memory/3040-2329-0x00007FF6FF0D0000-0x00007FF6FF421000-memory.dmp	xmrig
behavioral2/memory/2612-2347-0x00007FF64AA50000-0x00007FF64ADA1000-memory.dmp	xmrig
behavioral2/memory/4036-2345-0x00007FF60A510000-0x00007FF60A861000-memory.dmp	xmrig
behavioral2/memory/1444-2343-0x00007FF7F8D60000-0x00007FF7F90B1000-memory.dmp	xmrig
behavioral2/memory/2184-2342-0x00007FF603FB0000-0x00007FF604301000-memory.dmp	xmrig
behavioral2/memory/4032-2339-0x00007FF7113C0000-0x00007FF711711000-memory.dmp	xmrig
behavioral2/memory/2708-2337-0x00007FF7210E0000-0x00007FF721431000-memory.dmp	xmrig
behavioral2/memory/4996-2335-0x00007FF601000000-0x00007FF601351000-memory.dmp	xmrig
behavioral2/memory/5016-2333-0x00007FF756710000-0x00007FF756A61000-memory.dmp	xmrig
behavioral2/memory/4180-2332-0x00007FF7028B0000-0x00007FF702C01000-memory.dmp	xmrig
behavioral2/memory/5028-2328-0x00007FF66A350000-0x00007FF66A6A1000-memory.dmp	xmrig
behavioral2/memory/4936-2324-0x00007FF7A6BA0000-0x00007FF7A6EF1000-memory.dmp	xmrig
behavioral2/memory/1220-2321-0x00007FF6CCC80000-0x00007FF6CCFD1000-memory.dmp	xmrig
behavioral2/memory/1792-2318-0x00007FF699E40000-0x00007FF69A191000-memory.dmp	xmrig
behavioral2/memory/968-2316-0x00007FF7B6A00000-0x00007FF7B6D51000-memory.dmp	xmrig
behavioral2/memory/2136-2314-0x00007FF713620000-0x00007FF713971000-memory.dmp	xmrig
behavioral2/memory/2328-2326-0x00007FF759330000-0x00007FF759681000-memory.dmp	xmrig
behavioral2/memory/4488-2320-0x00007FF7F5550000-0x00007FF7F58A1000-memory.dmp	xmrig
behavioral2/memory/1084-2312-0x00007FF6792A0000-0x00007FF6795F1000-memory.dmp	xmrig
behavioral2/memory/5092-2437-0x00007FF66B270000-0x00007FF66B5C1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4788	MtUamqO.exe
1156	PHAAhfS.exe
4380	ScosdWC.exe
3300	lZaJmGB.exe
1180	VKAGbww.exe
5020	PXKdjYr.exe
1984	XvaXxut.exe
3572	rjxRYwm.exe
5092	lYcamUR.exe
2244	jRAscMy.exe
2328	nuxxZsy.exe
4936	FnbZxUx.exe
1220	rTymYBq.exe
4488	TWcBNxV.exe
1792	DpcDnHr.exe
4180	yHcbEjw.exe
5016	hPmPGUf.exe
968	YiRtOWP.exe
2136	ZsuZEhp.exe
3040	uQEYHrT.exe
5028	nicmaDL.exe
1084	yqEgTEk.exe
4996	oiLwBfg.exe
2708	RojqHuD.exe
1444	YczlALT.exe
4032	utSdlVi.exe
2184	aQCoTLl.exe
4036	TJCmNGO.exe
2612	epnwDdD.exe
5060	CUDieDo.exe
3192	SlTMNBo.exe
2156	QWRRpRw.exe
4652	iFGGbfZ.exe
4332	PJTihCm.exe
3756	yIgiNbu.exe
1412	OdfvOrZ.exe
928	esyICEf.exe
4372	AHzpJcm.exe
3736	IPicNZI.exe
2548	JniEYid.exe
2552	kGiPsih.exe
2932	URkUguC.exe
2360	sgsYstt.exe
3600	bRKcFTM.exe
3924	FNXTSPg.exe
4072	CQCppFT.exe
2268	qZSPuRR.exe
4320	LiUzzFm.exe
2348	STXAqTb.exe
4516	LnQBesm.exe
556	mEEKpRe.exe
4660	DwEvLzd.exe
2492	ECbxRUv.exe
116	lVcIAvs.exe
4276	WCYaGxj.exe
4280	XCpeOWh.exe
752	ncchFON.exe
636	CuripXx.exe
5000	LLvrmMv.exe
3012	BNILBiC.exe
4664	fhJCsVU.exe
496	uRqbwON.exe
2452	AsjFXOU.exe
1564	tGYatRu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2632-0-0x00007FF6288D0000-0x00007FF628C21000-memory.dmp	upx
behavioral2/files/0x0008000000023406-5.dat	upx
behavioral2/files/0x000700000002340c-17.dat	upx
behavioral2/memory/1156-18-0x00007FF6FB7A0000-0x00007FF6FBAF1000-memory.dmp	upx
behavioral2/files/0x000700000002340b-22.dat	upx
behavioral2/files/0x000700000002340f-38.dat	upx
behavioral2/files/0x000700000002340e-42.dat	upx
behavioral2/files/0x0007000000023410-50.dat	upx
behavioral2/files/0x0007000000023412-55.dat	upx
behavioral2/files/0x0007000000023413-63.dat	upx
behavioral2/files/0x0007000000023417-84.dat	upx
behavioral2/files/0x000700000002341a-107.dat	upx
behavioral2/files/0x000700000002341d-122.dat	upx
behavioral2/files/0x0007000000023423-152.dat	upx
behavioral2/files/0x0007000000023427-172.dat	upx
behavioral2/memory/1220-443-0x00007FF6CCC80000-0x00007FF6CCFD1000-memory.dmp	upx
behavioral2/memory/4180-456-0x00007FF7028B0000-0x00007FF702C01000-memory.dmp	upx
behavioral2/memory/1792-450-0x00007FF699E40000-0x00007FF69A191000-memory.dmp	upx
behavioral2/memory/5016-462-0x00007FF756710000-0x00007FF756A61000-memory.dmp	upx
behavioral2/memory/2136-470-0x00007FF713620000-0x00007FF713971000-memory.dmp	upx
behavioral2/memory/3040-474-0x00007FF6FF0D0000-0x00007FF6FF421000-memory.dmp	upx
behavioral2/memory/968-468-0x00007FF7B6A00000-0x00007FF7B6D51000-memory.dmp	upx
behavioral2/memory/1084-486-0x00007FF6792A0000-0x00007FF6795F1000-memory.dmp	upx
behavioral2/memory/1444-547-0x00007FF7F8D60000-0x00007FF7F90B1000-memory.dmp	upx
behavioral2/memory/2612-558-0x00007FF64AA50000-0x00007FF64ADA1000-memory.dmp	upx
behavioral2/memory/4036-555-0x00007FF60A510000-0x00007FF60A861000-memory.dmp	upx
behavioral2/memory/2184-554-0x00007FF603FB0000-0x00007FF604301000-memory.dmp	upx
behavioral2/memory/4032-552-0x00007FF7113C0000-0x00007FF711711000-memory.dmp	upx
behavioral2/memory/2708-499-0x00007FF7210E0000-0x00007FF721431000-memory.dmp	upx
behavioral2/memory/4996-493-0x00007FF601000000-0x00007FF601351000-memory.dmp	upx
behavioral2/memory/5028-485-0x00007FF66A350000-0x00007FF66A6A1000-memory.dmp	upx
behavioral2/memory/4488-447-0x00007FF7F5550000-0x00007FF7F58A1000-memory.dmp	upx
behavioral2/files/0x0007000000023429-174.dat	upx
behavioral2/files/0x0007000000023428-169.dat	upx
behavioral2/files/0x0007000000023426-167.dat	upx
behavioral2/files/0x0007000000023425-162.dat	upx
behavioral2/files/0x0007000000023424-157.dat	upx
behavioral2/files/0x0007000000023422-147.dat	upx
behavioral2/files/0x0007000000023421-142.dat	upx
behavioral2/files/0x0007000000023420-137.dat	upx
behavioral2/files/0x000700000002341f-132.dat	upx
behavioral2/files/0x000700000002341e-127.dat	upx
behavioral2/files/0x000700000002341c-117.dat	upx
behavioral2/files/0x000700000002341b-112.dat	upx
behavioral2/files/0x0007000000023419-102.dat	upx
behavioral2/files/0x0007000000023418-97.dat	upx
behavioral2/files/0x0007000000023416-87.dat	upx
behavioral2/files/0x0007000000023415-82.dat	upx
behavioral2/files/0x0007000000023414-74.dat	upx
behavioral2/memory/4936-73-0x00007FF7A6BA0000-0x00007FF7A6EF1000-memory.dmp	upx
behavioral2/memory/2328-70-0x00007FF759330000-0x00007FF759681000-memory.dmp	upx
behavioral2/memory/2244-66-0x00007FF7EC5B0000-0x00007FF7EC901000-memory.dmp	upx
behavioral2/files/0x0007000000023411-60.dat	upx
behavioral2/memory/5092-59-0x00007FF66B270000-0x00007FF66B5C1000-memory.dmp	upx
behavioral2/memory/3572-54-0x00007FF7D22D0000-0x00007FF7D2621000-memory.dmp	upx
behavioral2/memory/1984-53-0x00007FF7F7570000-0x00007FF7F78C1000-memory.dmp	upx
behavioral2/memory/5020-48-0x00007FF7CE810000-0x00007FF7CEB61000-memory.dmp	upx
behavioral2/memory/1180-33-0x00007FF7C9AC0000-0x00007FF7C9E11000-memory.dmp	upx
behavioral2/files/0x000700000002340d-32.dat	upx
behavioral2/memory/4380-27-0x00007FF7E3FA0000-0x00007FF7E42F1000-memory.dmp	upx
behavioral2/memory/3300-23-0x00007FF66D9F0000-0x00007FF66DD41000-memory.dmp	upx
behavioral2/files/0x000700000002340a-19.dat	upx
behavioral2/memory/4788-15-0x00007FF7A61F0000-0x00007FF7A6541000-memory.dmp	upx
behavioral2/memory/1156-1866-0x00007FF6FB7A0000-0x00007FF6FBAF1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eSFrfpr.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\FNXTSPg.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\cmtJXgM.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\JSWXgDm.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\IhdQKPh.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\oqHMpXy.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\vLWORyg.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\kuaPMSN.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\DpHbGnz.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\mEEKpRe.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\tGYatRu.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\fvLyuyv.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\jxfpuHh.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\msBzgXF.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\JLKUfuf.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\yenabbT.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\ToltUlW.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\bRKcFTM.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\kmBCkCG.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\KzJOzGC.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\pQChDFY.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\pUlJTxm.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\tnnqGCt.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\VopvzkZ.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\WvyjWnH.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\kkaBWFT.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\ppCUbFP.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\iTcdbNB.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\LmuQqNf.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\HuNaXEZ.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\hfrvRYZ.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\NHvGPwR.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\ptVxtoa.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\DcpOOJK.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\hPmPGUf.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\UgjbZco.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\JAdoKGr.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\grlovuh.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\ECusfMb.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\kqiVwjc.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\wCrOXXq.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\DqnLsfJ.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\HhpyQCN.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\qOhkcCi.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\hKgATlw.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\ENWourl.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\hmpRVWa.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\KZXQCZy.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\KNdFrUR.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\wEVUXWC.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\LHUGmPE.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\xyzPYvT.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\CUDieDo.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\YQfYQuj.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\YrLOXrm.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\QmzOMUq.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\VNVyNqO.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\WIhiWhF.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\vZrFWwF.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\JvetvsI.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\oRPfMCt.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\qePmnhe.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\TChMLFI.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\psjuRbQ.exe	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
13996	WerFaultSecure.exe
13996	WerFaultSecure.exe
13364	WerFaultSecure.exe
13364	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 4788	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	82
PID 2632 wrote to memory of 4788	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	82
PID 2632 wrote to memory of 1156	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	83
PID 2632 wrote to memory of 1156	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	83
PID 2632 wrote to memory of 4380	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	84
PID 2632 wrote to memory of 4380	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	84
PID 2632 wrote to memory of 3300	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	85
PID 2632 wrote to memory of 3300	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	85
PID 2632 wrote to memory of 1180	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	86
PID 2632 wrote to memory of 1180	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	86
PID 2632 wrote to memory of 5020	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	87
PID 2632 wrote to memory of 5020	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	87
PID 2632 wrote to memory of 1984	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	88
PID 2632 wrote to memory of 1984	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	88
PID 2632 wrote to memory of 3572	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	89
PID 2632 wrote to memory of 3572	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	89
PID 2632 wrote to memory of 5092	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	90
PID 2632 wrote to memory of 5092	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	90
PID 2632 wrote to memory of 2244	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	91
PID 2632 wrote to memory of 2244	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	91
PID 2632 wrote to memory of 2328	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	92
PID 2632 wrote to memory of 2328	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	92
PID 2632 wrote to memory of 4936	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	93
PID 2632 wrote to memory of 4936	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	93
PID 2632 wrote to memory of 1220	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	94
PID 2632 wrote to memory of 1220	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	94
PID 2632 wrote to memory of 4488	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	95
PID 2632 wrote to memory of 4488	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	95
PID 2632 wrote to memory of 1792	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	96
PID 2632 wrote to memory of 1792	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	96
PID 2632 wrote to memory of 4180	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	97
PID 2632 wrote to memory of 4180	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	97
PID 2632 wrote to memory of 5016	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	98
PID 2632 wrote to memory of 5016	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	98
PID 2632 wrote to memory of 968	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	99
PID 2632 wrote to memory of 968	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	99
PID 2632 wrote to memory of 2136	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	100
PID 2632 wrote to memory of 2136	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	100
PID 2632 wrote to memory of 3040	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	101
PID 2632 wrote to memory of 3040	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	101
PID 2632 wrote to memory of 5028	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	102
PID 2632 wrote to memory of 5028	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	102
PID 2632 wrote to memory of 1084	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	103
PID 2632 wrote to memory of 1084	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	103
PID 2632 wrote to memory of 4996	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	104
PID 2632 wrote to memory of 4996	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	104
PID 2632 wrote to memory of 2708	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	105
PID 2632 wrote to memory of 2708	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	105
PID 2632 wrote to memory of 1444	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	106
PID 2632 wrote to memory of 1444	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	106
PID 2632 wrote to memory of 4032	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	107
PID 2632 wrote to memory of 4032	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	107
PID 2632 wrote to memory of 2184	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	108
PID 2632 wrote to memory of 2184	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	108
PID 2632 wrote to memory of 4036	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	109
PID 2632 wrote to memory of 4036	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	109
PID 2632 wrote to memory of 2612	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	110
PID 2632 wrote to memory of 2612	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	110
PID 2632 wrote to memory of 5060	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	111
PID 2632 wrote to memory of 5060	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	111
PID 2632 wrote to memory of 3192	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	112
PID 2632 wrote to memory of 3192	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	112
PID 2632 wrote to memory of 2156	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	113
PID 2632 wrote to memory of 2156	2632	9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe	113

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:3912
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 3912 -s 1244
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:13996
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 3912 -s 604
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:13364

