xmrig | 2c46b1354b77517bddb50e258e4791032e72555a45dd5d59c90a3864cafc3d39

Analysis

max time kernel
94s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
Size

2.4MB
MD5

afe0973866cb4ea9ad61dfc8b47efc90
SHA1

c465ae7719e3d2975796694a4af282ce8ae58b6f
SHA256

2c46b1354b77517bddb50e258e4791032e72555a45dd5d59c90a3864cafc3d39
SHA512

f042ff89ad41b5db5087a2e5476d9e57fb50d2f7089b91db4212126220c415b5c7203b8e8b718174f4baf3e8be5093d4dff46841ca55c53f127bbb59c97c326f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQoyBcIKH0iAxWsS6:BemTLkNdfE0pZrQX

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4976-0-0x00007FF64F390000-0x00007FF64F6E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-7.dat	xmrig
behavioral2/files/0x0007000000023411-12.dat	xmrig
behavioral2/files/0x0007000000023413-17.dat	xmrig
behavioral2/files/0x0007000000023414-26.dat	xmrig
behavioral2/files/0x0007000000023416-42.dat	xmrig
behavioral2/files/0x0007000000023417-73.dat	xmrig
behavioral2/files/0x000700000002341d-84.dat	xmrig
behavioral2/files/0x000700000002341f-98.dat	xmrig
behavioral2/memory/5064-108-0x00007FF77DA60000-0x00007FF77DDB4000-memory.dmp	xmrig
behavioral2/memory/5020-110-0x00007FF660E80000-0x00007FF6611D4000-memory.dmp	xmrig
behavioral2/memory/664-113-0x00007FF72A180000-0x00007FF72A4D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-148.dat	xmrig
behavioral2/files/0x0007000000023431-170.dat	xmrig
behavioral2/memory/3388-178-0x00007FF612540000-0x00007FF612894000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-189.dat	xmrig
behavioral2/files/0x000700000002342b-193.dat	xmrig
behavioral2/files/0x000700000002342a-191.dat	xmrig
behavioral2/files/0x0007000000023427-185.dat	xmrig
behavioral2/files/0x0007000000023426-183.dat	xmrig
behavioral2/memory/820-182-0x00007FF6387B0000-0x00007FF638B04000-memory.dmp	xmrig
behavioral2/memory/4508-181-0x00007FF682070000-0x00007FF6823C4000-memory.dmp	xmrig
behavioral2/memory/1076-180-0x00007FF762F00000-0x00007FF763254000-memory.dmp	xmrig
behavioral2/memory/1984-179-0x00007FF788EA0000-0x00007FF7891F4000-memory.dmp	xmrig
behavioral2/memory/1860-177-0x00007FF77D520000-0x00007FF77D874000-memory.dmp	xmrig
behavioral2/memory/760-176-0x00007FF70C4E0000-0x00007FF70C834000-memory.dmp	xmrig
behavioral2/memory/1796-175-0x00007FF75F250000-0x00007FF75F5A4000-memory.dmp	xmrig
behavioral2/memory/1844-174-0x00007FF7F5A70000-0x00007FF7F5DC4000-memory.dmp	xmrig
behavioral2/memory/552-173-0x00007FF7DB340000-0x00007FF7DB694000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-172.dat	xmrig
behavioral2/files/0x0007000000023432-171.dat	xmrig
behavioral2/files/0x0007000000023425-168.dat	xmrig
behavioral2/files/0x0007000000023430-167.dat	xmrig
behavioral2/files/0x000700000002342f-166.dat	xmrig
behavioral2/files/0x000700000002342e-165.dat	xmrig
behavioral2/files/0x000700000002342d-164.dat	xmrig
behavioral2/files/0x000700000002342c-162.dat	xmrig
behavioral2/files/0x0007000000023424-125.dat	xmrig
behavioral2/files/0x0007000000023423-123.dat	xmrig
behavioral2/memory/2132-116-0x00007FF7B6B10000-0x00007FF7B6E64000-memory.dmp	xmrig
behavioral2/memory/4260-115-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp	xmrig
behavioral2/memory/4996-114-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp	xmrig
behavioral2/memory/4724-112-0x00007FF6CF9B0000-0x00007FF6CFD04000-memory.dmp	xmrig
behavioral2/memory/4520-111-0x00007FF728D20000-0x00007FF729074000-memory.dmp	xmrig
behavioral2/memory/1980-109-0x00007FF6C0A00000-0x00007FF6C0D54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023422-106.dat	xmrig
behavioral2/files/0x0007000000023421-104.dat	xmrig
behavioral2/files/0x0007000000023420-102.dat	xmrig
behavioral2/memory/4956-101-0x00007FF61A850000-0x00007FF61ABA4000-memory.dmp	xmrig
behavioral2/memory/1832-100-0x00007FF726FB0000-0x00007FF727304000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-92.dat	xmrig
behavioral2/memory/1072-89-0x00007FF6FD140000-0x00007FF6FD494000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-83.dat	xmrig
behavioral2/files/0x0007000000023419-81.dat	xmrig
behavioral2/files/0x000700000002341b-78.dat	xmrig
behavioral2/memory/876-77-0x00007FF632720000-0x00007FF632A74000-memory.dmp	xmrig
behavioral2/memory/4852-76-0x00007FF796C40000-0x00007FF796F94000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-71.dat	xmrig
behavioral2/files/0x0007000000023418-69.dat	xmrig
behavioral2/files/0x0007000000023415-63.dat	xmrig
behavioral2/memory/5036-62-0x00007FF73E090000-0x00007FF73E3E4000-memory.dmp	xmrig
behavioral2/memory/2988-53-0x00007FF6BA580000-0x00007FF6BA8D4000-memory.dmp	xmrig
behavioral2/memory/4544-46-0x00007FF648AD0000-0x00007FF648E24000-memory.dmp	xmrig
behavioral2/memory/3176-27-0x00007FF7F6C00000-0x00007FF7F6F54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3684	qwhacFb.exe
3176	fYZrKEz.exe
4544	SIyxbBX.exe
4724	bOCibun.exe
2988	jbGHxuH.exe
5036	ffyEHrU.exe
664	euBpQvM.exe
4852	hVCOEOI.exe
876	fjgSnQy.exe
1072	IfOAsjc.exe
4996	OsbjXrB.exe
1832	GyklmaI.exe
4956	KrVxsdK.exe
5064	fpuAbwh.exe
1980	oQlrzWS.exe
4260	FewJJGN.exe
2132	APPimBF.exe
5020	yEBKdVy.exe
4520	kBRvpRA.exe
552	JMkxCXZ.exe
1844	sCJFDUF.exe
1796	BsyzAIT.exe
760	rAbzKVU.exe
1860	OetnHPN.exe
3388	zCplwxX.exe
1984	SQaIOJc.exe
1076	YqQsLGY.exe
4508	qDReEkX.exe
820	BHZLoMr.exe
2104	KgcaaGE.exe
4040	VnfmoRD.exe
208	UPXaLCr.exe
400	SPkDIOt.exe
404	UkHMvar.exe
2760	YkdvEHg.exe
1868	qKMGSqr.exe
3904	XBwlpqU.exe
3672	yDXNoLw.exe
2788	pXImPPx.exe
2768	lbbVVss.exe
4492	bGzeYwh.exe
1048	uLCtkGV.exe
4536	lZpzwqh.exe
4440	SvYgazv.exe
4832	fYwJwrJ.exe
4972	FUwVPrk.exe
2636	oICIWsi.exe
4720	tULQGGU.exe
4604	zNCgOWA.exe
1820	HEtFnqC.exe
1776	XSTMgyf.exe
3920	kIrHpAo.exe
4280	RyTdFvk.exe
324	IoSVNXZ.exe
3044	ZakhBlN.exe
4844	JzNEpTN.exe
1692	ErRhWXE.exe
2860	AxcHQqK.exe
4952	YNdVheY.exe
460	WGdENil.exe
2368	ePdlIMD.exe
2348	KHZQclY.exe
2960	kAEscad.exe
1276	XEIzytw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4976-0-0x00007FF64F390000-0x00007FF64F6E4000-memory.dmp	upx
behavioral2/files/0x0007000000023412-7.dat	upx
behavioral2/files/0x0007000000023411-12.dat	upx
behavioral2/files/0x0007000000023413-17.dat	upx
behavioral2/files/0x0007000000023414-26.dat	upx
behavioral2/files/0x0007000000023416-42.dat	upx
behavioral2/files/0x0007000000023417-73.dat	upx
behavioral2/files/0x000700000002341d-84.dat	upx
behavioral2/files/0x000700000002341f-98.dat	upx
behavioral2/memory/5064-108-0x00007FF77DA60000-0x00007FF77DDB4000-memory.dmp	upx
behavioral2/memory/5020-110-0x00007FF660E80000-0x00007FF6611D4000-memory.dmp	upx
behavioral2/memory/664-113-0x00007FF72A180000-0x00007FF72A4D4000-memory.dmp	upx
behavioral2/files/0x0007000000023428-148.dat	upx
behavioral2/files/0x0007000000023431-170.dat	upx
behavioral2/memory/3388-178-0x00007FF612540000-0x00007FF612894000-memory.dmp	upx
behavioral2/files/0x0007000000023429-189.dat	upx
behavioral2/files/0x000700000002342b-193.dat	upx
behavioral2/files/0x000700000002342a-191.dat	upx
behavioral2/files/0x0007000000023427-185.dat	upx
behavioral2/files/0x0007000000023426-183.dat	upx
behavioral2/memory/820-182-0x00007FF6387B0000-0x00007FF638B04000-memory.dmp	upx
behavioral2/memory/4508-181-0x00007FF682070000-0x00007FF6823C4000-memory.dmp	upx
behavioral2/memory/1076-180-0x00007FF762F00000-0x00007FF763254000-memory.dmp	upx
behavioral2/memory/1984-179-0x00007FF788EA0000-0x00007FF7891F4000-memory.dmp	upx
behavioral2/memory/1860-177-0x00007FF77D520000-0x00007FF77D874000-memory.dmp	upx
behavioral2/memory/760-176-0x00007FF70C4E0000-0x00007FF70C834000-memory.dmp	upx
behavioral2/memory/1796-175-0x00007FF75F250000-0x00007FF75F5A4000-memory.dmp	upx
behavioral2/memory/1844-174-0x00007FF7F5A70000-0x00007FF7F5DC4000-memory.dmp	upx
behavioral2/memory/552-173-0x00007FF7DB340000-0x00007FF7DB694000-memory.dmp	upx
behavioral2/files/0x0007000000023433-172.dat	upx
behavioral2/files/0x0007000000023432-171.dat	upx
behavioral2/files/0x0007000000023425-168.dat	upx
behavioral2/files/0x0007000000023430-167.dat	upx
behavioral2/files/0x000700000002342f-166.dat	upx
behavioral2/files/0x000700000002342e-165.dat	upx
behavioral2/files/0x000700000002342d-164.dat	upx
behavioral2/files/0x000700000002342c-162.dat	upx
behavioral2/files/0x0007000000023424-125.dat	upx
behavioral2/files/0x0007000000023423-123.dat	upx
behavioral2/memory/2132-116-0x00007FF7B6B10000-0x00007FF7B6E64000-memory.dmp	upx
behavioral2/memory/4260-115-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp	upx
behavioral2/memory/4996-114-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp	upx
behavioral2/memory/4724-112-0x00007FF6CF9B0000-0x00007FF6CFD04000-memory.dmp	upx
behavioral2/memory/4520-111-0x00007FF728D20000-0x00007FF729074000-memory.dmp	upx
behavioral2/memory/1980-109-0x00007FF6C0A00000-0x00007FF6C0D54000-memory.dmp	upx
behavioral2/files/0x0007000000023422-106.dat	upx
behavioral2/files/0x0007000000023421-104.dat	upx
behavioral2/files/0x0007000000023420-102.dat	upx
behavioral2/memory/4956-101-0x00007FF61A850000-0x00007FF61ABA4000-memory.dmp	upx
behavioral2/memory/1832-100-0x00007FF726FB0000-0x00007FF727304000-memory.dmp	upx
behavioral2/files/0x000700000002341e-92.dat	upx
behavioral2/memory/1072-89-0x00007FF6FD140000-0x00007FF6FD494000-memory.dmp	upx
behavioral2/files/0x000700000002341c-83.dat	upx
behavioral2/files/0x0007000000023419-81.dat	upx
behavioral2/files/0x000700000002341b-78.dat	upx
behavioral2/memory/876-77-0x00007FF632720000-0x00007FF632A74000-memory.dmp	upx
behavioral2/memory/4852-76-0x00007FF796C40000-0x00007FF796F94000-memory.dmp	upx
behavioral2/files/0x000700000002341a-71.dat	upx
behavioral2/files/0x0007000000023418-69.dat	upx
behavioral2/files/0x0007000000023415-63.dat	upx
behavioral2/memory/5036-62-0x00007FF73E090000-0x00007FF73E3E4000-memory.dmp	upx
behavioral2/memory/2988-53-0x00007FF6BA580000-0x00007FF6BA8D4000-memory.dmp	upx
behavioral2/memory/4544-46-0x00007FF648AD0000-0x00007FF648E24000-memory.dmp	upx
behavioral2/memory/3176-27-0x00007FF7F6C00000-0x00007FF7F6F54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IfOAsjc.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\ZKZsoQg.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\nGeoyZq.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\KKRlIeS.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\aCnHLPO.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\vysKNhZ.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\irjWbZH.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\xubSJpn.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\UoFISGE.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\gRUmXTY.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\uLCtkGV.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\HVBMvQj.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\UXnqsGS.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\ZStQkLX.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\XSPcPbD.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\CKMVEsb.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\JXeSKqc.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\momKeon.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\xyxxHXY.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\VaEBOHM.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\OZdPiuP.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\qDIIJiW.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\lzfLTuu.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\PqeiXlD.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\OlEBjIX.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\BHMvkWK.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\HieIQnT.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\oHZrCet.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\YGoKTti.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\oudixeH.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\vloGKrF.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\YsuLZPi.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\ajhnfHz.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\FvTJACB.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\APPimBF.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\XBwlpqU.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\IOGtRzz.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\aFliuwo.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\wqYhIse.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\LPAFfkk.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\cyaKwGF.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\tvGewUQ.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\awwBNwG.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\SnKlHsF.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\zBVSoRi.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\NvFSOox.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\fUNwmfK.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\uDtVBMj.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\dvRqUBm.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\lDoKFiD.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\pXImPPx.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\AxcHQqK.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\IMSgTez.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\BzgIETY.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\mqCBfKR.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\gWlrEng.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\YNdVheY.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\OMnNhdb.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\PVQJlgW.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\FpQZFSr.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\ciKqlhR.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\wkqWhgb.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\feVHzzf.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