C:\Users\Admin\AppData\Local\Temp\9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9370a4884dca970228b6d2408b64c1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\System\MtUamqO.exe
  C:\Windows\System\MtUamqO.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\PHAAhfS.exe
  C:\Windows\System\PHAAhfS.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\ScosdWC.exe
  C:\Windows\System\ScosdWC.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\lZaJmGB.exe
  C:\Windows\System\lZaJmGB.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\VKAGbww.exe
  C:\Windows\System\VKAGbww.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\PXKdjYr.exe
  C:\Windows\System\PXKdjYr.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\XvaXxut.exe
  C:\Windows\System\XvaXxut.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\rjxRYwm.exe
  C:\Windows\System\rjxRYwm.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\lYcamUR.exe
  C:\Windows\System\lYcamUR.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\jRAscMy.exe
  C:\Windows\System\jRAscMy.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\nuxxZsy.exe
  C:\Windows\System\nuxxZsy.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\FnbZxUx.exe
  C:\Windows\System\FnbZxUx.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\rTymYBq.exe
  C:\Windows\System\rTymYBq.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\TWcBNxV.exe
  C:\Windows\System\TWcBNxV.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\DpcDnHr.exe
  C:\Windows\System\DpcDnHr.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\yHcbEjw.exe
  C:\Windows\System\yHcbEjw.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\hPmPGUf.exe
  C:\Windows\System\hPmPGUf.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\YiRtOWP.exe
  C:\Windows\System\YiRtOWP.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\ZsuZEhp.exe
  C:\Windows\System\ZsuZEhp.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\uQEYHrT.exe
  C:\Windows\System\uQEYHrT.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\nicmaDL.exe
  C:\Windows\System\nicmaDL.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\yqEgTEk.exe
  C:\Windows\System\yqEgTEk.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\oiLwBfg.exe
  C:\Windows\System\oiLwBfg.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\RojqHuD.exe
  C:\Windows\System\RojqHuD.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\YczlALT.exe
  C:\Windows\System\YczlALT.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\utSdlVi.exe
  C:\Windows\System\utSdlVi.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\aQCoTLl.exe
  C:\Windows\System\aQCoTLl.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\TJCmNGO.exe
  C:\Windows\System\TJCmNGO.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\epnwDdD.exe
  C:\Windows\System\epnwDdD.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\CUDieDo.exe
  C:\Windows\System\CUDieDo.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\SlTMNBo.exe
  C:\Windows\System\SlTMNBo.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\QWRRpRw.exe
  C:\Windows\System\QWRRpRw.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\iFGGbfZ.exe
  C:\Windows\System\iFGGbfZ.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\PJTihCm.exe
  C:\Windows\System\PJTihCm.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\yIgiNbu.exe
  C:\Windows\System\yIgiNbu.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\OdfvOrZ.exe
  C:\Windows\System\OdfvOrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\esyICEf.exe
  C:\Windows\System\esyICEf.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\AHzpJcm.exe
  C:\Windows\System\AHzpJcm.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\IPicNZI.exe
  C:\Windows\System\IPicNZI.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\JniEYid.exe
  C:\Windows\System\JniEYid.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\kGiPsih.exe
  C:\Windows\System\kGiPsih.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\URkUguC.exe
  C:\Windows\System\URkUguC.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\sgsYstt.exe
  C:\Windows\System\sgsYstt.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\bRKcFTM.exe
  C:\Windows\System\bRKcFTM.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\FNXTSPg.exe
  C:\Windows\System\FNXTSPg.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\CQCppFT.exe
  C:\Windows\System\CQCppFT.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\qZSPuRR.exe
  C:\Windows\System\qZSPuRR.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\LiUzzFm.exe
  C:\Windows\System\LiUzzFm.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\STXAqTb.exe
  C:\Windows\System\STXAqTb.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\LnQBesm.exe
  C:\Windows\System\LnQBesm.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\mEEKpRe.exe
  C:\Windows\System\mEEKpRe.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\DwEvLzd.exe
  C:\Windows\System\DwEvLzd.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\ECbxRUv.exe
  C:\Windows\System\ECbxRUv.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\lVcIAvs.exe
  C:\Windows\System\lVcIAvs.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\WCYaGxj.exe
  C:\Windows\System\WCYaGxj.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\XCpeOWh.exe
  C:\Windows\System\XCpeOWh.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\ncchFON.exe
  C:\Windows\System\ncchFON.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\CuripXx.exe
  C:\Windows\System\CuripXx.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\LLvrmMv.exe
  C:\Windows\System\LLvrmMv.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\BNILBiC.exe
  C:\Windows\System\BNILBiC.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\fhJCsVU.exe
  C:\Windows\System\fhJCsVU.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\uRqbwON.exe
  C:\Windows\System\uRqbwON.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\AsjFXOU.exe
  C:\Windows\System\AsjFXOU.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\tGYatRu.exe
  C:\Windows\System\tGYatRu.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\QxaMgCg.exe
  C:\Windows\System\QxaMgCg.exe
  2⤵
  PID:1876
- C:\Windows\System\qOQVayp.exe
  C:\Windows\System\qOQVayp.exe
  2⤵
  PID:3952
- C:\Windows\System\SCYQNZS.exe
  C:\Windows\System\SCYQNZS.exe
  2⤵
  PID:3876
- C:\Windows\System\eEWfkHM.exe
  C:\Windows\System\eEWfkHM.exe
  2⤵
  PID:3132
- C:\Windows\System\RKduEbk.exe
  C:\Windows\System\RKduEbk.exe
  2⤵
  PID:4016
- C:\Windows\System\fvLyuyv.exe
  C:\Windows\System\fvLyuyv.exe
  2⤵
  PID:2960
- C:\Windows\System\qePmnhe.exe
  C:\Windows\System\qePmnhe.exe
  2⤵
  PID:4620
- C:\Windows\System\tDEkNaZ.exe
  C:\Windows\System\tDEkNaZ.exe
  2⤵
  PID:4548
- C:\Windows\System\QozTmbt.exe
  C:\Windows\System\QozTmbt.exe
  2⤵
  PID:3728
- C:\Windows\System\xLDylah.exe
  C:\Windows\System\xLDylah.exe
  2⤵
  PID:1516
- C:\Windows\System\sjtmOBd.exe
  C:\Windows\System\sjtmOBd.exe
  2⤵
  PID:4988
- C:\Windows\System\mJayjnA.exe
  C:\Windows\System\mJayjnA.exe
  2⤵
  PID:3528
- C:\Windows\System\qlWAgZA.exe
  C:\Windows\System\qlWAgZA.exe
  2⤵
  PID:2764
- C:\Windows\System\YdQcicY.exe
  C:\Windows\System\YdQcicY.exe
  2⤵
  PID:2608
- C:\Windows\System\LeLTKrM.exe
  C:\Windows\System\LeLTKrM.exe
  2⤵
  PID:4028
- C:\Windows\System\rwhcfdg.exe
  C:\Windows\System\rwhcfdg.exe
  2⤵
  PID:2096
- C:\Windows\System\lHjgjvR.exe
  C:\Windows\System\lHjgjvR.exe
  2⤵
  PID:1252
- C:\Windows\System\fvxPwPp.exe
  C:\Windows\System\fvxPwPp.exe
  2⤵
  PID:4956
- C:\Windows\System\IjHdgLU.exe
  C:\Windows\System\IjHdgLU.exe
  2⤵
  PID:4528
- C:\Windows\System\VNVXkos.exe
  C:\Windows\System\VNVXkos.exe
  2⤵
  PID:3256
- C:\Windows\System\ykzZCvb.exe
  C:\Windows\System\ykzZCvb.exe
  2⤵
  PID:1608
- C:\Windows\System\KOgwDZw.exe
  C:\Windows\System\KOgwDZw.exe
  2⤵
  PID:960
- C:\Windows\System\cOnekqx.exe
  C:\Windows\System\cOnekqx.exe
  2⤵
  PID:2816
- C:\Windows\System\kmBCkCG.exe
  C:\Windows\System\kmBCkCG.exe
  2⤵
  PID:3740
- C:\Windows\System\oJCtVSE.exe
  C:\Windows\System\oJCtVSE.exe
  2⤵
  PID:2084
- C:\Windows\System\trSNTlW.exe
  C:\Windows\System\trSNTlW.exe
  2⤵
  PID:4336
- C:\Windows\System\EgDfefh.exe
  C:\Windows\System\EgDfefh.exe
  2⤵
  PID:5124
- C:\Windows\System\Chdaxxy.exe
  C:\Windows\System\Chdaxxy.exe
  2⤵
  PID:5152
- C:\Windows\System\auCfUDN.exe
  C:\Windows\System\auCfUDN.exe
  2⤵
  PID:5180
- C:\Windows\System\YQfYQuj.exe
  C:\Windows\System\YQfYQuj.exe
  2⤵
  PID:5208
- C:\Windows\System\lXJnUQS.exe
  C:\Windows\System\lXJnUQS.exe
  2⤵
  PID:5236
- C:\Windows\System\RoRioHT.exe
  C:\Windows\System\RoRioHT.exe
  2⤵
  PID:5264
- C:\Windows\System\QwNjvXJ.exe
  C:\Windows\System\QwNjvXJ.exe
  2⤵
  PID:5292
- C:\Windows\System\VclImrT.exe
  C:\Windows\System\VclImrT.exe
  2⤵
  PID:5320
- C:\Windows\System\GaKjZXB.exe
  C:\Windows\System\GaKjZXB.exe
  2⤵
  PID:5348
- C:\Windows\System\FPfRjEe.exe
  C:\Windows\System\FPfRjEe.exe
  2⤵
  PID:5372
- C:\Windows\System\vWhigqr.exe
  C:\Windows\System\vWhigqr.exe
  2⤵
  PID:5400
- C:\Windows\System\hKgATlw.exe
  C:\Windows\System\hKgATlw.exe
  2⤵
  PID:5428
- C:\Windows\System\qTlAkCJ.exe
  C:\Windows\System\qTlAkCJ.exe
  2⤵
  PID:5460
- C:\Windows\System\XiOfAJz.exe
  C:\Windows\System\XiOfAJz.exe
  2⤵
  PID:5488
- C:\Windows\System\rjHlxfR.exe
  C:\Windows\System\rjHlxfR.exe
  2⤵
  PID:5512
- C:\Windows\System\utSQeDl.exe
  C:\Windows\System\utSQeDl.exe
  2⤵
  PID:5540
- C:\Windows\System\SeLDvpc.exe
  C:\Windows\System\SeLDvpc.exe
  2⤵
  PID:5568
- C:\Windows\System\YMGaggO.exe
  C:\Windows\System\YMGaggO.exe
  2⤵
  PID:5600
- C:\Windows\System\zXLFeQT.exe
  C:\Windows\System\zXLFeQT.exe
  2⤵
  PID:5624
- C:\Windows\System\vzpVTGk.exe
  C:\Windows\System\vzpVTGk.exe
  2⤵
  PID:5652
- C:\Windows\System\MsZiAxY.exe
  C:\Windows\System\MsZiAxY.exe
  2⤵
  PID:5680
- C:\Windows\System\AcASsGe.exe
  C:\Windows\System\AcASsGe.exe
  2⤵
  PID:5708
- C:\Windows\System\kKQnaKi.exe
  C:\Windows\System\kKQnaKi.exe
  2⤵
  PID:5740
- C:\Windows\System\NYSMcFi.exe
  C:\Windows\System\NYSMcFi.exe
  2⤵
  PID:5764
- C:\Windows\System\gyTGIID.exe
  C:\Windows\System\gyTGIID.exe
  2⤵
  PID:5792
- C:\Windows\System\kkaBWFT.exe
  C:\Windows\System\kkaBWFT.exe
  2⤵
  PID:5824
- C:\Windows\System\QOOmHer.exe
  C:\Windows\System\QOOmHer.exe
  2⤵
  PID:5848
- C:\Windows\System\XwIHjum.exe
  C:\Windows\System\XwIHjum.exe
  2⤵
  PID:5876
- C:\Windows\System\CPbRuxI.exe
  C:\Windows\System\CPbRuxI.exe
  2⤵
  PID:5908
- C:\Windows\System\JAdmDuj.exe
  C:\Windows\System\JAdmDuj.exe
  2⤵
  PID:5932
- C:\Windows\System\nZJWIuh.exe
  C:\Windows\System\nZJWIuh.exe
  2⤵
  PID:5988
- C:\Windows\System\LVWohSN.exe
  C:\Windows\System\LVWohSN.exe
  2⤵
  PID:6008
- C:\Windows\System\edzMyqL.exe
  C:\Windows\System\edzMyqL.exe
  2⤵
  PID:6032
- C:\Windows\System\vtwserd.exe
  C:\Windows\System\vtwserd.exe
  2⤵