File created	C:\Windows\System\eDzphMV.exe	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14952	dwm.exe
Token: SeChangeNotifyPrivilege	14952	dwm.exe
Token: 33	14952	dwm.exe
Token: SeIncBasePriorityPrivilege	14952	dwm.exe
Token: SeShutdownPrivilege	14952	dwm.exe
Token: SeCreatePagefilePrivilege	14952	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 3684	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	84
PID 4976 wrote to memory of 3684	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	84
PID 4976 wrote to memory of 3176	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	85
PID 4976 wrote to memory of 3176	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	85
PID 4976 wrote to memory of 4544	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	86
PID 4976 wrote to memory of 4544	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	86
PID 4976 wrote to memory of 4724	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	87
PID 4976 wrote to memory of 4724	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	87
PID 4976 wrote to memory of 2988	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	88
PID 4976 wrote to memory of 2988	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	88
PID 4976 wrote to memory of 5036	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	89
PID 4976 wrote to memory of 5036	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	89
PID 4976 wrote to memory of 4852	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	90
PID 4976 wrote to memory of 4852	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	90
PID 4976 wrote to memory of 664	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	91
PID 4976 wrote to memory of 664	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	91
PID 4976 wrote to memory of 876	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	92
PID 4976 wrote to memory of 876	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	92
PID 4976 wrote to memory of 1072	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	93
PID 4976 wrote to memory of 1072	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	93
PID 4976 wrote to memory of 4996	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	94
PID 4976 wrote to memory of 4996	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	94
PID 4976 wrote to memory of 1832	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	95
PID 4976 wrote to memory of 1832	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	95
PID 4976 wrote to memory of 4956	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	96
PID 4976 wrote to memory of 4956	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	96
PID 4976 wrote to memory of 5064	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	97
PID 4976 wrote to memory of 5064	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	97
PID 4976 wrote to memory of 1980	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	98
PID 4976 wrote to memory of 1980	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	98
PID 4976 wrote to memory of 4260	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	99
PID 4976 wrote to memory of 4260	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	99
PID 4976 wrote to memory of 2132	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	100
PID 4976 wrote to memory of 2132	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	100
PID 4976 wrote to memory of 5020	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	101
PID 4976 wrote to memory of 5020	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	101
PID 4976 wrote to memory of 4520	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	102
PID 4976 wrote to memory of 4520	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	102
PID 4976 wrote to memory of 552	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	103
PID 4976 wrote to memory of 552	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	103
PID 4976 wrote to memory of 1844	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	104
PID 4976 wrote to memory of 1844	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	104
PID 4976 wrote to memory of 1796	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	105
PID 4976 wrote to memory of 1796	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	105
PID 4976 wrote to memory of 760	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	106
PID 4976 wrote to memory of 760	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	106
PID 4976 wrote to memory of 1860	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	107
PID 4976 wrote to memory of 1860	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	107
PID 4976 wrote to memory of 3388	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	108
PID 4976 wrote to memory of 3388	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	108
PID 4976 wrote to memory of 1984	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	109
PID 4976 wrote to memory of 1984	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	109
PID 4976 wrote to memory of 1076	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	110
PID 4976 wrote to memory of 1076	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	110
PID 4976 wrote to memory of 4508	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	111
PID 4976 wrote to memory of 4508	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	111
PID 4976 wrote to memory of 820	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	112
PID 4976 wrote to memory of 820	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	112
PID 4976 wrote to memory of 2104	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	113
PID 4976 wrote to memory of 2104	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	113
PID 4976 wrote to memory of 4040	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	114
PID 4976 wrote to memory of 4040	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	114
PID 4976 wrote to memory of 208	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	115
PID 4976 wrote to memory of 208	4976	afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\afe0973866cb4ea9ad61dfc8b47efc90_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\System\qwhacFb.exe
  C:\Windows\System\qwhacFb.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\fYZrKEz.exe
  C:\Windows\System\fYZrKEz.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\SIyxbBX.exe
  C:\Windows\System\SIyxbBX.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\bOCibun.exe
  C:\Windows\System\bOCibun.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\jbGHxuH.exe
  C:\Windows\System\jbGHxuH.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ffyEHrU.exe
  C:\Windows\System\ffyEHrU.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\hVCOEOI.exe
  C:\Windows\System\hVCOEOI.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\euBpQvM.exe
  C:\Windows\System\euBpQvM.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\fjgSnQy.exe
  C:\Windows\System\fjgSnQy.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\IfOAsjc.exe
  C:\Windows\System\IfOAsjc.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\OsbjXrB.exe
  C:\Windows\System\OsbjXrB.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\GyklmaI.exe
  C:\Windows\System\GyklmaI.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\KrVxsdK.exe
  C:\Windows\System\KrVxsdK.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\fpuAbwh.exe
  C:\Windows\System\fpuAbwh.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\oQlrzWS.exe
  C:\Windows\System\oQlrzWS.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\FewJJGN.exe
  C:\Windows\System\FewJJGN.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\APPimBF.exe
  C:\Windows\System\APPimBF.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\yEBKdVy.exe
  C:\Windows\System\yEBKdVy.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\kBRvpRA.exe
  C:\Windows\System\kBRvpRA.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\JMkxCXZ.exe
  C:\Windows\System\JMkxCXZ.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\sCJFDUF.exe
  C:\Windows\System\sCJFDUF.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\BsyzAIT.exe
  C:\Windows\System\BsyzAIT.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\rAbzKVU.exe
  C:\Windows\System\rAbzKVU.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\OetnHPN.exe
  C:\Windows\System\OetnHPN.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\zCplwxX.exe
  C:\Windows\System\zCplwxX.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\SQaIOJc.exe
  C:\Windows\System\SQaIOJc.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\YqQsLGY.exe
  C:\Windows\System\YqQsLGY.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\qDReEkX.exe
  C:\Windows\System\qDReEkX.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\BHZLoMr.exe
  C:\Windows\System\BHZLoMr.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\KgcaaGE.exe
  C:\Windows\System\KgcaaGE.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\VnfmoRD.exe
  C:\Windows\System\VnfmoRD.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\UPXaLCr.exe
  C:\Windows\System\UPXaLCr.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\SPkDIOt.exe
  C:\Windows\System\SPkDIOt.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\UkHMvar.exe
  C:\Windows\System\UkHMvar.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\YkdvEHg.exe
  C:\Windows\System\YkdvEHg.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\qKMGSqr.exe
  C:\Windows\System\qKMGSqr.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\XBwlpqU.exe
  C:\Windows\System\XBwlpqU.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\yDXNoLw.exe
  C:\Windows\System\yDXNoLw.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\pXImPPx.exe
  C:\Windows\System\pXImPPx.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\lbbVVss.exe
  C:\Windows\System\lbbVVss.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\bGzeYwh.exe
  C:\Windows\System\bGzeYwh.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\uLCtkGV.exe
  C:\Windows\System\uLCtkGV.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\lZpzwqh.exe
  C:\Windows\System\lZpzwqh.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\SvYgazv.exe
  C:\Windows\System\SvYgazv.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\fYwJwrJ.exe
  C:\Windows\System\fYwJwrJ.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\FUwVPrk.exe
  C:\Windows\System\FUwVPrk.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\oICIWsi.exe
  C:\Windows\System\oICIWsi.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\tULQGGU.exe
  C:\Windows\System\tULQGGU.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\zNCgOWA.exe
  C:\Windows\System\zNCgOWA.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\HEtFnqC.exe
  C:\Windows\System\HEtFnqC.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\XSTMgyf.exe
  C:\Windows\System\XSTMgyf.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\kIrHpAo.exe
  C:\Windows\System\kIrHpAo.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\RyTdFvk.exe
  C:\Windows\System\RyTdFvk.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\IoSVNXZ.exe
  C:\Windows\System\IoSVNXZ.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\ZakhBlN.exe
  C:\Windows\System\ZakhBlN.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\JzNEpTN.exe
  C:\Windows\System\JzNEpTN.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\ErRhWXE.exe
  C:\Windows\System\ErRhWXE.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\AxcHQqK.exe
  C:\Windows\System\AxcHQqK.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\YNdVheY.exe
  C:\Windows\System\YNdVheY.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\WGdENil.exe
  C:\Windows\System\WGdENil.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\ePdlIMD.exe
  C:\Windows\System\ePdlIMD.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\KHZQclY.exe
  C:\Windows\System\KHZQclY.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\kAEscad.exe
  C:\Windows\System\kAEscad.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\XEIzytw.exe
  C:\Windows\System\XEIzytw.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\CbXLJCe.exe
  C:\Windows\System\CbXLJCe.exe
  2⤵
  PID:2948
- C:\Windows\System\GUObSGF.exe
  C:\Windows\System\GUObSGF.exe
  2⤵
  PID:4580
- C:\Windows\System\rVZXcOn.exe
  C:\Windows\System\rVZXcOn.exe
  2⤵
  PID:2464
- C:\Windows\System\JXeSKqc.exe
  C:\Windows\System\JXeSKqc.exe
  2⤵
  PID:4540
- C:\Windows\System\jBPPpFt.exe
  C:\Windows\System\jBPPpFt.exe
  2⤵
  PID:2656
- C:\Windows\System\jTwWuKY.exe
  C:\Windows\System\jTwWuKY.exe
  2⤵
  PID:1856
- C:\Windows\System\piGVvVG.exe
  C:\Windows\System\piGVvVG.exe
  2⤵
  PID:5016
- C:\Windows\System\KWogSiv.exe
  C:\Windows\System\KWogSiv.exe
  2⤵
  PID:4864
- C:\Windows\System\WPcykuF.exe
  C:\Windows\System\WPcykuF.exe
  2⤵
  PID:3068
- C:\Windows\System\PEbpUhQ.exe
  C:\Windows\System\PEbpUhQ.exe
  2⤵
  PID:1356
- C:\Windows\System\FNTNSPR.exe
  C:\Windows\System\FNTNSPR.exe
  2⤵
  PID:844
- C:\Windows\System\SXrYWWz.exe
  C:\Windows\System\SXrYWWz.exe
  2⤵
  PID:4400
- C:\Windows\System\KUXSxSJ.exe
  C:\Windows\System\KUXSxSJ.exe
  2⤵
  PID:3000
- C:\Windows\System\yVUuFaE.exe
  C:\Windows\System\yVUuFaE.exe
  2⤵
  PID:3652
- C:\Windows\System\WvFvkzR.exe
  C:\Windows\System\WvFvkzR.exe
  2⤵
  PID:1816
- C:\Windows\System\kvaLmGl.exe
  C:\Windows\System\kvaLmGl.exe
  2⤵
  PID:3712
- C:\Windows\System\NTvjSLm.exe
  C:\Windows\System\NTvjSLm.exe
  2⤵
  PID:3600
- C:\Windows\System\jpAdATm.exe
  C:\Windows\System\jpAdATm.exe
  2⤵
  PID:3448
- C:\Windows\System\WAoerLN.exe
  C:\Windows\System\WAoerLN.exe
  2⤵
  PID:1848
- C:\Windows\System\LhzPNqu.exe
  C:\Windows\System\LhzPNqu.exe
  2⤵
  PID:1516
- C:\Windows\System\ZDnMWtM.exe
  C:\Windows\System\ZDnMWtM.exe
  2⤵
  PID:3144
- C:\Windows\System\SzdRqAa.exe
  C:\Windows\System\SzdRqAa.exe
  2⤵
  PID:4164
- C:\Windows\System\ijunBCs.exe
  C:\Windows\System\ijunBCs.exe
  2⤵
  PID:2684
- C:\Windows\System\dfuEgeK.exe
  C:\Windows\System\dfuEgeK.exe
  2⤵
  PID:3324
- C:\Windows\System\dhvDhkA.exe
  C:\Windows\System\dhvDhkA.exe
  2⤵
  PID:4072
- C:\Windows\System\LOViLMz.exe
  C:\Windows\System\LOViLMz.exe
  2⤵
  PID:2080
- C:\Windows\System\KkTWmKr.exe
  C:\Windows\System\KkTWmKr.exe
  2⤵
  PID:3544
- C:\Windows\System\gbirENt.exe
  C:\Windows\System\gbirENt.exe
  2⤵
  PID:2564
- C:\Windows\System\jhwjMMp.exe
  C:\Windows\System\jhwjMMp.exe
  2⤵
  PID:1428
- C:\Windows\System\rzZcjaD.exe
  C:\Windows\System\rzZcjaD.exe
  2⤵
  PID:1964
- C:\Windows\System\ARwLkjg.exe
  C:\Windows\System\ARwLkjg.exe
  2⤵
  PID:516
- C:\Windows\System\BsxdqFI.exe
  C:\Windows\System\BsxdqFI.exe
  2⤵
  PID:5128
- C:\Windows\System\LAvGMaN.exe
  C:\Windows\System\LAvGMaN.exe
  2⤵
  PID:5168
- C:\Windows\System\FoCArxY.exe
  C:\Windows\System\FoCArxY.exe
  2⤵
  PID:5204
- C:\Windows\System\oxipqcD.exe
  C:\Windows\System\oxipqcD.exe
  2⤵
  PID:5228
- C:\Windows\System\qZklTqa.exe
  C:\Windows\System\qZklTqa.exe
  2⤵
  PID:5264
- C:\Windows\System\voJfbsa.exe
  C:\Windows\System\voJfbsa.exe
  2⤵
  PID:5292
- C:\Windows\System\wtJeJpa.exe
  C:\Windows\System\wtJeJpa.exe
  2⤵
  PID:5320
- C:\Windows\System\AtLCXvb.exe
  C:\Windows\System\AtLCXvb.exe
  2⤵
  PID:5348
- C:\Windows\System\nqnrawC.exe
  C:\Windows\System\nqnrawC.exe
  2⤵
  PID:5376
- C:\Windows\System\aehPWPm.exe
  C:\Windows\System\aehPWPm.exe
  2⤵
  PID:5404
- C:\Windows\System\RdmljDp.exe
  C:\Windows\System\RdmljDp.exe
  2⤵
  PID:5448
- C:\Windows\System\NXpcxAB.exe
  C:\Windows\System\NXpcxAB.exe
  2⤵
  PID:5464
- C:\Windows\System\qYlYnMe.exe
  C:\Windows\System\qYlYnMe.exe
  2⤵
  PID:5492
- C:\Windows\System\yMiBBAD.exe
  C:\Windows\System\yMiBBAD.exe
  2⤵
  PID:5512
- C:\Windows\System\kEojqez.exe
  C:\Windows\System\kEojqez.exe
  2⤵
  PID:5536
- C:\Windows\System\zKuESoD.exe
  C:\Windows\System\zKuESoD.exe
  2⤵
  PID:5560
- C:\Windows\System\dnoYNJF.exe
  C:\Windows\System\dnoYNJF.exe
  2⤵
  PID:5584
- C:\Windows\System\yxGERDu.exe
  C:\Windows\System\yxGERDu.exe
  2⤵
  PID:5628
- C:\Windows\System\fYBZGwx.exe
  C:\Windows\System\fYBZGwx.exe
  2⤵
  PID:5660
- C:\Windows\System\wVwriwu.exe
  C:\Windows\System\wVwriwu.exe
  2⤵
  PID:5688
- C:\Windows\System\IMSgTez.exe
  C:\Windows\System\IMSgTez.exe
  2⤵
  PID:5716
- C:\Windows\System\jVptxzf.exe
  C:\Windows\System\jVptxzf.exe
  2⤵
  PID:5748
- C:\Windows\System\INinGqB.exe
  C:\Windows\System\INinGqB.exe
  2⤵
  PID:5772
- C:\Windows\System\cjFWobd.exe
  C:\Windows\System\cjFWobd.exe
  2⤵
  PID:5800
- C:\Windows\System\ayLKhXh.exe
  C:\Windows\System\ayLKhXh.exe
  2⤵
  PID:5836
- C:\Windows\System\ZKZsoQg.exe
  C:\Windows\System\ZKZsoQg.exe
  2⤵
  PID:5856
- C:\Windows\System\vtuqTPZ.exe
  C:\Windows\System\vtuqTPZ.exe
  2⤵
  PID:5872
- C:\Windows\System\rNLuOxM.exe
  C:\Windows\System\rNLuOxM.exe
  2⤵
  PID:5896
- C:\Windows\System\sidGpdS.exe
  C:\Windows\System\sidGpdS.exe
  2⤵
  PID:5928
- C:\Windows\System\nAyAgNL.exe
  C:\Windows\System\nAyAgNL.exe
  2⤵
  PID:5960
- C:\Windows\System\MzHcaGB.exe
  C:\Windows\System\MzHcaGB.exe
  2⤵
  PID:5984
- C:\Windows\System\OMpQyAr.exe
  C:\Windows\System\OMpQyAr.exe
  2⤵
  PID:6024
- C:\Windows\System\AbCUPep.exe
  C:\Windows\System\AbCUPep.exe
  2⤵
  PID:6040
- C:\Windows\System\ROLZcGM.exe
  C:\Windows\System\ROLZcGM.exe
  2⤵
  PID:6080
- C:\Windows\System\ezWgKWw.exe
  C:\Windows\System\ezWgKWw.exe
  2⤵
  PID:6116
- C:\Windows\System\ahPNRkI.exe
  C:\Windows\System\ahPNRkI.exe
  2⤵
  PID:6140
- C:\Windows\System\LIboqxp.exe
  C:\Windows\System\LIboqxp.exe
  2⤵
  PID:5156
- C:\Windows\System\oafQxdD.exe
  C:\Windows\System\oafQxdD.exe
  2⤵
  PID:5216
- C:\Windows\System\KsPumco.exe
  C:\Windows\System\KsPumco.exe
  2⤵
  PID:5276
- C:\Windows\System\QYQBcjX.exe
  C:\Windows\System\QYQBcjX.exe
  2⤵
  PID:5344
- C:\Windows\System\QgZnbzf.exe
  C:\Windows\System\QgZnbzf.exe
  2⤵
  PID:5436
- C:\Windows\System\cPEBree.exe
  C:\Windows\System\cPEBree.exe
  2⤵
  PID:5484
- C:\Windows\System\XXqTYkx.exe
  C:\Windows\System\XXqTYkx.exe
  2⤵
  PID:5528
- C:\Windows\System\BQbcoHR.exe
  C:\Windows\System\BQbcoHR.exe
  2⤵
  PID:5612
- C:\Windows\System\ZlquclQ.exe
  C:\Windows\System\ZlquclQ.exe
  2⤵
  PID:5680
- C:\Windows\System\kfPaaEm.exe
  C:\Windows\System\kfPaaEm.exe
  2⤵
  PID:5756
- C:\Windows\System\IOGtRzz.exe
  C:\Windows\System\IOGtRzz.exe
  2⤵
  PID:5764
- C:\Windows\System\zkZSrDD.exe
  C:\Windows\System\zkZSrDD.exe
  2⤵
  PID:5868
- C:\Windows\System\pQXcPQS.exe
  C:\Windows\System\pQXcPQS.exe
  2⤵
  PID:5944
- C:\Windows\System\yJDirVV.exe
  C:\Windows\System\yJDirVV.exe
  2⤵
  PID:6016
- C:\Windows\System\OZhZLuH.exe
  C:\Windows\System\OZhZLuH.exe
  2⤵
  PID:6032
- C:\Windows\System\BvuBlKy.exe
  C:\Windows\System\BvuBlKy.exe
  2⤵
  PID:6108
- C:\Windows\System\lKjXBYq.exe
  C:\Windows\System\lKjXBYq.exe
  2⤵
  PID:6128
- C:\Windows\System\nkAWoQb.exe
  C:\Windows\System\nkAWoQb.exe
  2⤵
  PID:5196
- C:\Windows\System\oudixeH.exe
  C:\Windows\System\oudixeH.exe
  2⤵
  PID:5336
- C:\Windows\System\sYKxxpH.exe
  C:\Windows\System\sYKxxpH.exe
  2⤵
  PID:5552
- C:\Windows\System\pytSoms.exe
  C:\Windows\System\pytSoms.exe
  2⤵
  PID:5704
- C:\Windows\System\uMGzfKg.exe
  C:\Windows\System\uMGzfKg.exe
  2⤵
  PID:5908
- C:\Windows\System\XXjkfjv.exe
  C:\Windows\System\XXjkfjv.exe
  2⤵
  PID:3016
- C:\Windows\System\aapFBjL.exe
  C:\Windows\System\aapFBjL.exe
  2⤵
  PID:5332
- C:\Windows\System\qAEaFqt.exe
  C:\Windows\System\qAEaFqt.exe
  2⤵
  PID:6004
- C:\Windows\System\fdOSgJo.exe
  C:\Windows\System\fdOSgJo.exe
  2⤵
  PID:5364
- C:\Windows\System\EndheVn.exe
  C:\Windows\System\EndheVn.exe
  2⤵
  PID:1504
- C:\Windows\System\wkqWhgb.exe
  C:\Windows\System\wkqWhgb.exe
  2⤵
  PID:1788
- C:\Windows\System\oIuZpYC.exe
  C:\Windows\System\oIuZpYC.exe
  2⤵
  PID:4320
- C:\Windows\System\zmfsBWP.exe
  C:\Windows\System\zmfsBWP.exe
  2⤵
  PID:6172
- C:\Windows\System\AnjhHZR.exe
  C:\Windows\System\AnjhHZR.exe
  2⤵
  PID:6192
- C:\Windows\System\eApfaCK.exe
  C:\Windows\System\eApfaCK.exe
  2⤵
  PID:6220
- C:\Windows\System\aFliuwo.exe
  C:\Windows\System\aFliuwo.exe
  2⤵
  PID:6248
- C:\Windows\System\JSwqdns.exe
  C:\Windows\System\JSwqdns.exe
  2⤵
  PID:6276
- C:\Windows\System\tNYOZfr.exe
  C:\Windows\System\tNYOZfr.exe
  2⤵
  PID:6316
- C:\Windows\System\sDnvBzm.exe
  C:\Windows\System\sDnvBzm.exe
  2⤵
  PID:6340
- C:\Windows\System\IQeWfNb.exe
  C:\Windows\System\IQeWfNb.exe
  2⤵
  PID:6372
- C:\Windows\System\ZXgveZv.exe
  C:\Windows\System\ZXgveZv.exe
  2⤵
  PID:6396
- C:\Windows\System\uqsdpcO.exe
  C:\Windows\System\uqsdpcO.exe
  2⤵
  PID:6428
- C:\Windows\System\awwBNwG.exe
  C:\Windows\System\awwBNwG.exe
  2⤵
  PID:6460
- C:\Windows\System\YnjuFUj.exe
  C:\Windows\System\YnjuFUj.exe
  2⤵
  PID:6484
- C:\Windows\System\zzvipvW.exe
  C:\Windows\System\zzvipvW.exe
  2⤵
  PID:6500
- C:\Windows\System\aSBzutw.exe
  C:\Windows\System\aSBzutw.exe
  2⤵
  PID:6516
- C:\Windows\System\edbyUMe.exe
  C:\Windows\System\edbyUMe.exe
  2⤵
  PID:6532
- C:\Windows\System\bJUsUZa.exe
  C:\Windows\System\bJUsUZa.exe
  2⤵
  PID:6560
- C:\Windows\System\EZbWhAy.exe
  C:\Windows\System\EZbWhAy.exe
  2⤵
  PID:6600
- C:\Windows\System\oogNYYs.exe
  C:\Windows\System\oogNYYs.exe
  2⤵
  PID:6628
- C:\Windows\System\qHnqvMC.exe
  C:\Windows\System\qHnqvMC.exe
  2⤵
  PID:6668
- C:\Windows\System\YMSwHrQ.exe
  C:\Windows\System\YMSwHrQ.exe
  2⤵
  PID:6684
- C:\Windows\System\OHgCVEK.exe
  C:\Windows\System\OHgCVEK.exe
  2⤵
  PID:6724
- C:\Windows\System\jDynnkI.exe
  C:\Windows\System\jDynnkI.exe
  2⤵
  PID:6744
- C:\Windows\System\OMnNhdb.exe
  C:\Windows\System\OMnNhdb.exe
  2⤵
  PID:6780
- C:\Windows\System\NJcIQHh.exe
  C:\Windows\System\NJcIQHh.exe
  2⤵
  PID:6808
- C:\Windows\System\DLSBeQr.exe
  C:\Windows\System\DLSBeQr.exe
  2⤵
  PID:6840
- C:\Windows\System\zMcSIsN.exe
  C:\Windows\System\zMcSIsN.exe
  2⤵
  PID:6868
- C:\Windows\System\HcgnOMg.exe
  C:\Windows\System\HcgnOMg.exe
  2⤵
  PID:6892
- C:\Windows\System\iEcOfjy.exe
  C:\Windows\System\iEcOfjy.exe
  2⤵
  PID:6932
- C:\Windows\System\GEsgknw.exe
  C:\Windows\System\GEsgknw.exe
  2⤵
  PID:6960
- C:\Windows\System\pwvGaGN.exe
  C:\Windows\System\pwvGaGN.exe
  2⤵
  PID:6988
- C:\Windows\System\LxnzSgU.exe
  C:\Windows\System\LxnzSgU.exe
  2⤵
  PID:7020
- C:\Windows\System\UEzSfIc.exe
  C:\Windows\System\UEzSfIc.exe
  2⤵
  PID:7048
- C:\Windows\System\fLjScyA.exe
  C:\Windows\System\fLjScyA.exe
  2⤵
  PID:7076
- C:\Windows\System\ACMUaHP.exe
  C:\Windows\System\ACMUaHP.exe
  2⤵
  PID:7104
- C:\Windows\System\jYYHBHi.exe
  C:\Windows\System\jYYHBHi.exe
  2⤵
  PID:7136
- C:\Windows\System\BzgIETY.exe
  C:\Windows\System\BzgIETY.exe
  2⤵
  PID:7164