  PID:6048
- C:\Windows\System\CiNphzL.exe
  C:\Windows\System\CiNphzL.exe
  2⤵
  PID:6080
- C:\Windows\System\QmdCznf.exe
  C:\Windows\System\QmdCznf.exe
  2⤵
  PID:6104
- C:\Windows\System\ywiyFhS.exe
  C:\Windows\System\ywiyFhS.exe
  2⤵
  PID:6124
- C:\Windows\System\eyzdudt.exe
  C:\Windows\System\eyzdudt.exe
  2⤵
  PID:2920
- C:\Windows\System\TChMLFI.exe
  C:\Windows\System\TChMLFI.exe
  2⤵
  PID:4944
- C:\Windows\System\jEALDTw.exe
  C:\Windows\System\jEALDTw.exe
  2⤵
  PID:4800
- C:\Windows\System\dMKFRJj.exe
  C:\Windows\System\dMKFRJj.exe
  2⤵
  PID:5172
- C:\Windows\System\jhnQMXG.exe
  C:\Windows\System\jhnQMXG.exe
  2⤵
  PID:5248
- C:\Windows\System\PaYVoIp.exe
  C:\Windows\System\PaYVoIp.exe
  2⤵
  PID:5312
- C:\Windows\System\GoIRzXD.exe
  C:\Windows\System\GoIRzXD.exe
  2⤵
  PID:5392
- C:\Windows\System\VHIzLDx.exe
  C:\Windows\System\VHIzLDx.exe
  2⤵
  PID:5444
- C:\Windows\System\hSFoRFZ.exe
  C:\Windows\System\hSFoRFZ.exe
  2⤵
  PID:5476
- C:\Windows\System\KFOdEpQ.exe
  C:\Windows\System\KFOdEpQ.exe
  2⤵
  PID:5528
- C:\Windows\System\oddIZhh.exe
  C:\Windows\System\oddIZhh.exe
  2⤵
  PID:5564
- C:\Windows\System\nrLuaXE.exe
  C:\Windows\System\nrLuaXE.exe
  2⤵
  PID:5612
- C:\Windows\System\kFAhveV.exe
  C:\Windows\System\kFAhveV.exe
  2⤵
  PID:5728
- C:\Windows\System\XmAuffG.exe
  C:\Windows\System\XmAuffG.exe
  2⤵
  PID:4916
- C:\Windows\System\VOxllvA.exe
  C:\Windows\System\VOxllvA.exe
  2⤵
  PID:5840
- C:\Windows\System\esLFWCs.exe
  C:\Windows\System\esLFWCs.exe
  2⤵
  PID:4608
- C:\Windows\System\mTklmMw.exe
  C:\Windows\System\mTklmMw.exe
  2⤵
  PID:5948
- C:\Windows\System\kdJWjxp.exe
  C:\Windows\System\kdJWjxp.exe
  2⤵
  PID:4732
- C:\Windows\System\IYYmiNh.exe
  C:\Windows\System\IYYmiNh.exe
  2⤵
  PID:1176
- C:\Windows\System\ZdUVuLP.exe
  C:\Windows\System\ZdUVuLP.exe
  2⤵
  PID:1968
- C:\Windows\System\QkzwuNP.exe
  C:\Windows\System\QkzwuNP.exe
  2⤵
  PID:4872
- C:\Windows\System\jecdyAb.exe
  C:\Windows\System\jecdyAb.exe
  2⤵
  PID:6004
- C:\Windows\System\RQZBkYL.exe
  C:\Windows\System\RQZBkYL.exe
  2⤵
  PID:2020
- C:\Windows\System\fQtnZEO.exe
  C:\Windows\System\fQtnZEO.exe
  2⤵
  PID:6076
- C:\Windows\System\pwzOJiS.exe
  C:\Windows\System\pwzOJiS.exe
  2⤵
  PID:6136
- C:\Windows\System\cURnVow.exe
  C:\Windows\System\cURnVow.exe
  2⤵
  PID:5024
- C:\Windows\System\yIclVHD.exe
  C:\Windows\System\yIclVHD.exe
  2⤵
  PID:1628
- C:\Windows\System\pACiALp.exe
  C:\Windows\System\pACiALp.exe
  2⤵
  PID:5136
- C:\Windows\System\sasxbEY.exe
  C:\Windows\System\sasxbEY.exe
  2⤵
  PID:5284
- C:\Windows\System\LuoekZj.exe
  C:\Windows\System\LuoekZj.exe
  2⤵
  PID:5644
- C:\Windows\System\GCMQlZZ.exe
  C:\Windows\System\GCMQlZZ.exe
  2⤵
  PID:6040
- C:\Windows\System\lpkrZDG.exe
  C:\Windows\System\lpkrZDG.exe
  2⤵
  PID:3944
- C:\Windows\System\XpnfXnu.exe
  C:\Windows\System\XpnfXnu.exe
  2⤵
  PID:1332
- C:\Windows\System\unQKBdW.exe
  C:\Windows\System\unQKBdW.exe
  2⤵
  PID:5900
- C:\Windows\System\cmtJXgM.exe
  C:\Windows\System\cmtJXgM.exe
  2⤵
  PID:1244
- C:\Windows\System\fXpwNow.exe
  C:\Windows\System\fXpwNow.exe
  2⤵
  PID:4248
- C:\Windows\System\oCJBdXc.exe
  C:\Windows\System\oCJBdXc.exe
  2⤵
  PID:5588
- C:\Windows\System\VXQHCdQ.exe
  C:\Windows\System\VXQHCdQ.exe
  2⤵
  PID:3440
- C:\Windows\System\yiGSfSk.exe
  C:\Windows\System\yiGSfSk.exe
  2⤵
  PID:4644
- C:\Windows\System\xsoKIRo.exe
  C:\Windows\System\xsoKIRo.exe
  2⤵
  PID:2524
- C:\Windows\System\OJpaYgt.exe
  C:\Windows\System\OJpaYgt.exe
  2⤵
  PID:1276
- C:\Windows\System\pcYtIDX.exe
  C:\Windows\System\pcYtIDX.exe
  2⤵
  PID:6164
- C:\Windows\System\rTDsoJd.exe
  C:\Windows\System\rTDsoJd.exe
  2⤵
  PID:6188
- C:\Windows\System\GIlZdmn.exe
  C:\Windows\System\GIlZdmn.exe
  2⤵
  PID:6244
- C:\Windows\System\lAMuhwH.exe
  C:\Windows\System\lAMuhwH.exe
  2⤵
  PID:6260
- C:\Windows\System\vULTtWg.exe
  C:\Windows\System\vULTtWg.exe
  2⤵
  PID:6288
- C:\Windows\System\MQwrrTc.exe
  C:\Windows\System\MQwrrTc.exe
  2⤵
  PID:6316
- C:\Windows\System\hZtLHYy.exe
  C:\Windows\System\hZtLHYy.exe
  2⤵
  PID:6360
- C:\Windows\System\kdrFljK.exe
  C:\Windows\System\kdrFljK.exe
  2⤵
  PID:6392
- C:\Windows\System\aizodIM.exe
  C:\Windows\System\aizodIM.exe
  2⤵
  PID:6428
- C:\Windows\System\hkKSxMM.exe
  C:\Windows\System\hkKSxMM.exe
  2⤵
  PID:6460
- C:\Windows\System\YUNqDcY.exe
  C:\Windows\System\YUNqDcY.exe
  2⤵
  PID:6492
- C:\Windows\System\phBGLFn.exe
  C:\Windows\System\phBGLFn.exe
  2⤵
  PID:6532
- C:\Windows\System\KFvYdWT.exe
  C:\Windows\System\KFvYdWT.exe
  2⤵
  PID:6548
- C:\Windows\System\MxVXvOy.exe
  C:\Windows\System\MxVXvOy.exe
  2⤵
  PID:6572
- C:\Windows\System\BBmnoNH.exe
  C:\Windows\System\BBmnoNH.exe
  2⤵
  PID:6600
- C:\Windows\System\IFnWwnR.exe
  C:\Windows\System\IFnWwnR.exe
  2⤵
  PID:6620
- C:\Windows\System\SQvRcyU.exe
  C:\Windows\System\SQvRcyU.exe
  2⤵
  PID:6640
- C:\Windows\System\IYIlFnj.exe
  C:\Windows\System\IYIlFnj.exe
  2⤵
  PID:6656
- C:\Windows\System\jSRIveo.exe
  C:\Windows\System\jSRIveo.exe
  2⤵
  PID:6692
- C:\Windows\System\dPGEgrL.exe
  C:\Windows\System\dPGEgrL.exe
  2⤵
  PID:6712
- C:\Windows\System\CuIFSOc.exe
  C:\Windows\System\CuIFSOc.exe
  2⤵
  PID:6740
- C:\Windows\System\mAwDEHQ.exe
  C:\Windows\System\mAwDEHQ.exe
  2⤵
  PID:6760
- C:\Windows\System\rSoGMOI.exe
  C:\Windows\System\rSoGMOI.exe
  2⤵
  PID:6780
- C:\Windows\System\hkJATvV.exe
  C:\Windows\System\hkJATvV.exe
  2⤵
  PID:6812
- C:\Windows\System\rQFWfIb.exe
  C:\Windows\System\rQFWfIb.exe
  2⤵
  PID:6860
- C:\Windows\System\ppCUbFP.exe
  C:\Windows\System\ppCUbFP.exe
  2⤵
  PID:6884
- C:\Windows\System\psjuRbQ.exe
  C:\Windows\System\psjuRbQ.exe
  2⤵
  PID:6908
- C:\Windows\System\gyFHGOq.exe
  C:\Windows\System\gyFHGOq.exe
  2⤵
  PID:6936
- C:\Windows\System\aJpZXxO.exe
  C:\Windows\System\aJpZXxO.exe
  2⤵
  PID:6964
- C:\Windows\System\ZLuuiSc.exe
  C:\Windows\System\ZLuuiSc.exe
  2⤵
  PID:7016
- C:\Windows\System\vAumskY.exe
  C:\Windows\System\vAumskY.exe
  2⤵
  PID:7040
- C:\Windows\System\LzRjJmm.exe
  C:\Windows\System\LzRjJmm.exe
  2⤵
  PID:7064
- C:\Windows\System\UoqGQDi.exe
  C:\Windows\System\UoqGQDi.exe
  2⤵
  PID:7108
- C:\Windows\System\JpVaxdB.exe
  C:\Windows\System\JpVaxdB.exe
  2⤵
  PID:7124
- C:\Windows\System\DqBHrTw.exe
  C:\Windows\System\DqBHrTw.exe
  2⤵
  PID:7160
- C:\Windows\System\hegzBMW.exe
  C:\Windows\System\hegzBMW.exe
  2⤵
  PID:5508
- C:\Windows\System\iTcdbNB.exe
  C:\Windows\System\iTcdbNB.exe
  2⤵
  PID:5788
- C:\Windows\System\uzqMdxY.exe
  C:\Windows\System\uzqMdxY.exe
  2⤵
  PID:5892
- C:\Windows\System\RMHJMZP.exe
  C:\Windows\System\RMHJMZP.exe
  2⤵
  PID:2988
- C:\Windows\System\CViCxYh.exe
  C:\Windows\System\CViCxYh.exe
  2⤵
  PID:2668
- C:\Windows\System\ggwmoCz.exe
  C:\Windows\System\ggwmoCz.exe
  2⤵
  PID:6240
- C:\Windows\System\DwBJTVM.exe
  C:\Windows\System\DwBJTVM.exe
  2⤵
  PID:6200
- C:\Windows\System\cfnhxQX.exe
  C:\Windows\System\cfnhxQX.exe
  2⤵
  PID:6276
- C:\Windows\System\DvuvmhA.exe
  C:\Windows\System\DvuvmhA.exe
  2⤵
  PID:6332
- C:\Windows\System\CrccdSL.exe
  C:\Windows\System\CrccdSL.exe
  2⤵
  PID:1820
- C:\Windows\System\ojKBzbJ.exe
  C:\Windows\System\ojKBzbJ.exe
  2⤵
  PID:6540
- C:\Windows\System\nrvZLlR.exe
  C:\Windows\System\nrvZLlR.exe
  2⤵
  PID:2276
- C:\Windows\System\rgWWeQv.exe
  C:\Windows\System\rgWWeQv.exe
  2⤵
  PID:6648
- C:\Windows\System\nDJQKhS.exe
  C:\Windows\System\nDJQKhS.exe
  2⤵
  PID:6704
- C:\Windows\System\pQChDFY.exe
  C:\Windows\System\pQChDFY.exe
  2⤵
  PID:6720
- C:\Windows\System\qvgMetm.exe
  C:\Windows\System\qvgMetm.exe
  2⤵
  PID:6800
- C:\Windows\System\qErFShZ.exe
  C:\Windows\System\qErFShZ.exe
  2⤵
  PID:6920
- C:\Windows\System\qqBWpJS.exe
  C:\Windows\System\qqBWpJS.exe
  2⤵
  PID:7000
- C:\Windows\System\oUOPCTd.exe
  C:\Windows\System\oUOPCTd.exe
  2⤵
  PID:7028
- C:\Windows\System\wJjyzwU.exe
  C:\Windows\System\wJjyzwU.exe
  2⤵
  PID:7072
- C:\Windows\System\KlUAxfi.exe
  C:\Windows\System\KlUAxfi.exe
  2⤵
  PID:7132
- C:\Windows\System\jYwrxEf.exe
  C:\Windows\System\jYwrxEf.exe
  2⤵
  PID:1664
- C:\Windows\System\tqpbXTO.exe
  C:\Windows\System\tqpbXTO.exe
  2⤵
  PID:3036
- C:\Windows\System\afwRNyo.exe
  C:\Windows\System\afwRNyo.exe
  2⤵
  PID:3020
- C:\Windows\System\jJLKlGq.exe
  C:\Windows\System\jJLKlGq.exe
  2⤵
  PID:6444
- C:\Windows\System\pUlJTxm.exe
  C:\Windows\System\pUlJTxm.exe
  2⤵
  PID:6556
- C:\Windows\System\PzlCYNH.exe
  C:\Windows\System\PzlCYNH.exe
  2⤵
  PID:1656
- C:\Windows\System\PyEGCkp.exe
  C:\Windows\System\PyEGCkp.exe
  2⤵
  PID:6632
- C:\Windows\System\qKqZnFo.exe
  C:\Windows\System\qKqZnFo.exe
  2⤵
  PID:6732
- C:\Windows\System\PHrTYWc.exe
  C:\Windows\System\PHrTYWc.exe
  2⤵
  PID:6892
- C:\Windows\System\YxfEirO.exe
  C:\Windows\System\YxfEirO.exe
  2⤵
  PID:3364
- C:\Windows\System\TdSYroH.exe
  C:\Windows\System\TdSYroH.exe
  2⤵
  PID:5668
- C:\Windows\System\SxVQYIS.exe
  C:\Windows\System\SxVQYIS.exe
  2⤵
  PID:6592
- C:\Windows\System\sYJiwxd.exe
  C:\Windows\System\sYJiwxd.exe
  2⤵
  PID:6384
- C:\Windows\System\gOQLcub.exe
  C:\Windows\System\gOQLcub.exe
  2⤵
  PID:7032
- C:\Windows\System\KzJOzGC.exe
  C:\Windows\System\KzJOzGC.exe
  2⤵
  PID:7156
- C:\Windows\System\JRhAFaQ.exe
  C:\Windows\System\JRhAFaQ.exe
  2⤵
  PID:6776
- C:\Windows\System\HHmgJUY.exe
  C:\Windows\System\HHmgJUY.exe
  2⤵
  PID:7176
- C:\Windows\System\OEptTMu.exe
  C:\Windows\System\OEptTMu.exe
  2⤵
  PID:7192
- C:\Windows\System\VNVyNqO.exe
  C:\Windows\System\VNVyNqO.exe
  2⤵
  PID:7216
- C:\Windows\System\lvYkmRe.exe
  C:\Windows\System\lvYkmRe.exe
  2⤵
  PID:7236
- C:\Windows\System\CPWaySs.exe
  C:\Windows\System\CPWaySs.exe
  2⤵
  PID:7264
- C:\Windows\System\JCbuRsB.exe
  C:\Windows\System\JCbuRsB.exe
  2⤵
  PID:7304
- C:\Windows\System\MBGWfQq.exe
  C:\Windows\System\MBGWfQq.exe
  2⤵
  PID:7336
- C:\Windows\System\dVomspo.exe
  C:\Windows\System\dVomspo.exe
  2⤵
  PID:7356
- C:\Windows\System\VAVfeRq.exe
  C:\Windows\System\VAVfeRq.exe
  2⤵
  PID:7388
- C:\Windows\System\zhdbgYs.exe
  C:\Windows\System\zhdbgYs.exe
  2⤵
  PID:7440
- C:\Windows\System\uqXxXqR.exe
  C:\Windows\System\uqXxXqR.exe
  2⤵
  PID:7460
- C:\Windows\System\TtAOIqj.exe
  C:\Windows\System\TtAOIqj.exe
  2⤵
  PID:7488
- C:\Windows\System\ENWourl.exe
  C:\Windows\System\ENWourl.exe
  2⤵
  PID:7516
- C:\Windows\System\UbkfjXP.exe
  C:\Windows\System\UbkfjXP.exe
  2⤵
  PID:7536
- C:\Windows\System\UQMsVXj.exe
  C:\Windows\System\UQMsVXj.exe
  2⤵
  PID:7560
- C:\Windows\System\uqpnzOh.exe
  C:\Windows\System\uqpnzOh.exe
  2⤵
  PID:7576
- C:\Windows\System\WIhiWhF.exe
  C:\Windows\System\WIhiWhF.exe
  2⤵
  PID:7604
- C:\Windows\System\BBmaDkz.exe
  C:\Windows\System\BBmaDkz.exe
  2⤵
  PID:7620
- C:\Windows\System\aUzLUen.exe
  C:\Windows\System\aUzLUen.exe
  2⤵
  PID:7644
- C:\Windows\System\UgjbZco.exe
  C:\Windows\System\UgjbZco.exe
  2⤵
  PID:7664
- C:\Windows\System\XDCkWQo.exe
  C:\Windows\System\XDCkWQo.exe
  2⤵
  PID:7680