- C:\Windows\System\fGFVJii.exe
  C:\Windows\System\fGFVJii.exe
  2⤵
  PID:6188
- C:\Windows\System\VemBZlW.exe
  C:\Windows\System\VemBZlW.exe
  2⤵
  PID:6260
- C:\Windows\System\nGeoyZq.exe
  C:\Windows\System\nGeoyZq.exe
  2⤵
  PID:6336
- C:\Windows\System\PqeiXlD.exe
  C:\Windows\System\PqeiXlD.exe
  2⤵
  PID:6404
- C:\Windows\System\HNCaHmJ.exe
  C:\Windows\System\HNCaHmJ.exe
  2⤵
  PID:6452
- C:\Windows\System\wqYhIse.exe
  C:\Windows\System\wqYhIse.exe
  2⤵
  PID:6496
- C:\Windows\System\LLdDLta.exe
  C:\Windows\System\LLdDLta.exe
  2⤵
  PID:6612
- C:\Windows\System\YMGVzGQ.exe
  C:\Windows\System\YMGVzGQ.exe
  2⤵
  PID:6652
- C:\Windows\System\feVHzzf.exe
  C:\Windows\System\feVHzzf.exe
  2⤵
  PID:6764
- C:\Windows\System\momKeon.exe
  C:\Windows\System\momKeon.exe
  2⤵
  PID:6836
- C:\Windows\System\ISLnLrY.exe
  C:\Windows\System\ISLnLrY.exe
  2⤵
  PID:6916
- C:\Windows\System\MzeWTCE.exe
  C:\Windows\System\MzeWTCE.exe
  2⤵
  PID:6980
- C:\Windows\System\iFcUGpm.exe
  C:\Windows\System\iFcUGpm.exe
  2⤵
  PID:7032
- C:\Windows\System\SYVUiCE.exe
  C:\Windows\System\SYVUiCE.exe
  2⤵
  PID:6060
- C:\Windows\System\KpjESGo.exe
  C:\Windows\System\KpjESGo.exe
  2⤵
  PID:4248
- C:\Windows\System\SdzSzhx.exe
  C:\Windows\System\SdzSzhx.exe
  2⤵
  PID:6356
- C:\Windows\System\ncvpJTT.exe
  C:\Windows\System\ncvpJTT.exe
  2⤵
  PID:6448
- C:\Windows\System\NChBZMf.exe
  C:\Windows\System\NChBZMf.exe
  2⤵
  PID:6676
- C:\Windows\System\SnKlHsF.exe
  C:\Windows\System\SnKlHsF.exe
  2⤵
  PID:6852
- C:\Windows\System\SVHMnjW.exe
  C:\Windows\System\SVHMnjW.exe
  2⤵
  PID:7012
- C:\Windows\System\fuNViEi.exe
  C:\Windows\System\fuNViEi.exe
  2⤵
  PID:6240
- C:\Windows\System\EvwqzvX.exe
  C:\Windows\System\EvwqzvX.exe
  2⤵
  PID:6664
- C:\Windows\System\PCSYzVD.exe
  C:\Windows\System\PCSYzVD.exe
  2⤵
  PID:6956
- C:\Windows\System\YfOTwdg.exe
  C:\Windows\System\YfOTwdg.exe
  2⤵
  PID:6820
- C:\Windows\System\JsCSLEb.exe
  C:\Windows\System\JsCSLEb.exe
  2⤵
  PID:7180
- C:\Windows\System\tlDkCbj.exe
  C:\Windows\System\tlDkCbj.exe
  2⤵
  PID:7208
- C:\Windows\System\OcBTAwl.exe
  C:\Windows\System\OcBTAwl.exe
  2⤵
  PID:7232
- C:\Windows\System\UDKhjdZ.exe
  C:\Windows\System\UDKhjdZ.exe
  2⤵
  PID:7268
- C:\Windows\System\ESbgANR.exe
  C:\Windows\System\ESbgANR.exe
  2⤵
  PID:7296
- C:\Windows\System\pxWiuCr.exe
  C:\Windows\System\pxWiuCr.exe
  2⤵
  PID:7324
- C:\Windows\System\dbABzGu.exe
  C:\Windows\System\dbABzGu.exe
  2⤵
  PID:7352
- C:\Windows\System\dvLdrad.exe
  C:\Windows\System\dvLdrad.exe
  2⤵
  PID:7380
- C:\Windows\System\BQORuiz.exe
  C:\Windows\System\BQORuiz.exe
  2⤵
  PID:7408
- C:\Windows\System\SlvzCTa.exe
  C:\Windows\System\SlvzCTa.exe
  2⤵
  PID:7440
- C:\Windows\System\nODXUtI.exe
  C:\Windows\System\nODXUtI.exe
  2⤵
  PID:7468
- C:\Windows\System\aqkhfoO.exe
  C:\Windows\System\aqkhfoO.exe
  2⤵
  PID:7496
- C:\Windows\System\flYtLrZ.exe
  C:\Windows\System\flYtLrZ.exe
  2⤵
  PID:7524
- C:\Windows\System\RiVhqXM.exe
  C:\Windows\System\RiVhqXM.exe
  2⤵
  PID:7552
- C:\Windows\System\hdxVtkP.exe
  C:\Windows\System\hdxVtkP.exe
  2⤵
  PID:7580
- C:\Windows\System\fORjdDK.exe
  C:\Windows\System\fORjdDK.exe
  2⤵
  PID:7608
- C:\Windows\System\xVDfKyd.exe
  C:\Windows\System\xVDfKyd.exe
  2⤵
  PID:7636
- C:\Windows\System\PgXCoLU.exe
  C:\Windows\System\PgXCoLU.exe
  2⤵
  PID:7664
- C:\Windows\System\xyxxHXY.exe
  C:\Windows\System\xyxxHXY.exe
  2⤵
  PID:7688
- C:\Windows\System\TGqvGLA.exe
  C:\Windows\System\TGqvGLA.exe
  2⤵
  PID:7712
- C:\Windows\System\bPsOGUh.exe
  C:\Windows\System\bPsOGUh.exe
  2⤵
  PID:7752
- C:\Windows\System\rfZMfws.exe
  C:\Windows\System\rfZMfws.exe
  2⤵
  PID:7776
- C:\Windows\System\BRFFhRa.exe
  C:\Windows\System\BRFFhRa.exe
  2⤵
  PID:7804
- C:\Windows\System\DaDZMEs.exe
  C:\Windows\System\DaDZMEs.exe
  2⤵
  PID:7828
- C:\Windows\System\blfDhKz.exe
  C:\Windows\System\blfDhKz.exe
  2⤵
  PID:7848
- C:\Windows\System\mqCBfKR.exe
  C:\Windows\System\mqCBfKR.exe
  2⤵
  PID:7876
- C:\Windows\System\kbmeoxk.exe
  C:\Windows\System\kbmeoxk.exe
  2⤵
  PID:7892
- C:\Windows\System\lwHiAhZ.exe
  C:\Windows\System\lwHiAhZ.exe
  2⤵
  PID:7932
- C:\Windows\System\EMsULLV.exe
  C:\Windows\System\EMsULLV.exe
  2⤵
  PID:7948
- C:\Windows\System\pCwOyfO.exe
  C:\Windows\System\pCwOyfO.exe
  2⤵
  PID:7984
- C:\Windows\System\ZWAgqBk.exe
  C:\Windows\System\ZWAgqBk.exe
  2⤵
  PID:8012
- C:\Windows\System\TbZEKEQ.exe
  C:\Windows\System\TbZEKEQ.exe
  2⤵
  PID:8032
- C:\Windows\System\rfWgrma.exe
  C:\Windows\System\rfWgrma.exe
  2⤵
  PID:8060
- C:\Windows\System\FCWOrCA.exe
  C:\Windows\System\FCWOrCA.exe
  2⤵
  PID:8084
- C:\Windows\System\jIqjfwP.exe
  C:\Windows\System\jIqjfwP.exe
  2⤵
  PID:8116
- C:\Windows\System\oJWAbgf.exe
  C:\Windows\System\oJWAbgf.exe
  2⤵
  PID:8160
- C:\Windows\System\tdDVCUO.exe
  C:\Windows\System\tdDVCUO.exe
  2⤵
  PID:8184
- C:\Windows\System\vPJxhof.exe
  C:\Windows\System\vPJxhof.exe
  2⤵
  PID:7216
- C:\Windows\System\VaEBOHM.exe
  C:\Windows\System\VaEBOHM.exe
  2⤵
  PID:7256
- C:\Windows\System\avSunhe.exe
  C:\Windows\System\avSunhe.exe
  2⤵
  PID:7320
- C:\Windows\System\DVqSVIx.exe
  C:\Windows\System\DVqSVIx.exe
  2⤵
  PID:7428
- C:\Windows\System\keVBclr.exe
  C:\Windows\System\keVBclr.exe
  2⤵
  PID:780
- C:\Windows\System\OiclOhz.exe
  C:\Windows\System\OiclOhz.exe
  2⤵
  PID:7520
- C:\Windows\System\sLYhbXg.exe
  C:\Windows\System\sLYhbXg.exe
  2⤵
  PID:7576
- C:\Windows\System\BoHZBYP.exe
  C:\Windows\System\BoHZBYP.exe
  2⤵
  PID:7648
- C:\Windows\System\rfpjoZM.exe
  C:\Windows\System\rfpjoZM.exe
  2⤵
  PID:7720
- C:\Windows\System\flNFAQI.exe
  C:\Windows\System\flNFAQI.exe
  2⤵
  PID:7772
- C:\Windows\System\uRjrUPr.exe
  C:\Windows\System\uRjrUPr.exe
  2⤵
  PID:7844
- C:\Windows\System\QQWEDwh.exe
  C:\Windows\System\QQWEDwh.exe
  2⤵
  PID:7940
- C:\Windows\System\vXOukTL.exe
  C:\Windows\System\vXOukTL.exe
  2⤵
  PID:7960
- C:\Windows\System\JFhVeRT.exe
  C:\Windows\System\JFhVeRT.exe
  2⤵
  PID:8004
- C:\Windows\System\gecUjGK.exe
  C:\Windows\System\gecUjGK.exe
  2⤵
  PID:8092
- C:\Windows\System\WJizaYj.exe
  C:\Windows\System\WJizaYj.exe
  2⤵
  PID:8180
- C:\Windows\System\PfoUcrb.exe
  C:\Windows\System\PfoUcrb.exe
  2⤵
  PID:7308
- C:\Windows\System\MeyvPLH.exe
  C:\Windows\System\MeyvPLH.exe
  2⤵
  PID:7340
- C:\Windows\System\PeIiflu.exe
  C:\Windows\System\PeIiflu.exe
  2⤵
  PID:7600
- C:\Windows\System\RzZUfEY.exe
  C:\Windows\System\RzZUfEY.exe
  2⤵
  PID:7700
- C:\Windows\System\igFCvxi.exe
  C:\Windows\System\igFCvxi.exe
  2⤵
  PID:7824
- C:\Windows\System\MeOQPbR.exe
  C:\Windows\System\MeOQPbR.exe
  2⤵
  PID:8140
- C:\Windows\System\qqvWKVd.exe
  C:\Windows\System\qqvWKVd.exe
  2⤵
  PID:8096
- C:\Windows\System\ccJugMH.exe
  C:\Windows\System\ccJugMH.exe
  2⤵
  PID:7516
- C:\Windows\System\zzDkqVg.exe
  C:\Windows\System\zzDkqVg.exe
  2⤵
  PID:7744
- C:\Windows\System\GOdPJoc.exe
  C:\Windows\System\GOdPJoc.exe
  2⤵
  PID:7920
- C:\Windows\System\xqFWsgt.exe
  C:\Windows\System\xqFWsgt.exe
  2⤵
  PID:8200
- C:\Windows\System\gvJmGPL.exe
  C:\Windows\System\gvJmGPL.exe
  2⤵
  PID:8236
- C:\Windows\System\ZzxeMAB.exe
  C:\Windows\System\ZzxeMAB.exe
  2⤵
  PID:8260
- C:\Windows\System\xBEWwEe.exe
  C:\Windows\System\xBEWwEe.exe
  2⤵
  PID:8280
- C:\Windows\System\FJBchjk.exe
  C:\Windows\System\FJBchjk.exe
  2⤵
  PID:8300
- C:\Windows\System\MSwVdDN.exe
  C:\Windows\System\MSwVdDN.exe
  2⤵
  PID:8328
- C:\Windows\System\vysKNhZ.exe
  C:\Windows\System\vysKNhZ.exe
  2⤵
  PID:8368
- C:\Windows\System\ShMbPuz.exe
  C:\Windows\System\ShMbPuz.exe
  2⤵
  PID:8400
- C:\Windows\System\cdpKFbU.exe
  C:\Windows\System\cdpKFbU.exe
  2⤵
  PID:8424
- C:\Windows\System\icuAkTz.exe
  C:\Windows\System\icuAkTz.exe
  2⤵
  PID:8456
- C:\Windows\System\nPLLcbN.exe
  C:\Windows\System\nPLLcbN.exe
  2⤵
  PID:8488
- C:\Windows\System\yLcZpfp.exe
  C:\Windows\System\yLcZpfp.exe
  2⤵
  PID:8512
- C:\Windows\System\WigQnnF.exe
  C:\Windows\System\WigQnnF.exe
  2⤵
  PID:8536
- C:\Windows\System\wdgdaPD.exe
  C:\Windows\System\wdgdaPD.exe
  2⤵
  PID:8564
- C:\Windows\System\BRlRgjW.exe
  C:\Windows\System\BRlRgjW.exe
  2⤵
  PID:8592
- C:\Windows\System\ZAJCdth.exe
  C:\Windows\System\ZAJCdth.exe
  2⤵
  PID:8620
- C:\Windows\System\JHUhDmY.exe
  C:\Windows\System\JHUhDmY.exe
  2⤵
  PID:8652
- C:\Windows\System\IqubunB.exe
  C:\Windows\System\IqubunB.exe
  2⤵
  PID:8676
- C:\Windows\System\FstXzQb.exe
  C:\Windows\System\FstXzQb.exe
  2⤵
  PID:8708
- C:\Windows\System\XnfvkdJ.exe
  C:\Windows\System\XnfvkdJ.exe
  2⤵
  PID:8760
- C:\Windows\System\UuArbNi.exe
  C:\Windows\System\UuArbNi.exe
  2⤵
  PID:8800
- C:\Windows\System\xGuBhLD.exe
  C:\Windows\System\xGuBhLD.exe
  2⤵
  PID:8820
- C:\Windows\System\TRlgtWk.exe
  C:\Windows\System\TRlgtWk.exe
  2⤵
  PID:8848
- C:\Windows\System\XelEhLf.exe
  C:\Windows\System\XelEhLf.exe
  2⤵
  PID:8884
- C:\Windows\System\mBslyXz.exe
  C:\Windows\System\mBslyXz.exe
  2⤵
  PID:8924
- C:\Windows\System\GRMEEFv.exe
  C:\Windows\System\GRMEEFv.exe
  2⤵
  PID:8948
- C:\Windows\System\IyDtQyx.exe
  C:\Windows\System\IyDtQyx.exe
  2⤵
  PID:8976
- C:\Windows\System\SPtWsRU.exe
  C:\Windows\System\SPtWsRU.exe
  2⤵
  PID:9004
- C:\Windows\System\HVBMvQj.exe
  C:\Windows\System\HVBMvQj.exe
  2⤵
  PID:9032
- C:\Windows\System\MnKqZRp.exe
  C:\Windows\System\MnKqZRp.exe
  2⤵
  PID:9068
- C:\Windows\System\hLGeXjn.exe
  C:\Windows\System\hLGeXjn.exe
  2⤵
  PID:9096
- C:\Windows\System\JPXVyLt.exe
  C:\Windows\System\JPXVyLt.exe
  2⤵
  PID:9116
- C:\Windows\System\RfmsskB.exe
  C:\Windows\System\RfmsskB.exe
  2⤵
  PID:9144
- C:\Windows\System\hlSoWiw.exe
  C:\Windows\System\hlSoWiw.exe
  2⤵
  PID:9188
- C:\Windows\System\lhDwKJl.exe
  C:\Windows\System\lhDwKJl.exe
  2⤵
  PID:7728
- C:\Windows\System\TQJhLDW.exe
  C:\Windows\System\TQJhLDW.exe
  2⤵
  PID:8244
- C:\Windows\System\XpMqPcG.exe
  C:\Windows\System\XpMqPcG.exe
  2⤵
  PID:8296
- C:\Windows\System\jQoCWWM.exe
  C:\Windows\System\jQoCWWM.exe
  2⤵
  PID:8396
- C:\Windows\System\IoUSwHE.exe
  C:\Windows\System\IoUSwHE.exe
  2⤵
  PID:8440
- C:\Windows\System\sYmXBQn.exe
  C:\Windows\System\sYmXBQn.exe
  2⤵
  PID:8524
- C:\Windows\System\jYwuIpm.exe
  C:\Windows\System\jYwuIpm.exe
  2⤵
  PID:8584
- C:\Windows\System\VLuTQYZ.exe
  C:\Windows\System\VLuTQYZ.exe
  2⤵
  PID:8704
- C:\Windows\System\eyWUWRz.exe
  C:\Windows\System\eyWUWRz.exe
  2⤵
  PID:7976
- C:\Windows\System\dILEsYT.exe
  C:\Windows\System\dILEsYT.exe
  2⤵
  PID:8840
- C:\Windows\System\yjCAzXV.exe
  C:\Windows\System\yjCAzXV.exe
  2⤵
  PID:8972
- C:\Windows\System\OwGhpqo.exe
  C:\Windows\System\OwGhpqo.exe
  2⤵
  PID:9000
- C:\Windows\System\IAoRbDu.exe
  C:\Windows\System\IAoRbDu.exe
  2⤵
  PID:9048
- C:\Windows\System\AewYSsW.exe
  C:\Windows\System\AewYSsW.exe
  2⤵
  PID:9140
- C:\Windows\System\oOseXrR.exe
  C:\Windows\System\oOseXrR.exe
  2⤵
  PID:8268
- C:\Windows\System\aVWdGxD.exe
  C:\Windows\System\aVWdGxD.exe
  2⤵
  PID:8480
- C:\Windows\System\MPCYhpJ.exe
  C:\Windows\System\MPCYhpJ.exe
  2⤵
  PID:8780
- C:\Windows\System\lxvmdTN.exe
  C:\Windows\System\lxvmdTN.exe
  2⤵
  PID:8908
- C:\Windows\System\CPhijvt.exe
  C:\Windows\System\CPhijvt.exe
  2⤵
  PID:9108
- C:\Windows\System\eSpEsTG.exe
  C:\Windows\System\eSpEsTG.exe
  2⤵
  PID:8464
- C:\Windows\System\HMBcmNR.exe
  C:\Windows\System\HMBcmNR.exe
  2⤵
  PID:4340
- C:\Windows\System\UXnqsGS.exe
  C:\Windows\System\UXnqsGS.exe
  2⤵
  PID:8744
- C:\Windows\System\kbuhVgG.exe
  C:\Windows\System\kbuhVgG.exe
  2⤵
  PID:9244
- C:\Windows\System\RRpssqp.exe
  C:\Windows\System\RRpssqp.exe
  2⤵
  PID:9276
- C:\Windows\System\irjWbZH.exe
  C:\Windows\System\irjWbZH.exe
  2⤵
  PID:9300
- C:\Windows\System\yGwYUcs.exe
  C:\Windows\System\yGwYUcs.exe
  2⤵
  PID:9328
- C:\Windows\System\eDzphMV.exe
  C:\Windows\System\eDzphMV.exe
  2⤵
  PID:9356
- C:\Windows\System\MDisLAb.exe
  C:\Windows\System\MDisLAb.exe
  2⤵
  PID:9376
- C:\Windows\System\nhdqRXW.exe
  C:\Windows\System\nhdqRXW.exe
  2⤵
  PID:9408
- C:\Windows\System\eZDqCFp.exe
  C:\Windows\System\eZDqCFp.exe
  2⤵
  PID:9432
- C:\Windows\System\OvIXmum.exe
  C:\Windows\System\OvIXmum.exe
  2⤵
  PID:9476
- C:\Windows\System\hYyOVIU.exe
  C:\Windows\System\hYyOVIU.exe
  2⤵
  PID:9496
- C:\Windows\System\FzApsgy.exe
  C:\Windows\System\FzApsgy.exe
  2⤵
  PID:9520
- C:\Windows\System\noPciWW.exe
  C:\Windows\System\noPciWW.exe
  2⤵
  PID:9548
- C:\Windows\System\ZnugqDI.exe
  C:\Windows\System\ZnugqDI.exe
  2⤵
  PID:9568
- C:\Windows\System\fIhSDhH.exe
  C:\Windows\System\fIhSDhH.exe
  2⤵
  PID:9588
- C:\Windows\System\DStfkEU.exe
  C:\Windows\System\DStfkEU.exe
  2⤵
  PID:9620
- C:\Windows\System\gmUduoQ.exe
  C:\Windows\System\gmUduoQ.exe
  2⤵
  PID:9656
- C:\Windows\System\ThztVHp.exe
  C:\Windows\System\ThztVHp.exe
  2⤵
  PID:9676
- C:\Windows\System\ZQKcsJP.exe
  C:\Windows\System\ZQKcsJP.exe
  2⤵
  PID:9704
- C:\Windows\System\HmQVNKp.exe
  C:\Windows\System\HmQVNKp.exe
  2⤵
  PID:9720
- C:\Windows\System\wlKtfoV.exe
  C:\Windows\System\wlKtfoV.exe
  2⤵
  PID:9744
- C:\Windows\System\Piawvkd.exe
  C:\Windows\System\Piawvkd.exe
  2⤵
  PID:9768
- C:\Windows\System\OZdPiuP.exe
  C:\Windows\System\OZdPiuP.exe
  2⤵
  PID:9792
- C:\Windows\System\WgoZZUx.exe
  C:\Windows\System\WgoZZUx.exe
  2⤵
  PID:9836
- C:\Windows\System\vbDAAcU.exe
  C:\Windows\System\vbDAAcU.exe
  2⤵
  PID:9872
- C:\Windows\System\vloGKrF.exe
  C:\Windows\System\vloGKrF.exe
  2⤵
  PID:9900
- C:\Windows\System\mXbcllm.exe
  C:\Windows\System\mXbcllm.exe
  2⤵
  PID:9932
- C:\Windows\System\ZFwhogs.exe
  C:\Windows\System\ZFwhogs.exe
  2⤵
  PID:9952
- C:\Windows\System\ZWSvSmg.exe
  C:\Windows\System\ZWSvSmg.exe
  2⤵
  PID:9984
- C:\Windows\System\HpnDtYF.exe
  C:\Windows\System\HpnDtYF.exe
  2⤵
  PID:10004
- C:\Windows\System\eKBpeZj.exe
  C:\Windows\System\eKBpeZj.exe
  2⤵
  PID:10044
- C:\Windows\System\OmcsCNJ.exe
  C:\Windows\System\OmcsCNJ.exe
  2⤵
  PID:10080
- C:\Windows\System\yWUYuOY.exe
  C:\Windows\System\yWUYuOY.exe
  2⤵
  PID:10100
- C:\Windows\System\VFmuXyk.exe
  C:\Windows\System\VFmuXyk.exe
  2⤵
  PID:10132
- C:\Windows\System\KdQaSRN.exe
  C:\Windows\System\KdQaSRN.exe
  2⤵
  PID:10152
- C:\Windows\System\SfpsGuP.exe
  C:\Windows\System\SfpsGuP.exe
  2⤵
  PID:10184
- C:\Windows\System\DYEPefi.exe
  C:\Windows\System\DYEPefi.exe
  2⤵
  PID:10208
- C:\Windows\System\fplnNHt.exe
  C:\Windows\System\fplnNHt.exe
  2⤵
  PID:9228
- C:\Windows\System\YzNRheI.exe
  C:\Windows\System\YzNRheI.exe
  2⤵
  PID:9312
- C:\Windows\System\eTXnUFh.exe
  C:\Windows\System\eTXnUFh.exe
  2⤵
  PID:9344
- C:\Windows\System\yUcilGD.exe
  C:\Windows\System\yUcilGD.exe
  2⤵
  PID:9424
- C:\Windows\System\hJcqagg.exe
  C:\Windows\System\hJcqagg.exe
  2⤵
  PID:9508
- C:\Windows\System\ZStQkLX.exe
  C:\Windows\System\ZStQkLX.exe
  2⤵
  PID:9580
- C:\Windows\System\ldIEPPN.exe
  C:\Windows\System\ldIEPPN.exe
  2⤵
  PID:9700
- C:\Windows\System\zBVSoRi.exe
  C:\Windows\System\zBVSoRi.exe
  2⤵
  PID:9752
- C:\Windows\System\LkowGaT.exe
  C:\Windows\System\LkowGaT.exe
  2⤵
  PID:9800
- C:\Windows\System\xVitPDY.exe
  C:\Windows\System\xVitPDY.exe
  2⤵
  PID:9880
- C:\Windows\System\bcTHuUF.exe
  C:\Windows\System\bcTHuUF.exe
  2⤵
  PID:9980
- C:\Windows\System\GMSFpyf.exe
  C:\Windows\System\GMSFpyf.exe
  2⤵
  PID:10020
- C:\Windows\System\vKvMzpl.exe
  C:\Windows\System\vKvMzpl.exe
  2⤵
  PID:10128
- C:\Windows\System\ZYFhmAi.exe
  C:\Windows\System\ZYFhmAi.exe
  2⤵
  PID:10204
- C:\Windows\System\AUCFdfx.exe
  C:\Windows\System\AUCFdfx.exe
  2⤵
  PID:8828
- C:\Windows\System\zavBvPW.exe
  C:\Windows\System\zavBvPW.exe
  2⤵
  PID:9316
- C:\Windows\System\rGqfHJD.exe
  C:\Windows\System\rGqfHJD.exe
  2⤵
  PID:9632
- C:\Windows\System\LZhpmno.exe
  C:\Windows\System\LZhpmno.exe
  2⤵
  PID:9664
- C:\Windows\System\rUdQNvd.exe
  C:\Windows\System\rUdQNvd.exe
  2⤵
  PID:9848
- C:\Windows\System\KjuwPFJ.exe
  C:\Windows\System\KjuwPFJ.exe
  2⤵
  PID:10112
- C:\Windows\System\SxKQTul.exe
  C:\Windows\System\SxKQTul.exe
  2⤵
  PID:9284
- C:\Windows\System\blZqawS.exe
  C:\Windows\System\blZqawS.exe
  2⤵
  PID:9576
- C:\Windows\System\FZzsvjd.exe
  C:\Windows\System\FZzsvjd.exe
  2⤵
  PID:9812
- C:\Windows\System\tKyRmfF.exe
  C:\Windows\System\tKyRmfF.exe
  2⤵
  PID:8740
- C:\Windows\System\eIUgids.exe
  C:\Windows\System\eIUgids.exe
  2⤵
  PID:9944
- C:\Windows\System\pdHUwEf.exe
  C:\Windows\System\pdHUwEf.exe
  2⤵
  PID:10264
- C:\Windows\System\MBtkXVJ.exe
  C:\Windows\System\MBtkXVJ.exe
  2⤵
  PID:10292
- C:\Windows\System\GWolchO.exe
  C:\Windows\System\GWolchO.exe
  2⤵
  PID:10320
- C:\Windows\System\wNQaYed.exe
  C:\Windows\System\wNQaYed.exe
  2⤵
  PID:10356
- C:\Windows\System\mqAvwVr.exe
  C:\Windows\System\mqAvwVr.exe
  2⤵
  PID:10376
- C:\Windows\System\qfRbhFq.exe
  C:\Windows\System\qfRbhFq.exe
  2⤵
  PID:10404
- C:\Windows\System\PkabyIF.exe
  C:\Windows\System\PkabyIF.exe
  2⤵
  PID:10432
- C:\Windows\System\lngbHBR.exe
  C:\Windows\System\lngbHBR.exe
  2⤵
  PID:10460
- C:\Windows\System\YHXlPzV.exe
  C:\Windows\System\YHXlPzV.exe
  2⤵
  PID:10488
- C:\Windows\System\FrBYAHc.exe
  C:\Windows\System\FrBYAHc.exe
  2⤵
  PID:10516
- C:\Windows\System\FTnVzqr.exe
  C:\Windows\System\FTnVzqr.exe
  2⤵
  PID:10548
- C:\Windows\System\HpEGhPc.exe
  C:\Windows\System\HpEGhPc.exe
  2⤵
  PID:10580
- C:\Windows\System\kxOCvON.exe
  C:\Windows\System\kxOCvON.exe
  2⤵
  PID:10600
- C:\Windows\System\BvDydYN.exe
  C:\Windows\System\BvDydYN.exe
  2⤵
  PID:10640
- C:\Windows\System\dbErubw.exe
  C:\Windows\System\dbErubw.exe
  2⤵
  PID:10656
- C:\Windows\System\KUuhjbt.exe
  C:\Windows\System\KUuhjbt.exe
  2⤵
  PID:10684
- C:\Windows\System\vHbMctA.exe
  C:\Windows\System\vHbMctA.exe
  2⤵
  PID:10708
- C:\Windows\System\cttgKBD.exe
  C:\Windows\System\cttgKBD.exe
  2⤵
  PID:10740
- C:\Windows\System\keyEVjO.exe
  C:\Windows\System\keyEVjO.exe
  2⤵
  PID:10780
- C:\Windows\System\JZbTOay.exe
  C:\Windows\System\JZbTOay.exe
  2⤵
  PID:10796
- C:\Windows\System\RTLfZVY.exe
  C:\Windows\System\RTLfZVY.exe
  2⤵
  PID:10824
- C:\Windows\System\fqVFaMd.exe
  C:\Windows\System\fqVFaMd.exe
  2⤵
  PID:10864
- C:\Windows\System\GDEbnsr.exe
  C:\Windows\System\GDEbnsr.exe
  2⤵
  PID:10880
- C:\Windows\System\itsPKmV.exe
  C:\Windows\System\itsPKmV.exe
  2⤵
  PID:10900
- C:\Windows\System\vbSrYZq.exe
  C:\Windows\System\vbSrYZq.exe
  2⤵
  PID:10932
- C:\Windows\System\yRdNFmU.exe
  C:\Windows\System\yRdNFmU.exe
  2⤵
  PID:10964
- C:\Windows\System\OlEBjIX.exe
  C:\Windows\System\OlEBjIX.exe
  2⤵
  PID:11004
- C:\Windows\System\lEEZrsQ.exe
  C:\Windows\System\lEEZrsQ.exe
  2⤵
  PID:11024
- C:\Windows\System\tWrJAwz.exe
  C:\Windows\System\tWrJAwz.exe
  2⤵
  PID:11052
- C:\Windows\System\inACTfc.exe
  C:\Windows\System\inACTfc.exe
  2⤵
  PID:11084
- C:\Windows\System\HVhdemF.exe
  C:\Windows\System\HVhdemF.exe
  2⤵
  PID:11108
- C:\Windows\System\rkSgyhB.exe
  C:\Windows\System\rkSgyhB.exe
  2⤵
  PID:11144
- C:\Windows\System\Xzwclmy.exe
  C:\Windows\System\Xzwclmy.exe
  2⤵
  PID:11164
- C:\Windows\System\pWtsbVL.exe
  C:\Windows\System\pWtsbVL.exe
  2⤵
  PID:11196
- C:\Windows\System\yEmLSGO.exe
  C:\Windows\System\yEmLSGO.exe
  2⤵
  PID:11220
- C:\Windows\System\DWByUoA.exe
  C:\Windows\System\DWByUoA.exe
  2⤵
  PID:11240
- C:\Windows\System\EzyHtTP.exe
  C:\Windows\System\EzyHtTP.exe
  2⤵
  PID:10256
- C:\Windows\System\AFvsWNY.exe
  C:\Windows\System\AFvsWNY.exe
  2⤵
  PID:10284
- C:\Windows\System\UeVzZJb.exe
  C:\Windows\System\UeVzZJb.exe
  2⤵
  PID:10364
- C:\Windows\System\gJsdnMz.exe
  C:\Windows\System\gJsdnMz.exe
  2⤵
  PID:10448
- C:\Windows\System\MEtzGyV.exe
  C:\Windows\System\MEtzGyV.exe
  2⤵
  PID:10512
- C:\Windows\System\oKLbgfU.exe
  C:\Windows\System\oKLbgfU.exe
  2⤵
  PID:10564
- C:\Windows\System\BHMvkWK.exe
  C:\Windows\System\BHMvkWK.exe
  2⤵
  PID:10624
- C:\Windows\System\eTKzLea.exe
  C:\Windows\System\eTKzLea.exe
  2⤵
  PID:10680
- C:\Windows\System\eSHkitq.exe
  C:\Windows\System\eSHkitq.exe
  2⤵
  PID:10764
- C:\Windows\System\ZmCHhvo.exe
  C:\Windows\System\ZmCHhvo.exe
  2⤵
  PID:10816
- C:\Windows\System\bbWZuau.exe
  C:\Windows\System\bbWZuau.exe
  2⤵
  PID:10908
- C:\Windows\System\xubSJpn.exe
  C:\Windows\System\xubSJpn.exe
  2⤵
  PID:10976
- C:\Windows\System\qStGqrm.exe
  C:\Windows\System\qStGqrm.exe
  2⤵
  PID:11036
- C:\Windows\System\zTnYMZn.exe
  C:\Windows\System\zTnYMZn.exe
  2⤵
  PID:11100
- C:\Windows\System\BQeIESP.exe
  C:\Windows\System\BQeIESP.exe
  2⤵
  PID:11120
- C:\Windows\System\XSPcPbD.exe
  C:\Windows\System\XSPcPbD.exe
  2⤵
  PID:11216
- C:\Windows\System\GRCKAmf.exe
  C:\Windows\System\GRCKAmf.exe
  2⤵
  PID:11252
- C:\Windows\System\uCEMFxl.exe
  C:\Windows\System\uCEMFxl.exe
  2⤵
  PID:10388
- C:\Windows\System\VVIMURM.exe
  C:\Windows\System\VVIMURM.exe
  2⤵
  PID:10612
- C:\Windows\System\QVMXqjS.exe
  C:\Windows\System\QVMXqjS.exe
  2⤵
  PID:10792
- C:\Windows\System\kvlOFPe.exe
  C:\Windows\System\kvlOFPe.exe
  2⤵
  PID:10872
- C:\Windows\System\bLCSwMp.exe
  C:\Windows\System\bLCSwMp.exe
  2⤵
  PID:11044
- C:\Windows\System\fCfrsEd.exe
  C:\Windows\System\fCfrsEd.exe
  2⤵
  PID:11152
- C:\Windows\System\LoBAoFD.exe
  C:\Windows\System\LoBAoFD.exe
  2⤵
  PID:10544
- C:\Windows\System\YsuLZPi.exe
  C:\Windows\System\YsuLZPi.exe
  2⤵
  PID:10992
- C:\Windows\System\NvFSOox.exe
  C:\Windows\System\NvFSOox.exe
  2⤵
  PID:11272
- C:\Windows\System\koGjZnE.exe
  C:\Windows\System\koGjZnE.exe
  2⤵
  PID:11296
- C:\Windows\System\DMCulQo.exe
  C:\Windows\System\DMCulQo.exe
  2⤵
  PID:11328
- C:\Windows\System\QcnSRdP.exe
  C:\Windows\System\QcnSRdP.exe
  2⤵
  PID:11364
- C:\Windows\System\ewnsclZ.exe
  C:\Windows\System\ewnsclZ.exe
  2⤵
  PID:11392
- C:\Windows\System\RhTBkSC.exe
  C:\Windows\System\RhTBkSC.exe
  2⤵
  PID:11424
- C:\Windows\System\gpvJMTe.exe
  C:\Windows\System\gpvJMTe.exe
  2⤵
  PID:11452
- C:\Windows\System\ZWGKApR.exe
  C:\Windows\System\ZWGKApR.exe
  2⤵
  PID:11480
- C:\Windows\System\hnQicHV.exe
  C:\Windows\System\hnQicHV.exe
  2⤵
  PID:11508
- C:\Windows\System\beIjPwi.exe
  C:\Windows\System\beIjPwi.exe
  2⤵
  PID:11536
- C:\Windows\System\VGNRluG.exe
  C:\Windows\System\VGNRluG.exe
  2⤵
  PID:11552
- C:\Windows\System\MRpwxRu.exe
  C:\Windows\System\MRpwxRu.exe
  2⤵
  PID:11580
- C:\Windows\System\YYgvecr.exe
  C:\Windows\System\YYgvecr.exe
  2⤵
  PID:11616
- C:\Windows\System\wAWMIta.exe
  C:\Windows\System\wAWMIta.exe
  2⤵
  PID:11636
- C:\Windows\System\fUNwmfK.exe
  C:\Windows\System\fUNwmfK.exe
  2⤵
  PID:11652
- C:\Windows\System\MZRahxy.exe
  C:\Windows\System\MZRahxy.exe
  2⤵
  PID:11688
- C:\Windows\System\cpnOwuv.exe
  C:\Windows\System\cpnOwuv.exe
  2⤵
  PID:11704
- C:\Windows\System\mjVtzUw.exe
  C:\Windows\System\mjVtzUw.exe
  2⤵
  PID:11728
- C:\Windows\System\sHQhgAS.exe
  C:\Windows\System\sHQhgAS.exe
  2⤵
  PID:11752
- C:\Windows\System\CbCkFVk.exe
  C:\Windows\System\CbCkFVk.exe
  2⤵
  PID:11784
- C:\Windows\System\XIXaMDI.exe
  C:\Windows\System\XIXaMDI.exe
  2⤵
  PID:11820
- C:\Windows\System\qKaeQfd.exe
  C:\Windows\System\qKaeQfd.exe
  2⤵
  PID:11848
- C:\Windows\System\bbTaSQY.exe
  C:\Windows\System\bbTaSQY.exe
  2⤵
  PID:11884
- C:\Windows\System\kpAuptu.exe
  C:\Windows\System\kpAuptu.exe
  2⤵
  PID:11920
- C:\Windows\System\ufzLWVj.exe
  C:\Windows\System\ufzLWVj.exe
  2⤵
  PID:11936
- C:\Windows\System\PLDnZMk.exe
  C:\Windows\System\PLDnZMk.exe
  2⤵
  PID:11952
- C:\Windows\System\SesPxAq.exe
  C:\Windows\System\SesPxAq.exe
  2⤵
  PID:11980
- C:\Windows\System\LuMhoDD.exe
  C:\Windows\System\LuMhoDD.exe
  2⤵
  PID:12012
- C:\Windows\System\nKwWZZc.exe
  C:\Windows\System\nKwWZZc.exe
  2⤵
  PID:12040
- C:\Windows\System\oWMyFNf.exe
  C:\Windows\System\oWMyFNf.exe
  2⤵
  PID:12076
- C:\Windows\System\CtduKoK.exe
  C:\Windows\System\CtduKoK.exe
  2⤵
  PID:12100
- C:\Windows\System\NldTLkR.exe
  C:\Windows\System\NldTLkR.exe
  2⤵
  PID:12132
- C:\Windows\System\WyctkJb.exe
  C:\Windows\System\WyctkJb.exe
  2⤵
  PID:12164
- C:\Windows\System\gatmsSO.exe
  C:\Windows\System\gatmsSO.exe
  2⤵
  PID:12180
- C:\Windows\System\RlTQGPp.exe
  C:\Windows\System\RlTQGPp.exe
  2⤵
  PID:12212
- C:\Windows\System\kVYVJqP.exe
  C:\Windows\System\kVYVJqP.exe
  2⤵
  PID:12232
- C:\Windows\System\rFwkYyy.exe
  C:\Windows\System\rFwkYyy.exe
  2⤵
  PID:12264
- C:\Windows\System\EDSrafl.exe
  C:\Windows\System\EDSrafl.exe
  2⤵
  PID:10996
- C:\Windows\System\NkYEAdj.exe
  C:\Windows\System\NkYEAdj.exe
  2⤵
  PID:11320