- C:\Windows\System\QidVuxx.exe
  C:\Windows\System\QidVuxx.exe
  2⤵
  PID:7748
- C:\Windows\System\ZjYDuBh.exe
  C:\Windows\System\ZjYDuBh.exe
  2⤵
  PID:7772
- C:\Windows\System\PsIqAXf.exe
  C:\Windows\System\PsIqAXf.exe
  2⤵
  PID:7788
- C:\Windows\System\GnGNRMe.exe
  C:\Windows\System\GnGNRMe.exe
  2⤵
  PID:7808
- C:\Windows\System\ogdUwnO.exe
  C:\Windows\System\ogdUwnO.exe
  2⤵
  PID:7860
- C:\Windows\System\twdoLsF.exe
  C:\Windows\System\twdoLsF.exe
  2⤵
  PID:7900
- C:\Windows\System\RHwCFNU.exe
  C:\Windows\System\RHwCFNU.exe
  2⤵
  PID:7916
- C:\Windows\System\OrIPetY.exe
  C:\Windows\System\OrIPetY.exe
  2⤵
  PID:7936
- C:\Windows\System\mVUlPCy.exe
  C:\Windows\System\mVUlPCy.exe
  2⤵
  PID:7952
- C:\Windows\System\EYoLMOV.exe
  C:\Windows\System\EYoLMOV.exe
  2⤵
  PID:7996
- C:\Windows\System\AvfDrdD.exe
  C:\Windows\System\AvfDrdD.exe
  2⤵
  PID:8036
- C:\Windows\System\HrTpvOV.exe
  C:\Windows\System\HrTpvOV.exe
  2⤵
  PID:8064
- C:\Windows\System\PHifMJd.exe
  C:\Windows\System\PHifMJd.exe
  2⤵
  PID:8084
- C:\Windows\System\ALcJjef.exe
  C:\Windows\System\ALcJjef.exe
  2⤵
  PID:8104
- C:\Windows\System\xEyAvAZ.exe
  C:\Windows\System\xEyAvAZ.exe
  2⤵
  PID:8136
- C:\Windows\System\qHrosJA.exe
  C:\Windows\System\qHrosJA.exe
  2⤵
  PID:8156
- C:\Windows\System\OOcugdd.exe
  C:\Windows\System\OOcugdd.exe
  2⤵
  PID:6872
- C:\Windows\System\lrZmfZi.exe
  C:\Windows\System\lrZmfZi.exe
  2⤵
  PID:7296
- C:\Windows\System\jElviqR.exe
  C:\Windows\System\jElviqR.exe
  2⤵
  PID:7372
- C:\Windows\System\NgSKdij.exe
  C:\Windows\System\NgSKdij.exe
  2⤵
  PID:7380
- C:\Windows\System\tbZlQRP.exe
  C:\Windows\System\tbZlQRP.exe
  2⤵
  PID:7612
- C:\Windows\System\KtFHYcI.exe
  C:\Windows\System\KtFHYcI.exe
  2⤵
  PID:7632
- C:\Windows\System\HjvcLqA.exe
  C:\Windows\System\HjvcLqA.exe
  2⤵
  PID:7652
- C:\Windows\System\HQgFkuZ.exe
  C:\Windows\System\HQgFkuZ.exe
  2⤵
  PID:7760
- C:\Windows\System\tsoYKkU.exe
  C:\Windows\System\tsoYKkU.exe
  2⤵
  PID:7800
- C:\Windows\System\WGbrbEt.exe
  C:\Windows\System\WGbrbEt.exe
  2⤵
  PID:7852
- C:\Windows\System\gMDlLlX.exe
  C:\Windows\System\gMDlLlX.exe
  2⤵
  PID:7908
- C:\Windows\System\wmQyyJy.exe
  C:\Windows\System\wmQyyJy.exe
  2⤵
  PID:8032
- C:\Windows\System\oyKNbSc.exe
  C:\Windows\System\oyKNbSc.exe
  2⤵
  PID:7992
- C:\Windows\System\qyBiUSt.exe
  C:\Windows\System\qyBiUSt.exe
  2⤵
  PID:8072
- C:\Windows\System\dWNurMB.exe
  C:\Windows\System\dWNurMB.exe
  2⤵
  PID:6504
- C:\Windows\System\bfAXsrQ.exe
  C:\Windows\System\bfAXsrQ.exe
  2⤵
  PID:7344
- C:\Windows\System\UhMVvQp.exe
  C:\Windows\System\UhMVvQp.exe
  2⤵
  PID:7468
- C:\Windows\System\hmpRVWa.exe
  C:\Windows\System\hmpRVWa.exe
  2⤵
  PID:7712
- C:\Windows\System\BCqxzDY.exe
  C:\Windows\System\BCqxzDY.exe
  2⤵
  PID:7888
- C:\Windows\System\FbNneEE.exe
  C:\Windows\System\FbNneEE.exe
  2⤵
  PID:7848
- C:\Windows\System\ECusfMb.exe
  C:\Windows\System\ECusfMb.exe
  2⤵
  PID:8096
- C:\Windows\System\qUpXFLI.exe
  C:\Windows\System\qUpXFLI.exe
  2⤵
  PID:7744
- C:\Windows\System\yEMAYSQ.exe
  C:\Windows\System\yEMAYSQ.exe
  2⤵
  PID:7432
- C:\Windows\System\fjxFzFy.exe
  C:\Windows\System\fjxFzFy.exe
  2⤵
  PID:7232
- C:\Windows\System\lJAFDFA.exe
  C:\Windows\System\lJAFDFA.exe
  2⤵
  PID:8196
- C:\Windows\System\afCYOzB.exe
  C:\Windows\System\afCYOzB.exe
  2⤵
  PID:8212
- C:\Windows\System\Iotjtmq.exe
  C:\Windows\System\Iotjtmq.exe
  2⤵
  PID:8256
- C:\Windows\System\XdtmyEv.exe
  C:\Windows\System\XdtmyEv.exe
  2⤵
  PID:8284
- C:\Windows\System\NzDYvBc.exe
  C:\Windows\System\NzDYvBc.exe
  2⤵
  PID:8304
- C:\Windows\System\sBwuzwV.exe
  C:\Windows\System\sBwuzwV.exe
  2⤵
  PID:8340
- C:\Windows\System\xabESnM.exe
  C:\Windows\System\xabESnM.exe
  2⤵
  PID:8376
- C:\Windows\System\nNccfwl.exe
  C:\Windows\System\nNccfwl.exe
  2⤵
  PID:8392
- C:\Windows\System\Jwpqspe.exe
  C:\Windows\System\Jwpqspe.exe
  2⤵
  PID:8428
- C:\Windows\System\TZfEwuS.exe
  C:\Windows\System\TZfEwuS.exe
  2⤵
  PID:8452
- C:\Windows\System\QRsnEcE.exe
  C:\Windows\System\QRsnEcE.exe
  2⤵
  PID:8484
- C:\Windows\System\PmUbZba.exe
  C:\Windows\System\PmUbZba.exe
  2⤵
  PID:8504
- C:\Windows\System\cWASDKj.exe
  C:\Windows\System\cWASDKj.exe
  2⤵
  PID:8552
- C:\Windows\System\yenabbT.exe
  C:\Windows\System\yenabbT.exe
  2⤵
  PID:8568
- C:\Windows\System\clKeehd.exe
  C:\Windows\System\clKeehd.exe
  2⤵
  PID:8592
- C:\Windows\System\nXaUZoz.exe
  C:\Windows\System\nXaUZoz.exe
  2⤵
  PID:8620
- C:\Windows\System\NTNBfZF.exe
  C:\Windows\System\NTNBfZF.exe
  2⤵
  PID:8652
- C:\Windows\System\krgTQbq.exe
  C:\Windows\System\krgTQbq.exe
  2⤵
  PID:8676
- C:\Windows\System\YrLOXrm.exe
  C:\Windows\System\YrLOXrm.exe
  2⤵
  PID:8720
- C:\Windows\System\YcKciWl.exe
  C:\Windows\System\YcKciWl.exe
  2⤵
  PID:8744
- C:\Windows\System\qphAfNw.exe
  C:\Windows\System\qphAfNw.exe
  2⤵
  PID:8780
- C:\Windows\System\eCakfGq.exe
  C:\Windows\System\eCakfGq.exe
  2⤵
  PID:8808
- C:\Windows\System\kIuuRix.exe
  C:\Windows\System\kIuuRix.exe
  2⤵
  PID:8824
- C:\Windows\System\VoAUREr.exe
  C:\Windows\System\VoAUREr.exe
  2⤵
  PID:8844
- C:\Windows\System\uLkKwAU.exe
  C:\Windows\System\uLkKwAU.exe
  2⤵
  PID:8892
- C:\Windows\System\TbLzXZw.exe
  C:\Windows\System\TbLzXZw.exe
  2⤵
  PID:8908
- C:\Windows\System\cEZuvqd.exe
  C:\Windows\System\cEZuvqd.exe
  2⤵
  PID:8928
- C:\Windows\System\zMUrQkd.exe
  C:\Windows\System\zMUrQkd.exe
  2⤵
  PID:8956
- C:\Windows\System\MzmiDBI.exe
  C:\Windows\System\MzmiDBI.exe
  2⤵
  PID:9000
- C:\Windows\System\hNTxylq.exe
  C:\Windows\System\hNTxylq.exe
  2⤵
  PID:9020
- C:\Windows\System\NmdbyRS.exe
  C:\Windows\System\NmdbyRS.exe
  2⤵
  PID:9048
- C:\Windows\System\smeywKw.exe
  C:\Windows\System\smeywKw.exe
  2⤵
  PID:9072
- C:\Windows\System\CpnYnnP.exe
  C:\Windows\System\CpnYnnP.exe
  2⤵
  PID:9092
- C:\Windows\System\yydwBvh.exe
  C:\Windows\System\yydwBvh.exe
  2⤵
  PID:9116
- C:\Windows\System\QQSYQAt.exe
  C:\Windows\System\QQSYQAt.exe
  2⤵
  PID:9164
- C:\Windows\System\BIHWLmx.exe
  C:\Windows\System\BIHWLmx.exe
  2⤵
  PID:9180
- C:\Windows\System\xqJSdXl.exe
  C:\Windows\System\xqJSdXl.exe
  2⤵
  PID:9204
- C:\Windows\System\peMVFZM.exe
  C:\Windows\System\peMVFZM.exe
  2⤵
  PID:7412
- C:\Windows\System\DCKwiGo.exe
  C:\Windows\System\DCKwiGo.exe
  2⤵
  PID:8268
- C:\Windows\System\EehAntS.exe
  C:\Windows\System\EehAntS.exe
  2⤵
  PID:8336
- C:\Windows\System\gzCCGpc.exe
  C:\Windows\System\gzCCGpc.exe
  2⤵
  PID:8368
- C:\Windows\System\IospZhC.exe
  C:\Windows\System\IospZhC.exe
  2⤵
  PID:8520
- C:\Windows\System\sXSfaeT.exe
  C:\Windows\System\sXSfaeT.exe
  2⤵
  PID:8536
- C:\Windows\System\HqDDhRz.exe
  C:\Windows\System\HqDDhRz.exe
  2⤵
  PID:8576
- C:\Windows\System\auAVNuF.exe
  C:\Windows\System\auAVNuF.exe
  2⤵
  PID:8612
- C:\Windows\System\reEWOoe.exe
  C:\Windows\System\reEWOoe.exe
  2⤵
  PID:8700
- C:\Windows\System\QHEJGGa.exe
  C:\Windows\System\QHEJGGa.exe
  2⤵
  PID:8764
- C:\Windows\System\tOFtAQC.exe
  C:\Windows\System\tOFtAQC.exe
  2⤵
  PID:8820
- C:\Windows\System\mBnSHQJ.exe
  C:\Windows\System\mBnSHQJ.exe
  2⤵
  PID:8872
- C:\Windows\System\AYUidId.exe
  C:\Windows\System\AYUidId.exe
  2⤵
  PID:8924
- C:\Windows\System\PXRWRMk.exe
  C:\Windows\System\PXRWRMk.exe
  2⤵
  PID:9012
- C:\Windows\System\kFVnZxY.exe
  C:\Windows\System\kFVnZxY.exe
  2⤵
  PID:9088
- C:\Windows\System\EBTDnPz.exe
  C:\Windows\System\EBTDnPz.exe
  2⤵
  PID:9084
- C:\Windows\System\ggxfuqK.exe
  C:\Windows\System\ggxfuqK.exe
  2⤵
  PID:8204
- C:\Windows\System\nRssPhM.exe
  C:\Windows\System\nRssPhM.exe
  2⤵
  PID:8420
- C:\Windows\System\CymBhhb.exe
  C:\Windows\System\CymBhhb.exe
  2⤵
  PID:8496
- C:\Windows\System\MsHFUNe.exe
  C:\Windows\System\MsHFUNe.exe
  2⤵
  PID:8588
- C:\Windows\System\OmiBSId.exe
  C:\Windows\System\OmiBSId.exe
  2⤵
  PID:8696
- C:\Windows\System\hKBcpuM.exe
  C:\Windows\System\hKBcpuM.exe
  2⤵
  PID:8988
- C:\Windows\System\qQBROya.exe
  C:\Windows\System\qQBROya.exe
  2⤵
  PID:9112
- C:\Windows\System\xKTsgtt.exe
  C:\Windows\System\xKTsgtt.exe
  2⤵
  PID:8092
- C:\Windows\System\ujDuSDO.exe
  C:\Windows\System\ujDuSDO.exe
  2⤵
  PID:8560
- C:\Windows\System\mjbneER.exe
  C:\Windows\System\mjbneER.exe
  2⤵
  PID:8728
- C:\Windows\System\MyxTJnt.exe
  C:\Windows\System\MyxTJnt.exe
  2⤵
  PID:9176
- C:\Windows\System\wpVOwzZ.exe
  C:\Windows\System\wpVOwzZ.exe
  2⤵
  PID:9236
- C:\Windows\System\XjIrCnq.exe
  C:\Windows\System\XjIrCnq.exe
  2⤵
  PID:9384
- C:\Windows\System\oKUCRnA.exe
  C:\Windows\System\oKUCRnA.exe
  2⤵
  PID:9416
- C:\Windows\System\YJSRFLs.exe
  C:\Windows\System\YJSRFLs.exe
  2⤵
  PID:9432
- C:\Windows\System\KgvbsTM.exe
  C:\Windows\System\KgvbsTM.exe
  2⤵
  PID:9448
- C:\Windows\System\wwBKdsY.exe
  C:\Windows\System\wwBKdsY.exe
  2⤵
  PID:9468
- C:\Windows\System\pXcDUNQ.exe
  C:\Windows\System\pXcDUNQ.exe
  2⤵
  PID:9496
- C:\Windows\System\dVtpoPv.exe
  C:\Windows\System\dVtpoPv.exe
  2⤵
  PID:9512
- C:\Windows\System\BAshhmy.exe
  C:\Windows\System\BAshhmy.exe
  2⤵
  PID:9532
- C:\Windows\System\xjlYWji.exe
  C:\Windows\System\xjlYWji.exe
  2⤵
  PID:9552
- C:\Windows\System\gfGbcYs.exe
  C:\Windows\System\gfGbcYs.exe
  2⤵
  PID:9652
- C:\Windows\System\pQPATct.exe
  C:\Windows\System\pQPATct.exe
  2⤵
  PID:9676
- C:\Windows\System\vKegmea.exe
  C:\Windows\System\vKegmea.exe
  2⤵
  PID:9708
- C:\Windows\System\AhdDmqS.exe
  C:\Windows\System\AhdDmqS.exe
  2⤵
  PID:9732
- C:\Windows\System\NuZEZOL.exe
  C:\Windows\System\NuZEZOL.exe
  2⤵
  PID:9752
- C:\Windows\System\ZEBYdbZ.exe
  C:\Windows\System\ZEBYdbZ.exe
  2⤵
  PID:9788
- C:\Windows\System\NlKotna.exe
  C:\Windows\System\NlKotna.exe
  2⤵
  PID:9824
- C:\Windows\System\UoxxBKH.exe
  C:\Windows\System\UoxxBKH.exe
  2⤵
  PID:9848
- C:\Windows\System\AvtKSYo.exe
  C:\Windows\System\AvtKSYo.exe
  2⤵
  PID:9880
- C:\Windows\System\LmfgbiU.exe
  C:\Windows\System\LmfgbiU.exe
  2⤵
  PID:9900
- C:\Windows\System\tnnqGCt.exe
  C:\Windows\System\tnnqGCt.exe
  2⤵
  PID:9928
- C:\Windows\System\zMHqyzp.exe
  C:\Windows\System\zMHqyzp.exe
  2⤵
  PID:9944
- C:\Windows\System\QxljgCl.exe
  C:\Windows\System\QxljgCl.exe
  2⤵
  PID:9996
- C:\Windows\System\BtyIEZy.exe
  C:\Windows\System\BtyIEZy.exe
  2⤵
  PID:10024
- C:\Windows\System\UxIZXZG.exe
  C:\Windows\System\UxIZXZG.exe
  2⤵
  PID:10044
- C:\Windows\System\MwjIkzW.exe
  C:\Windows\System\MwjIkzW.exe
  2⤵
  PID:10064
- C:\Windows\System\PvJFmtY.exe
  C:\Windows\System\PvJFmtY.exe
  2⤵
  PID:10088
- C:\Windows\System\AtlWFaL.exe
  C:\Windows\System\AtlWFaL.exe
  2⤵
  PID:10136
- C:\Windows\System\KZXQCZy.exe
  C:\Windows\System\KZXQCZy.exe
  2⤵
  PID:10152
- C:\Windows\System\OmIeykg.exe
  C:\Windows\System\OmIeykg.exe
  2⤵
  PID:10172
- C:\Windows\System\xWWThUN.exe
  C:\Windows\System\xWWThUN.exe
  2⤵
  PID:10200
- C:\Windows\System\jYylWgM.exe
  C:\Windows\System\jYylWgM.exe
  2⤵
  PID:10224
- C:\Windows\System\SGKuJCe.exe
  C:\Windows\System\SGKuJCe.exe
  2⤵