- C:\Windows\System\cRnVHeS.exe
  C:\Windows\System\cRnVHeS.exe
  2⤵
  PID:11344
- C:\Windows\System\ZhCDIjg.exe
  C:\Windows\System\ZhCDIjg.exe
  2⤵
  PID:11444
- C:\Windows\System\cRxhzmu.exe
  C:\Windows\System\cRxhzmu.exe
  2⤵
  PID:11464
- C:\Windows\System\TbCoNHq.exe
  C:\Windows\System\TbCoNHq.exe
  2⤵
  PID:11524
- C:\Windows\System\kyhLpyO.exe
  C:\Windows\System\kyhLpyO.exe
  2⤵
  PID:11608
- C:\Windows\System\BFtHYyn.exe
  C:\Windows\System\BFtHYyn.exe
  2⤵
  PID:11676
- C:\Windows\System\qOOYeTB.exe
  C:\Windows\System\qOOYeTB.exe
  2⤵
  PID:11808
- C:\Windows\System\uDtVBMj.exe
  C:\Windows\System\uDtVBMj.exe
  2⤵
  PID:11856
- C:\Windows\System\xiHcYtC.exe
  C:\Windows\System\xiHcYtC.exe
  2⤵
  PID:11872
- C:\Windows\System\owgrxIZ.exe
  C:\Windows\System\owgrxIZ.exe
  2⤵
  PID:12024
- C:\Windows\System\CCnNeik.exe
  C:\Windows\System\CCnNeik.exe
  2⤵
  PID:11968
- C:\Windows\System\MzpxgFp.exe
  C:\Windows\System\MzpxgFp.exe
  2⤵
  PID:12112
- C:\Windows\System\yMIFSWH.exe
  C:\Windows\System\yMIFSWH.exe
  2⤵
  PID:12196
- C:\Windows\System\JFfRSDx.exe
  C:\Windows\System\JFfRSDx.exe
  2⤵
  PID:12160
- C:\Windows\System\JjkKSac.exe
  C:\Windows\System\JjkKSac.exe
  2⤵
  PID:11340
- C:\Windows\System\HODnVxP.exe
  C:\Windows\System\HODnVxP.exe
  2⤵
  PID:11412
- C:\Windows\System\xElMmpR.exe
  C:\Windows\System\xElMmpR.exe
  2⤵
  PID:11624
- C:\Windows\System\PCKdwux.exe
  C:\Windows\System\PCKdwux.exe
  2⤵
  PID:11748
- C:\Windows\System\CmNhLZw.exe
  C:\Windows\System\CmNhLZw.exe
  2⤵
  PID:11836
- C:\Windows\System\cyaKwGF.exe
  C:\Windows\System\cyaKwGF.exe
  2⤵
  PID:11948
- C:\Windows\System\orFdhHP.exe
  C:\Windows\System\orFdhHP.exe
  2⤵
  PID:11976
- C:\Windows\System\BptxKpN.exe
  C:\Windows\System\BptxKpN.exe
  2⤵
  PID:12276
- C:\Windows\System\xgCuEPx.exe
  C:\Windows\System\xgCuEPx.exe
  2⤵
  PID:11316
- C:\Windows\System\cJYOcON.exe
  C:\Windows\System\cJYOcON.exe
  2⤵
  PID:11992
- C:\Windows\System\YKSkzoS.exe
  C:\Windows\System\YKSkzoS.exe
  2⤵
  PID:12300
- C:\Windows\System\pbAizIn.exe
  C:\Windows\System\pbAizIn.exe
  2⤵
  PID:12316
- C:\Windows\System\HXiOCGm.exe
  C:\Windows\System\HXiOCGm.exe
  2⤵
  PID:12336
- C:\Windows\System\abulLJh.exe
  C:\Windows\System\abulLJh.exe
  2⤵
  PID:12356
- C:\Windows\System\XhfaoVS.exe
  C:\Windows\System\XhfaoVS.exe
  2⤵
  PID:12372
- C:\Windows\System\zLMhZvB.exe
  C:\Windows\System\zLMhZvB.exe
  2⤵
  PID:12404
- C:\Windows\System\CKMVEsb.exe
  C:\Windows\System\CKMVEsb.exe
  2⤵
  PID:12440
- C:\Windows\System\wiXmHoK.exe
  C:\Windows\System\wiXmHoK.exe
  2⤵
  PID:12480
- C:\Windows\System\ZFSCIyU.exe
  C:\Windows\System\ZFSCIyU.exe
  2⤵
  PID:12508
- C:\Windows\System\UKfIEYK.exe
  C:\Windows\System\UKfIEYK.exe
  2⤵
  PID:12540
- C:\Windows\System\PCACBiY.exe
  C:\Windows\System\PCACBiY.exe
  2⤵
  PID:12576
- C:\Windows\System\nwwIjVM.exe
  C:\Windows\System\nwwIjVM.exe
  2⤵
  PID:12608
- C:\Windows\System\DQUVpKZ.exe
  C:\Windows\System\DQUVpKZ.exe
  2⤵
  PID:12652
- C:\Windows\System\OEiZMar.exe
  C:\Windows\System\OEiZMar.exe
  2⤵
  PID:12668
- C:\Windows\System\KJcPgYR.exe
  C:\Windows\System\KJcPgYR.exe
  2⤵
  PID:12700
- C:\Windows\System\zoCDBOy.exe
  C:\Windows\System\zoCDBOy.exe
  2⤵
  PID:12728
- C:\Windows\System\KYXGupF.exe
  C:\Windows\System\KYXGupF.exe
  2⤵
  PID:12752
- C:\Windows\System\LYYTJYj.exe
  C:\Windows\System\LYYTJYj.exe
  2⤵
  PID:12780
- C:\Windows\System\rpadKIc.exe
  C:\Windows\System\rpadKIc.exe
  2⤵
  PID:12796
- C:\Windows\System\hCtdsLU.exe
  C:\Windows\System\hCtdsLU.exe
  2⤵
  PID:12828
- C:\Windows\System\QUFekjb.exe
  C:\Windows\System\QUFekjb.exe
  2⤵
  PID:12856
- C:\Windows\System\wlkfKes.exe
  C:\Windows\System\wlkfKes.exe
  2⤵
  PID:12880
- C:\Windows\System\GMmhDMM.exe
  C:\Windows\System\GMmhDMM.exe
  2⤵
  PID:12908
- C:\Windows\System\YqHomGO.exe
  C:\Windows\System\YqHomGO.exe
  2⤵
  PID:12940
- C:\Windows\System\rmvaxCs.exe
  C:\Windows\System\rmvaxCs.exe
  2⤵
  PID:12976
- C:\Windows\System\FiFDDab.exe
  C:\Windows\System\FiFDDab.exe
  2⤵
  PID:13004
- C:\Windows\System\YwuOUGj.exe
  C:\Windows\System\YwuOUGj.exe
  2⤵
  PID:13040
- C:\Windows\System\tvGewUQ.exe
  C:\Windows\System\tvGewUQ.exe
  2⤵
  PID:13060
- C:\Windows\System\zGDKVHH.exe
  C:\Windows\System\zGDKVHH.exe
  2⤵
  PID:13088
- C:\Windows\System\BhXeBVB.exe
  C:\Windows\System\BhXeBVB.exe
  2⤵
  PID:13124
- C:\Windows\System\qujbgDf.exe
  C:\Windows\System\qujbgDf.exe
  2⤵
  PID:13148
- C:\Windows\System\WGCdCvn.exe
  C:\Windows\System\WGCdCvn.exe
  2⤵
  PID:13172
- C:\Windows\System\wPKIdqI.exe
  C:\Windows\System\wPKIdqI.exe
  2⤵
  PID:13200
- C:\Windows\System\qehOivo.exe
  C:\Windows\System\qehOivo.exe
  2⤵
  PID:13220
- C:\Windows\System\dwKgPMF.exe
  C:\Windows\System\dwKgPMF.exe
  2⤵
  PID:13252
- C:\Windows\System\FWzAbuu.exe
  C:\Windows\System\FWzAbuu.exe
  2⤵
  PID:13284
- C:\Windows\System\UoFISGE.exe
  C:\Windows\System\UoFISGE.exe
  2⤵
  PID:12292
- C:\Windows\System\KbLFNcA.exe
  C:\Windows\System\KbLFNcA.exe
  2⤵
  PID:12116
- C:\Windows\System\cIdDBNo.exe
  C:\Windows\System\cIdDBNo.exe
  2⤵
  PID:12420
- C:\Windows\System\WnsAZtY.exe
  C:\Windows\System\WnsAZtY.exe
  2⤵
  PID:12456
- C:\Windows\System\FmPiAxh.exe
  C:\Windows\System\FmPiAxh.exe
  2⤵
  PID:12568
- C:\Windows\System\KtePUMi.exe
  C:\Windows\System\KtePUMi.exe
  2⤵
  PID:12624
- C:\Windows\System\wBfFdXY.exe
  C:\Windows\System\wBfFdXY.exe
  2⤵
  PID:12708
- C:\Windows\System\QhaubmK.exe
  C:\Windows\System\QhaubmK.exe
  2⤵
  PID:12716
- C:\Windows\System\fxKdKkw.exe
  C:\Windows\System\fxKdKkw.exe
  2⤵
  PID:12840
- C:\Windows\System\HieIQnT.exe
  C:\Windows\System\HieIQnT.exe
  2⤵
  PID:12848
- C:\Windows\System\AArqsNI.exe
  C:\Windows\System\AArqsNI.exe
  2⤵
  PID:12904
- C:\Windows\System\dvRqUBm.exe
  C:\Windows\System\dvRqUBm.exe
  2⤵
  PID:12988
- C:\Windows\System\egFQlZT.exe
  C:\Windows\System\egFQlZT.exe
  2⤵
  PID:13052
- C:\Windows\System\iknqWXl.exe
  C:\Windows\System\iknqWXl.exe
  2⤵
  PID:13144
- C:\Windows\System\NetgIZY.exe
  C:\Windows\System\NetgIZY.exe
  2⤵
  PID:13236
- C:\Windows\System\lUhjmOb.exe
  C:\Windows\System\lUhjmOb.exe
  2⤵
  PID:13248
- C:\Windows\System\TAXfsUL.exe
  C:\Windows\System\TAXfsUL.exe
  2⤵
  PID:12308
- C:\Windows\System\gWlrEng.exe
  C:\Windows\System\gWlrEng.exe
  2⤵
  PID:12588
- C:\Windows\System\PVQJlgW.exe
  C:\Windows\System\PVQJlgW.exe
  2⤵
  PID:12764
- C:\Windows\System\qDIIJiW.exe
  C:\Windows\System\qDIIJiW.exe
  2⤵
  PID:12772
- C:\Windows\System\efEBANn.exe
  C:\Windows\System\efEBANn.exe
  2⤵
  PID:12920
- C:\Windows\System\kbJEQlH.exe
  C:\Windows\System\kbJEQlH.exe
  2⤵
  PID:13168
- C:\Windows\System\zfWtHpX.exe
  C:\Windows\System\zfWtHpX.exe
  2⤵
  PID:13304
- C:\Windows\System\BjOeXPV.exe
  C:\Windows\System\BjOeXPV.exe
  2⤵
  PID:12592
- C:\Windows\System\EbeDjhG.exe
  C:\Windows\System\EbeDjhG.exe
  2⤵
  PID:12928
- C:\Windows\System\kamXjEa.exe
  C:\Windows\System\kamXjEa.exe
  2⤵
  PID:2732
- C:\Windows\System\IODOUcK.exe
  C:\Windows\System\IODOUcK.exe
  2⤵
  PID:12776
- C:\Windows\System\lHgqJXF.exe
  C:\Windows\System\lHgqJXF.exe
  2⤵
  PID:13328
- C:\Windows\System\lDoKFiD.exe
  C:\Windows\System\lDoKFiD.exe
  2⤵
  PID:13368
- C:\Windows\System\hsTAaTT.exe
  C:\Windows\System\hsTAaTT.exe
  2⤵
  PID:13400
- C:\Windows\System\GonvYIK.exe
  C:\Windows\System\GonvYIK.exe
  2⤵
  PID:13432
- C:\Windows\System\SZZblKi.exe
  C:\Windows\System\SZZblKi.exe
  2⤵
  PID:13472
- C:\Windows\System\tnYIgoc.exe
  C:\Windows\System\tnYIgoc.exe
  2⤵
  PID:13492
- C:\Windows\System\FpQZFSr.exe
  C:\Windows\System\FpQZFSr.exe
  2⤵
  PID:13512
- C:\Windows\System\tbhkrHV.exe
  C:\Windows\System\tbhkrHV.exe
  2⤵
  PID:13540
- C:\Windows\System\TbXhjMV.exe
  C:\Windows\System\TbXhjMV.exe
  2⤵
  PID:13564
- C:\Windows\System\zsRmHUs.exe
  C:\Windows\System\zsRmHUs.exe
  2⤵
  PID:13604
- C:\Windows\System\PRzMXNd.exe
  C:\Windows\System\PRzMXNd.exe
  2⤵
  PID:13644
- C:\Windows\System\XPjvUcG.exe
  C:\Windows\System\XPjvUcG.exe
  2⤵
  PID:13660
- C:\Windows\System\OGpTgVu.exe
  C:\Windows\System\OGpTgVu.exe
  2⤵
  PID:13684
- C:\Windows\System\CzDIzmD.exe
  C:\Windows\System\CzDIzmD.exe
  2⤵
  PID:13716
- C:\Windows\System\oLGglln.exe
  C:\Windows\System\oLGglln.exe
  2⤵
  PID:13744
- C:\Windows\System\JUcjURJ.exe
  C:\Windows\System\JUcjURJ.exe
  2⤵
  PID:13768
- C:\Windows\System\GVQJeEI.exe
  C:\Windows\System\GVQJeEI.exe
  2⤵
  PID:13800
- C:\Windows\System\puXbfSA.exe
  C:\Windows\System\puXbfSA.exe
  2⤵
  PID:13828
- C:\Windows\System\BsZDrhz.exe
  C:\Windows\System\BsZDrhz.exe
  2⤵
  PID:13856
- C:\Windows\System\MAMDXfu.exe
  C:\Windows\System\MAMDXfu.exe
  2⤵
  PID:13888
- C:\Windows\System\CQhKEnq.exe
  C:\Windows\System\CQhKEnq.exe
  2⤵
  PID:13920
- C:\Windows\System\OihDxRM.exe
  C:\Windows\System\OihDxRM.exe
  2⤵
  PID:13940
- C:\Windows\System\CqLoTyy.exe
  C:\Windows\System\CqLoTyy.exe
  2⤵
  PID:13976
- C:\Windows\System\iiccRak.exe
  C:\Windows\System\iiccRak.exe
  2⤵
  PID:14000
- C:\Windows\System\CeZjtuO.exe
  C:\Windows\System\CeZjtuO.exe
  2⤵
  PID:14032
- C:\Windows\System\BHIywRT.exe
  C:\Windows\System\BHIywRT.exe
  2⤵
  PID:14064
- C:\Windows\System\sNERStH.exe
  C:\Windows\System\sNERStH.exe
  2⤵
  PID:14092
- C:\Windows\System\puGONTF.exe
  C:\Windows\System\puGONTF.exe
  2⤵
  PID:14128
- C:\Windows\System\gjAmaJy.exe
  C:\Windows\System\gjAmaJy.exe
  2⤵
  PID:14152
- C:\Windows\System\jfiQsHm.exe
  C:\Windows\System\jfiQsHm.exe
  2⤵
  PID:14176
- C:\Windows\System\aAgPcCy.exe
  C:\Windows\System\aAgPcCy.exe
  2⤵
  PID:14204
- C:\Windows\System\fJMBVCo.exe
  C:\Windows\System\fJMBVCo.exe
  2⤵
  PID:14236
- C:\Windows\System\PYUiMFG.exe
  C:\Windows\System\PYUiMFG.exe
  2⤵
  PID:14268
- C:\Windows\System\PEOSHEf.exe
  C:\Windows\System\PEOSHEf.exe
  2⤵
  PID:14292
- C:\Windows\System\ZkOOtPw.exe
  C:\Windows\System\ZkOOtPw.exe
  2⤵
  PID:14332
- C:\Windows\System\BTrAoGK.exe
  C:\Windows\System\BTrAoGK.exe
  2⤵
  PID:12324
- C:\Windows\System\WxldSqQ.exe
  C:\Windows\System\WxldSqQ.exe
  2⤵
  PID:13388
- C:\Windows\System\slmZKAy.exe
  C:\Windows\System\slmZKAy.exe
  2⤵
  PID:13428
- C:\Windows\System\XZYBdrc.exe
  C:\Windows\System\XZYBdrc.exe
  2⤵
  PID:13536
- C:\Windows\System\xojOEtI.exe
  C:\Windows\System\xojOEtI.exe
  2⤵
  PID:13600
- C:\Windows\System\DHsfoUw.exe
  C:\Windows\System\DHsfoUw.exe
  2⤵
  PID:13680
- C:\Windows\System\AeJIqup.exe
  C:\Windows\System\AeJIqup.exe
  2⤵
  PID:13820
- C:\Windows\System\vniiBIP.exe
  C:\Windows\System\vniiBIP.exe
  2⤵
  PID:13868
- C:\Windows\System\oHZrCet.exe
  C:\Windows\System\oHZrCet.exe
  2⤵
  PID:13952
- C:\Windows\System\KKRlIeS.exe
  C:\Windows\System\KKRlIeS.exe
  2⤵
  PID:14056
- C:\Windows\System\mKvhgue.exe
  C:\Windows\System\mKvhgue.exe
  2⤵
  PID:14104
- C:\Windows\System\unKVfZT.exe
  C:\Windows\System\unKVfZT.exe
  2⤵
  PID:14144
- C:\Windows\System\EpbbCxN.exe
  C:\Windows\System\EpbbCxN.exe
  2⤵
  PID:14232
- C:\Windows\System\JhpFBVI.exe
  C:\Windows\System\JhpFBVI.exe
  2⤵
  PID:14300
- C:\Windows\System\wuTZark.exe
  C:\Windows\System\wuTZark.exe
  2⤵
  PID:13484
- C:\Windows\System\hdSPJpU.exe
  C:\Windows\System\hdSPJpU.exe
  2⤵
  PID:13528
- C:\Windows\System\LPAFfkk.exe
  C:\Windows\System\LPAFfkk.exe
  2⤵
  PID:13508
- C:\Windows\System\wjIGvUu.exe
  C:\Windows\System\wjIGvUu.exe
  2⤵
  PID:13760
- C:\Windows\System\XlImgyF.exe
  C:\Windows\System\XlImgyF.exe
  2⤵
  PID:13788
- C:\Windows\System\ZGassLU.exe
  C:\Windows\System\ZGassLU.exe
  2⤵
  PID:14040
- C:\Windows\System\jGYQXTA.exe
  C:\Windows\System\jGYQXTA.exe
  2⤵
  PID:14248
- C:\Windows\System\diSiiyv.exe
  C:\Windows\System\diSiiyv.exe
  2⤵
  PID:14288
- C:\Windows\System\MRsDBir.exe
  C:\Windows\System\MRsDBir.exe
  2⤵
  PID:13420
- C:\Windows\System\BZcJxwD.exe
  C:\Windows\System\BZcJxwD.exe
  2⤵
  PID:14192
- C:\Windows\System\fqtWxEo.exe
  C:\Windows\System\fqtWxEo.exe
  2⤵
  PID:14352
- C:\Windows\System\fiAOlIu.exe
  C:\Windows\System\fiAOlIu.exe
  2⤵
  PID:14380
- C:\Windows\System\gRUmXTY.exe
  C:\Windows\System\gRUmXTY.exe
  2⤵
  PID:14416
- C:\Windows\System\BHLGwQg.exe
  C:\Windows\System\BHLGwQg.exe
  2⤵
  PID:14448
- C:\Windows\System\uLjVkxr.exe
  C:\Windows\System\uLjVkxr.exe
  2⤵
  PID:14480

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\APPimBF.exe

Filesize
2.4MB

MD5
6175987fb1ed90e53aa8d94e8062fca7

SHA1
38bdc4db11ef2176467d942c5cc461ea28abb935

SHA256
59b18b4c5c24ce31d26f5df713a688fe7a895b74f8b128f1671fbd61979f74d9

SHA512
59b7cae56352e11209c1d14ffd15454b79e51c431c463d8fc77be97358b715a8f0d9bc1ae65aaaa5c73e7d6b0df2f692e496aa4ed7e323e4eb3f0af73f462355

Download Submit
C:\Windows\System\BHZLoMr.exe

Filesize
2.4MB

MD5
0f817fe485c91193c03b3b85b24644d3

SHA1
8156e1eb79540fd552d3cf7a45fbad3d6678b6ee

SHA256
3f2734d922823f37354297391c4ee7bdb40fce804b5aab3ce96642527454a376

SHA512
55f37791425ac0a189cda1f342c4ba0b0d873aecbcdcaaada5911e3c73ab9bc80485983480591bd95856c0d2bb8370babb40b244ee391b369c8b8f0e543d3c02

Download Submit
C:\Windows\System\BsyzAIT.exe

Filesize
2.4MB

MD5
0c0ff84233abc38cdfbf4132fff4f4cc

SHA1
cfb736996409d6f943d1736f33d86b395f7c6379

SHA256
04b828b0a0d1da321fd67087b9c7da34d0ba5ffdc97cacbbe4749160144e1f33

SHA512
ae9250ee8f9d2adfc71feaf19a19033409de1793bd03172911dc3ed852b7b204e15472edb0a1f3b2a37f7fc463d3cbb97329212a74a8b709cc5e4dd2ef5b6456

Download Submit
C:\Windows\System\FewJJGN.exe

Filesize
2.4MB

MD5
bfb50e13a70b8a6af5df6b4f124d1861

SHA1
363a44290b9c6b62ab62b00c160ffeea77a23f0f

SHA256
8c16fe09cb6530aa641a52d5e39463b9843d1a2558fa7219df402b67c0880d73

SHA512
97027af75b6273b5a376332483b292695a11c7049cf46956ba0ba7670be00629b31a0e5c259407799a091c3f950c18dcafb1f21ab97fd2b894fff4e53300db1c

Download Submit
C:\Windows\System\GyklmaI.exe

Filesize
2.4MB

MD5
3d0914074d98157f0b1c6fedb126ad8a

SHA1
39e6132d224b4bc6c75978675e0fd040cdac61eb

SHA256
c4cd65423d732a73099471c765eb79306ccaccdb081d811d84b09b3c5e170632

SHA512
ea682c4a82f22e2b03a36c5d9ff57dbc424601a9f03f9da9297e35363451463775f289156ab7f8044e0fbbe7d669d65c6c1aae5e4ad91b77cc73541e24a399be

Download Submit
C:\Windows\System\IfOAsjc.exe

Filesize
2.4MB

MD5
e7484da02bab8ce0cbd3f9b067389560

SHA1
739a4025797c6d76913130cec797890d159b5335

SHA256
7843f29aac8ff6f8f22e87a6d464748f004483230032a96bf1447315f35c065a

SHA512
b162585213ee06a3066ee791f57a6759cc3bf67b6c9d15dc8334bce3fcf88c25828d7c2179d2886913ad9a7fd684bc4e73a9ebc025223f3736025c80b7adbb01

Download Submit
C:\Windows\System\JMkxCXZ.exe

Filesize
2.4MB

MD5
7e7364d9901c66dd6060392086c83f3e

SHA1
a96f1a5976a87dd6170fc07833d49471188cfca3

SHA256
17a268d955112150263b8ad35d4ad60a86ddc9c69de70edbe8741e4a890ff6c5

SHA512
4f35d2d78680dd783bc47321f412a7ee86635c37c7ac81cdafc897297594d2dd5e365bbcd44cda7cf2272634c94dc4161257fe4dd3f76c6d7022c95a66431d82

Download Submit
C:\Windows\System\KgcaaGE.exe

Filesize
2.4MB

MD5
b8d062c00a0a7c770a1899435d5646b1

SHA1
16d148d43a3eef951d451ddc9f2bd640480e69d9

SHA256
ff664dab02b681b9232aafb6fd2ed900085b6e7d64c2b385f6e7cd1e78353b99

SHA512
b65bc2274dec4d5f131a1ba3e942c891236b260090c6ea5409c3c2dc2f3d17ede5870f72ab37c1ae1c2118a00b1ed8e6dd636442dda5fda2aaa80117ebf4d134

Download Submit
C:\Windows\System\KrVxsdK.exe

Filesize
2.4MB

MD5
98b8b10ce72f74a37939b202c74982db

SHA1
f273c7e3d5a4941848f6eaf7cd69d1e4a6f0159d

SHA256
8e0772c4a4dcdaa61ef24088dd7c21fe0ce5d1cc7b04555c18ad4bc7b4dcc385

SHA512
049d5d4f41f17e9de020ff234a0843137e612ccaaab6f9b083901e62b5801fd74ba3be075c48bab57a3b6dbca7760e2efda6c460a98a930e144494e13e497115

Download Submit
C:\Windows\System\OetnHPN.exe

Filesize
2.4MB

MD5
a2d5eff948b4e8f7e1e720355420c09d

SHA1
3f08f4b0d6dc3f4873a7eab74583f5b3d9e0fd66

SHA256
1b4c9182179317dcbb140309505f18244e4e5a2c811e3f741029c3ecaf699cbc

SHA512
8ac6c7bb2ad2f634482503edf510b16c5ffd9166dafd52d19db51b939260e2ad73ed79d4e00e05be29590b441d8476ec3603d510a89502e501ed022008674980

Download Submit
C:\Windows\System\OsbjXrB.exe

Filesize
2.4MB

MD5
7cc6d75dde2a001434e8cef8252dbe0b

SHA1
f30ff33306abf0eb6c09cc6bb8d07e3033ac17ac

SHA256
3c763071ed9f0dd460fcc0896bfb00cf4cf1e7e2bb32a99a2c7822189564591f

SHA512
fcb83388b6f7482c240daaa7f86ae1d7c810f8349c959efbf7df0c313ca20779c94c6c64486fdb6f8b1b2cce5af04afa058a749612edff6a2918f272556ee338

Download Submit
C:\Windows\System\SIyxbBX.exe

Filesize
2.4MB

MD5
3ca638ed000daa5e91def8d9dd8ee20d

SHA1
be54a2f8e5fdfe1dd4f09ca42ba24d93f50e2d23

SHA256
7429f89382f9eb3de696d9d4fa2183a09427ff1d0c566829b80c20a7fbddeda6

SHA512
3f6f26846ac01f466e764af589e4f6f9609d23d46cc46d585fe296cd4923f6f1c1fcc29a13968044b24bbb9dd0472f3716d2c7b4b3468052d3549e00e1d13f98

Download Submit
C:\Windows\System\SPkDIOt.exe

Filesize
2.4MB

MD5
81d92c7479041cc8f68af5d7a9d04fe9

SHA1
d1e650f3278bc1164b472eb0fa7abd8831e6ed86

SHA256
3d3785ec584a53e92a20ea1bc28d5e27aa5716bee9d6e6251c61228b0615fda3

SHA512
dc2713eaf9246317b5174f92e799c356560b3b400758cd676777153bfbe0e53174e112b39ef312b2b58b4e78133f119079bf4403f709579b9f33060494df1833

Download Submit
C:\Windows\System\SQaIOJc.exe

Filesize
2.4MB

MD5
eb87483c8a0638f5c63673bf326b93c5

SHA1
249c575cc5ac402e7366dc1d64daa19a8d129aed

SHA256
71779df8d6fbd64998d85d58cbc3fd91ce703b351ebcbcb4da8b722e34412151

SHA512
61053812345c943ab6db3761242fda7daf09dcecda96360e5c4b747c7b97586eb1338bdfc1552040850f4fd84bb35f11197eda9ed30de250466398737f9992c1

Download Submit
C:\Windows\System\UPXaLCr.exe

Filesize
2.4MB

MD5
acf88199e1404ffa67d2d16151dda872

SHA1
95e08d4d7970cc89ce1b416a8f265fd547182b92

SHA256
a5df9a3ca842e2685b8366208a3d563a5b728a58cfe0483ca72b0d9c40e5aaf0

SHA512
49cc6717690322ddbed476230da32f834aa6655c317fd4472c9723b677d21536f92971074f904826bab151bbe8f6669d4c89fc1ae0bef1c9e04cdf03f0b107c0

Download Submit
C:\Windows\System\UkHMvar.exe

Filesize
2.4MB

MD5
e066c2398b9453427a1de25a37eb6e3c

SHA1
e0648b36b8f225a5c5876ef45af5e1f176894e4f

SHA256
48be17690147cd43b5efd686601e991180b6be2e1210a0c854f5f41adcb0e385

SHA512
469eaf7c86b89f045242643da6fa135bff35d3998460951391a69332e45ae4269a26d61296068b5022b2680513aa0d88d04e9c55031a993e99ca0be79bb4a18a

Download Submit
C:\Windows\System\VnfmoRD.exe

Filesize
2.4MB

MD5
ca058ef792c35fb39406b41ec5047188

SHA1
b5be64f166b13beed720bd792492e90932ce2754

SHA256
125fd10b86fb72437b492240660961bec4f4c575ff8eaf2a2df291fbb84452c7

SHA512
36d6b5a1c68e6f9aa01577c4551107ce3b8c7086a6c1e647f7c1d8bc49cf703ea34745e5d587ba5f77cfa475b9edc61303aae49e4f6b326db7e2ac7b7156d8b1

Download Submit
C:\Windows\System\YkdvEHg.exe

Filesize
2.4MB

MD5
bccd81df5f885828545c12a2f2bccf9c

SHA1
fd44fd71992a5e31df23a7dd0695f245d8806832

SHA256
d70213c07b65ec508aedf2f14d133c6d600d27c5e58dc96b8bf5736080754998

SHA512
548e5b5704dfcfe5e427cbcde85c3ca0457d9ccf99dc57b7f1d387d997cdf5356188140ac5f8e0a63e8b019cc16c04ad998ee0da67510ced82ff3d49b84c5448