  PID:7300
- C:\Windows\System\IVHiEPc.exe
  C:\Windows\System\IVHiEPc.exe
  2⤵
  PID:9008
- C:\Windows\System\NHgyGnI.exe
  C:\Windows\System\NHgyGnI.exe
  2⤵
  PID:9304
- C:\Windows\System\vaYVdRc.exe
  C:\Windows\System\vaYVdRc.exe
  2⤵
  PID:9264
- C:\Windows\System\cTORRdL.exe
  C:\Windows\System\cTORRdL.exe
  2⤵
  PID:9284
- C:\Windows\System\JprJyty.exe
  C:\Windows\System\JprJyty.exe
  2⤵
  PID:9336
- C:\Windows\System\IhSNzMV.exe
  C:\Windows\System\IhSNzMV.exe
  2⤵
  PID:9444
- C:\Windows\System\DsVURSU.exe
  C:\Windows\System\DsVURSU.exe
  2⤵
  PID:9492
- C:\Windows\System\mKCcCOB.exe
  C:\Windows\System\mKCcCOB.exe
  2⤵
  PID:9600
- C:\Windows\System\ayImEbl.exe
  C:\Windows\System\ayImEbl.exe
  2⤵
  PID:9616
- C:\Windows\System\IhdQKPh.exe
  C:\Windows\System\IhdQKPh.exe
  2⤵
  PID:9716
- C:\Windows\System\dUlWrcZ.exe
  C:\Windows\System\dUlWrcZ.exe
  2⤵
  PID:9724
- C:\Windows\System\yjZidcV.exe
  C:\Windows\System\yjZidcV.exe
  2⤵
  PID:9780
- C:\Windows\System\eSWZrhV.exe
  C:\Windows\System\eSWZrhV.exe
  2⤵
  PID:9840
- C:\Windows\System\hpSMWdv.exe
  C:\Windows\System\hpSMWdv.exe
  2⤵
  PID:10004
- C:\Windows\System\ZudNLEy.exe
  C:\Windows\System\ZudNLEy.exe
  2⤵
  PID:10012
- C:\Windows\System\HrGreHx.exe
  C:\Windows\System\HrGreHx.exe
  2⤵
  PID:10100
- C:\Windows\System\ybZDkLs.exe
  C:\Windows\System\ybZDkLs.exe
  2⤵
  PID:10144
- C:\Windows\System\jsGUyjm.exe
  C:\Windows\System\jsGUyjm.exe
  2⤵
  PID:10184
- C:\Windows\System\sGDHlIY.exe
  C:\Windows\System\sGDHlIY.exe
  2⤵
  PID:3864
- C:\Windows\System\JDepmNT.exe
  C:\Windows\System\JDepmNT.exe
  2⤵
  PID:9364
- C:\Windows\System\gSzAdIv.exe
  C:\Windows\System\gSzAdIv.exe
  2⤵
  PID:9260
- C:\Windows\System\gwQEAJJ.exe
  C:\Windows\System\gwQEAJJ.exe
  2⤵
  PID:9628
- C:\Windows\System\XsjXdhT.exe
  C:\Windows\System\XsjXdhT.exe
  2⤵
  PID:9744
- C:\Windows\System\QRQjKeB.exe
  C:\Windows\System\QRQjKeB.exe
  2⤵
  PID:9916
- C:\Windows\System\zQAUpwW.exe
  C:\Windows\System\zQAUpwW.exe
  2⤵
  PID:10128
- C:\Windows\System\ShakEnx.exe
  C:\Windows\System\ShakEnx.exe
  2⤵
  PID:9340
- C:\Windows\System\zehRzOn.exe
  C:\Windows\System\zehRzOn.exe
  2⤵
  PID:9220
- C:\Windows\System\kqiVwjc.exe
  C:\Windows\System\kqiVwjc.exe
  2⤵
  PID:9748
- C:\Windows\System\RxrtTlo.exe
  C:\Windows\System\RxrtTlo.exe
  2⤵
  PID:9256
- C:\Windows\System\uYegGdk.exe
  C:\Windows\System\uYegGdk.exe
  2⤵
  PID:9568
- C:\Windows\System\Oznqzpf.exe
  C:\Windows\System\Oznqzpf.exe
  2⤵
  PID:10248
- C:\Windows\System\gKPASkP.exe
  C:\Windows\System\gKPASkP.exe
  2⤵
  PID:10280
- C:\Windows\System\GMahAfG.exe
  C:\Windows\System\GMahAfG.exe
  2⤵
  PID:10316
- C:\Windows\System\CUVOEVX.exe
  C:\Windows\System\CUVOEVX.exe
  2⤵
  PID:10340
- C:\Windows\System\wtaniqQ.exe
  C:\Windows\System\wtaniqQ.exe
  2⤵
  PID:10356
- C:\Windows\System\ARyCIGU.exe
  C:\Windows\System\ARyCIGU.exe
  2⤵
  PID:10400
- C:\Windows\System\eSprKRo.exe
  C:\Windows\System\eSprKRo.exe
  2⤵
  PID:10424
- C:\Windows\System\gcFvQqH.exe
  C:\Windows\System\gcFvQqH.exe
  2⤵
  PID:10444
- C:\Windows\System\BtBUYbS.exe
  C:\Windows\System\BtBUYbS.exe
  2⤵
  PID:10468
- C:\Windows\System\RVryIdd.exe
  C:\Windows\System\RVryIdd.exe
  2⤵
  PID:10488
- C:\Windows\System\LWLmSDo.exe
  C:\Windows\System\LWLmSDo.exe
  2⤵
  PID:10516
- C:\Windows\System\mhXknyF.exe
  C:\Windows\System\mhXknyF.exe
  2⤵
  PID:10536
- C:\Windows\System\vXwMBZX.exe
  C:\Windows\System\vXwMBZX.exe
  2⤵
  PID:10564
- C:\Windows\System\PJKGkCe.exe
  C:\Windows\System\PJKGkCe.exe
  2⤵
  PID:10584
- C:\Windows\System\QumRJWV.exe
  C:\Windows\System\QumRJWV.exe
  2⤵
  PID:10600
- C:\Windows\System\JAdoKGr.exe
  C:\Windows\System\JAdoKGr.exe
  2⤵
  PID:10652
- C:\Windows\System\XtKMLvU.exe
  C:\Windows\System\XtKMLvU.exe
  2⤵
  PID:10676
- C:\Windows\System\yjgKtIB.exe
  C:\Windows\System\yjgKtIB.exe
  2⤵
  PID:10724
- C:\Windows\System\fmbWLhb.exe
  C:\Windows\System\fmbWLhb.exe
  2⤵
  PID:10748
- C:\Windows\System\VGJpRCC.exe
  C:\Windows\System\VGJpRCC.exe
  2⤵
  PID:10772
- C:\Windows\System\dFVbyBW.exe
  C:\Windows\System\dFVbyBW.exe
  2⤵
  PID:10792
- C:\Windows\System\ZNgkFwo.exe
  C:\Windows\System\ZNgkFwo.exe
  2⤵
  PID:10836
- C:\Windows\System\xpOncdV.exe
  C:\Windows\System\xpOncdV.exe
  2⤵
  PID:10864
- C:\Windows\System\jCRzYyo.exe
  C:\Windows\System\jCRzYyo.exe
  2⤵
  PID:10892
- C:\Windows\System\jEatKva.exe
  C:\Windows\System\jEatKva.exe
  2⤵
  PID:10920
- C:\Windows\System\GcRbsNG.exe
  C:\Windows\System\GcRbsNG.exe
  2⤵
  PID:10960
- C:\Windows\System\ZuHsYpX.exe
  C:\Windows\System\ZuHsYpX.exe
  2⤵
  PID:10984
- C:\Windows\System\HiMBwuz.exe
  C:\Windows\System\HiMBwuz.exe
  2⤵
  PID:11004
- C:\Windows\System\tcMvXpD.exe
  C:\Windows\System\tcMvXpD.exe
  2⤵
  PID:11048
- C:\Windows\System\CyWrYuJ.exe
  C:\Windows\System\CyWrYuJ.exe
  2⤵
  PID:11068
- C:\Windows\System\pRoDQcm.exe
  C:\Windows\System\pRoDQcm.exe
  2⤵
  PID:11084
- C:\Windows\System\ZAMVlio.exe
  C:\Windows\System\ZAMVlio.exe
  2⤵
  PID:11100
- C:\Windows\System\VBeUsXS.exe
  C:\Windows\System\VBeUsXS.exe
  2⤵
  PID:11120
- C:\Windows\System\BkiBgdY.exe
  C:\Windows\System\BkiBgdY.exe
  2⤵
  PID:11156
- C:\Windows\System\hxavdSV.exe
  C:\Windows\System\hxavdSV.exe
  2⤵
  PID:11184
- C:\Windows\System\YuRnvAD.exe
  C:\Windows\System\YuRnvAD.exe
  2⤵
  PID:11224
- C:\Windows\System\ZxlWByl.exe
  C:\Windows\System\ZxlWByl.exe
  2⤵
  PID:11256
- C:\Windows\System\tzipltR.exe
  C:\Windows\System\tzipltR.exe
  2⤵
  PID:9488
- C:\Windows\System\mfIajzE.exe
  C:\Windows\System\mfIajzE.exe
  2⤵
  PID:10276
- C:\Windows\System\WlDVCox.exe
  C:\Windows\System\WlDVCox.exe
  2⤵
  PID:10384
- C:\Windows\System\gtQwzBb.exe
  C:\Windows\System\gtQwzBb.exe
  2⤵
  PID:10440
- C:\Windows\System\EhtUfxd.exe
  C:\Windows\System\EhtUfxd.exe
  2⤵
  PID:10512
- C:\Windows\System\waZpFRP.exe
  C:\Windows\System\waZpFRP.exe
  2⤵
  PID:10572
- C:\Windows\System\Aijxllc.exe
  C:\Windows\System\Aijxllc.exe
  2⤵
  PID:10596
- C:\Windows\System\TQHnCaK.exe
  C:\Windows\System\TQHnCaK.exe
  2⤵
  PID:10716
- C:\Windows\System\TYJKCzZ.exe
  C:\Windows\System\TYJKCzZ.exe
  2⤵
  PID:10844
- C:\Windows\System\CJOBwId.exe
  C:\Windows\System\CJOBwId.exe
  2⤵
  PID:10856
- C:\Windows\System\RHIawjO.exe
  C:\Windows\System\RHIawjO.exe
  2⤵
  PID:10884
- C:\Windows\System\fuAZikk.exe
  C:\Windows\System\fuAZikk.exe
  2⤵
  PID:10996
- C:\Windows\System\nqfSSFf.exe
  C:\Windows\System\nqfSSFf.exe
  2⤵
  PID:11056
- C:\Windows\System\wnrmpQl.exe
  C:\Windows\System\wnrmpQl.exe
  2⤵
  PID:11064
- C:\Windows\System\KNdFrUR.exe
  C:\Windows\System\KNdFrUR.exe
  2⤵
  PID:11112
- C:\Windows\System\MzVwHvb.exe
  C:\Windows\System\MzVwHvb.exe
  2⤵
  PID:11168
- C:\Windows\System\Zdgfdcf.exe
  C:\Windows\System\Zdgfdcf.exe
  2⤵
  PID:9892
- C:\Windows\System\dGACfam.exe
  C:\Windows\System\dGACfam.exe
  2⤵
  PID:10464
- C:\Windows\System\VopvzkZ.exe
  C:\Windows\System\VopvzkZ.exe
  2⤵
  PID:10532
- C:\Windows\System\GpXpdFv.exe
  C:\Windows\System\GpXpdFv.exe
  2⤵
  PID:10576
- C:\Windows\System\XWJYaaW.exe
  C:\Windows\System\XWJYaaW.exe
  2⤵
  PID:10828
- C:\Windows\System\oqHMpXy.exe
  C:\Windows\System\oqHMpXy.exe
  2⤵
  PID:10192
- C:\Windows\System\mjWYOMi.exe
  C:\Windows\System\mjWYOMi.exe
  2⤵
  PID:10968
- C:\Windows\System\rqyoWqD.exe
  C:\Windows\System\rqyoWqD.exe
  2⤵
  PID:11080
- C:\Windows\System\QIVVMqD.exe
  C:\Windows\System\QIVVMqD.exe
  2⤵
  PID:10148
- C:\Windows\System\UGawAXz.exe
  C:\Windows\System\UGawAXz.exe
  2⤵
  PID:10764
- C:\Windows\System\JOKefsC.exe
  C:\Windows\System\JOKefsC.exe
  2⤵
  PID:10744
- C:\Windows\System\OUbpBxz.exe
  C:\Windows\System\OUbpBxz.exe
  2⤵
  PID:11280
- C:\Windows\System\nxJBOso.exe
  C:\Windows\System\nxJBOso.exe
  2⤵
  PID:11300
- C:\Windows\System\WXpALpJ.exe
  C:\Windows\System\WXpALpJ.exe
  2⤵
  PID:11332
- C:\Windows\System\CQVhKwj.exe
  C:\Windows\System\CQVhKwj.exe
  2⤵
  PID:11360
- C:\Windows\System\XXwDkTC.exe
  C:\Windows\System\XXwDkTC.exe
  2⤵
  PID:11380
- C:\Windows\System\AFjRoSA.exe
  C:\Windows\System\AFjRoSA.exe
  2⤵
  PID:11420
- C:\Windows\System\iXArnDZ.exe
  C:\Windows\System\iXArnDZ.exe
  2⤵
  PID:11444
- C:\Windows\System\vLWORyg.exe
  C:\Windows\System\vLWORyg.exe
  2⤵
  PID:11464
- C:\Windows\System\zELqQgB.exe
  C:\Windows\System\zELqQgB.exe
  2⤵
  PID:11488
- C:\Windows\System\ceEZsUa.exe
  C:\Windows\System\ceEZsUa.exe
  2⤵
  PID:11540
- C:\Windows\System\kuaPMSN.exe
  C:\Windows\System\kuaPMSN.exe
  2⤵
  PID:11556
- C:\Windows\System\qdvJmBT.exe
  C:\Windows\System\qdvJmBT.exe
  2⤵
  PID:11584
- C:\Windows\System\IAIqCsv.exe
  C:\Windows\System\IAIqCsv.exe
  2⤵
  PID:11608
- C:\Windows\System\hbxVOAW.exe
  C:\Windows\System\hbxVOAW.exe
  2⤵
  PID:11632
- C:\Windows\System\FXeGrDt.exe
  C:\Windows\System\FXeGrDt.exe
  2⤵
  PID:11672
- C:\Windows\System\eHqWxCh.exe
  C:\Windows\System\eHqWxCh.exe
  2⤵
  PID:11696
- C:\Windows\System\kozEqIY.exe
  C:\Windows\System\kozEqIY.exe
  2⤵
  PID:11728
- C:\Windows\System\WvyjWnH.exe
  C:\Windows\System\WvyjWnH.exe
  2⤵
  PID:11756
- C:\Windows\System\HYBgiOV.exe
  C:\Windows\System\HYBgiOV.exe
  2⤵
  PID:11780
- C:\Windows\System\EpzlgSt.exe
  C:\Windows\System\EpzlgSt.exe
  2⤵
  PID:11808
- C:\Windows\System\qBwPzTm.exe
  C:\Windows\System\qBwPzTm.exe
  2⤵
  PID:11848
- C:\Windows\System\EunTcAC.exe
  C:\Windows\System\EunTcAC.exe
  2⤵
  PID:11876
- C:\Windows\System\ptVxtoa.exe
  C:\Windows\System\ptVxtoa.exe
  2⤵
  PID:11904
- C:\Windows\System\CtaEBlx.exe
  C:\Windows\System\CtaEBlx.exe
  2⤵
  PID:11924
- C:\Windows\System\ubZhUXe.exe
  C:\Windows\System\ubZhUXe.exe
  2⤵
  PID:11956
- C:\Windows\System\vIuOLhJ.exe
  C:\Windows\System\vIuOLhJ.exe
  2⤵
  PID:12000
- C:\Windows\System\RdkSZen.exe
  C:\Windows\System\RdkSZen.exe
  2⤵
  PID:12024
- C:\Windows\System\BLNdiQe.exe
  C:\Windows\System\BLNdiQe.exe
  2⤵
  PID:12060
- C:\Windows\System\JwrvyGK.exe
  C:\Windows\System\JwrvyGK.exe
  2⤵
  PID:12080
- C:\Windows\System\vZrFWwF.exe
  C:\Windows\System\vZrFWwF.exe
  2⤵
  PID:12104
- C:\Windows\System\GoepPtN.exe
  C:\Windows\System\GoepPtN.exe
  2⤵
  PID:12120
- C:\Windows\System\QKawjTF.exe
  C:\Windows\System\QKawjTF.exe
  2⤵
  PID:12164
- C:\Windows\System\DpHbGnz.exe
  C:\Windows\System\DpHbGnz.exe
  2⤵
  PID:12200
- C:\Windows\System\AXHLIuR.exe
  C:\Windows\System\AXHLIuR.exe
  2⤵
  PID:12224
- C:\Windows\System\HuNaXEZ.exe
  C:\Windows\System\HuNaXEZ.exe
  2⤵
  PID:12244
- C:\Windows\System\koYFzWf.exe
  C:\Windows\System\koYFzWf.exe
  2⤵
  PID:12260
- C:\Windows\System\jxfpuHh.exe
  C:\Windows\System\jxfpuHh.exe
  2⤵
  PID:12280
- C:\Windows\System\YTlEEiw.exe
  C:\Windows\System\YTlEEiw.exe
  2⤵
  PID:11000
- C:\Windows\System\kIMGkVn.exe
  C:\Windows\System\kIMGkVn.exe
  2⤵
  PID:11320
- C:\Windows\System\Sidjeck.exe
  C:\Windows\System\Sidjeck.exe
  2⤵
  PID:11436
- C:\Windows\System\DJVwlQb.exe
  C:\Windows\System\DJVwlQb.exe
  2⤵
  PID:11516
- C:\Windows\System\NhWGCHo.exe
  C:\Windows\System\NhWGCHo.exe
  2⤵
  PID:11592
- C:\Windows\System\tmiHYuj.exe
  C:\Windows\System\tmiHYuj.exe
  2⤵
  PID:11624
- C:\Windows\System\bGUFEcY.exe
  C:\Windows\System\bGUFEcY.exe
  2⤵
  PID:11688
- C:\Windows\System\wCrOXXq.exe
  C:\Windows\System\wCrOXXq.exe
  2⤵
  PID:11720
- C:\Windows\System\hfrvRYZ.exe
  C:\Windows\System\hfrvRYZ.exe
  2⤵
  PID:11772
- C:\Windows\System\ogpYgHd.exe
  C:\Windows\System\ogpYgHd.exe
  2⤵
  PID:11860
- C:\Windows\System\JvetvsI.exe
  C:\Windows\System\JvetvsI.exe
  2⤵
  PID:11892
- C:\Windows\System\WRGpoqy.exe
  C:\Windows\System\WRGpoqy.exe
  2⤵
  PID:11944
- C:\Windows\System\DqnLsfJ.exe
  C:\Windows\System\DqnLsfJ.exe
  2⤵
  PID:332
- C:\Windows\System\JdJTPZE.exe
  C:\Windows\System\JdJTPZE.exe
  2⤵
  PID:12048
- C:\Windows\System\CBTzUXM.exe
  C:\Windows\System\CBTzUXM.exe
  2⤵
  PID:12140
- C:\Windows\System\fygwPgo.exe
  C:\Windows\System\fygwPgo.exe
  2⤵
  PID:12192
- C:\Windows\System\CREOTQs.exe
  C:\Windows\System\CREOTQs.exe
  2⤵
  PID:11576
- C:\Windows\System\sasQIOR.exe
  C:\Windows\System\sasQIOR.exe
  2⤵
  PID:11548
- C:\Windows\System\GiKzfnb.exe
  C:\Windows\System\GiKzfnb.exe
  2⤵
  PID:11664
- C:\Windows\System\etVzNPw.exe
  C:\Windows\System\etVzNPw.exe
  2⤵
  PID:11748
- C:\Windows\System\apqWntT.exe
  C:\Windows\System\apqWntT.exe
  2⤵
  PID:11844
- C:\Windows\System\EiCjrOR.exe
  C:\Windows\System\EiCjrOR.exe
  2⤵
  PID:11988
- C:\Windows\System\KsYwIjc.exe
  C:\Windows\System\KsYwIjc.exe
  2⤵
  PID:12136
- C:\Windows\System\rmflbRN.exe
  C:\Windows\System\rmflbRN.exe
  2⤵
  PID:11396
- C:\Windows\System\WOuigrb.exe
  C:\Windows\System\WOuigrb.exe
  2⤵
  PID:4884
- C:\Windows\System\aTYgIPu.exe
  C:\Windows\System\aTYgIPu.exe
  2⤵
  PID:11708
- C:\Windows\System\ooHvOnm.exe
  C:\Windows\System\ooHvOnm.exe
  2⤵
  PID:11920
- C:\Windows\System\cciIaqX.exe
  C:\Windows\System\cciIaqX.exe
  2⤵
  PID:12116
- C:\Windows\System\RAMDvbk.exe
  C:\Windows\System\RAMDvbk.exe
  2⤵
  PID:820
- C:\Windows\System\QCligHK.exe
  C:\Windows\System\QCligHK.exe
  2⤵
  PID:11840
- C:\Windows\System\jYUZFBj.exe
  C:\Windows\System\jYUZFBj.exe
  2⤵
  PID:12292
- C:\Windows\System\nSmFMfY.exe
  C:\Windows\System\nSmFMfY.exe
  2⤵
  PID:12328
- C:\Windows\System\pAjRTIN.exe
  C:\Windows\System\pAjRTIN.exe
  2⤵
  PID:12352
- C:\Windows\System\wEVUXWC.exe
  C:\Windows\System\wEVUXWC.exe
  2⤵
  PID:12396
- C:\Windows\System\OHxzUFQ.exe
  C:\Windows\System\OHxzUFQ.exe
  2⤵
  PID:12412
- C:\Windows\System\DijcjKh.exe
  C:\Windows\System\DijcjKh.exe
  2⤵
  PID:12456
- C:\Windows\System\HRcmeCm.exe
  C:\Windows\System\HRcmeCm.exe
  2⤵
  PID:12492
- C:\Windows\System\abBZIss.exe
  C:\Windows\System\abBZIss.exe
  2⤵
  PID:12508
- C:\Windows\System\zpFWpAN.exe
  C:\Windows\System\zpFWpAN.exe
  2⤵
  PID:12528
- C:\Windows\System\JSWXgDm.exe
  C:\Windows\System\JSWXgDm.exe
  2⤵
  PID:12552
- C:\Windows\System\IFXHcbr.exe
  C:\Windows\System\IFXHcbr.exe
  2⤵
  PID:12576
- C:\Windows\System\MzwDaNd.exe
  C:\Windows\System\MzwDaNd.exe
  2⤵
  PID:12600
- C:\Windows\System\lvbvpFS.exe
  C:\Windows\System\lvbvpFS.exe
  2⤵
  PID:12620
- C:\Windows\System\aTxoEyQ.exe
  C:\Windows\System\aTxoEyQ.exe
  2⤵
  PID:12648
- C:\Windows\System\lYCFFOw.exe
  C:\Windows\System\lYCFFOw.exe
  2⤵
  PID:12664
- C:\Windows\System\yMfYoDC.exe
  C:\Windows\System\yMfYoDC.exe
  2⤵
  PID:12700
- C:\Windows\System\dadwWmR.exe
  C:\Windows\System\dadwWmR.exe
  2⤵
  PID:12744
- C:\Windows\System\jenGyMl.exe
  C:\Windows\System\jenGyMl.exe
  2⤵
  PID:12764
- C:\Windows\System\gCchetJ.exe
  C:\Windows\System\gCchetJ.exe
  2⤵
  PID:12804
- C:\Windows\System\PMWufhn.exe
  C:\Windows\System\PMWufhn.exe
  2⤵
  PID:12824
- C:\Windows\System\oRPfMCt.exe
  C:\Windows\System\oRPfMCt.exe
  2⤵
  PID:12892
- C:\Windows\System\jRWhpXP.exe
  C:\Windows\System\jRWhpXP.exe
  2⤵
  PID:12916
- C:\Windows\System\gFggXbH.exe
  C:\Windows\System\gFggXbH.exe
  2⤵
  PID:12932
- C:\Windows\System\tliZcaR.exe
  C:\Windows\System\tliZcaR.exe
  2⤵
  PID:12968
- C:\Windows\System\RYlxzbX.exe
  C:\Windows\System\RYlxzbX.exe
  2⤵
  PID:12984
- C:\Windows\System\FNKZMOf.exe
  C:\Windows\System\FNKZMOf.exe
  2⤵
  PID:13028
- C:\Windows\System\utAcLzd.exe
  C:\Windows\System\utAcLzd.exe
  2⤵
  PID:13044
- C:\Windows\System\oqruJEN.exe
  C:\Windows\System\oqruJEN.exe
  2⤵
  PID:13064
- C:\Windows\System\OheiLAR.exe
  C:\Windows\System\OheiLAR.exe
  2⤵
  PID:13092
- C:\Windows\System\wYsiXkm.exe
  C:\Windows\System\wYsiXkm.exe
  2⤵
  PID:13116
- C:\Windows\System\LHUGmPE.exe
  C:\Windows\System\LHUGmPE.exe
  2⤵
  PID:13132
- C:\Windows\System\XIxzuKw.exe
  C:\Windows\System\XIxzuKw.exe
  2⤵
  PID:13156
- C:\Windows\System\TqmSrBs.exe
  C:\Windows\System\TqmSrBs.exe
  2⤵
  PID:13192
- C:\Windows\System\wXVCBff.exe
  C:\Windows\System\wXVCBff.exe
  2⤵
  PID:13264
- C:\Windows\System\YOqLoAz.exe
  C:\Windows\System\YOqLoAz.exe
  2⤵
  PID:4092
- C:\Windows\System\csfjcJO.exe
  C:\Windows\System\csfjcJO.exe
  2⤵
  PID:10732
- C:\Windows\System\fBkPTyy.exe
  C:\Windows\System\fBkPTyy.exe
  2⤵
  PID:12336
- C:\Windows\System\bxhNqhb.exe
  C:\Windows\System\bxhNqhb.exe
  2⤵
  PID:12452
- C:\Windows\System\NHvGPwR.exe
  C:\Windows\System\NHvGPwR.exe
  2⤵
  PID:12524
- C:\Windows\System\SUfOUOK.exe
  C:\Windows\System\SUfOUOK.exe
  2⤵
  PID:12596
- C:\Windows\System\LmwOmVl.exe
  C:\Windows\System\LmwOmVl.exe
  2⤵
  PID:12608
- C:\Windows\System\VICzunM.exe
  C:\Windows\System\VICzunM.exe
  2⤵
  PID:12684
- C:\Windows\System\hGMPhtX.exe
  C:\Windows\System\hGMPhtX.exe
  2⤵
  PID:12716
- C:\Windows\System\UGjIUUu.exe
  C:\Windows\System\UGjIUUu.exe
  2⤵
  PID:12812
- C:\Windows\System\RvujoYc.exe
  C:\Windows\System\RvujoYc.exe
  2⤵
  PID:12868
- C:\Windows\System\DnyFiQM.exe
  C:\Windows\System\DnyFiQM.exe
  2⤵
  PID:12980
- C:\Windows\System\msBzgXF.exe
  C:\Windows\System\msBzgXF.exe
  2⤵
  PID:13056
- C:\Windows\System\BzcPwVr.exe
  C:\Windows\System\BzcPwVr.exe
  2⤵
  PID:3004
- C:\Windows\System\TYQpUig.exe
  C:\Windows\System\TYQpUig.exe
  2⤵
  PID:13204
- C:\Windows\System\WNgqcpV.exe
  C:\Windows\System\WNgqcpV.exe
  2⤵
  PID:13164
- C:\Windows\System\FozkxSm.exe
  C:\Windows\System\FozkxSm.exe
  2⤵
  PID:13276
- C:\Windows\System\pxCtRTN.exe
  C:\Windows\System\pxCtRTN.exe
  2⤵
  PID:13300
- C:\Windows\System\eYnppkt.exe
  C:\Windows\System\eYnppkt.exe
  2⤵
  PID:12172
- C:\Windows\System\HhpyQCN.exe
  C:\Windows\System\HhpyQCN.exe
  2⤵
  PID:12484
- C:\Windows\System\YltzqLq.exe
  C:\Windows\System\YltzqLq.exe
  2⤵
  PID:12792
- C:\Windows\System\obCAbAu.exe
  C:\Windows\System\obCAbAu.exe
  2⤵
  PID:12796
- C:\Windows\System\NgeAZaX.exe
  C:\Windows\System\NgeAZaX.exe
  2⤵
  PID:12876
- C:\Windows\System\rktzBfS.exe
  C:\Windows\System\rktzBfS.exe
  2⤵
  PID:12940
- C:\Windows\System\eSFrfpr.exe
  C:\Windows\System\eSFrfpr.exe
  2⤵
  PID:13148
- C:\Windows\System\hCELEoS.exe
  C:\Windows\System\hCELEoS.exe
  2⤵
  PID:3196
- C:\Windows\System\DcpOOJK.exe
  C:\Windows\System\DcpOOJK.exe
  2⤵
  PID:12516
- C:\Windows\System\jLEPzoM.exe
  C:\Windows\System\jLEPzoM.exe
  2⤵
  PID:12900
- C:\Windows\System\clsoKxL.exe
  C:\Windows\System\clsoKxL.exe
  2⤵
  PID:13244
- C:\Windows\System\LzZaWsy.exe
  C:\Windows\System\LzZaWsy.exe
  2⤵
  PID:1384
- C:\Windows\System\aadxXWg.exe
  C:\Windows\System\aadxXWg.exe
  2⤵
  PID:12616
- C:\Windows\System\uZFyiLn.exe
  C:\Windows\System\uZFyiLn.exe
  2⤵
  PID:13316
- C:\Windows\System\cjywmKz.exe
  C:\Windows\System\cjywmKz.exe
  2⤵
  PID:13344
- C:\Windows\System\DHpJruI.exe
  C:\Windows\System\DHpJruI.exe
  2⤵
  PID:13372
- C:\Windows\System\wcPagDv.exe
  C:\Windows\System\wcPagDv.exe
  2⤵
  PID:13392
- C:\Windows\System\knnzqNq.exe
  C:\Windows\System\knnzqNq.exe
  2⤵
  PID:13416
- C:\Windows\System\dtWKSTN.exe
  C:\Windows\System\dtWKSTN.exe
  2⤵
  PID:13432
- C:\Windows\System\SdBKBSG.exe
  C:\Windows\System\SdBKBSG.exe
  2⤵
  PID:13468
- C:\Windows\System\uIenjhE.exe
  C:\Windows\System\uIenjhE.exe
  2⤵
  PID:13496
- C:\Windows\System\WsklnAb.exe
  C:\Windows\System\WsklnAb.exe
  2⤵
  PID:13516
- C:\Windows\System\JxXCBvB.exe
  C:\Windows\System\JxXCBvB.exe
  2⤵
  PID:13568
- C:\Windows\System\gLZhHgi.exe
  C:\Windows\System\gLZhHgi.exe
  2⤵
  PID:13588
- C:\Windows\System\ZgAhnrO.exe
  C:\Windows\System\ZgAhnrO.exe
  2⤵
  PID:13616
- C:\Windows\System\ZgbkGFx.exe
  C:\Windows\System\ZgbkGFx.exe
  2⤵
  PID:13644
- C:\Windows\System\gWxhxlj.exe
  C:\Windows\System\gWxhxlj.exe
  2⤵
  PID:13672
- C:\Windows\System\UdjPPKm.exe
  C:\Windows\System\UdjPPKm.exe
  2⤵
  PID:13692
- C:\Windows\System\zPpYwsJ.exe
  C:\Windows\System\zPpYwsJ.exe
  2⤵
  PID:13712
- C:\Windows\System\EszLqQf.exe
  C:\Windows\System\EszLqQf.exe
  2⤵
  PID:13732
- C:\Windows\System\RZVboLh.exe
  C:\Windows\System\RZVboLh.exe
  2⤵
  PID:13752
- C:\Windows\System\WjxEMid.exe
  C:\Windows\System\WjxEMid.exe
  2⤵
  PID:13816
- C:\Windows\System\DKxdlHP.exe
  C:\Windows\System\DKxdlHP.exe
  2⤵
  PID:13852
- C:\Windows\System\CtGeCVV.exe
  C:\Windows\System\CtGeCVV.exe
  2⤵
  PID:13876
- C:\Windows\System\EHTQxtf.exe
  C:\Windows\System\EHTQxtf.exe
  2⤵
  PID:13896
- C:\Windows\System\BPoLwup.exe
  C:\Windows\System\BPoLwup.exe
  2⤵
  PID:13924
- C:\Windows\System\CPXxIbE.exe
  C:\Windows\System\CPXxIbE.exe
  2⤵
  PID:13952
- C:\Windows\System\JLKUfuf.exe
  C:\Windows\System\JLKUfuf.exe
  2⤵
  PID:13976
- C:\Windows\System\OnDjErm.exe
  C:\Windows\System\OnDjErm.exe
  2⤵
  PID:14036
- C:\Windows\System\UnvUfLZ.exe
  C:\Windows\System\UnvUfLZ.exe
  2⤵
  PID:14056
- C:\Windows\System\RqBfcgI.exe
  C:\Windows\System\RqBfcgI.exe
  2⤵
  PID:14072
- C:\Windows\System\izLRjLx.exe
  C:\Windows\System\izLRjLx.exe
  2⤵
  PID:14096
- C:\Windows\System\dYGsWXq.exe
  C:\Windows\System\dYGsWXq.exe
  2⤵
  PID:14124
- C:\Windows\System\QrBywGh.exe
  C:\Windows\System\QrBywGh.exe
  2⤵
  PID:14152
- C:\Windows\System\GKTIbRV.exe
  C:\Windows\System\GKTIbRV.exe
  2⤵
  PID:14172
- C:\Windows\System\MVoZhqw.exe
  C:\Windows\System\MVoZhqw.exe
  2⤵
  PID:14204
- C:\Windows\System\GzKbyrU.exe
  C:\Windows\System\GzKbyrU.exe
  2⤵
  PID:14224
- C:\Windows\System\uPocUSa.exe
  C:\Windows\System\uPocUSa.exe
  2⤵
  PID:14256
- C:\Windows\System\fQHFGUy.exe
  C:\Windows\System\fQHFGUy.exe
  2⤵
  PID:14276
- C:\Windows\System\NrsdnrE.exe
  C:\Windows\System\NrsdnrE.exe
  2⤵
  PID:14296
- C:\Windows\System\epJVVVV.exe
  C:\Windows\System\epJVVVV.exe
  2⤵
  PID:14328
- C:\Windows\System\LmuQqNf.exe
  C:\Windows\System\LmuQqNf.exe
  2⤵
  PID:13356
- C:\Windows\System\xwuooSG.exe
  C:\Windows\System\xwuooSG.exe
  2⤵
  PID:13448
- C:\Windows\System\pjDHHSw.exe
  C:\Windows\System\pjDHHSw.exe
  2⤵
  PID:13532
- C:\Windows\System\HIrkYwR.exe
  C:\Windows\System\HIrkYwR.exe
  2⤵
  PID:13584
- C:\Windows\System\xqXHgZn.exe
  C:\Windows\System\xqXHgZn.exe
  2⤵
  PID:13600
- C:\Windows\System\QNmyfov.exe
  C:\Windows\System\QNmyfov.exe
  2⤵
  PID:12884
- C:\Windows\System\pplZUcn.exe
  C:\Windows\System\pplZUcn.exe
  2⤵
  PID:13724

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 3912 -i 3912 -h 460 -j 468 -s 472 -d 14048
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:13512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CUDieDo.exe

Filesize
1.6MB

MD5
6f831f7afaea80b450ed0bc91ac9fcf5

SHA1
89c15d334fb648964abc98a4853c3a4368a325b8

SHA256
691496c09743686054b832ef55e5d354d4cf30bc45054e6856b5c61712fd4e7b

SHA512
42a76b6e05c1a8b683dda496ea1d4a5e8c2eacbaf816b9d18e2dc5d10c2e66a8762ed40a41387d818d36866a704b3c5d51f0f5c74e93028ab1d4b6e46d098938

Download Submit
C:\Windows\System\DpcDnHr.exe

Filesize
1.6MB

MD5
0ee6df87fb41379485c467a03daf8675

SHA1
97d4cae9c09daf094df1cc7dee806e8811c522f1

SHA256
f59074d9f2bbff1c3367a6368dfc8e57f76fde8fcc27e46899146d76475117d7

SHA512
9859b98970824149b61ab560682da06f5219da07b3c094e27b6aaa6534aebfeceec06a8d80636bd9d06cb58f6e7ce4d12f3076c02f1f2631ebfa1042c84c2063

Download Submit
C:\Windows\System\FnbZxUx.exe

Filesize
1.6MB

MD5
a6b5785b91f69ba9855e002103b79ca2

SHA1
bddbec0064a3d226ca88fc157fbc5939f60e9987

SHA256
9aae38f34e2950f66e8a1d0c584f65c6b45036d4afcd3a74e9e07e8783a7c420

SHA512
66658bb15273f82d13bdf2caa39d6639b9044cf694e3b9d79c3a646359c367dc8c7bdc76603484329bbb1384f4afa104768c1f7cfca89239d4f70ae4e4335975

Download Submit
C:\Windows\System\MtUamqO.exe

Filesize
1.6MB

MD5
d5ac6648f8cf8953a267eef1c0576a80

SHA1
e96b5bed7190d09314a3723970bc6353327ecf63

SHA256
b1e01f5a7bff4002537c608b34ac0f411f96dbde0fbbb91c78a9b9c921d2f9a5

SHA512
7f262eefdc0a00cee0f265d0352ec2ba703583c096cef64cf7ca9aaa6f72ca406eedc27b9cc97770f120671e635eac7deb0fc1e7241959122ac0389934ffedd2

Download Submit
C:\Windows\System\PHAAhfS.exe

Filesize
1.6MB

MD5
324e481660d474ed4f8e9a50e0a4f11c

SHA1
a619a668c04cc6ab3878c53d453870f128ac2ae6

SHA256
b8fb575ccc9c17e0a1d4dce2274d222646ceab8319612d627830df78784b8547

SHA512
ab9f2ee6dadfa537c63183d5007fd7930dff8b29a5fb4abbd3ea6807e8cfaeb4fde6870a75dc60cb2c7e250a048e8482000bb7942c40ab27a98d117a536ac161

Download Submit
C:\Windows\System\PXKdjYr.exe

Filesize
1.6MB

MD5
55e662fb6fd5d8cf2765a5c5afd2a32e

SHA1
6597fcd5df1dee575e089c26ac32ea3ad8e02e09

SHA256
53ac08ae4f43f8c52f69dfcde32e023a57791f6525bfad0048db2bb00dee2641

SHA512
7612baf383b64e6d012a3287e3badadc99873f926e7558bc15e7a32e5568fcf555ab130fcfadd6dcb7336f2656d4d048d0d6b79775011fb879225d1167c716c8

Download Submit
C:\Windows\System\QWRRpRw.exe

Filesize
1.6MB

MD5
cfcd8cb4bc403bb30b2f8390a80954e3

SHA1
0137294a352462bc51af14563ac9330d2824a4d2

SHA256
de39faffe66a393368ba923db66a1aacc2d4107ef0954283a980f4218553b6bf

SHA512
5f37e4077e93f8fd4f877c2055297289c0bbb346ad99a79cac121651630a19e31c393db498e9cd20718e18ac8f6a40c9b2570020a03bb5b3a750cc2edb0bff7f

Download Submit
C:\Windows\System\RojqHuD.exe

Filesize
1.6MB

MD5
2f943711aaf1e2cb3c86e9862fd0183e

SHA1
9b7dc328c03cb11c9fade61609caa7d31016f160

SHA256
e02bdf0dba8c386631091c715409de9d3f04d5f01a8c625a6d65c6148ff120ad

SHA512
0ded038e209acc86140f295dd9a63ebf43d8051182c9654684ba0a7d288735c792919db35c2da788f0c7aca99799f8c4d3bdc0e7665a57fd98b3a4d5d31eaa85

Download Submit
C:\Windows\System\ScosdWC.exe

Filesize
1.6MB

MD5
ac888c0d8b79d7798df2b77d04f99950

SHA1
28b693669cfe5b4511ac9b9ca9962bcbdf101734

SHA256
f2f61327d89668f5637bef98fdc05bd617ca3c0ad7cf64fac9ea8a3457191102

SHA512
127e3e14db4c7a62ae4237347852968c1768c8a50d4b4839b445fd2927a96fa440924ac862973ead37e756c77ef1e8dcd01f7bd11c8c4a7c6cd063a3f0279411

Download Submit
C:\Windows\System\SlTMNBo.exe

Filesize
1.6MB

MD5
6e3a2ccaf2509cf3ab612de7036621f8

SHA1
0a9c9701409c42c4cb37cad116abf29557b13ea2

SHA256
e835f1c4915e55bdb1bea28a860489a23ef427c44777ab0d8bc0eff108f6d706

SHA512
8a27e01647fe16c6ce33d9798d89684e638598acdb85cd977438f0d4a540d52c7614909f06c6f0af0a6a281519026a7465ee1d93b5cded57b9c8f27e4d9253e4

Download Submit
C:\Windows\System\TJCmNGO.exe

Filesize
1.6MB

MD5
a9cce97ffa172694b64ce220dc9a9095

SHA1
19598a3fb2625243aee63d5b37095d9a194f9084

SHA256
8ba23299796dee577dc371fe9cf09422ab1902282adb02312b8994b930a0e59f

SHA512
7dab6573f3b2b9126953bbe61069f7e71e9e7594b275d638c1bde94d825d564f417dc78ac0a5ca6b35a1678e118f3df1aa739d71fdb0a573517e17bbfbc5038c

Download Submit
C:\Windows\System\TWcBNxV.exe

Filesize
1.6MB

MD5
c29d7a56f1af6a2cf05d20ac85bfb6f3

SHA1
9b3f4483d2412e078c8a0fb4e6d7a435aa05e36e

SHA256
7c2aa994f3d7e13199223daead270114012f689ec7d41d4649688f7500d510b4

SHA512
33b29bd0f95ed1e631e673eb849d5e7760a610fe100eb5ba6c3c6ad5bb64d41bed890c2fe4a16483ee247eebdc44fccb5e54953eeb692bbe969477eb2c460b33

Download Submit
C:\Windows\System\VKAGbww.exe

Filesize
1.6MB

MD5
adf7e7c1a0f1664c27fd4eae0a76b671

SHA1
d6783119e61abeeb711817494bd6e9772099b5a6

SHA256
78d24169c06b3ccb755f2b697eaa2844f1e3495f8e623659edd41c479894ce65

SHA512
fe422887685f387bc5d60923f5f3e7d42309f6b2c0294d57a4f1f3867a9ec5b0dcb32dc605e329d529527a480a3168ac1206e6997015634d3ff7565089790d2a

Download Submit
C:\Windows\System\XvaXxut.exe

Filesize
1.6MB

MD5
5a717a65df53899c9a5fa110bf11ceba

SHA1
95be39d73cb032d1562f6f52207dd324904792e8

SHA256
92df827ad98369efa87661a3bd92232918e7b7b141d98c209e605e9e7050311a

SHA512
1756209dd9f8ad8a8b65d5134c7bce9b7146b030dd5898e10e77bc8f7a17947a73de0cf3ed3cf1d14c7b61fea22f966357ff271ec335517adddf12e0f04b4ecb

Download Submit
C:\Windows\System\YczlALT.exe

Filesize
1.6MB

MD5
6e0de8b826f2195203fc5b20daad8b3f

SHA1
0b70900d8dd09040f78eda9302a389ed24fc4dd1

SHA256
c4e64df048efe21239ae075d6ed21e84c6cb067468c8af5335d2ed7b31e1fca0

SHA512
0e9dc0f0a07e02a92ecff995e476e3525049829d1f31861c9a1b7856df85b87d40358e4f05edcfd91d7c10651e7b9f9cc3f40b146f61320f060f3c771640e6d4

Download Submit
C:\Windows\System\YiRtOWP.exe

Filesize
1.6MB

MD5
732588d078ecbe34364c94e0f3dd8c09

SHA1
3a15dd9fe68ce416eedb0d55dc1e88bac5fde59e

SHA256
fe82a45adfd49d3cb059277494bd0f28787aafe265e074ee289335c5e886c91d

SHA512
93516cae0844d1ec4024504b9e932d5ebe48b698988d1c6de394d64a91d65cfb7adc1463f51c265d474000f38c748971cfc5edc3c18a0804b587a52296477382

Download Submit
C:\Windows\System\ZsuZEhp.exe

Filesize
1.6MB

MD5
ada3f842d620d5d6d1a56317fa519ffc

SHA1
b411578480d565cc012830c83b20bf40902c7e38

SHA256
5d2a5146582f074388cde50b2924a4eadae93ce964d3dde1534b4e61561b14a7

SHA512
c667b98c93bff1deae99894d591f9bc86cd482ec4af8ebdaebd5ed4fd25d6e92de2d8173fc976414306e46018065c536fe87ad25454f8819361597295645e3e6

Download Submit
C:\Windows\System\aQCoTLl.exe

Filesize
1.6MB

MD5
815a4144c10393070119b65e5bbcc74e

SHA1
9bc07ff1d29b18e4ebbc6ea941c47948b1d511bf

SHA256
98aa7d4d166c81375dd9e5146ed49ca82bdcf206a1ff272c620aa4ead4fba6da

SHA512
ef0fefed6ae2e966e56c55f31ee575a91e59d6fae8abf3b1de82d393c9184a31eb3fbf212fdd73f71e37445bf16b59ec4fcddba8fef7ad084ab60d27c6019149

Download Submit
C:\Windows\System\epnwDdD.exe

Filesize
1.6MB

MD5
1852fbd45e3d385b42d27046a9773b0b

SHA1
7640908db19d983d8e9c9230f142037114bf2e92

SHA256
6a85973080914bfcf851fce194ef811f62f659aa51b9a0b0b13283bb021e4984

SHA512
a8fe970decd56e464d7509073c38cd84c607d1abff36d8c4142681a4e631de90cd640e16bda7a2e8224c0a37729fd6023821488763ac37d4a22c97e8021ab7b9

Download Submit
C:\Windows\System\hPmPGUf.exe

Filesize
1.6MB

MD5
d8af0eedbce397edcfb868747b19e0b8

SHA1
ac7254c079705535758cc775b7974c795c8fc922

SHA256
e2760fb99ac01aa8e6b098e11de2604be372103f46f4c440833dbb6fdd233002

SHA512
add4fbfef2c2ecfa3cc888a1239c6816cda1e88bf0f6a3192d998e2af298596aa8ec04d44afbf4941a28d9c6ec27a0ac06488e35b218e6b439370b8f4095c912

Download Submit
C:\Windows\System\iFGGbfZ.exe

Filesize
1.6MB

MD5
35a596181b357762c982f2c0191522d5

SHA1
3ea136adcfb478f5bbc03ee35fb6df0fd2a395c3

SHA256
0e3b919c7ecc1e89fe7f7f815ed4554981079a32a3768782d60d0d27d7092709

SHA512
c4c16b261df0d57fadc48523be71bb59740682a3a38f6fb533726775f33321d7c890630ea75318e19ba301999fa1682561450aa83de099d2c7bfcbc988152de3

Download Submit
C:\Windows\System\jRAscMy.exe

Filesize
1.6MB

MD5
c02516401f83b3f2807416fb75ea29ca

SHA1
4eb578c1b6cbdca38561665670b5875d0a0f237e

SHA256
9d05ffb988647edb41a55cdb4abf441d879f50ec66c49f5c4de27b21c6a896ed

SHA512
1e4ae903121a011729e56aaba2fd791e3ad6b831364da67785aac13d39751f9c7af49c9e5e216aad80d64fb077ea95602d8e4c9dc4d993c9de900701ef41e88b

Download Submit
C:\Windows\System\lYcamUR.exe

Filesize
1.6MB

MD5
17f38d9f8061f36aad1510bab6d2cbc5

SHA1
81a95d428d3fdffbcf0f48c3732a3742dfcfa8e6

SHA256
46feafb944df26f24a839e860d04b1a04ac8ca2e4ea290f06f19085032aef9ed

SHA512
16b282caefbc61bf555dc29bb987c233b47c9b6f5a24e1992ab0d26e7ac6fbbde9254a5ad2704479e90380bd08b5eb44751a9c45405d8120e34600c4e5196141

Download Submit
C:\Windows\System\lZaJmGB.exe

Filesize
1.6MB

MD5
bf276873f27828f68abe3d8a145763d4

SHA1
92fd65227e40d97c2145e3ecfd51e24ef2c58467

SHA256
ee3b4a1b68670c1cdb55f70c0f91d5686802206d551430d07d6ce74aae6e83d6

SHA512
bc3d3fe93c1c843cbf5b241e8dae64506e9ea1c3fac0778f549296b643a3f22edcbd02842a45f77a4393f427ee7741a5f35dcc60d934bf3be774c671009596aa

Download Submit
C:\Windows\System\nicmaDL.exe

Filesize
1.6MB

MD5
20c7d57cc14b0aa1aee84c1189366f90

SHA1
af0be96f447b15280ed303a24b5d5f9cd101d416

SHA256
47e8b51477379563380fc05bdbbb1581f0756db21992074df0d695a6e4534311

SHA512
4d3a005c7e90f009076b837861da3314f0d078baceb3a4ac7394e470768c8c227d5b4037dd99dac499fee6e9daec31ccbc65403f39ad2c5e1ef91eaf8fdb93ae

Download Submit
C:\Windows\System\nuxxZsy.exe

Filesize
1.6MB

MD5
70d55cac442aa669e2601dfc5137c8be

SHA1
dbe899194e2e28103c7524b310e75d337ca70a14

SHA256
8f28533f65dda71c24e9ae00134050c1e2909e95b6e735f47095cd4bfc935f5b

SHA512
621fe819edbf94c2cc95912c0d4ac90864065cb7d6eee9e7899be2799fcfab835428957350ab60d4b5a97cbbd592cd81651ee19f2b86f38a7f527b7ff04351ce

Download Submit
C:\Windows\System\oiLwBfg.exe

Filesize
1.6MB

MD5
816541315533fedd25a669c59dc0a0ff

SHA1
681d6cbd35c0bcac8d34d4221f0a5de97acc502b

SHA256
fd55ef26d74eb3bec2262c60b3d2728247cfbdd1c84c233078d27fba5befe36b

SHA512
c13a145c979e2f882b6836345d7bb47920d2debd213b5be136ad70c540f040e82e05be38ad08110be8fdecdd01ef7ba9da52c06bd0be33911abb1789fd0f231c

Download Submit
C:\Windows\System\rTymYBq.exe

Filesize
1.6MB

MD5
ad3ad1f94ae6e8a5ae52c48f821f76d2

SHA1
aa7b210cd104b96bc9b8f2765ec2f48921305a39

SHA256
0bd68879c432fed86a8ca85a74ddc450ab3fad87ab880cbfedab454dd1783ecf

SHA512
057e8225ebe90feca31e2b26e66c62a44fd62779231aa8480b9581d15fac7722da0db3574308bd0bb41753285462fc2f44bd896b48ca50fbca9981ec81083665

Download Submit
C:\Windows\System\rjxRYwm.exe

Filesize
1.6MB

MD5
d5cda93be8c1148ec0f9d005b6c9b51a

SHA1
5c98db2409ab99d55bdf2a2de00e36fd2fca50fe

SHA256
a47075743e697b553f936bd7a5904c6c8e12996f3f4884809be1caf29c587fd7

SHA512
5c560419526c5424a08c1fa6d8fe1f100a5a989bac926aa990b7aef090e69ef04786aa083ea39187f46add8426639e46c7e2c32d359311e3f0707fbd60b36174

Download Submit
C:\Windows\System\uQEYHrT.exe

Filesize
1.6MB

MD5
4a42e8cadbcaedd24b5222e48f8d11f2

SHA1
1cf2beec7f18724285b00586c5cd7527fc5fc202

SHA256
3a1253ea890ed5b3b06420c3184bd57789ce93e26617d72d323607e311ea03ba

SHA512
14b4ed52ca187de77c0ec42d72c8ed5a6c0560556df7d0839dfd024dbe08705aedcc3dfa28a3da8a52c5059f671513954a863bfc7b3c7c7a70ac002ff5d843cb

Download Submit
C:\Windows\System\utSdlVi.exe

Filesize
1.6MB

MD5
3ed72003050c878efb2f80a8d51af44a

SHA1
683c42523916e8b08696d0d3ebb39eec7a2c4315

SHA256
f4ed64c306f59f866e2ae4a6f4095e91451780313a73e50845b8f73c0303bc04

SHA512
f7141942a1f8279b10f8c4774b9bbdea97779e81bb88da48bfb14666593e326d3443952fe78f2fe766263d4340e690ed143e11ad265c1cab25dd3bd02c93c0d5

Download Submit
C:\Windows\System\yHcbEjw.exe

Filesize
1.6MB

MD5
cf87ee1f8f9a82c0886532a766459dbb

SHA1
e46d113c6d3a02abc4a47ee302f4d0b2557cf5d9

SHA256
124bfe93bd59ce64a76087034b4a861b9e7e0b5fc87d874452674be17074d842

SHA512
e2d23417d4db5d6ca6c301f2a2fe2c35bcd56fdc120640e2fc5d2bcd8669178dfe7ed2ebd87ebe7433d22f521155010fffdd4951977fa8180e5972400d603a74

Download Submit
C:\Windows\System\yqEgTEk.exe

Filesize
1.6MB

MD5
75486be7563781a91256ad6b4ce3293a

SHA1
30e861a10a07633557f92cddddb92b22e651753b

SHA256
68bee198fd1438cf1e3cd04ab55d370dd6d5c14a023079407cd274f62515343b

SHA512
5357c32994075ad1f69c62127552dcd8ceaa073a31089ee017b17618abfc93fde934b26e5f62858d7e5f5f80c018678d4aeb6534c0cd749f37ed9adac79b4f1e

Download Submit
memory/968-2316-0x00007FF7B6A00000-0x00007FF7B6D51000-memory.dmp

Filesize
3.3MB

Download
memory/968-468-0x00007FF7B6A00000-0x00007FF7B6D51000-memory.dmp

Filesize
3.3MB

Download
memory/1084-486-0x00007FF6792A0000-0x00007FF6795F1000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2312-0x00007FF6792A0000-0x00007FF6795F1000-memory.dmp

Filesize
3.3MB

Download
memory/1156-1866-0x00007FF6FB7A0000-0x00007FF6FBAF1000-memory.dmp

Filesize
3.3MB

Download
memory/1156-18-0x00007FF6FB7A0000-0x00007FF6FBAF1000-memory.dmp

Filesize
3.3MB

Download
memory/1156-2297-0x00007FF6FB7A0000-0x00007FF6FBAF1000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2223-0x00007FF7C9AC0000-0x00007FF7C9E11000-memory.dmp

Filesize
3.3MB

Download
memory/1180-33-0x00007FF7C9AC0000-0x00007FF7C9E11000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2305-0x00007FF7C9AC0000-0x00007FF7C9E11000-memory.dmp

Filesize
3.3MB

Download
memory/1220-2321-0x00007FF6CCC80000-0x00007FF6CCFD1000-memory.dmp

Filesize
3.3MB

Download
memory/1220-443-0x00007FF6CCC80000-0x00007FF6CCFD1000-memory.dmp

Filesize
3.3MB

Download
memory/1444-547-0x00007FF7F8D60000-0x00007FF7F90B1000-memory.dmp

Filesize
3.3MB

Download
memory/1444-2343-0x00007FF7F8D60000-0x00007FF7F90B1000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2318-0x00007FF699E40000-0x00007FF69A191000-memory.dmp

Filesize
3.3MB

Download
memory/1792-450-0x00007FF699E40000-0x00007FF69A191000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2304-0x00007FF7F7570000-0x00007FF7F78C1000-memory.dmp

Filesize
3.3MB

Download
memory/1984-53-0x00007FF7F7570000-0x00007FF7F78C1000-memory.dmp

Filesize
3.3MB

Download
memory/2136-470-0x00007FF713620000-0x00007FF713971000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2314-0x00007FF713620000-0x00007FF713971000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2342-0x00007FF603FB0000-0x00007FF604301000-memory.dmp

Filesize
3.3MB

Download
memory/2184-554-0x00007FF603FB0000-0x00007FF604301000-memory.dmp

Filesize
3.3MB

Download
memory/2244-66-0x00007FF7EC5B0000-0x00007FF7EC901000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2309-0x00007FF7EC5B0000-0x00007FF7EC901000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2225-0x00007FF7EC5B0000-0x00007FF7EC901000-memory.dmp

Filesize
3.3MB

Download
memory/2328-70-0x00007FF759330000-0x00007FF759681000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2326-0x00007FF759330000-0x00007FF759681000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2240-0x00007FF759330000-0x00007FF759681000-memory.dmp

Filesize
3.3MB

Download
memory/2612-558-0x00007FF64AA50000-0x00007FF64ADA1000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2347-0x00007FF64AA50000-0x00007FF64ADA1000-memory.dmp

Filesize
3.3MB

Download
memory/2632-0-0x00007FF6288D0000-0x00007FF628C21000-memory.dmp

Filesize
3.3MB

Download
memory/2632-1-0x000001E4BAF90000-0x000001E4BAFA0000-memory.dmp

Filesize
64KB

Download
memory/2632-1861-0x00007FF6288D0000-0x00007FF628C21000-memory.dmp

Filesize
3.3MB

Download
memory/2708-499-0x00007FF7210E0000-0x00007FF721431000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2337-0x00007FF7210E0000-0x00007FF721431000-memory.dmp

Filesize
3.3MB

Download
memory/3040-474-0x00007FF6FF0D0000-0x00007FF6FF421000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2329-0x00007FF6FF0D0000-0x00007FF6FF421000-memory.dmp

Filesize
3.3MB

Download
memory/3300-23-0x00007FF66D9F0000-0x00007FF66DD41000-memory.dmp

Filesize
3.3MB

Download
memory/3300-2299-0x00007FF66D9F0000-0x00007FF66DD41000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2307-0x00007FF7D22D0000-0x00007FF7D2621000-memory.dmp

Filesize
3.3MB

Download
memory/3572-54-0x00007FF7D22D0000-0x00007FF7D2621000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2224-0x00007FF7D22D0000-0x00007FF7D2621000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2339-0x00007FF7113C0000-0x00007FF711711000-memory.dmp

Filesize
3.3MB

Download
memory/4032-552-0x00007FF7113C0000-0x00007FF711711000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2345-0x00007FF60A510000-0x00007FF60A861000-memory.dmp

Filesize
3.3MB

Download
memory/4036-555-0x00007FF60A510000-0x00007FF60A861000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2332-0x00007FF7028B0000-0x00007FF702C01000-memory.dmp

Filesize
3.3MB

Download
memory/4180-456-0x00007FF7028B0000-0x00007FF702C01000-memory.dmp

Filesize
3.3MB

Download
memory/4380-27-0x00007FF7E3FA0000-0x00007FF7E42F1000-memory.dmp

Filesize
3.3MB

Download
memory/4380-2296-0x00007FF7E3FA0000-0x00007FF7E42F1000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2320-0x00007FF7F5550000-0x00007FF7F58A1000-memory.dmp

Filesize
3.3MB

Download
memory/4488-447-0x00007FF7F5550000-0x00007FF7F58A1000-memory.dmp

Filesize
3.3MB

Download
memory/4788-15-0x00007FF7A61F0000-0x00007FF7A6541000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2293-0x00007FF7A61F0000-0x00007FF7A6541000-memory.dmp

Filesize
3.3MB

Download
memory/4936-73-0x00007FF7A6BA0000-0x00007FF7A6EF1000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2262-0x00007FF7A6BA0000-0x00007FF7A6EF1000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2324-0x00007FF7A6BA0000-0x00007FF7A6EF1000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2335-0x00007FF601000000-0x00007FF601351000-memory.dmp

Filesize
3.3MB

Download
memory/4996-493-0x00007FF601000000-0x00007FF601351000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2333-0x00007FF756710000-0x00007FF756A61000-memory.dmp

Filesize
3.3MB

Download
memory/5016-462-0x00007FF756710000-0x00007FF756A61000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2302-0x00007FF7CE810000-0x00007FF7CEB61000-memory.dmp

Filesize
3.3MB

Download
memory/5020-48-0x00007FF7CE810000-0x00007FF7CEB61000-memory.dmp

Filesize
3.3MB

Download
memory/5028-2328-0x00007FF66A350000-0x00007FF66A6A1000-memory.dmp

Filesize
3.3MB

Download
memory/5028-485-0x00007FF66A350000-0x00007FF66A6A1000-memory.dmp

Filesize
3.3MB

Download
memory/5092-2239-0x00007FF66B270000-0x00007FF66B5C1000-memory.dmp

Filesize
3.3MB

Download
memory/5092-59-0x00007FF66B270000-0x00007FF66B5C1000-memory.dmp

Filesize
3.3MB

Download
memory/5092-2437-0x00007FF66B270000-0x00007FF66B5C1000-memory.dmp

Filesize
3.3MB

Download