Download Submit
C:\Windows\System\YqQsLGY.exe

Filesize
2.4MB

MD5
dba65945ec7a0e678122dea10d5d6afa

SHA1
35f8dcf68f91604758d7b43bed7818da8bc6b2af

SHA256
89cd3b23d72252c7d977a5606d83850404ea5c351ee517f3edbe74f154a8fbcf

SHA512
aabeca2844dfeb97a96ac378f18b63ef6140721dd1d46e5478a61bcc84d9375a937a1c4b5ee932554cf4074dff25c0a6178875f930a1415a55d83edee386078b

Download Submit
C:\Windows\System\bOCibun.exe

Filesize
2.4MB

MD5
ed0b9144bf58cae723cce1ae93417d19

SHA1
5eedc0d47e9581e5237907e8db3c53604eb64b96

SHA256
2b269c02c9d958594776070a1bed01125418e6de73c326719c9f27551e7e33a6

SHA512
204976cccdb328f1f5e4fe0d53ea8436ebfea28697934d9fa933b430074812c0df54906423b1c71d5345e26e0b58dfd22de63ced96dca0986aad63ec8c3a6c1a

Download Submit
C:\Windows\System\euBpQvM.exe

Filesize
2.4MB

MD5
b5f4d1ffd4e59f545942cd5c96edda10

SHA1
a306629601dd78dbfb5d2791d5d97d2267b56418

SHA256
fc9e766e62b4d0ed40d8812e0ed2269f9b3f27efb91ab1fc846a076af3bf8b10

SHA512
c4060e640bed785c2a9e7532b5063b259328f1dc0b440a356cc6270c3c47bd357f255414ba792d495694f5cf4c84266f78c8b50902be621b48f604edddc73a62

Download Submit
C:\Windows\System\fYZrKEz.exe

Filesize
2.4MB

MD5
2ae054fcbdb71ac5eaabb768187e6996

SHA1
ca9ded5d4285e8b53799051cca757f9a7e89fd79

SHA256
56e6e02c9a3c3ab7a207f631a9dab0a8d83b842421a858f562dfd607628d0072

SHA512
19b6e8a6de8bc0253bb21ec432a26fe1bae0fe30e91be4fc482f1f320d0c5aab719f6a286925a0e2e306072e249af1a892d07fbd83988348f4bde8a47ed633ff

Download Submit
C:\Windows\System\ffyEHrU.exe

Filesize
2.4MB

MD5
43e2b022235ad792a0bb220b1a2489f5

SHA1
539c5c511eab479505c11b875d34d2dc3d6a9da8

SHA256
34415b18d3c48d16c73dd981bc91f370c9320a0c17f310e4094217bc12990165

SHA512
e72b5700dd4bfc09543622ad1692818566cbe76c835687a65e363a22d80084e6587e2dafaea1f17c975f9fb5b87f0df1cc69cb38a2368075b4b2127371601ce0

Download Submit
C:\Windows\System\fjgSnQy.exe

Filesize
2.4MB

MD5
707d98a0979278b1d5b1b11b20adad19

SHA1
a7ccd4d9ac987a20922eeb6da2948a36c5c340dc

SHA256
abd1d69eb6cf6816b1164623d749be0caa7664342240d84dabc4772aa122fd02

SHA512
4dee33ffb5a6aec3ab82c35f4de80aba13b8bee94c05ff0f82b95fa600f65af7100f01ec6da73ab28d64f386292fbb60da5c62ea588aae97b678f652cd73fe39

Download Submit
C:\Windows\System\fpuAbwh.exe

Filesize
2.4MB

MD5
2f999dafcf9d0795c8ffe248dedd94c3

SHA1
f64648e98e988c30f34368a7b3d3f7d0984f1c13

SHA256
ded392dded39623b18b31439c3ece219c09cd4a4146c1b3525d9f2a8a708f249

SHA512
3cca8adc8e9d7437163ecb33f47e1d2ebddccee901fb99635ae97d25d05100f75a258b8fd78c2722263939eb4f34711980d6d0f7ebce4b5cc8184561fc494768

Download Submit
C:\Windows\System\hVCOEOI.exe

Filesize
2.4MB

MD5
6f32029407f4d9adc1bd394326c5f4b5

SHA1
94fbbea9a5b440d45a2020f13a2cb9c4c5aa9b27

SHA256
e74de822bee9a4d4f47b43bb7ff9289dc651b302e839e0141fd4811d46ce9755

SHA512
6c4c336311f8e27c8861a3ae6ef5ef1c32ddb0a8ddba80639d5bb3ec42f51a37a7c974c3a095ce30c85c5762c0bfaeccfe5a3004f99c30c21a4c61b7b491ee18

Download Submit
C:\Windows\System\jbGHxuH.exe

Filesize
2.4MB

MD5
1800e849fa66f1d1690bc254f5f1959a

SHA1
b7397356111d24a83445dc4318748a541e312944

SHA256
957f21999c09254e75622968e2b506d3135d29c30bbd6b197e76f2de314c41dc

SHA512
e8dde40a8f8e672152be93cf6596d8582665cced191d294282d88103b9b8febc7df7cd8f0610a23fdb6c694a5c59c595fe8bbbdfccd446a5fad16ec9c9a85a3f

Download Submit
C:\Windows\System\kBRvpRA.exe

Filesize
2.4MB

MD5
32bb93a806bba1c9f8761cfd14c6637d

SHA1
8151a76562d41106923fe1abb2452e86a3adde41

SHA256
4ae7a75c170bd443af0558dd372fa966b77107618ef67c49103f97dd9ac0ba53

SHA512
71e5fcbcf68be1dbb5ced659839d08f619e0bea87043e2859715e8f3e66603552233b519fe42ca91ae6489be83c86ecaa16c3fcc22bcd3c88279b0cf0179df2a

Download Submit
C:\Windows\System\oQlrzWS.exe

Filesize
2.4MB

MD5
60e99c50f7ddce2eed9bcfd1dec4bea9

SHA1
82b943beb5f4c30417b65f015dec4d1f1b4f830b

SHA256
c60891abf8809c4a64e15296b0defb17ac94d5a496efb3a734216e2c7689d7a9

SHA512
0e235a9406ad680a5513cd3e6fd0c72c5d4f5646e177419c887fc63f33b3d1ef73eb250529003cbe046ebf8176bf6fca16e7e41568d84a51a95665d8bfa858d0

Download Submit
C:\Windows\System\qDReEkX.exe

Filesize
2.4MB

MD5
ba9da63ab34a0a968792de9443dcc98d

SHA1
d63f2135ef4b6a4ff207eeb9124553af424776b9

SHA256
b2661689ebe964d6842bf80478c76d06dd79f57df67a9f9fed1ac89059b58295

SHA512
e765778bd6fa66202a2fec15a6a683ecf9122cce6e16af055fca0c1390dd83e1e35407110b10649cd58087dfe59b1a91392ce0def99028b811a400bcd6d64d8b

Download Submit
C:\Windows\System\qKMGSqr.exe

Filesize
2.4MB

MD5
75367904a0cbd246f4faf2ec5f39a33a

SHA1
c7197d4a6e9d2fdede6d25dee3f61c6d0a79e209

SHA256
9e50582b7f0f07316b4806bd59de0af0e94effc1cd5665f84801207b4e6f3512

SHA512
dc561814df5f3cd8db6f1b5973fcf9a83332dcd79645305695facfd10ee1845bc34c596576b8dac393323271a4e62d8da46dbe92471c87f522cce198c30628dd

Download Submit
C:\Windows\System\qwhacFb.exe

Filesize
2.4MB

MD5
9ed16417e51072bef996e710baa73bb2

SHA1
e52192c14106aeef0e3eb5f38b04c95acbf92dab

SHA256
894cc172b0ea93eadfb73db32e86728306758e155a8c8879e7864fca2154bedc

SHA512
a5023b74defb9d78a822f7b57a264985b367b6501fbdf130f360a99d3c9ccb5068722c497567efb682d5126b66a86423b2e2d8619dc09a07c8615c9d3253beaa

Download Submit
C:\Windows\System\rAbzKVU.exe

Filesize
2.4MB

MD5
55fe7ea422ffd045695eed576a410050

SHA1
3313d897da3fbdce6ab16cf002b7288a48282762

SHA256
9f5b1835eacc8ed477cc3ebc1955107375cec29ad63ec39998f2c832c55ee7ea

SHA512
bf42dd545981d201bbdb9c2e6c8e2c7309598e40b71b2f1e027ed8281ea9c8bd3fb388702aedd47490bff3105506f3da77b13824f3987d65d5f935b8159b3501

Download Submit
C:\Windows\System\sCJFDUF.exe

Filesize
2.4MB

MD5
68f21d60a308799767f5483a305113a6

SHA1
4a4b5fa4e6f5d258c2cec50a0568058d4799f191

SHA256
6a8564195543c8e3771f21b81ec5a54b12f78532aeb002308b77888486a6409d

SHA512
06bbc28f99828d87a85b35515d45fd96a2e3f7a10a643030ad68f31b155bb28a6ddeeb094a22f3f878a789611a3fcf59c894b53d5c1de8c393782618f8f32fd7

Download Submit
C:\Windows\System\yEBKdVy.exe

Filesize
2.4MB

MD5
0d935358227798571a525e5a665e767d

SHA1
0596b613ffde48a4609f707b504c02899e4602cf

SHA256
8658992b31f1da743ba517e01e0a403bcace959f3a648a68ef8f48dfefc93369

SHA512
fb5bd7555ca14e1e6003502589decfdc88cf624f529342837d121e28c87350eafde0ad20241d1bcbb5671fcdd9465018f9ba5aba6f10c4f4b5bfa366883bc1a6

Download Submit
C:\Windows\System\zCplwxX.exe

Filesize
2.4MB

MD5
8837c20128a85c75e0257b5ca5a9a3b1

SHA1
d6e0c44ac7ff1d0e28c26345b50a4cc6dd20acf1

SHA256
525babf0cd924c71a10068bd64273536509f117e77a1971e3e419bf5333a90b6

SHA512
1038d2b2f61fae3abe8ec9984ca93e060b4119db841d8b7c10cf2a735c47032caffabcf818794a0447b7e0a7ebba592423faa1c932b37972f7ab27d4e880b626

Download Submit
memory/552-173-0x00007FF7DB340000-0x00007FF7DB694000-memory.dmp

Filesize
3.3MB

Download
memory/552-2113-0x00007FF7DB340000-0x00007FF7DB694000-memory.dmp

Filesize
3.3MB

Download
memory/664-2101-0x00007FF72A180000-0x00007FF72A4D4000-memory.dmp

Filesize
3.3MB

Download
memory/664-113-0x00007FF72A180000-0x00007FF72A4D4000-memory.dmp

Filesize
3.3MB

Download
memory/760-176-0x00007FF70C4E0000-0x00007FF70C834000-memory.dmp

Filesize
3.3MB

Download
memory/760-2120-0x00007FF70C4E0000-0x00007FF70C834000-memory.dmp

Filesize
3.3MB

Download
memory/820-2122-0x00007FF6387B0000-0x00007FF638B04000-memory.dmp

Filesize
3.3MB

Download
memory/820-182-0x00007FF6387B0000-0x00007FF638B04000-memory.dmp

Filesize
3.3MB

Download
memory/876-77-0x00007FF632720000-0x00007FF632A74000-memory.dmp

Filesize
3.3MB

Download
memory/876-2103-0x00007FF632720000-0x00007FF632A74000-memory.dmp

Filesize
3.3MB

Download
memory/1072-2107-0x00007FF6FD140000-0x00007FF6FD494000-memory.dmp

Filesize
3.3MB

Download
memory/1072-2093-0x00007FF6FD140000-0x00007FF6FD494000-memory.dmp

Filesize
3.3MB

Download
memory/1072-89-0x00007FF6FD140000-0x00007FF6FD494000-memory.dmp

Filesize
3.3MB

Download
memory/1076-180-0x00007FF762F00000-0x00007FF763254000-memory.dmp

Filesize
3.3MB

Download
memory/1076-2118-0x00007FF762F00000-0x00007FF763254000-memory.dmp

Filesize
3.3MB

Download
memory/1796-175-0x00007FF75F250000-0x00007FF75F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2115-0x00007FF75F250000-0x00007FF75F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-100-0x00007FF726FB0000-0x00007FF727304000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2100-0x00007FF726FB0000-0x00007FF727304000-memory.dmp

Filesize
3.3MB

Download
memory/1844-174-0x00007FF7F5A70000-0x00007FF7F5DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1844-2114-0x00007FF7F5A70000-0x00007FF7F5DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-177-0x00007FF77D520000-0x00007FF77D874000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2119-0x00007FF77D520000-0x00007FF77D874000-memory.dmp

Filesize
3.3MB

Download
memory/1980-109-0x00007FF6C0A00000-0x00007FF6C0D54000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2106-0x00007FF6C0A00000-0x00007FF6C0D54000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2117-0x00007FF788EA0000-0x00007FF7891F4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-179-0x00007FF788EA0000-0x00007FF7891F4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-116-0x00007FF7B6B10000-0x00007FF7B6E64000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2111-0x00007FF7B6B10000-0x00007FF7B6E64000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2092-0x00007FF6BA580000-0x00007FF6BA8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-53-0x00007FF6BA580000-0x00007FF6BA8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2097-0x00007FF6BA580000-0x00007FF6BA8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2089-0x00007FF7F6C00000-0x00007FF7F6F54000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2096-0x00007FF7F6C00000-0x00007FF7F6F54000-memory.dmp

Filesize
3.3MB

Download
memory/3176-27-0x00007FF7F6C00000-0x00007FF7F6F54000-memory.dmp

Filesize
3.3MB

Download
memory/3388-178-0x00007FF612540000-0x00007FF612894000-memory.dmp

Filesize
3.3MB

Download
memory/3388-2116-0x00007FF612540000-0x00007FF612894000-memory.dmp

Filesize
3.3MB

Download
memory/3684-8-0x00007FF6B0C10000-0x00007FF6B0F64000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2094-0x00007FF6B0C10000-0x00007FF6B0F64000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2088-0x00007FF6B0C10000-0x00007FF6B0F64000-memory.dmp

Filesize
3.3MB

Download
memory/4260-2104-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4260-115-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2121-0x00007FF682070000-0x00007FF6823C4000-memory.dmp

Filesize
3.3MB

Download
memory/4508-181-0x00007FF682070000-0x00007FF6823C4000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2110-0x00007FF728D20000-0x00007FF729074000-memory.dmp

Filesize
3.3MB

Download
memory/4520-111-0x00007FF728D20000-0x00007FF729074000-memory.dmp

Filesize
3.3MB

Download
memory/4544-46-0x00007FF648AD0000-0x00007FF648E24000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2095-0x00007FF648AD0000-0x00007FF648E24000-memory.dmp

Filesize
3.3MB

Download
memory/4724-112-0x00007FF6CF9B0000-0x00007FF6CFD04000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2098-0x00007FF6CF9B0000-0x00007FF6CFD04000-memory.dmp

Filesize
3.3MB

Download
memory/4852-76-0x00007FF796C40000-0x00007FF796F94000-memory.dmp

Filesize
3.3MB

Download
memory/4852-2091-0x00007FF796C40000-0x00007FF796F94000-memory.dmp

Filesize
3.3MB

Download
memory/4852-2109-0x00007FF796C40000-0x00007FF796F94000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2105-0x00007FF61A850000-0x00007FF61ABA4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-101-0x00007FF61A850000-0x00007FF61ABA4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-0-0x00007FF64F390000-0x00007FF64F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-1-0x0000011B81C10000-0x0000011B81C20000-memory.dmp

Filesize
64KB

Download
memory/4996-2102-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-114-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2112-0x00007FF660E80000-0x00007FF6611D4000-memory.dmp

Filesize
3.3MB

Download
memory/5020-110-0x00007FF660E80000-0x00007FF6611D4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2099-0x00007FF73E090000-0x00007FF73E3E4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2090-0x00007FF73E090000-0x00007FF73E3E4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-62-0x00007FF73E090000-0x00007FF73E3E4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2108-0x00007FF77DA60000-0x00007FF77DDB4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-108-0x00007FF77DA60000-0x00007FF77DDB4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads