xmrig | 56066330dcefc6f64938fc062fc182b0dc9f230fd4c847af3b8e3f622a7366d8

Analysis

max time kernel
125s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
Size

2.3MB
MD5

7e8af2337209ebca3df08bb49a760f80
SHA1

0325a231e2cb8242135d7e91f2c91eaad754cd7e
SHA256

56066330dcefc6f64938fc062fc182b0dc9f230fd4c847af3b8e3f622a7366d8
SHA512

7c543eff618d2217a9a79c4b5b1c2a7c91d17eddc23ad55f56e796a48ac6558d80f0fda1333f539b149be829d1833fb85528ce3e9536483730d15b798d941f6c
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AKwOowx8QdKS4AV:oemTLkNdfE0pZrb

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3640-0-0x00007FF7E4180000-0x00007FF7E44D4000-memory.dmp	xmrig
behavioral2/files/0x000800000002368e-5.dat	xmrig
behavioral2/files/0x0007000000023692-9.dat	xmrig
behavioral2/files/0x0008000000023691-11.dat	xmrig
behavioral2/files/0x0007000000023693-21.dat	xmrig
behavioral2/memory/3296-17-0x00007FF6AC170000-0x00007FF6AC4C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023694-28.dat	xmrig
behavioral2/files/0x0007000000023695-32.dat	xmrig
behavioral2/files/0x0007000000023697-42.dat	xmrig
behavioral2/files/0x0007000000023699-52.dat	xmrig
behavioral2/files/0x000700000002369c-66.dat	xmrig
behavioral2/files/0x000700000002369e-77.dat	xmrig
behavioral2/files/0x00070000000236a0-85.dat	xmrig
behavioral2/files/0x00070000000236a1-96.dat	xmrig
behavioral2/memory/3276-628-0x00007FF7802D0000-0x00007FF780624000-memory.dmp	xmrig
behavioral2/files/0x00070000000236b0-165.dat	xmrig
behavioral2/files/0x00070000000236ae-161.dat	xmrig
behavioral2/files/0x00070000000236af-160.dat	xmrig
behavioral2/files/0x00070000000236ad-156.dat	xmrig
behavioral2/files/0x00070000000236ac-151.dat	xmrig
behavioral2/files/0x00070000000236ab-146.dat	xmrig
behavioral2/files/0x00070000000236aa-141.dat	xmrig
behavioral2/files/0x00070000000236a9-135.dat	xmrig
behavioral2/files/0x00070000000236a8-131.dat	xmrig
behavioral2/files/0x00070000000236a7-126.dat	xmrig
behavioral2/files/0x00070000000236a6-121.dat	xmrig
behavioral2/files/0x00070000000236a5-116.dat	xmrig
behavioral2/files/0x00070000000236a4-111.dat	xmrig
behavioral2/files/0x00070000000236a3-106.dat	xmrig
behavioral2/files/0x00070000000236a2-101.dat	xmrig
behavioral2/files/0x000700000002369f-86.dat	xmrig
behavioral2/files/0x000700000002369d-75.dat	xmrig
behavioral2/files/0x000700000002369b-65.dat	xmrig
behavioral2/files/0x000700000002369a-61.dat	xmrig
behavioral2/files/0x0007000000023698-50.dat	xmrig
behavioral2/files/0x0007000000023696-38.dat	xmrig
behavioral2/memory/3000-24-0x00007FF7E7200000-0x00007FF7E7554000-memory.dmp	xmrig
behavioral2/memory/1848-630-0x00007FF7CCCF0000-0x00007FF7CD044000-memory.dmp	xmrig
behavioral2/memory/4080-629-0x00007FF7FA320000-0x00007FF7FA674000-memory.dmp	xmrig
behavioral2/memory/1288-631-0x00007FF7F8D60000-0x00007FF7F90B4000-memory.dmp	xmrig
behavioral2/memory/4424-632-0x00007FF6F79A0000-0x00007FF6F7CF4000-memory.dmp	xmrig
behavioral2/memory/1312-633-0x00007FF7080D0000-0x00007FF708424000-memory.dmp	xmrig
behavioral2/memory/560-634-0x00007FF7D8570000-0x00007FF7D88C4000-memory.dmp	xmrig
behavioral2/memory/948-635-0x00007FF6B3D80000-0x00007FF6B40D4000-memory.dmp	xmrig
behavioral2/memory/4576-636-0x00007FF737DA0000-0x00007FF7380F4000-memory.dmp	xmrig
behavioral2/memory/1004-637-0x00007FF6153A0000-0x00007FF6156F4000-memory.dmp	xmrig
behavioral2/memory/1112-638-0x00007FF6FBB60000-0x00007FF6FBEB4000-memory.dmp	xmrig
behavioral2/memory/2776-639-0x00007FF7C6DA0000-0x00007FF7C70F4000-memory.dmp	xmrig
behavioral2/memory/3672-641-0x00007FF771B60000-0x00007FF771EB4000-memory.dmp	xmrig
behavioral2/memory/4572-640-0x00007FF69F220000-0x00007FF69F574000-memory.dmp	xmrig
behavioral2/memory/3020-643-0x00007FF780010000-0x00007FF780364000-memory.dmp	xmrig
behavioral2/memory/2932-642-0x00007FF6C6940000-0x00007FF6C6C94000-memory.dmp	xmrig
behavioral2/memory/4804-723-0x00007FF676410000-0x00007FF676764000-memory.dmp	xmrig
behavioral2/memory/2464-707-0x00007FF705060000-0x00007FF7053B4000-memory.dmp	xmrig
behavioral2/memory/3588-740-0x00007FF67B540000-0x00007FF67B894000-memory.dmp	xmrig
behavioral2/memory/4072-746-0x00007FF73FF30000-0x00007FF740284000-memory.dmp	xmrig
behavioral2/memory/2240-763-0x00007FF7C9480000-0x00007FF7C97D4000-memory.dmp	xmrig
behavioral2/memory/1524-696-0x00007FF6F0FF0000-0x00007FF6F1344000-memory.dmp	xmrig
behavioral2/memory/728-693-0x00007FF72E300000-0x00007FF72E654000-memory.dmp	xmrig
behavioral2/memory/5048-680-0x00007FF686580000-0x00007FF6868D4000-memory.dmp	xmrig
behavioral2/memory/1588-667-0x00007FF7DFA20000-0x00007FF7DFD74000-memory.dmp	xmrig
behavioral2/memory/2328-670-0x00007FF69F5A0000-0x00007FF69F8F4000-memory.dmp	xmrig
behavioral2/memory/4148-660-0x00007FF629C70000-0x00007FF629FC4000-memory.dmp	xmrig
behavioral2/memory/3640-2084-0x00007FF7E4180000-0x00007FF7E44D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3296	GZvfVRp.exe
3276	zNVdHQu.exe
3000	rydOhRh.exe
4080	DVjjyUz.exe
2240	njpIjoM.exe
1848	DwFhoOu.exe
1288	bAGFtNU.exe
4424	ChBQYfj.exe
1312	vssotuE.exe
560	jBskSAO.exe
948	mDRErAz.exe
4576	TJzeLTh.exe
1004	jTOIkzv.exe
1112	nviqsHn.exe
2776	zodEdoy.exe
4572	qeWLVSg.exe
3672	UVfzgEb.exe
2932	BdvzPLW.exe
3020	QzxwcrN.exe
4148	JkbAFzF.exe
1588	khxTrbx.exe
2328	IqCgcLr.exe
5048	zofvuTp.exe
728	pyAkEmq.exe
1524	cbgSRGl.exe
2464	OhpAifd.exe
4804	JebSpTS.exe
3588	oxslwfH.exe
4072	kSqQxUZ.exe
4716	ORjEHmD.exe
1832	yfdvunE.exe
4976	cMbXciO.exe
3112	LoMWrjp.exe
4116	HdmGTLo.exe
5012	DceeZzT.exe
4996	ERcmLoS.exe
896	wnTubZm.exe
4476	XtXOvDU.exe
2956	hKTFhsj.exe
3564	oZlyjli.exe
536	zfIQxgx.exe
3080	lIdTXck.exe
4512	xmZVIDW.exe
2996	vKFOfru.exe
3880	LxviAdT.exe
4636	zohIfML.exe
4684	hXoQZdI.exe
1316	QEyMtPW.exe
1988	cBavdTf.exe
2732	XAAaBSn.exe
4196	jzUjsMa.exe
4744	qGLCGrZ.exe
1264	mUIHXrL.exe
1356	TQCDeVi.exe
4592	SLhtfnT.exe
2196	jzphyXz.exe
1620	zinyRDq.exe
3856	kbTBWJa.exe
1596	vPsUZUY.exe
4364	SVYlANC.exe
3996	IcqxFZM.exe
5136	zjfsfMO.exe
5164	jjqIZIa.exe
5188	aGkndWz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3640-0-0x00007FF7E4180000-0x00007FF7E44D4000-memory.dmp	upx
behavioral2/files/0x000800000002368e-5.dat	upx
behavioral2/files/0x0007000000023692-9.dat	upx
behavioral2/files/0x0008000000023691-11.dat	upx
behavioral2/files/0x0007000000023693-21.dat	upx
behavioral2/memory/3296-17-0x00007FF6AC170000-0x00007FF6AC4C4000-memory.dmp	upx
behavioral2/files/0x0007000000023694-28.dat	upx
behavioral2/files/0x0007000000023695-32.dat	upx
behavioral2/files/0x0007000000023697-42.dat	upx
behavioral2/files/0x0007000000023699-52.dat	upx
behavioral2/files/0x000700000002369c-66.dat	upx
behavioral2/files/0x000700000002369e-77.dat	upx
behavioral2/files/0x00070000000236a0-85.dat	upx
behavioral2/files/0x00070000000236a1-96.dat	upx
behavioral2/memory/3276-628-0x00007FF7802D0000-0x00007FF780624000-memory.dmp	upx
behavioral2/files/0x00070000000236b0-165.dat	upx
behavioral2/files/0x00070000000236ae-161.dat	upx
behavioral2/files/0x00070000000236af-160.dat	upx
behavioral2/files/0x00070000000236ad-156.dat	upx
behavioral2/files/0x00070000000236ac-151.dat	upx
behavioral2/files/0x00070000000236ab-146.dat	upx
behavioral2/files/0x00070000000236aa-141.dat	upx
behavioral2/files/0x00070000000236a9-135.dat	upx
behavioral2/files/0x00070000000236a8-131.dat	upx
behavioral2/files/0x00070000000236a7-126.dat	upx
behavioral2/files/0x00070000000236a6-121.dat	upx
behavioral2/files/0x00070000000236a5-116.dat	upx
behavioral2/files/0x00070000000236a4-111.dat	upx
behavioral2/files/0x00070000000236a3-106.dat	upx
behavioral2/files/0x00070000000236a2-101.dat	upx
behavioral2/files/0x000700000002369f-86.dat	upx
behavioral2/files/0x000700000002369d-75.dat	upx
behavioral2/files/0x000700000002369b-65.dat	upx
behavioral2/files/0x000700000002369a-61.dat	upx
behavioral2/files/0x0007000000023698-50.dat	upx
behavioral2/files/0x0007000000023696-38.dat	upx
behavioral2/memory/3000-24-0x00007FF7E7200000-0x00007FF7E7554000-memory.dmp	upx
behavioral2/memory/1848-630-0x00007FF7CCCF0000-0x00007FF7CD044000-memory.dmp	upx
behavioral2/memory/4080-629-0x00007FF7FA320000-0x00007FF7FA674000-memory.dmp	upx
behavioral2/memory/1288-631-0x00007FF7F8D60000-0x00007FF7F90B4000-memory.dmp	upx
behavioral2/memory/4424-632-0x00007FF6F79A0000-0x00007FF6F7CF4000-memory.dmp	upx
behavioral2/memory/1312-633-0x00007FF7080D0000-0x00007FF708424000-memory.dmp	upx
behavioral2/memory/560-634-0x00007FF7D8570000-0x00007FF7D88C4000-memory.dmp	upx
behavioral2/memory/948-635-0x00007FF6B3D80000-0x00007FF6B40D4000-memory.dmp	upx
behavioral2/memory/4576-636-0x00007FF737DA0000-0x00007FF7380F4000-memory.dmp	upx
behavioral2/memory/1004-637-0x00007FF6153A0000-0x00007FF6156F4000-memory.dmp	upx
behavioral2/memory/1112-638-0x00007FF6FBB60000-0x00007FF6FBEB4000-memory.dmp	upx
behavioral2/memory/2776-639-0x00007FF7C6DA0000-0x00007FF7C70F4000-memory.dmp	upx
behavioral2/memory/3672-641-0x00007FF771B60000-0x00007FF771EB4000-memory.dmp	upx
behavioral2/memory/4572-640-0x00007FF69F220000-0x00007FF69F574000-memory.dmp	upx
behavioral2/memory/3020-643-0x00007FF780010000-0x00007FF780364000-memory.dmp	upx
behavioral2/memory/2932-642-0x00007FF6C6940000-0x00007FF6C6C94000-memory.dmp	upx
behavioral2/memory/4804-723-0x00007FF676410000-0x00007FF676764000-memory.dmp	upx
behavioral2/memory/2464-707-0x00007FF705060000-0x00007FF7053B4000-memory.dmp	upx
behavioral2/memory/3588-740-0x00007FF67B540000-0x00007FF67B894000-memory.dmp	upx
behavioral2/memory/4072-746-0x00007FF73FF30000-0x00007FF740284000-memory.dmp	upx
behavioral2/memory/2240-763-0x00007FF7C9480000-0x00007FF7C97D4000-memory.dmp	upx
behavioral2/memory/1524-696-0x00007FF6F0FF0000-0x00007FF6F1344000-memory.dmp	upx
behavioral2/memory/728-693-0x00007FF72E300000-0x00007FF72E654000-memory.dmp	upx
behavioral2/memory/5048-680-0x00007FF686580000-0x00007FF6868D4000-memory.dmp	upx
behavioral2/memory/1588-667-0x00007FF7DFA20000-0x00007FF7DFD74000-memory.dmp	upx
behavioral2/memory/2328-670-0x00007FF69F5A0000-0x00007FF69F8F4000-memory.dmp	upx
behavioral2/memory/4148-660-0x00007FF629C70000-0x00007FF629FC4000-memory.dmp	upx
behavioral2/memory/3640-2084-0x00007FF7E4180000-0x00007FF7E44D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Riefhab.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\yqbKhdD.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\lxLhLWc.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\DUthlMo.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\qCMDNmX.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\smJlYLK.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\dhOFgFU.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\thKYpyJ.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\gDlyQPJ.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\aKDnHbA.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\lXyTApB.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\hsxfIRy.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\vkQvMLA.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\xnAOGfU.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\YvmKFva.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\RdyfGXd.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\YklFAIS.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\AVEAqCg.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\yRZtIMX.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\AMcYSmU.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\tEthQCj.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\JBhJozP.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\pRFVFRc.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\vGznEho.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\rapKxzH.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\CURLQyS.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\VWoIsXz.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\icpRauL.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\UNDmkIl.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\ukfceur.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\BdvzPLW.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\PJDeurQ.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\IKqfTgu.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\HUrjIDG.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\uzHtBIy.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\TZGjPjZ.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\nWQnItb.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\zodEdoy.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\LxviAdT.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\ciFOHjF.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\oFkASov.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\UDiqrSh.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\hosAMFh.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\fMrLORP.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\SeGmSyN.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\zNVdHQu.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\AFnKsLK.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\IMhcrcX.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\BtvzRhb.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\vKFOfru.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\OgrPRBz.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\QBySfab.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\XhWMoNr.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\OlCogjx.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\qcYvREO.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\PLtyiEP.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\yCoSOTb.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\CoIdsQj.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\BmuKJfR.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\FPQKjQR.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\YkoOGUq.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\DPbLIPi.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\qGLCGrZ.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
File created	C:\Windows\System\pwinYXL.exe	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15112	dwm.exe
Token: SeChangeNotifyPrivilege	15112	dwm.exe
Token: 33	15112	dwm.exe
Token: SeIncBasePriorityPrivilege	15112	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 3296	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	90
PID 3640 wrote to memory of 3296	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	90
PID 3640 wrote to memory of 3276	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	91
PID 3640 wrote to memory of 3276	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	91
PID 3640 wrote to memory of 3000	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	93
PID 3640 wrote to memory of 3000	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	93
PID 3640 wrote to memory of 4080	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	94
PID 3640 wrote to memory of 4080	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	94
PID 3640 wrote to memory of 2240	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	95
PID 3640 wrote to memory of 2240	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	95
PID 3640 wrote to memory of 1848	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	96
PID 3640 wrote to memory of 1848	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	96
PID 3640 wrote to memory of 1288	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	97
PID 3640 wrote to memory of 1288	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	97
PID 3640 wrote to memory of 4424	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	98
PID 3640 wrote to memory of 4424	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	98
PID 3640 wrote to memory of 1312	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	99
PID 3640 wrote to memory of 1312	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	99
PID 3640 wrote to memory of 560	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	100
PID 3640 wrote to memory of 560	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	100
PID 3640 wrote to memory of 948	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	101
PID 3640 wrote to memory of 948	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	101
PID 3640 wrote to memory of 4576	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	102
PID 3640 wrote to memory of 4576	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	102
PID 3640 wrote to memory of 1004	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	103
PID 3640 wrote to memory of 1004	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	103
PID 3640 wrote to memory of 1112	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	104
PID 3640 wrote to memory of 1112	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	104
PID 3640 wrote to memory of 2776	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	105
PID 3640 wrote to memory of 2776	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	105
PID 3640 wrote to memory of 4572	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	106
PID 3640 wrote to memory of 4572	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	106
PID 3640 wrote to memory of 3672	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	107
PID 3640 wrote to memory of 3672	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	107
PID 3640 wrote to memory of 2932	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	108
PID 3640 wrote to memory of 2932	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	108
PID 3640 wrote to memory of 3020	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	109
PID 3640 wrote to memory of 3020	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	109
PID 3640 wrote to memory of 4148	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	110
PID 3640 wrote to memory of 4148	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	110
PID 3640 wrote to memory of 1588	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	111
PID 3640 wrote to memory of 1588	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	111
PID 3640 wrote to memory of 2328	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	112
PID 3640 wrote to memory of 2328	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	112
PID 3640 wrote to memory of 5048	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	113
PID 3640 wrote to memory of 5048	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	113
PID 3640 wrote to memory of 728	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	114
PID 3640 wrote to memory of 728	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	114
PID 3640 wrote to memory of 1524	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	115
PID 3640 wrote to memory of 1524	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	115
PID 3640 wrote to memory of 2464	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	116
PID 3640 wrote to memory of 2464	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	116
PID 3640 wrote to memory of 4804	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	117
PID 3640 wrote to memory of 4804	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	117
PID 3640 wrote to memory of 3588	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	118
PID 3640 wrote to memory of 3588	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	118
PID 3640 wrote to memory of 4072	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	119
PID 3640 wrote to memory of 4072	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	119
PID 3640 wrote to memory of 4716	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	120
PID 3640 wrote to memory of 4716	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	120
PID 3640 wrote to memory of 1832	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	121
PID 3640 wrote to memory of 1832	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	121
PID 3640 wrote to memory of 4976	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	122
PID 3640 wrote to memory of 4976	3640	7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe	122

C:\Users\Admin\AppData\Local\Temp\7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7e8af2337209ebca3df08bb49a760f80_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Windows\System\GZvfVRp.exe
  C:\Windows\System\GZvfVRp.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\zNVdHQu.exe
  C:\Windows\System\zNVdHQu.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\rydOhRh.exe
  C:\Windows\System\rydOhRh.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\DVjjyUz.exe
  C:\Windows\System\DVjjyUz.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\njpIjoM.exe
  C:\Windows\System\njpIjoM.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\DwFhoOu.exe
  C:\Windows\System\DwFhoOu.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\bAGFtNU.exe
  C:\Windows\System\bAGFtNU.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\ChBQYfj.exe
  C:\Windows\System\ChBQYfj.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\vssotuE.exe
  C:\Windows\System\vssotuE.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\jBskSAO.exe
  C:\Windows\System\jBskSAO.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\mDRErAz.exe
  C:\Windows\System\mDRErAz.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\TJzeLTh.exe
  C:\Windows\System\TJzeLTh.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\jTOIkzv.exe
  C:\Windows\System\jTOIkzv.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\nviqsHn.exe
  C:\Windows\System\nviqsHn.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\zodEdoy.exe
  C:\Windows\System\zodEdoy.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\qeWLVSg.exe
  C:\Windows\System\qeWLVSg.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\UVfzgEb.exe
  C:\Windows\System\UVfzgEb.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\BdvzPLW.exe
  C:\Windows\System\BdvzPLW.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\QzxwcrN.exe
  C:\Windows\System\QzxwcrN.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\JkbAFzF.exe
  C:\Windows\System\JkbAFzF.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\khxTrbx.exe
  C:\Windows\System\khxTrbx.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\IqCgcLr.exe
  C:\Windows\System\IqCgcLr.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\zofvuTp.exe
  C:\Windows\System\zofvuTp.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\pyAkEmq.exe
  C:\Windows\System\pyAkEmq.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\cbgSRGl.exe
  C:\Windows\System\cbgSRGl.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\OhpAifd.exe
  C:\Windows\System\OhpAifd.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\JebSpTS.exe
  C:\Windows\System\JebSpTS.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\oxslwfH.exe
  C:\Windows\System\oxslwfH.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\kSqQxUZ.exe
  C:\Windows\System\kSqQxUZ.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\ORjEHmD.exe
  C:\Windows\System\ORjEHmD.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\yfdvunE.exe
  C:\Windows\System\yfdvunE.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\cMbXciO.exe
  C:\Windows\System\cMbXciO.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\LoMWrjp.exe
  C:\Windows\System\LoMWrjp.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\HdmGTLo.exe
  C:\Windows\System\HdmGTLo.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\DceeZzT.exe
  C:\Windows\System\DceeZzT.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\ERcmLoS.exe
  C:\Windows\System\ERcmLoS.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\wnTubZm.exe
  C:\Windows\System\wnTubZm.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\XtXOvDU.exe
  C:\Windows\System\XtXOvDU.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\hKTFhsj.exe
  C:\Windows\System\hKTFhsj.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\oZlyjli.exe
  C:\Windows\System\oZlyjli.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\zfIQxgx.exe
  C:\Windows\System\zfIQxgx.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\lIdTXck.exe
  C:\Windows\System\lIdTXck.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\xmZVIDW.exe
  C:\Windows\System\xmZVIDW.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\vKFOfru.exe
  C:\Windows\System\vKFOfru.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\LxviAdT.exe
  C:\Windows\System\LxviAdT.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\zohIfML.exe
  C:\Windows\System\zohIfML.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\hXoQZdI.exe
  C:\Windows\System\hXoQZdI.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\QEyMtPW.exe
  C:\Windows\System\QEyMtPW.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\cBavdTf.exe
  C:\Windows\System\cBavdTf.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\XAAaBSn.exe
  C:\Windows\System\XAAaBSn.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\jzUjsMa.exe
  C:\Windows\System\jzUjsMa.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\qGLCGrZ.exe
  C:\Windows\System\qGLCGrZ.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\mUIHXrL.exe
  C:\Windows\System\mUIHXrL.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\TQCDeVi.exe
  C:\Windows\System\TQCDeVi.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\SLhtfnT.exe
  C:\Windows\System\SLhtfnT.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\jzphyXz.exe
  C:\Windows\System\jzphyXz.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\zinyRDq.exe
  C:\Windows\System\zinyRDq.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\kbTBWJa.exe
  C:\Windows\System\kbTBWJa.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\vPsUZUY.exe
  C:\Windows\System\vPsUZUY.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\SVYlANC.exe
  C:\Windows\System\SVYlANC.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\IcqxFZM.exe
  C:\Windows\System\IcqxFZM.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\zjfsfMO.exe
  C:\Windows\System\zjfsfMO.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\jjqIZIa.exe
  C:\Windows\System\jjqIZIa.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\aGkndWz.exe
  C:\Windows\System\aGkndWz.exe
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Windows\System\TeTRkjy.exe
  C:\Windows\System\TeTRkjy.exe
  2⤵
  PID:5216
- C:\Windows\System\pRFVFRc.exe
  C:\Windows\System\pRFVFRc.exe
  2⤵
  PID:5244
- C:\Windows\System\xfNEFnO.exe
  C:\Windows\System\xfNEFnO.exe
  2⤵
  PID:5272
- C:\Windows\System\cTWCDEH.exe
  C:\Windows\System\cTWCDEH.exe
  2⤵
  PID:5300
- C:\Windows\System\sKFWEuF.exe
  C:\Windows\System\sKFWEuF.exe
  2⤵
  PID:5324
- C:\Windows\System\VdbPsWw.exe
  C:\Windows\System\VdbPsWw.exe
  2⤵
  PID:5356
- C:\Windows\System\fcBwuEX.exe
  C:\Windows\System\fcBwuEX.exe
  2⤵
  PID:5384
- C:\Windows\System\vIIGvhR.exe
  C:\Windows\System\vIIGvhR.exe
  2⤵
  PID:5408
- C:\Windows\System\WCfCxtv.exe
  C:\Windows\System\WCfCxtv.exe
  2⤵
  PID:5440
- C:\Windows\System\nVKODZE.exe
  C:\Windows\System\nVKODZE.exe
  2⤵
  PID:5468
- C:\Windows\System\JptXLRV.exe
  C:\Windows\System\JptXLRV.exe
  2⤵
  PID:5496
- C:\Windows\System\LMPBMbs.exe
  C:\Windows\System\LMPBMbs.exe
  2⤵
  PID:5520
- C:\Windows\System\ucZCATB.exe
  C:\Windows\System\ucZCATB.exe
  2⤵
  PID:5548
- C:\Windows\System\WMjEFva.exe
  C:\Windows\System\WMjEFva.exe
  2⤵
  PID:5576
- C:\Windows\System\zPCuOxd.exe
  C:\Windows\System\zPCuOxd.exe
  2⤵
  PID:5608
- C:\Windows\System\pPXxmoS.exe
  C:\Windows\System\pPXxmoS.exe
  2⤵
  PID:5636
- C:\Windows\System\QqgaSES.exe
  C:\Windows\System\QqgaSES.exe
  2⤵
  PID:5664
- C:\Windows\System\uKNXxVT.exe
  C:\Windows\System\uKNXxVT.exe
  2⤵
  PID:5692
- C:\Windows\System\XxPcZfH.exe
  C:\Windows\System\XxPcZfH.exe
  2⤵
  PID:5716
- C:\Windows\System\HgSigut.exe
  C:\Windows\System\HgSigut.exe
  2⤵
  PID:5748
- C:\Windows\System\HAuwrgU.exe
  C:\Windows\System\HAuwrgU.exe
  2⤵
  PID:5776
- C:\Windows\System\tyesrNM.exe
  C:\Windows\System\tyesrNM.exe
  2⤵
  PID:5800
- C:\Windows\System\kYFxbYc.exe
  C:\Windows\System\kYFxbYc.exe
  2⤵
  PID:5828
- C:\Windows\System\WEqKnDT.exe
  C:\Windows\System\WEqKnDT.exe
  2⤵
  PID:5856
- C:\Windows\System\PJDeurQ.exe
  C:\Windows\System\PJDeurQ.exe
  2⤵
  PID:5888
- C:\Windows\System\usifsZb.exe
  C:\Windows\System\usifsZb.exe
  2⤵
  PID:5916
- C:\Windows\System\wGXqFuZ.exe
  C:\Windows\System\wGXqFuZ.exe
  2⤵
  PID:5940
- C:\Windows\System\kBneuBC.exe
  C:\Windows\System\kBneuBC.exe
  2⤵
  PID:5972
- C:\Windows\System\AZmaNMu.exe
  C:\Windows\System\AZmaNMu.exe
  2⤵
  PID:6000
- C:\Windows\System\BbvnttG.exe
  C:\Windows\System\BbvnttG.exe
  2⤵
  PID:6028
- C:\Windows\System\CFQCrSC.exe
  C:\Windows\System\CFQCrSC.exe
  2⤵
  PID:6056
- C:\Windows\System\hHyswAm.exe
  C:\Windows\System\hHyswAm.exe
  2⤵
  PID:6084
- C:\Windows\System\AiCwCLR.exe
  C:\Windows\System\AiCwCLR.exe
  2⤵
  PID:6108
- C:\Windows\System\dNFQfOa.exe
  C:\Windows\System\dNFQfOa.exe
  2⤵
  PID:6136
- C:\Windows\System\mYGiXvM.exe
  C:\Windows\System\mYGiXvM.exe
  2⤵
  PID:4712
- C:\Windows\System\JrhmxYd.exe
  C:\Windows\System\JrhmxYd.exe
  2⤵
  PID:1424
- C:\Windows\System\UBkkzAR.exe
  C:\Windows\System\UBkkzAR.exe
  2⤵
  PID:4884
- C:\Windows\System\ZLwEwVW.exe
  C:\Windows\System\ZLwEwVW.exe
  2⤵
  PID:5152
- C:\Windows\System\HgPzZWo.exe
  C:\Windows\System\HgPzZWo.exe
  2⤵
  PID:5204
- C:\Windows\System\vGznEho.exe
  C:\Windows\System\vGznEho.exe
  2⤵
  PID:5264
- C:\Windows\System\EYEttSV.exe
  C:\Windows\System\EYEttSV.exe
  2⤵
  PID:5344
- C:\Windows\System\ccBIHKw.exe
  C:\Windows\System\ccBIHKw.exe
  2⤵
  PID:5404
- C:\Windows\System\eYmUjZP.exe
  C:\Windows\System\eYmUjZP.exe
  2⤵
  PID:5480
- C:\Windows\System\RfyTPuS.exe
  C:\Windows\System\RfyTPuS.exe
  2⤵
  PID:5540
- C:\Windows\System\owsuWoB.exe
  C:\Windows\System\owsuWoB.exe
  2⤵
  PID:5600
- C:\Windows\System\kcmpzzv.exe
  C:\Windows\System\kcmpzzv.exe
  2⤵
  PID:3864
- C:\Windows\System\GrHSnID.exe
  C:\Windows\System\GrHSnID.exe
  2⤵
  PID:5732
- C:\Windows\System\eRYlPKS.exe
  C:\Windows\System\eRYlPKS.exe
  2⤵
  PID:5792
- C:\Windows\System\IKqfTgu.exe
  C:\Windows\System\IKqfTgu.exe
  2⤵
  PID:5852
- C:\Windows\System\hvGgFWk.exe
  C:\Windows\System\hvGgFWk.exe
  2⤵
  PID:5908
- C:\Windows\System\ciFOHjF.exe
  C:\Windows\System\ciFOHjF.exe
  2⤵
  PID:5984
- C:\Windows\System\Huctmrg.exe
  C:\Windows\System\Huctmrg.exe
  2⤵
  PID:676
- C:\Windows\System\weSADxN.exe
  C:\Windows\System\weSADxN.exe
  2⤵
  PID:6096
- C:\Windows\System\QJFzCkS.exe
  C:\Windows\System\QJFzCkS.exe
  2⤵
  PID:1064
- C:\Windows\System\wZMyzTX.exe
  C:\Windows\System\wZMyzTX.exe
  2⤵
  PID:4232
- C:\Windows\System\QdCdDzk.exe
  C:\Windows\System\QdCdDzk.exe
  2⤵
  PID:5256
- C:\Windows\System\YvmKFva.exe
  C:\Windows\System\YvmKFva.exe
  2⤵
  PID:5396
- C:\Windows\System\PdOnQce.exe
  C:\Windows\System\PdOnQce.exe
  2⤵
  PID:1480
- C:\Windows\System\AUxtKvF.exe
  C:\Windows\System\AUxtKvF.exe
  2⤵
  PID:5652
- C:\Windows\System\cXQFoPC.exe
  C:\Windows\System\cXQFoPC.exe
  2⤵
  PID:5824
- C:\Windows\System\AlyJXAh.exe
  C:\Windows\System\AlyJXAh.exe
  2⤵
  PID:5960
- C:\Windows\System\kcEfotK.exe
  C:\Windows\System\kcEfotK.exe
  2⤵
  PID:6076
- C:\Windows\System\uaLMaon.exe
  C:\Windows\System\uaLMaon.exe
  2⤵
  PID:6168
- C:\Windows\System\qcYvREO.exe
  C:\Windows\System\qcYvREO.exe
  2⤵
  PID:6196
- C:\Windows\System\oIXcfQi.exe
  C:\Windows\System\oIXcfQi.exe
  2⤵
  PID:6220
- C:\Windows\System\krbRPru.exe
  C:\Windows\System\krbRPru.exe
  2⤵
  PID:6252
- C:\Windows\System\VsljAyw.exe
  C:\Windows\System\VsljAyw.exe
  2⤵
  PID:6276
- C:\Windows\System\omhjuSl.exe
  C:\Windows\System\omhjuSl.exe
  2⤵
  PID:6308
- C:\Windows\System\CnzkNEb.exe
  C:\Windows\System\CnzkNEb.exe
  2⤵
  PID:6336
- C:\Windows\System\PjprCVp.exe
  C:\Windows\System\PjprCVp.exe
  2⤵
  PID:6364
- C:\Windows\System\jNwScpt.exe
  C:\Windows\System\jNwScpt.exe
  2⤵
  PID:6392
- C:\Windows\System\eDWwiXD.exe
  C:\Windows\System\eDWwiXD.exe
  2⤵
  PID:6416
- C:\Windows\System\hiDiAyt.exe
  C:\Windows\System\hiDiAyt.exe
  2⤵
  PID:6448
- C:\Windows\System\pwinYXL.exe
  C:\Windows\System\pwinYXL.exe
  2⤵
  PID:6476
- C:\Windows\System\IagrKcN.exe
  C:\Windows\System\IagrKcN.exe
  2⤵
  PID:6500
- C:\Windows\System\LokebSS.exe
  C:\Windows\System\LokebSS.exe
  2⤵
  PID:6532
- C:\Windows\System\wlRBnIv.exe
  C:\Windows\System\wlRBnIv.exe
  2⤵
  PID:6560
- C:\Windows\System\BfUzUev.exe
  C:\Windows\System\BfUzUev.exe
  2⤵
  PID:6592
- C:\Windows\System\oPHOhxg.exe
  C:\Windows\System\oPHOhxg.exe
  2⤵
  PID:6620
- C:\Windows\System\KkLGDcV.exe
  C:\Windows\System\KkLGDcV.exe
  2⤵
  PID:6648
- C:\Windows\System\bzbTxLN.exe
  C:\Windows\System\bzbTxLN.exe
  2⤵
  PID:6676
- C:\Windows\System\EyjrGIV.exe
  C:\Windows\System\EyjrGIV.exe
  2⤵
  PID:6704
- C:\Windows\System\ZqXZmwi.exe
  C:\Windows\System\ZqXZmwi.exe
  2⤵
  PID:6732
- C:\Windows\System\UEqHsIU.exe
  C:\Windows\System\UEqHsIU.exe
  2⤵
  PID:6760
- C:\Windows\System\AyiJeKY.exe
  C:\Windows\System\AyiJeKY.exe
  2⤵
  PID:6788
- C:\Windows\System\Gsnhkab.exe
  C:\Windows\System\Gsnhkab.exe
  2⤵
  PID:6816
- C:\Windows\System\HVYxONO.exe
  C:\Windows\System\HVYxONO.exe
  2⤵
  PID:6844
- C:\Windows\System\xwDoKuY.exe
  C:\Windows\System\xwDoKuY.exe
  2⤵
  PID:6872
- C:\Windows\System\CJeJxPF.exe
  C:\Windows\System\CJeJxPF.exe
  2⤵
  PID:6900
- C:\Windows\System\kFzuRpC.exe
  C:\Windows\System\kFzuRpC.exe
  2⤵
  PID:6928
- C:\Windows\System\QSSbORE.exe
  C:\Windows\System\QSSbORE.exe
  2⤵
  PID:6956
- C:\Windows\System\ftnlays.exe
  C:\Windows\System\ftnlays.exe
  2⤵
  PID:6984
- C:\Windows\System\oDicVqA.exe
  C:\Windows\System\oDicVqA.exe
  2⤵
  PID:7012
- C:\Windows\System\kKIpgyj.exe
  C:\Windows\System\kKIpgyj.exe
  2⤵
  PID:7040
- C:\Windows\System\dxXHJEP.exe
  C:\Windows\System\dxXHJEP.exe
  2⤵
  PID:7068
- C:\Windows\System\BAnYoze.exe
  C:\Windows\System\BAnYoze.exe
  2⤵
  PID:7096
- C:\Windows\System\hwVdrlM.exe
  C:\Windows\System\hwVdrlM.exe
  2⤵
  PID:7124
- C:\Windows\System\hJfCmPd.exe
  C:\Windows\System\hJfCmPd.exe
  2⤵
  PID:7152
- C:\Windows\System\ziNvYVG.exe
  C:\Windows\System\ziNvYVG.exe
  2⤵
  PID:3720
- C:\Windows\System\UjnAhYK.exe
  C:\Windows\System\UjnAhYK.exe
  2⤵
  PID:5320
- C:\Windows\System\RmfmYzN.exe
  C:\Windows\System\RmfmYzN.exe
  2⤵
  PID:5648
- C:\Windows\System\CCYSiRd.exe
  C:\Windows\System\CCYSiRd.exe
  2⤵
  PID:6020
- C:\Windows\System\IAzcCTj.exe
  C:\Windows\System\IAzcCTj.exe
  2⤵
  PID:6184
- C:\Windows\System\qCMDNmX.exe
  C:\Windows\System\qCMDNmX.exe
  2⤵
  PID:6244
- C:\Windows\System\BCVIWos.exe
  C:\Windows\System\BCVIWos.exe
  2⤵
  PID:6320
- C:\Windows\System\NCaCcRx.exe
  C:\Windows\System\NCaCcRx.exe
  2⤵
  PID:6380
- C:\Windows\System\AIHgqso.exe
  C:\Windows\System\AIHgqso.exe
  2⤵
  PID:6440
- C:\Windows\System\aevndQR.exe
  C:\Windows\System\aevndQR.exe
  2⤵
  PID:6516
- C:\Windows\System\uWMqcos.exe
  C:\Windows\System\uWMqcos.exe
  2⤵
  PID:6576
- C:\Windows\System\BBgXseO.exe
  C:\Windows\System\BBgXseO.exe
  2⤵
  PID:6632
- C:\Windows\System\hAXvbJI.exe
  C:\Windows\System\hAXvbJI.exe
  2⤵
  PID:6692
- C:\Windows\System\GJMPwaX.exe
  C:\Windows\System\GJMPwaX.exe
  2⤵
  PID:6744
- C:\Windows\System\roTyLYb.exe
  C:\Windows\System\roTyLYb.exe
  2⤵
  PID:6800
- C:\Windows\System\AFnKsLK.exe
  C:\Windows\System\AFnKsLK.exe
  2⤵
  PID:6860
- C:\Windows\System\iNAwCXY.exe
  C:\Windows\System\iNAwCXY.exe
  2⤵
  PID:6920
- C:\Windows\System\wTSnvnz.exe
  C:\Windows\System\wTSnvnz.exe
  2⤵
  PID:6976
- C:\Windows\System\DkIxivH.exe
  C:\Windows\System\DkIxivH.exe
  2⤵
  PID:4284
- C:\Windows\System\UjAevCQ.exe
  C:\Windows\System\UjAevCQ.exe
  2⤵
  PID:7084
- C:\Windows\System\GNnlwPC.exe
  C:\Windows\System\GNnlwPC.exe
  2⤵
  PID:7140
- C:\Windows\System\jjtCwsf.exe
  C:\Windows\System\jjtCwsf.exe
  2⤵
  PID:5200
- C:\Windows\System\RdyfGXd.exe
  C:\Windows\System\RdyfGXd.exe
  2⤵
  PID:3364
- C:\Windows\System\feoytEz.exe
  C:\Windows\System\feoytEz.exe
  2⤵
  PID:6156
- C:\Windows\System\PLtyiEP.exe
  C:\Windows\System\PLtyiEP.exe
  2⤵
  PID:6296
- C:\Windows\System\tiBDWoo.exe
  C:\Windows\System\tiBDWoo.exe
  2⤵
  PID:6432
- C:\Windows\System\NdJZcFH.exe
  C:\Windows\System\NdJZcFH.exe
  2⤵
  PID:840
- C:\Windows\System\FlMIiuV.exe
  C:\Windows\System\FlMIiuV.exe
  2⤵
  PID:7060
- C:\Windows\System\tStntMz.exe
  C:\Windows\System\tStntMz.exe
  2⤵
  PID:4728
- C:\Windows\System\lNmnNYc.exe
  C:\Windows\System\lNmnNYc.exe
  2⤵
  PID:1932
- C:\Windows\System\kzwGBMk.exe
  C:\Windows\System\kzwGBMk.exe
  2⤵
  PID:6236
- C:\Windows\System\UsotwHZ.exe
  C:\Windows\System\UsotwHZ.exe
  2⤵
  PID:4316
- C:\Windows\System\PxDVDKu.exe
  C:\Windows\System\PxDVDKu.exe
  2⤵
  PID:5904
- C:\Windows\System\bniKXES.exe
  C:\Windows\System\bniKXES.exe
  2⤵
  PID:6272
- C:\Windows\System\OcMyJNJ.exe
  C:\Windows\System\OcMyJNJ.exe
  2⤵
  PID:6356
- C:\Windows\System\ELBBBjc.exe
  C:\Windows\System\ELBBBjc.exe
  2⤵
  PID:828
- C:\Windows\System\XPdVkKW.exe
  C:\Windows\System\XPdVkKW.exe
  2⤵
  PID:6660
- C:\Windows\System\TYuipqv.exe
  C:\Windows\System\TYuipqv.exe
  2⤵
  PID:832
- C:\Windows\System\cKMIgXa.exe
  C:\Windows\System\cKMIgXa.exe
  2⤵
  PID:1984
- C:\Windows\System\smJlYLK.exe
  C:\Windows\System\smJlYLK.exe
  2⤵
  PID:5004
- C:\Windows\System\KWGbRbh.exe
  C:\Windows\System\KWGbRbh.exe
  2⤵
  PID:3796
- C:\Windows\System\SJCZAHy.exe
  C:\Windows\System\SJCZAHy.exe
  2⤵
  PID:3360
- C:\Windows\System\jklDrnu.exe
  C:\Windows\System\jklDrnu.exe
  2⤵
  PID:4920
- C:\Windows\System\YfKZsLY.exe
  C:\Windows\System\YfKZsLY.exe
  2⤵
  PID:552
- C:\Windows\System\vdtsBsA.exe
  C:\Windows\System\vdtsBsA.exe
  2⤵
  PID:3584
- C:\Windows\System\xcZQYxk.exe
  C:\Windows\System\xcZQYxk.exe
  2⤵
  PID:316
- C:\Windows\System\jlSuaga.exe
  C:\Windows\System\jlSuaga.exe
  2⤵
  PID:7196
- C:\Windows\System\kGenMDj.exe
  C:\Windows\System\kGenMDj.exe
  2⤵
  PID:7244
- C:\Windows\System\PaVFrjB.exe
  C:\Windows\System\PaVFrjB.exe
  2⤵
  PID:7268
- C:\Windows\System\gmuVGVx.exe
  C:\Windows\System\gmuVGVx.exe
  2⤵
  PID:7296
- C:\Windows\System\OwQSRJs.exe
  C:\Windows\System\OwQSRJs.exe
  2⤵
  PID:7320
- C:\Windows\System\yfkxLZV.exe
  C:\Windows\System\yfkxLZV.exe
  2⤵
  PID:7348
- C:\Windows\System\XgwnqAa.exe
  C:\Windows\System\XgwnqAa.exe
  2⤵
  PID:7388
- C:\Windows\System\tfiOxqD.exe
  C:\Windows\System\tfiOxqD.exe
  2⤵
  PID:7404
- C:\Windows\System\BmuKJfR.exe
  C:\Windows\System\BmuKJfR.exe
  2⤵
  PID:7432
- C:\Windows\System\wiCMmpu.exe
  C:\Windows\System\wiCMmpu.exe
  2⤵
  PID:7460
- C:\Windows\System\CujImWM.exe
  C:\Windows\System\CujImWM.exe
  2⤵
  PID:7508
- C:\Windows\System\TvsTnXU.exe
  C:\Windows\System\TvsTnXU.exe
  2⤵
  PID:7540
- C:\Windows\System\LlEDURq.exe
  C:\Windows\System\LlEDURq.exe
  2⤵
  PID:7564
- C:\Windows\System\rapKxzH.exe
  C:\Windows\System\rapKxzH.exe
  2⤵
  PID:7596
- C:\Windows\System\TmgHVxa.exe
  C:\Windows\System\TmgHVxa.exe
  2⤵
  PID:7624
- C:\Windows\System\OJyhkjU.exe
  C:\Windows\System\OJyhkjU.exe
  2⤵
  PID:7648
- C:\Windows\System\pwwctPm.exe
  C:\Windows\System\pwwctPm.exe
  2⤵
  PID:7672
- C:\Windows\System\OgTMJxg.exe
  C:\Windows\System\OgTMJxg.exe
  2⤵
  PID:7700
- C:\Windows\System\NECvkfQ.exe
  C:\Windows\System\NECvkfQ.exe
  2⤵
  PID:7732
- C:\Windows\System\IMhcrcX.exe
  C:\Windows\System\IMhcrcX.exe
  2⤵
  PID:7764
- C:\Windows\System\syVwQEq.exe
  C:\Windows\System\syVwQEq.exe
  2⤵
  PID:7784
- C:\Windows\System\HemJCdk.exe
  C:\Windows\System\HemJCdk.exe
  2⤵
  PID:7820
- C:\Windows\System\ukXqAIV.exe
  C:\Windows\System\ukXqAIV.exe
  2⤵
  PID:7868
- C:\Windows\System\EBIjWYS.exe
  C:\Windows\System\EBIjWYS.exe
  2⤵
  PID:7920
- C:\Windows\System\ixShBci.exe
  C:\Windows\System\ixShBci.exe
  2⤵
  PID:7948
- C:\Windows\System\aYzscFj.exe
  C:\Windows\System\aYzscFj.exe
  2⤵
  PID:7964
- C:\Windows\System\lAmERMz.exe
  C:\Windows\System\lAmERMz.exe
  2⤵
  PID:8000
- C:\Windows\System\PGZNMWf.exe
  C:\Windows\System\PGZNMWf.exe
  2⤵
  PID:8020
- C:\Windows\System\OgrPRBz.exe
  C:\Windows\System\OgrPRBz.exe
  2⤵
  PID:8064
- C:\Windows\System\GIGscbA.exe
  C:\Windows\System\GIGscbA.exe
  2⤵
  PID:8104
- C:\Windows\System\lmfekqY.exe
  C:\Windows\System\lmfekqY.exe
  2⤵
  PID:8172
- C:\Windows\System\HNoUVsc.exe
  C:\Windows\System\HNoUVsc.exe
  2⤵
  PID:5180
- C:\Windows\System\yTkqBcM.exe
  C:\Windows\System\yTkqBcM.exe
  2⤵
  PID:7536
- C:\Windows\System\dhOFgFU.exe
  C:\Windows\System\dhOFgFU.exe
  2⤵
  PID:7588
- C:\Windows\System\xKunNYH.exe
  C:\Windows\System\xKunNYH.exe
  2⤵
  PID:7664
- C:\Windows\System\YRNmaOf.exe
  C:\Windows\System\YRNmaOf.exe
  2⤵
  PID:7688
- C:\Windows\System\gBHrdrB.exe
  C:\Windows\System\gBHrdrB.exe
  2⤵
  PID:7756
- C:\Windows\System\cuXXDUl.exe
  C:\Windows\System\cuXXDUl.exe
  2⤵
  PID:7844
- C:\Windows\System\LuDOTiw.exe
  C:\Windows\System\LuDOTiw.exe
  2⤵
  PID:7940
- C:\Windows\System\ksAWkjV.exe
  C:\Windows\System\ksAWkjV.exe
  2⤵
  PID:7992
- C:\Windows\System\hgaLduC.exe
  C:\Windows\System\hgaLduC.exe
  2⤵
  PID:8084
- C:\Windows\System\ueAlOpN.exe
  C:\Windows\System\ueAlOpN.exe
  2⤵
  PID:7412
- C:\Windows\System\gCDSBVJ.exe
  C:\Windows\System\gCDSBVJ.exe
  2⤵
  PID:1144
- C:\Windows\System\fSyousO.exe
  C:\Windows\System\fSyousO.exe
  2⤵
  PID:6944
- C:\Windows\System\cICatSt.exe
  C:\Windows\System\cICatSt.exe
  2⤵
  PID:7632
- C:\Windows\System\BoqHOTy.exe
  C:\Windows\System\BoqHOTy.exe
  2⤵
  PID:2968
- C:\Windows\System\XrUYOmi.exe
  C:\Windows\System\XrUYOmi.exe
  2⤵
  PID:7548
- C:\Windows\System\wFPkdgc.exe
  C:\Windows\System\wFPkdgc.exe
  2⤵
  PID:1968
- C:\Windows\System\gDlyQPJ.exe
  C:\Windows\System\gDlyQPJ.exe
  2⤵
  PID:7828
- C:\Windows\System\bdcRBrd.exe
  C:\Windows\System\bdcRBrd.exe
  2⤵
  PID:8008
- C:\Windows\System\OYPQdEt.exe
  C:\Windows\System\OYPQdEt.exe
  2⤵
  PID:6828
- C:\Windows\System\PQSPVoV.exe
  C:\Windows\System\PQSPVoV.exe
  2⤵
  PID:2052
- C:\Windows\System\nIrMReI.exe
  C:\Windows\System\nIrMReI.exe
  2⤵
  PID:2736
- C:\Windows\System\RjIticJ.exe
  C:\Windows\System\RjIticJ.exe
  2⤵
  PID:8040
- C:\Windows\System\iOizCBZ.exe
  C:\Windows\System\iOizCBZ.exe
  2⤵
  PID:4888
- C:\Windows\System\ZplFjXu.exe
  C:\Windows\System\ZplFjXu.exe
  2⤵
  PID:4392
- C:\Windows\System\yolINzR.exe
  C:\Windows\System\yolINzR.exe
  2⤵
  PID:8204
- C:\Windows\System\FrTHbHu.exe
  C:\Windows\System\FrTHbHu.exe
  2⤵
  PID:8244
- C:\Windows\System\JiWzwUF.exe
  C:\Windows\System\JiWzwUF.exe
  2⤵
  PID:8272
- C:\Windows\System\ZswaWch.exe
  C:\Windows\System\ZswaWch.exe
  2⤵
  PID:8300
- C:\Windows\System\DfzSKqO.exe
  C:\Windows\System\DfzSKqO.exe
  2⤵
  PID:8336
- C:\Windows\System\yUcZbcC.exe
  C:\Windows\System\yUcZbcC.exe
  2⤵
  PID:8372
- C:\Windows\System\fzkEPnU.exe
  C:\Windows\System\fzkEPnU.exe
  2⤵
  PID:8408
- C:\Windows\System\VrVJpnP.exe
  C:\Windows\System\VrVJpnP.exe
  2⤵
  PID:8432
- C:\Windows\System\aFGQptt.exe
  C:\Windows\System\aFGQptt.exe
  2⤵
  PID:8452
- C:\Windows\System\WURXQIC.exe
  C:\Windows\System\WURXQIC.exe
  2⤵
  PID:8488
- C:\Windows\System\EtLWvaF.exe
  C:\Windows\System\EtLWvaF.exe
  2⤵
  PID:8520
- C:\Windows\System\wtTyWGl.exe
  C:\Windows\System\wtTyWGl.exe
  2⤵
  PID:8540
- C:\Windows\System\CURLQyS.exe
  C:\Windows\System\CURLQyS.exe
  2⤵
  PID:8576
- C:\Windows\System\aeaLzwp.exe
  C:\Windows\System\aeaLzwp.exe
  2⤵
  PID:8604
- C:\Windows\System\yjwzwCB.exe
  C:\Windows\System\yjwzwCB.exe
  2⤵
  PID:8624
- C:\Windows\System\CivpHru.exe
  C:\Windows\System\CivpHru.exe
  2⤵
  PID:8644
- C:\Windows\System\PwuMbaU.exe
  C:\Windows\System\PwuMbaU.exe
  2⤵
  PID:8664
- C:\Windows\System\NOrLfTi.exe
  C:\Windows\System\NOrLfTi.exe
  2⤵
  PID:8700
- C:\Windows\System\BULlZwd.exe
  C:\Windows\System\BULlZwd.exe
  2⤵
  PID:8728
- C:\Windows\System\lthyJGq.exe
  C:\Windows\System\lthyJGq.exe
  2⤵
  PID:8768
- C:\Windows\System\HxUZrxl.exe
  C:\Windows\System\HxUZrxl.exe
  2⤵
  PID:8804
- C:\Windows\System\RTHgsyx.exe
  C:\Windows\System\RTHgsyx.exe
  2⤵
  PID:8824
- C:\Windows\System\CvpZyFg.exe
  C:\Windows\System\CvpZyFg.exe
  2⤵
  PID:8868
- C:\Windows\System\YBNpIgV.exe
  C:\Windows\System\YBNpIgV.exe
  2⤵
  PID:8896
- C:\Windows\System\lpIQVUi.exe
  C:\Windows\System\lpIQVUi.exe
  2⤵
  PID:8936
- C:\Windows\System\qmDGMlw.exe
  C:\Windows\System\qmDGMlw.exe
  2⤵
  PID:8972
- C:\Windows\System\ZBeoFDT.exe
  C:\Windows\System\ZBeoFDT.exe
  2⤵
  PID:9004
- C:\Windows\System\bWFWuGd.exe
  C:\Windows\System\bWFWuGd.exe
  2⤵
  PID:9044
- C:\Windows\System\QBySfab.exe
  C:\Windows\System\QBySfab.exe
  2⤵
  PID:9072
- C:\Windows\System\sLoekwx.exe
  C:\Windows\System\sLoekwx.exe
  2⤵
  PID:9100
- C:\Windows\System\nOEnFzu.exe
  C:\Windows\System\nOEnFzu.exe
  2⤵
  PID:9152
- C:\Windows\System\zoqUOvP.exe
  C:\Windows\System\zoqUOvP.exe
  2⤵
  PID:9184
- C:\Windows\System\KKfNlvy.exe
  C:\Windows\System\KKfNlvy.exe
  2⤵
  PID:9200
- C:\Windows\System\icumbeN.exe
  C:\Windows\System\icumbeN.exe
  2⤵
  PID:7752
- C:\Windows\System\KbfsMpZ.exe
  C:\Windows\System\KbfsMpZ.exe
  2⤵
  PID:8232
- C:\Windows\System\MjLqdqo.exe
  C:\Windows\System\MjLqdqo.exe
  2⤵
  PID:8296
- C:\Windows\System\LsQXyDP.exe
  C:\Windows\System\LsQXyDP.exe
  2⤵
  PID:8400
- C:\Windows\System\GDZbJbc.exe
  C:\Windows\System\GDZbJbc.exe
  2⤵
  PID:8500
- C:\Windows\System\QdowfiP.exe
  C:\Windows\System\QdowfiP.exe
  2⤵
  PID:8588
- C:\Windows\System\CnlSJeS.exe
  C:\Windows\System\CnlSJeS.exe
  2⤵
  PID:8652
- C:\Windows\System\xfqYMey.exe
  C:\Windows\System\xfqYMey.exe
  2⤵
  PID:8724
- C:\Windows\System\ktEnGlH.exe
  C:\Windows\System\ktEnGlH.exe
  2⤵
  PID:8796
- C:\Windows\System\jDraDmc.exe
  C:\Windows\System\jDraDmc.exe
  2⤵
  PID:8864
- C:\Windows\System\oFkASov.exe
  C:\Windows\System\oFkASov.exe
  2⤵
  PID:8956
- C:\Windows\System\bxSgTAZ.exe
  C:\Windows\System\bxSgTAZ.exe
  2⤵
  PID:9040
- C:\Windows\System\sfDlsQp.exe
  C:\Windows\System\sfDlsQp.exe
  2⤵
  PID:9160
- C:\Windows\System\EEvZsMk.exe
  C:\Windows\System\EEvZsMk.exe
  2⤵
  PID:8196
- C:\Windows\System\fcZHkSQ.exe
  C:\Windows\System\fcZHkSQ.exe
  2⤵
  PID:8292
- C:\Windows\System\tFThGli.exe
  C:\Windows\System\tFThGli.exe
  2⤵
  PID:8528
- C:\Windows\System\WyHsGMn.exe
  C:\Windows\System\WyHsGMn.exe
  2⤵
  PID:8712
- C:\Windows\System\SQJjVbY.exe
  C:\Windows\System\SQJjVbY.exe
  2⤵
  PID:8912
- C:\Windows\System\HUrjIDG.exe
  C:\Windows\System\HUrjIDG.exe
  2⤵
  PID:9096
- C:\Windows\System\VaGaCYh.exe
  C:\Windows\System\VaGaCYh.exe
  2⤵
  PID:9212
- C:\Windows\System\hUUkrqe.exe
  C:\Windows\System\hUUkrqe.exe
  2⤵
  PID:7452
- C:\Windows\System\auriwsz.exe
  C:\Windows\System\auriwsz.exe
  2⤵
  PID:9036
- C:\Windows\System\ekXxUuo.exe
  C:\Windows\System\ekXxUuo.exe
  2⤵
  PID:9192
- C:\Windows\System\clUoNBt.exe
  C:\Windows\System\clUoNBt.exe
  2⤵
  PID:9236
- C:\Windows\System\XZnuKJh.exe
  C:\Windows\System\XZnuKJh.exe
  2⤵
  PID:9264
- C:\Windows\System\HeWLvms.exe
  C:\Windows\System\HeWLvms.exe
  2⤵
  PID:9296
- C:\Windows\System\mbsOVsf.exe
  C:\Windows\System\mbsOVsf.exe
  2⤵
  PID:9312
- C:\Windows\System\nyRDIwn.exe
  C:\Windows\System\nyRDIwn.exe
  2⤵
  PID:9332
- C:\Windows\System\epJvgca.exe
  C:\Windows\System\epJvgca.exe
  2⤵
  PID:9360
- C:\Windows\System\krXfVcL.exe
  C:\Windows\System\krXfVcL.exe
  2⤵
  PID:9404
- C:\Windows\System\BtvzRhb.exe
  C:\Windows\System\BtvzRhb.exe
  2⤵
  PID:9436
- C:\Windows\System\kPHLQiq.exe
  C:\Windows\System\kPHLQiq.exe
  2⤵
  PID:9484
- C:\Windows\System\XIsZXBT.exe
  C:\Windows\System\XIsZXBT.exe
  2⤵
  PID:9516
- C:\Windows\System\FgRzaFb.exe
  C:\Windows\System\FgRzaFb.exe
  2⤵
  PID:9544
- C:\Windows\System\UbHtikX.exe
  C:\Windows\System\UbHtikX.exe
  2⤵
  PID:9572
- C:\Windows\System\hFvcAfW.exe
  C:\Windows\System\hFvcAfW.exe
  2⤵
  PID:9588
- C:\Windows\System\gusricA.exe
  C:\Windows\System\gusricA.exe
  2⤵
  PID:9620
- C:\Windows\System\FPQKjQR.exe
  C:\Windows\System\FPQKjQR.exe
  2⤵
  PID:9656
- C:\Windows\System\PZUrlOE.exe
  C:\Windows\System\PZUrlOE.exe
  2⤵
  PID:9684
- C:\Windows\System\cWSfFiX.exe
  C:\Windows\System\cWSfFiX.exe
  2⤵
  PID:9712
- C:\Windows\System\thKYpyJ.exe
  C:\Windows\System\thKYpyJ.exe
  2⤵
  PID:9740
- C:\Windows\System\ePjnnbi.exe
  C:\Windows\System\ePjnnbi.exe
  2⤵
  PID:9756
- C:\Windows\System\oFlgjtY.exe
  C:\Windows\System\oFlgjtY.exe
  2⤵
  PID:9796
- C:\Windows\System\MINdaXL.exe
  C:\Windows\System\MINdaXL.exe
  2⤵
  PID:9824
- C:\Windows\System\inYHhHE.exe
  C:\Windows\System\inYHhHE.exe
  2⤵
  PID:9852
- C:\Windows\System\YklFAIS.exe
  C:\Windows\System\YklFAIS.exe
  2⤵
  PID:9880
- C:\Windows\System\FQMbFdh.exe
  C:\Windows\System\FQMbFdh.exe
  2⤵
  PID:9896
- C:\Windows\System\RzcVXnp.exe
  C:\Windows\System\RzcVXnp.exe
  2⤵
  PID:9936
- C:\Windows\System\Ihbavma.exe
  C:\Windows\System\Ihbavma.exe
  2⤵
  PID:9952
- C:\Windows\System\qFNysfq.exe
  C:\Windows\System\qFNysfq.exe
  2⤵
  PID:9976
- C:\Windows\System\IJLQNJo.exe
  C:\Windows\System\IJLQNJo.exe
  2⤵
  PID:9996
- C:\Windows\System\AVEAqCg.exe
  C:\Windows\System\AVEAqCg.exe
  2⤵
  PID:10016
- C:\Windows\System\OdxcUpS.exe
  C:\Windows\System\OdxcUpS.exe
  2⤵
  PID:10048
- C:\Windows\System\TmmJZoQ.exe
  C:\Windows\System\TmmJZoQ.exe
  2⤵
  PID:10084
- C:\Windows\System\lbWWbmk.exe
  C:\Windows\System\lbWWbmk.exe
  2⤵
  PID:10128
- C:\Windows\System\JzYznwJ.exe
  C:\Windows\System\JzYznwJ.exe
  2⤵
  PID:10160
- C:\Windows\System\ygYMGJl.exe
  C:\Windows\System\ygYMGJl.exe
  2⤵
  PID:10192
- C:\Windows\System\yRZtIMX.exe
  C:\Windows\System\yRZtIMX.exe
  2⤵
  PID:10220
- C:\Windows\System\yCoSOTb.exe
  C:\Windows\System\yCoSOTb.exe
  2⤵
  PID:9228
- C:\Windows\System\GbRRidh.exe
  C:\Windows\System\GbRRidh.exe
  2⤵
  PID:9288
- C:\Windows\System\lxLhLWc.exe
  C:\Windows\System\lxLhLWc.exe
  2⤵
  PID:9356
- C:\Windows\System\XleajNx.exe
  C:\Windows\System\XleajNx.exe
  2⤵
  PID:9396
- C:\Windows\System\slboynb.exe
  C:\Windows\System\slboynb.exe
  2⤵
  PID:9480
- C:\Windows\System\dnSyjyF.exe
  C:\Windows\System\dnSyjyF.exe
  2⤵
  PID:9536
- C:\Windows\System\TAsIOUQ.exe
  C:\Windows\System\TAsIOUQ.exe
  2⤵
  PID:9604
- C:\Windows\System\ixrsOkF.exe
  C:\Windows\System\ixrsOkF.exe
  2⤵
  PID:9676
- C:\Windows\System\hFGMIqK.exe
  C:\Windows\System\hFGMIqK.exe
  2⤵
  PID:9732
- C:\Windows\System\aXMAuCk.exe
  C:\Windows\System\aXMAuCk.exe
  2⤵
  PID:9792
- C:\Windows\System\BQEMXnW.exe
  C:\Windows\System\BQEMXnW.exe
  2⤵
  PID:9864
- C:\Windows\System\nBuPjRQ.exe
  C:\Windows\System\nBuPjRQ.exe
  2⤵
  PID:9908
- C:\Windows\System\HJagpSQ.exe
  C:\Windows\System\HJagpSQ.exe
  2⤵
  PID:9948
- C:\Windows\System\DUthlMo.exe
  C:\Windows\System\DUthlMo.exe
  2⤵
  PID:10012
- C:\Windows\System\kIMhtJr.exe
  C:\Windows\System\kIMhtJr.exe
  2⤵
  PID:10064
- C:\Windows\System\GueBJFk.exe
  C:\Windows\System\GueBJFk.exe
  2⤵
  PID:10136
- C:\Windows\System\EFYwMhB.exe
  C:\Windows\System\EFYwMhB.exe
  2⤵
  PID:10232
- C:\Windows\System\AoPlJTN.exe
  C:\Windows\System\AoPlJTN.exe
  2⤵
  PID:9340
- C:\Windows\System\LQMyOcL.exe
  C:\Windows\System\LQMyOcL.exe
  2⤵
  PID:9428
- C:\Windows\System\szsPyGr.exe
  C:\Windows\System\szsPyGr.exe
  2⤵
  PID:9668
- C:\Windows\System\vkQvMLA.exe
  C:\Windows\System\vkQvMLA.exe
  2⤵
  PID:9704
- C:\Windows\System\RHklAqV.exe
  C:\Windows\System\RHklAqV.exe
  2⤵
  PID:10056
- C:\Windows\System\XJIjWXu.exe
  C:\Windows\System\XJIjWXu.exe
  2⤵
  PID:10092
- C:\Windows\System\ikoVonk.exe
  C:\Windows\System\ikoVonk.exe
  2⤵
  PID:9392
- C:\Windows\System\kupPfVw.exe
  C:\Windows\System\kupPfVw.exe
  2⤵
  PID:9892
- C:\Windows\System\UjFrWEs.exe
  C:\Windows\System\UjFrWEs.exe
  2⤵
  PID:10212
- C:\Windows\System\xlScCgA.exe
  C:\Windows\System\xlScCgA.exe
  2⤵
  PID:9724
- C:\Windows\System\TdTvcVH.exe
  C:\Windows\System\TdTvcVH.exe
  2⤵
  PID:9584
- C:\Windows\System\JXdCvZl.exe
  C:\Windows\System\JXdCvZl.exe
  2⤵
  PID:10256
- C:\Windows\System\jveIPzH.exe
  C:\Windows\System\jveIPzH.exe
  2⤵
  PID:10284
- C:\Windows\System\YkoOGUq.exe
  C:\Windows\System\YkoOGUq.exe
  2⤵
  PID:10312
- C:\Windows\System\NcIKNlc.exe
  C:\Windows\System\NcIKNlc.exe
  2⤵
  PID:10340
- C:\Windows\System\ozqLuro.exe
  C:\Windows\System\ozqLuro.exe
  2⤵
  PID:10368
- C:\Windows\System\MYSNDwj.exe
  C:\Windows\System\MYSNDwj.exe
  2⤵
  PID:10396
- C:\Windows\System\KceoQoJ.exe
  C:\Windows\System\KceoQoJ.exe
  2⤵
  PID:10412
- C:\Windows\System\TIeBuGk.exe
  C:\Windows\System\TIeBuGk.exe
  2⤵
  PID:10448
- C:\Windows\System\jobyvDw.exe
  C:\Windows\System\jobyvDw.exe
  2⤵
  PID:10468
- C:\Windows\System\KzuXtkW.exe
  C:\Windows\System\KzuXtkW.exe
  2⤵
  PID:10508
- C:\Windows\System\nPDLSIA.exe
  C:\Windows\System\nPDLSIA.exe
  2⤵
  PID:10524
- C:\Windows\System\YmKDMMc.exe
  C:\Windows\System\YmKDMMc.exe
  2⤵
  PID:10552
- C:\Windows\System\iQKunDf.exe
  C:\Windows\System\iQKunDf.exe
  2⤵
  PID:10592
- C:\Windows\System\xqbbLZP.exe
  C:\Windows\System\xqbbLZP.exe
  2⤵
  PID:10620
- C:\Windows\System\ZZTvATM.exe
  C:\Windows\System\ZZTvATM.exe
  2⤵
  PID:10648
- C:\Windows\System\QQkHklK.exe
  C:\Windows\System\QQkHklK.exe
  2⤵
  PID:10668
- C:\Windows\System\eCqZBOc.exe
  C:\Windows\System\eCqZBOc.exe
  2⤵
  PID:10708
- C:\Windows\System\vQrNqhw.exe
  C:\Windows\System\vQrNqhw.exe
  2⤵
  PID:10724
- C:\Windows\System\mGCYxOp.exe
  C:\Windows\System\mGCYxOp.exe
  2⤵
  PID:10752
- C:\Windows\System\iVpATlT.exe
  C:\Windows\System\iVpATlT.exe
  2⤵
  PID:10772
- C:\Windows\System\QeHlqAN.exe
  C:\Windows\System\QeHlqAN.exe
  2⤵
  PID:10796
- C:\Windows\System\LCfqwuu.exe
  C:\Windows\System\LCfqwuu.exe
  2⤵
  PID:10836
- C:\Windows\System\ByTFoce.exe
  C:\Windows\System\ByTFoce.exe
  2⤵
  PID:10864
- C:\Windows\System\LuWhplq.exe
  C:\Windows\System\LuWhplq.exe
  2⤵
  PID:10908
- C:\Windows\System\qxreeke.exe
  C:\Windows\System\qxreeke.exe
  2⤵
  PID:10940
- C:\Windows\System\qjtlgAB.exe
  C:\Windows\System\qjtlgAB.exe
  2⤵
  PID:10964
- C:\Windows\System\YYyevao.exe
  C:\Windows\System\YYyevao.exe
  2⤵
  PID:10984
- C:\Windows\System\BaejLzg.exe
  C:\Windows\System\BaejLzg.exe
  2⤵
  PID:11020
- C:\Windows\System\SWGcXzY.exe
  C:\Windows\System\SWGcXzY.exe
  2⤵
  PID:11052
- C:\Windows\System\vYyvkQd.exe
  C:\Windows\System\vYyvkQd.exe
  2⤵
  PID:11072
- C:\Windows\System\gZcfGPa.exe
  C:\Windows\System\gZcfGPa.exe
  2⤵
  PID:11112
- C:\Windows\System\xnAOGfU.exe
  C:\Windows\System\xnAOGfU.exe
  2⤵
  PID:11140
- C:\Windows\System\yRlbJef.exe
  C:\Windows\System\yRlbJef.exe
  2⤵
  PID:11156
- C:\Windows\System\AKutuDu.exe
  C:\Windows\System\AKutuDu.exe
  2⤵
  PID:11184
- C:\Windows\System\hApfIuK.exe
  C:\Windows\System\hApfIuK.exe
  2⤵
  PID:11216
- C:\Windows\System\awiCsOn.exe
  C:\Windows\System\awiCsOn.exe
  2⤵
  PID:11252
- C:\Windows\System\IqVNtwL.exe
  C:\Windows\System\IqVNtwL.exe
  2⤵
  PID:10248
- C:\Windows\System\ehrnZhX.exe
  C:\Windows\System\ehrnZhX.exe
  2⤵
  PID:10028
- C:\Windows\System\xFyrwzj.exe
  C:\Windows\System\xFyrwzj.exe
  2⤵
  PID:10364
- C:\Windows\System\zhtfPjv.exe
  C:\Windows\System\zhtfPjv.exe
  2⤵
  PID:10456
- C:\Windows\System\mWPhpph.exe
  C:\Windows\System\mWPhpph.exe
  2⤵
  PID:10496
- C:\Windows\System\ZRtefvj.exe
  C:\Windows\System\ZRtefvj.exe
  2⤵
  PID:10588
- C:\Windows\System\iDALtLj.exe
  C:\Windows\System\iDALtLj.exe
  2⤵
  PID:10632
- C:\Windows\System\fXCgHzF.exe
  C:\Windows\System\fXCgHzF.exe
  2⤵
  PID:10700
- C:\Windows\System\pEqYsMQ.exe
  C:\Windows\System\pEqYsMQ.exe
  2⤵
  PID:10784
- C:\Windows\System\vabZSLF.exe
  C:\Windows\System\vabZSLF.exe
  2⤵
  PID:10856
- C:\Windows\System\cqtjUqA.exe
  C:\Windows\System\cqtjUqA.exe
  2⤵
  PID:10904
- C:\Windows\System\BPoRFLk.exe
  C:\Windows\System\BPoRFLk.exe
  2⤵
  PID:10996
- C:\Windows\System\NWlKgLo.exe
  C:\Windows\System\NWlKgLo.exe
  2⤵
  PID:11044
- C:\Windows\System\SDQPkxU.exe
  C:\Windows\System\SDQPkxU.exe
  2⤵
  PID:11104
- C:\Windows\System\SmjIGvX.exe
  C:\Windows\System\SmjIGvX.exe
  2⤵
  PID:11196
- C:\Windows\System\iJEsuRm.exe
  C:\Windows\System\iJEsuRm.exe
  2⤵
  PID:10252
- C:\Windows\System\zTNBIFG.exe
  C:\Windows\System\zTNBIFG.exe
  2⤵
  PID:10300
- C:\Windows\System\mWmzLmp.exe
  C:\Windows\System\mWmzLmp.exe
  2⤵
  PID:10516
- C:\Windows\System\GLeFXfw.exe
  C:\Windows\System\GLeFXfw.exe
  2⤵
  PID:10568
- C:\Windows\System\UDiqrSh.exe
  C:\Windows\System\UDiqrSh.exe
  2⤵
  PID:10760
- C:\Windows\System\geTITYN.exe
  C:\Windows\System\geTITYN.exe
  2⤵
  PID:10976
- C:\Windows\System\MVrvsaW.exe
  C:\Windows\System\MVrvsaW.exe
  2⤵
  PID:11132
- C:\Windows\System\rTwSaYm.exe
  C:\Windows\System\rTwSaYm.exe
  2⤵
  PID:10324
- C:\Windows\System\PpveCgM.exe
  C:\Windows\System\PpveCgM.exe
  2⤵
  PID:10548
- C:\Windows\System\YWYGzXy.exe
  C:\Windows\System\YWYGzXy.exe
  2⤵
  PID:10936
- C:\Windows\System\oTGgWVd.exe
  C:\Windows\System\oTGgWVd.exe
  2⤵
  PID:10276
- C:\Windows\System\gTSOzWx.exe
  C:\Windows\System\gTSOzWx.exe
  2⤵
  PID:10660
- C:\Windows\System\YuDyKtK.exe
  C:\Windows\System\YuDyKtK.exe
  2⤵
  PID:11272
- C:\Windows\System\lguvuNS.exe
  C:\Windows\System\lguvuNS.exe
  2⤵
  PID:11300
- C:\Windows\System\yriibjA.exe
  C:\Windows\System\yriibjA.exe
  2⤵
  PID:11328
- C:\Windows\System\zZLnWgA.exe
  C:\Windows\System\zZLnWgA.exe
  2⤵
  PID:11344
- C:\Windows\System\FNJtiiR.exe
  C:\Windows\System\FNJtiiR.exe
  2⤵
  PID:11372
- C:\Windows\System\CgNfOpT.exe
  C:\Windows\System\CgNfOpT.exe
  2⤵
  PID:11412
- C:\Windows\System\SBBMOUA.exe
  C:\Windows\System\SBBMOUA.exe
  2⤵
  PID:11440
- C:\Windows\System\GczvWCy.exe
  C:\Windows\System\GczvWCy.exe
  2⤵
  PID:11456
- C:\Windows\System\VzMlADT.exe
  C:\Windows\System\VzMlADT.exe
  2⤵
  PID:11488
- C:\Windows\System\mSCZsfK.exe
  C:\Windows\System\mSCZsfK.exe
  2⤵
  PID:11520
- C:\Windows\System\HQhWEJF.exe
  C:\Windows\System\HQhWEJF.exe
  2⤵
  PID:11552
- C:\Windows\System\hGJWALC.exe
  C:\Windows\System\hGJWALC.exe
  2⤵
  PID:11572
- C:\Windows\System\ETSgtcX.exe
  C:\Windows\System\ETSgtcX.exe
  2⤵
  PID:11600
- C:\Windows\System\sqaqahy.exe
  C:\Windows\System\sqaqahy.exe
  2⤵
  PID:11628
- C:\Windows\System\XPIqsEl.exe
  C:\Windows\System\XPIqsEl.exe
  2⤵
  PID:11656
- C:\Windows\System\CmEZLGW.exe
  C:\Windows\System\CmEZLGW.exe
  2⤵
  PID:11696
- C:\Windows\System\KKcRXNN.exe
  C:\Windows\System\KKcRXNN.exe
  2⤵
  PID:11724
- C:\Windows\System\DPbLIPi.exe
  C:\Windows\System\DPbLIPi.exe
  2⤵
  PID:11752
- C:\Windows\System\YTJVuvs.exe
  C:\Windows\System\YTJVuvs.exe
  2⤵
  PID:11780
- C:\Windows\System\ReAxRCW.exe
  C:\Windows\System\ReAxRCW.exe
  2⤵
  PID:11808
- C:\Windows\System\nZyxqnB.exe
  C:\Windows\System\nZyxqnB.exe
  2⤵
  PID:11836
- C:\Windows\System\nYSobaZ.exe
  C:\Windows\System\nYSobaZ.exe
  2⤵
  PID:11860
- C:\Windows\System\AMcYSmU.exe
  C:\Windows\System\AMcYSmU.exe
  2⤵
  PID:11880
- C:\Windows\System\TJDddwq.exe
  C:\Windows\System\TJDddwq.exe
  2⤵
  PID:11908
- C:\Windows\System\hosAMFh.exe
  C:\Windows\System\hosAMFh.exe
  2⤵
  PID:11932
- C:\Windows\System\VJstHce.exe
  C:\Windows\System\VJstHce.exe
  2⤵
  PID:11964
- C:\Windows\System\jpoSfkb.exe
  C:\Windows\System\jpoSfkb.exe
  2⤵
  PID:11980
- C:\Windows\System\aJHtebm.exe
  C:\Windows\System\aJHtebm.exe
  2⤵
  PID:12012
- C:\Windows\System\tVCFthH.exe
  C:\Windows\System\tVCFthH.exe
  2⤵
  PID:12036
- C:\Windows\System\UcdezMG.exe
  C:\Windows\System\UcdezMG.exe
  2⤵
  PID:12076
- C:\Windows\System\EOeSBbB.exe
  C:\Windows\System\EOeSBbB.exe
  2⤵
  PID:12104
- C:\Windows\System\FqUANgY.exe
  C:\Windows\System\FqUANgY.exe
  2⤵
  PID:12136
- C:\Windows\System\yYDfIUK.exe
  C:\Windows\System\yYDfIUK.exe
  2⤵
  PID:12164
- C:\Windows\System\GfnEAXf.exe
  C:\Windows\System\GfnEAXf.exe
  2⤵
  PID:12188
- C:\Windows\System\nWrUvNu.exe
  C:\Windows\System\nWrUvNu.exe
  2⤵
  PID:12216
- C:\Windows\System\VwsaGpI.exe
  C:\Windows\System\VwsaGpI.exe
  2⤵
  PID:12256
- C:\Windows\System\KWmXLlI.exe
  C:\Windows\System\KWmXLlI.exe
  2⤵
  PID:12284
- C:\Windows\System\KcyZBvZ.exe
  C:\Windows\System\KcyZBvZ.exe
  2⤵
  PID:11312
- C:\Windows\System\rqYysmq.exe
  C:\Windows\System\rqYysmq.exe
  2⤵
  PID:11388
- C:\Windows\System\oNSzObc.exe
  C:\Windows\System\oNSzObc.exe
  2⤵
  PID:11452
- C:\Windows\System\vigyIUX.exe
  C:\Windows\System\vigyIUX.exe
  2⤵
  PID:11528
- C:\Windows\System\euROczb.exe
  C:\Windows\System\euROczb.exe
  2⤵
  PID:11592
- C:\Windows\System\YxwgUkv.exe
  C:\Windows\System\YxwgUkv.exe
  2⤵
  PID:11652
- C:\Windows\System\nKrxfYs.exe
  C:\Windows\System\nKrxfYs.exe
  2⤵
  PID:11720
- C:\Windows\System\uzHtBIy.exe
  C:\Windows\System\uzHtBIy.exe
  2⤵
  PID:11776
- C:\Windows\System\wZCnCWM.exe
  C:\Windows\System\wZCnCWM.exe
  2⤵
  PID:11852
- C:\Windows\System\hsImWcv.exe
  C:\Windows\System\hsImWcv.exe
  2⤵
  PID:11900
- C:\Windows\System\jJRkiXg.exe
  C:\Windows\System\jJRkiXg.exe
  2⤵
  PID:11952
- C:\Windows\System\rpLsJti.exe
  C:\Windows\System\rpLsJti.exe
  2⤵
  PID:12024
- C:\Windows\System\RhLMkQL.exe
  C:\Windows\System\RhLMkQL.exe
  2⤵
  PID:12048
- C:\Windows\System\rmEkgAD.exe
  C:\Windows\System\rmEkgAD.exe
  2⤵
  PID:12172
- C:\Windows\System\ZwJSEyM.exe
  C:\Windows\System\ZwJSEyM.exe
  2⤵
  PID:12200
- C:\Windows\System\IngfXns.exe
  C:\Windows\System\IngfXns.exe
  2⤵
  PID:11288
- C:\Windows\System\SKeOFVh.exe
  C:\Windows\System\SKeOFVh.exe
  2⤵
  PID:11424
- C:\Windows\System\tEthQCj.exe
  C:\Windows\System\tEthQCj.exe
  2⤵
  PID:11536
- C:\Windows\System\RPIHkZw.exe
  C:\Windows\System\RPIHkZw.exe
  2⤵
  PID:11748
- C:\Windows\System\MFkMIFN.exe
  C:\Windows\System\MFkMIFN.exe
  2⤵
  PID:11904
- C:\Windows\System\wQkhija.exe
  C:\Windows\System\wQkhija.exe
  2⤵
  PID:12088
- C:\Windows\System\ThhYKeq.exe
  C:\Windows\System\ThhYKeq.exe
  2⤵
  PID:12160
- C:\Windows\System\XvzytFS.exe
  C:\Windows\System\XvzytFS.exe
  2⤵
  PID:12276
- C:\Windows\System\ysAnpmZ.exe
  C:\Windows\System\ysAnpmZ.exe
  2⤵
  PID:11832
- C:\Windows\System\TyoTibu.exe
  C:\Windows\System\TyoTibu.exe
  2⤵
  PID:12144
- C:\Windows\System\tTiBuuq.exe
  C:\Windows\System\tTiBuuq.exe
  2⤵
  PID:12020
- C:\Windows\System\jOOZtSd.exe
  C:\Windows\System\jOOZtSd.exe
  2⤵
  PID:12292
- C:\Windows\System\ZcwHpkH.exe
  C:\Windows\System\ZcwHpkH.exe
  2⤵
  PID:12324
- C:\Windows\System\UhdgMOE.exe
  C:\Windows\System\UhdgMOE.exe
  2⤵
  PID:12340
- C:\Windows\System\FAueJLH.exe
  C:\Windows\System\FAueJLH.exe
  2⤵
  PID:12368
- C:\Windows\System\IfBrhdO.exe
  C:\Windows\System\IfBrhdO.exe
  2⤵
  PID:12396
- C:\Windows\System\ukIoHku.exe
  C:\Windows\System\ukIoHku.exe
  2⤵
  PID:12416
- C:\Windows\System\UmQIeqB.exe
  C:\Windows\System\UmQIeqB.exe
  2⤵
  PID:12456
- C:\Windows\System\uiDSoaa.exe
  C:\Windows\System\uiDSoaa.exe
  2⤵
  PID:12480
- C:\Windows\System\dVGjBsz.exe
  C:\Windows\System\dVGjBsz.exe
  2⤵
  PID:12508
- C:\Windows\System\eGgDBkl.exe
  C:\Windows\System\eGgDBkl.exe
  2⤵
  PID:12536
- C:\Windows\System\SMYsVgw.exe
  C:\Windows\System\SMYsVgw.exe
  2⤵
  PID:12572
- C:\Windows\System\fKFzotD.exe
  C:\Windows\System\fKFzotD.exe
  2⤵
  PID:12592
- C:\Windows\System\orhgyQU.exe
  C:\Windows\System\orhgyQU.exe
  2⤵
  PID:12628
- C:\Windows\System\drlomJe.exe
  C:\Windows\System\drlomJe.exe
  2⤵
  PID:12652
- C:\Windows\System\CpDPDHj.exe
  C:\Windows\System\CpDPDHj.exe
  2⤵
  PID:12692
- C:\Windows\System\WyxFaMb.exe
  C:\Windows\System\WyxFaMb.exe
  2⤵
  PID:12708
- C:\Windows\System\LnxlIbM.exe
  C:\Windows\System\LnxlIbM.exe
  2⤵
  PID:12748
- C:\Windows\System\YdmSrkb.exe
  C:\Windows\System\YdmSrkb.exe
  2⤵
  PID:12776
- C:\Windows\System\SWaFTGc.exe
  C:\Windows\System\SWaFTGc.exe
  2⤵
  PID:12792
- C:\Windows\System\qnfSfti.exe
  C:\Windows\System\qnfSfti.exe
  2⤵
  PID:12832
- C:\Windows\System\JBhJozP.exe
  C:\Windows\System\JBhJozP.exe
  2⤵
  PID:12848
- C:\Windows\System\eFuORvb.exe
  C:\Windows\System\eFuORvb.exe
  2⤵
  PID:12888
- C:\Windows\System\dvJxJjA.exe
  C:\Windows\System\dvJxJjA.exe
  2⤵
  PID:12912
- C:\Windows\System\eVwGbLE.exe
  C:\Windows\System\eVwGbLE.exe
  2⤵
  PID:12932
- C:\Windows\System\SBQbYsp.exe
  C:\Windows\System\SBQbYsp.exe
  2⤵
  PID:12964
- C:\Windows\System\acHZoYz.exe
  C:\Windows\System\acHZoYz.exe
  2⤵
  PID:12988
- C:\Windows\System\FUJIshU.exe
  C:\Windows\System\FUJIshU.exe
  2⤵
  PID:13020
- C:\Windows\System\UvLlbPF.exe
  C:\Windows\System\UvLlbPF.exe
  2⤵
  PID:13056
- C:\Windows\System\SGXhBKE.exe
  C:\Windows\System\SGXhBKE.exe
  2⤵
  PID:13084
- C:\Windows\System\bUwmDji.exe
  C:\Windows\System\bUwmDji.exe
  2⤵
  PID:13128
- C:\Windows\System\dIJqoIX.exe
  C:\Windows\System\dIJqoIX.exe
  2⤵
  PID:13144
- C:\Windows\System\DDVRHjz.exe
  C:\Windows\System\DDVRHjz.exe
  2⤵
  PID:13172
- C:\Windows\System\JrYyukF.exe
  C:\Windows\System\JrYyukF.exe
  2⤵
  PID:13200
- C:\Windows\System\jaHxYBC.exe
  C:\Windows\System\jaHxYBC.exe
  2⤵
  PID:13228
- C:\Windows\System\nfsNGkz.exe
  C:\Windows\System\nfsNGkz.exe
  2⤵
  PID:13256
- C:\Windows\System\BUGtViV.exe
  C:\Windows\System\BUGtViV.exe
  2⤵
  PID:13284
- C:\Windows\System\qmZcrRi.exe
  C:\Windows\System\qmZcrRi.exe
  2⤵
  PID:11928
- C:\Windows\System\VbIcCiu.exe
  C:\Windows\System\VbIcCiu.exe
  2⤵
  PID:12332
- C:\Windows\System\kavcSCL.exe
  C:\Windows\System\kavcSCL.exe
  2⤵
  PID:12424
- C:\Windows\System\ylXNigy.exe
  C:\Windows\System\ylXNigy.exe
  2⤵
  PID:12464
- C:\Windows\System\ATyZeOj.exe
  C:\Windows\System\ATyZeOj.exe
  2⤵
  PID:12496
- C:\Windows\System\LsYnTHu.exe
  C:\Windows\System\LsYnTHu.exe
  2⤵
  PID:12604
- C:\Windows\System\TZGjPjZ.exe
  C:\Windows\System\TZGjPjZ.exe
  2⤵
  PID:12688
- C:\Windows\System\WygjbMS.exe
  C:\Windows\System\WygjbMS.exe
  2⤵
  PID:12744
- C:\Windows\System\pbZvdBY.exe
  C:\Windows\System\pbZvdBY.exe
  2⤵
  PID:12808
- C:\Windows\System\eanteBz.exe
  C:\Windows\System\eanteBz.exe
  2⤵
  PID:12868
- C:\Windows\System\IyvbSDH.exe
  C:\Windows\System\IyvbSDH.exe
  2⤵
  PID:12928
- C:\Windows\System\tNkzpHh.exe
  C:\Windows\System\tNkzpHh.exe
  2⤵
  PID:13000
- C:\Windows\System\qhjopMW.exe
  C:\Windows\System\qhjopMW.exe
  2⤵
  PID:13052
- C:\Windows\System\tJfOeFb.exe
  C:\Windows\System\tJfOeFb.exe
  2⤵
  PID:13136
- C:\Windows\System\WgbWPvg.exe
  C:\Windows\System\WgbWPvg.exe
  2⤵
  PID:13212
- C:\Windows\System\IDdraYs.exe
  C:\Windows\System\IDdraYs.exe
  2⤵
  PID:13268
- C:\Windows\System\CMhVBSW.exe
  C:\Windows\System\CMhVBSW.exe
  2⤵
  PID:12308
- C:\Windows\System\klzeARr.exe
  C:\Windows\System\klzeARr.exe
  2⤵
  PID:12476
- C:\Windows\System\VWoIsXz.exe
  C:\Windows\System\VWoIsXz.exe
  2⤵
  PID:12640
- C:\Windows\System\XIKDhAw.exe
  C:\Windows\System\XIKDhAw.exe
  2⤵
  PID:12608
- C:\Windows\System\PIHuQyS.exe
  C:\Windows\System\PIHuQyS.exe
  2⤵
  PID:12924
- C:\Windows\System\DXHPYMj.exe
  C:\Windows\System\DXHPYMj.exe
  2⤵
  PID:13108
- C:\Windows\System\lcXqpnY.exe
  C:\Windows\System\lcXqpnY.exe
  2⤵
  PID:13252
- C:\Windows\System\tadiVAI.exe
  C:\Windows\System\tadiVAI.exe
  2⤵
  PID:12436
- C:\Windows\System\CoIdsQj.exe
  C:\Windows\System\CoIdsQj.exe
  2⤵
  PID:12828
- C:\Windows\System\fuDhedr.exe
  C:\Windows\System\fuDhedr.exe
  2⤵
  PID:13184
- C:\Windows\System\mwwLyDU.exe
  C:\Windows\System\mwwLyDU.exe
  2⤵
  PID:12564
- C:\Windows\System\ZCgmNZU.exe
  C:\Windows\System\ZCgmNZU.exe
  2⤵
  PID:12384
- C:\Windows\System\Riefhab.exe
  C:\Windows\System\Riefhab.exe
  2⤵
  PID:13332
- C:\Windows\System\KHePeOf.exe
  C:\Windows\System\KHePeOf.exe
  2⤵
  PID:13360
- C:\Windows\System\oZXxZFj.exe
  C:\Windows\System\oZXxZFj.exe
  2⤵
  PID:13388
- C:\Windows\System\nWbRUyZ.exe
  C:\Windows\System\nWbRUyZ.exe
  2⤵
  PID:13416
- C:\Windows\System\nLyUEPM.exe
  C:\Windows\System\nLyUEPM.exe
  2⤵
  PID:13444
- C:\Windows\System\qfSgQbY.exe
  C:\Windows\System\qfSgQbY.exe
  2⤵
  PID:13472
- C:\Windows\System\mxwoJzG.exe
  C:\Windows\System\mxwoJzG.exe
  2⤵
  PID:13500
- C:\Windows\System\oVUBmxs.exe
  C:\Windows\System\oVUBmxs.exe
  2⤵
  PID:13528
- C:\Windows\System\gbEKKRp.exe
  C:\Windows\System\gbEKKRp.exe
  2⤵
  PID:13556
- C:\Windows\System\cDgzyXl.exe
  C:\Windows\System\cDgzyXl.exe
  2⤵
  PID:13584
- C:\Windows\System\RMsThHX.exe
  C:\Windows\System\RMsThHX.exe
  2⤵
  PID:13600
- C:\Windows\System\UFmKBdH.exe
  C:\Windows\System\UFmKBdH.exe
  2⤵
  PID:13620
- C:\Windows\System\hUIrkXH.exe
  C:\Windows\System\hUIrkXH.exe
  2⤵
  PID:13648
- C:\Windows\System\AqmBPsK.exe
  C:\Windows\System\AqmBPsK.exe
  2⤵
  PID:13684
- C:\Windows\System\rtQfijU.exe
  C:\Windows\System\rtQfijU.exe
  2⤵
  PID:13712
- C:\Windows\System\qwkYzxi.exe
  C:\Windows\System\qwkYzxi.exe
  2⤵
  PID:13740
- C:\Windows\System\PmvACQY.exe
  C:\Windows\System\PmvACQY.exe
  2⤵
  PID:13768
- C:\Windows\System\FZHMGGX.exe
  C:\Windows\System\FZHMGGX.exe
  2⤵
  PID:13796
- C:\Windows\System\qxcvSNf.exe
  C:\Windows\System\qxcvSNf.exe
  2⤵
  PID:13836
- C:\Windows\System\PgaiSly.exe
  C:\Windows\System\PgaiSly.exe
  2⤵
  PID:13864
- C:\Windows\System\HzoeTCx.exe
  C:\Windows\System\HzoeTCx.exe
  2⤵
  PID:13892
- C:\Windows\System\frwjjRi.exe
  C:\Windows\System\frwjjRi.exe
  2⤵
  PID:13908
- C:\Windows\System\EgxJVDF.exe
  C:\Windows\System\EgxJVDF.exe
  2⤵
  PID:13932
- C:\Windows\System\mlOokRw.exe
  C:\Windows\System\mlOokRw.exe
  2⤵
  PID:13972
- C:\Windows\System\EzhEQje.exe
  C:\Windows\System\EzhEQje.exe
  2⤵
  PID:13992
- C:\Windows\System\XhmoKyn.exe
  C:\Windows\System\XhmoKyn.exe
  2⤵
  PID:14020
- C:\Windows\System\vCrTAAa.exe
  C:\Windows\System\vCrTAAa.exe
  2⤵
  PID:14060
- C:\Windows\System\ojbnVxE.exe
  C:\Windows\System\ojbnVxE.exe
  2⤵
  PID:14084
- C:\Windows\System\XhWMoNr.exe
  C:\Windows\System\XhWMoNr.exe
  2⤵
  PID:14104
- C:\Windows\System\LmNgpWi.exe
  C:\Windows\System\LmNgpWi.exe
  2⤵
  PID:14120
- C:\Windows\System\ukFIHPf.exe
  C:\Windows\System\ukFIHPf.exe
  2⤵
  PID:14152
- C:\Windows\System\rbXcQFl.exe
  C:\Windows\System\rbXcQFl.exe
  2⤵
  PID:14180
- C:\Windows\System\hmxrxYJ.exe
  C:\Windows\System\hmxrxYJ.exe
  2⤵
  PID:14196
- C:\Windows\System\XKbtKZZ.exe
  C:\Windows\System\XKbtKZZ.exe
  2⤵
  PID:14232
- C:\Windows\System\aKDnHbA.exe
  C:\Windows\System\aKDnHbA.exe
  2⤵
  PID:14272
- C:\Windows\System\HmhhVez.exe
  C:\Windows\System\HmhhVez.exe
  2⤵
  PID:14304
- C:\Windows\System\KUNrMJJ.exe
  C:\Windows\System\KUNrMJJ.exe
  2⤵
  PID:13324
- C:\Windows\System\FgNOcvQ.exe
  C:\Windows\System\FgNOcvQ.exe
  2⤵
  PID:13384
- C:\Windows\System\RKapuYj.exe
  C:\Windows\System\RKapuYj.exe
  2⤵
  PID:13436
- C:\Windows\System\LANoYPa.exe
  C:\Windows\System\LANoYPa.exe
  2⤵
  PID:13496
- C:\Windows\System\bFsosNJ.exe
  C:\Windows\System\bFsosNJ.exe
  2⤵
  PID:13608
- C:\Windows\System\GowizmY.exe
  C:\Windows\System\GowizmY.exe
  2⤵
  PID:13644
- C:\Windows\System\qDhYlMV.exe
  C:\Windows\System\qDhYlMV.exe
  2⤵
  PID:2632
- C:\Windows\System\UEhRjHr.exe
  C:\Windows\System\UEhRjHr.exe
  2⤵
  PID:13724
- C:\Windows\System\UXpOvge.exe
  C:\Windows\System\UXpOvge.exe
  2⤵
  PID:13760
- C:\Windows\System\UhKGqAJ.exe
  C:\Windows\System\UhKGqAJ.exe
  2⤵
  PID:13812
- C:\Windows\System\XFxSDHx.exe
  C:\Windows\System\XFxSDHx.exe
  2⤵
  PID:13880
- C:\Windows\System\OlCogjx.exe
  C:\Windows\System\OlCogjx.exe
  2⤵
  PID:13980
- C:\Windows\System\QmNJKlM.exe
  C:\Windows\System\QmNJKlM.exe
  2⤵
  PID:14036
- C:\Windows\System\yqbKhdD.exe
  C:\Windows\System\yqbKhdD.exe
  2⤵
  PID:14096
- C:\Windows\System\pDOpBsF.exe
  C:\Windows\System\pDOpBsF.exe
  2⤵
  PID:14164
- C:\Windows\System\Rleglew.exe
  C:\Windows\System\Rleglew.exe
  2⤵
  PID:14220
- C:\Windows\System\dMcIinU.exe
  C:\Windows\System\dMcIinU.exe
  2⤵
  PID:14324
- C:\Windows\System\xhJCQtO.exe
  C:\Windows\System\xhJCQtO.exe
  2⤵
  PID:13408
- C:\Windows\System\LvyYBJL.exe
  C:\Windows\System\LvyYBJL.exe
  2⤵
  PID:13548
- C:\Windows\System\icpRauL.exe
  C:\Windows\System\icpRauL.exe
  2⤵
  PID:13696
- C:\Windows\System\JCmQRaD.exe
  C:\Windows\System\JCmQRaD.exe
  2⤵
  PID:13756
- C:\Windows\System\OjDpQaN.exe
  C:\Windows\System\OjDpQaN.exe
  2⤵
  PID:13920
- C:\Windows\System\DMpnnUK.exe
  C:\Windows\System\DMpnnUK.exe
  2⤵
  PID:4456
- C:\Windows\System\PdxnGGR.exe
  C:\Windows\System\PdxnGGR.exe
  2⤵
  PID:14116
- C:\Windows\System\KDktqch.exe
  C:\Windows\System\KDktqch.exe
  2⤵
  PID:14284
- C:\Windows\System\lXyTApB.exe
  C:\Windows\System\lXyTApB.exe
  2⤵
  PID:13632
- C:\Windows\System\hrZkrOF.exe
  C:\Windows\System\hrZkrOF.exe
  2⤵
  PID:13900
- C:\Windows\System\hsxfIRy.exe
  C:\Windows\System\hsxfIRy.exe
  2⤵
  PID:13352
- C:\Windows\System\PMDjaxA.exe
  C:\Windows\System\PMDjaxA.exe
  2⤵
  PID:13732
- C:\Windows\System\qXsYQkd.exe
  C:\Windows\System\qXsYQkd.exe
  2⤵
  PID:13044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4408,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:8
1⤵
PID:1976

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BdvzPLW.exe

Filesize
2.3MB

MD5
649434b368a5050f6699bc93e53e622a

SHA1
65da6e01487983a764919860849f75eb35e96517

SHA256
48f6dde5e0e7e90d296f7f74023cc552021b102519e7ab5f65e8957809692c99

SHA512
f04cad9ac7896a7134491abea4796fc4a3df46d82607014a75cca689bf9b06efe425b1a08420f61feee5117bd2d6bc42a08ea4ca18a640a7f3541cdbf18ce87a

Download Submit
C:\Windows\System\ChBQYfj.exe

Filesize
2.3MB

MD5
22887f9356418fe72a32161963026e5d

SHA1
59a84ebb8b0d5e81ce5a0dad8173e397d38b3dec

SHA256
4e6642907b606f7ae55e1a3b365d57e203af5ab589829ba857502a2c930955bb

SHA512
cbcc40a659a59674c2406e1e63afe6ea2069a54df8ad5ad6dcdc3479630d12802ad8bdceea44bbd91bf5b8f4548061ab80232b58ef839206d58d51a90a093cc4

Download Submit
C:\Windows\System\DVjjyUz.exe

Filesize
2.3MB

MD5
fb1588cd25588c9b57cf185a24e2f3f7

SHA1
1db3945be3ec75f17a07ead9296a898c03d0c0f6

SHA256
e1ba6548d94d47a029596853802aed5f806e3d230d7fa80c91553727b708b438

SHA512
3bf493db6c364fd8f1e2a5e2b12a9027c7a7ac0afe029bc8eb029f75d7af0dee7c2b1ff0828bb96ad0a3bea36f42179179e16da67e313dcd30b25199acd3e1c0

Download Submit
C:\Windows\System\DwFhoOu.exe

Filesize
2.3MB

MD5
1d5dd7defa6f55feb144a81276b86261

SHA1
17293e2e66b67e56cc4647708f30801f64733dbe

SHA256
eb69ca7426d4e146fdaef1a61255412d715bf9728b0b6dc5954546d8dacdaa32

SHA512
2799386f8c965d2650149b8b881e55dcf85c6e127b1b25d911c61d825dfa36ff56ccd63300d8b7e519c92301a844efc8a067703cbb5d7e0411a49027db96901c

Download Submit
C:\Windows\System\GZvfVRp.exe

Filesize
2.3MB

MD5
04534e80fd0a30b46bd1dbb46e7da692

SHA1
19b73f95f1045f6dd0fc18b4e7ada6b0dd227f22

SHA256
c5424ba67ed0fcf08789642948f724b634e6b797dd440826405b6a9550f5a75e

SHA512
e1763bd981d3196f058246b3f83a3cc4aba98f01fae53f589f4bf7577f7f3b86cc7042385939565e3f0ace652e64165bf6f435ffb79250ef01d49288d1abdc9a

Download Submit
C:\Windows\System\IqCgcLr.exe

Filesize
2.3MB

MD5
153d07dfb41b53d392bb80b71f2cd31e

SHA1
cb156db5b231348838225e84e68bfb6c5299bcae

SHA256
d97bee52a9de46edb58f6576ac3d20d41dcdcc55bf97c016fe602822f435a007

SHA512
f08497fe09c8ec429e145164c967f6b7538fbe34e62f0d7d11a42acbfa3c22aca2d2519847092f7e805f6b3ed165e204aca53a480316f0bd84ad1c3db912d6b4

Download Submit
C:\Windows\System\JebSpTS.exe

Filesize
2.3MB

MD5
a68a46e552463bcbf3f0c02ca79bfe43

SHA1
0d3321db8e542d24b876cb02814470f7fcabc023

SHA256
5355460c9738adf935e6407caaa5c5de899e7f25114e5f421dbbc9daa367fb70

SHA512
fc06f36ccc37e8be2e7bfad1b341601cfc2b90bcf3c74feb797ba8bf4a57a22a3c4cc3ca60e24fd7b6764659c7d3b38e0689dc7245da0bc4609e76bf88730ef0

Download Submit
C:\Windows\System\JkbAFzF.exe

Filesize
2.3MB

MD5
b3c407aa99d728323c5daa8c3d672c7c

SHA1
2591519a2faa67ea29efa373d9819c0192c9101d

SHA256
6e90a9635d1c5fcf61b277bb01b9076031f44c274570681f15de82de9289e3c1

SHA512
a6b8731abf1640318345b6d20bf4201e641362fc61843acbd497f863492ca72dd087da876167be57edda66d349acd00b62290fc112a7abd4e5eb9f693fae7bb9

Download Submit
C:\Windows\System\LoMWrjp.exe

Filesize
2.3MB

MD5
59c530e811c6dcdb25a88f626b1bc904

SHA1
4c2b719d9a29ab486c2918542deb15f93a034d91

SHA256
9cfa7a7c33319a3f65f4f1b9d9fa3cdae293b6ba91a22ad0f706fca0dc240f28

SHA512
3e013d9df9e54dc825c7e047e64ca4066c35130dbb6e8a51a1b7d22dfe4c584d4b1dba044898898e83fb3ac7c73176f33aeb491d93c1c11b3824ee781528fe82

Download Submit
C:\Windows\System\ORjEHmD.exe

Filesize
2.3MB

MD5
5df68f77e92fb3b72155599fd824f50e

SHA1
93f6f6ec75d1861e3227a12c3ed9ec67c90053b6

SHA256
e27598b3e94b687ec7d9d35607779933fe4c4fc7fc86b6cc1245970c42a806bb

SHA512
696ebb42a6d84a8cbd8df2b83484790a1e33a4faa16eaf9118795559138c6447070c184fc8993f048d6a96e57fcc6749872b432ac2776e780fc3b4861166f266

Download Submit
C:\Windows\System\OhpAifd.exe

Filesize
2.3MB

MD5
6c90a204e39f0ae15cb14eaba28a4eb3

SHA1
f8d0465db9855a468235c6735c0079d3ea6f6a37

SHA256
922e26c273162495ab637cd3da26799d345c90bc02e20522180c48ee21caf330

SHA512
4e9b9cdaf3520403c8608880e1b39b91bd0648c2fa0e2b8aabddacfd550d9f156873eda1be4b8519fa12bad5f8b58fce06f08e3cab58805608caa52dfddbc387

Download Submit
C:\Windows\System\QzxwcrN.exe

Filesize
2.3MB

MD5
8b2528493bb2c331481d03672e901cd3

SHA1
503d76cf7093875d720f06fb3c7a14f8634ab6fa

SHA256
49ef5afaf3f29923af0f5006b6574fea7ca1692cd7667cf063a81519b94af514

SHA512
680a9744870d2b8e532f6df33db5a1c982115ff5cfcce9da2657937386bbdd33e6d54ae67cde1c94c3ab2ca17ccffdedbe5d832d7960179c6fcdcd422b0a6417

Download Submit
C:\Windows\System\TJzeLTh.exe

Filesize
2.3MB

MD5
a8fc67e246cc865be67b9cd0d1c6559b

SHA1
756b22261d21d8a188223828b1345be3e503a22b

SHA256
045bb6771acdb5cb21ffd807e7ffbf5d37e4fb640013af6236d86bd53fc9203d

SHA512
0a343a6990abef981dd625126a771d706cca55576be3b9523ed606b5bb7826e998fb822882859f6dfafbe228dce5df86f7fa5edfce35b8a901d0d6527c4d9da0

Download Submit
C:\Windows\System\UVfzgEb.exe

Filesize
2.3MB

MD5
be248daa774e1fdbb187dc96b98ccb58

SHA1
0897ea7651f81ad8182a19e95a9522670327cab8

SHA256
1a783c10acc32f3ca758e48e90f0c6dffe2c7b72867578d19211a1335c6b6942

SHA512
429a858a9195ef0a13eb98baf22a8375b3a26d5319aa832270d9eca01a258e46d1e27e73d05ad6bc05eea9b1d92d2ba237e0f6c0ddf25aa3ef328e4d81f3c810

Download Submit
C:\Windows\System\bAGFtNU.exe

Filesize
2.3MB

MD5
af916340c93baef76b2cd5dd249e307d

SHA1
4379618d914a12e417da2e88795000278cdc2770

SHA256
d1670457cc0cb98b5cb3db60010a3a299142681d9dafd12bfb08d326136ead14

SHA512
4e83924c34248ef0cd6ca76f31ae8da26fe34ebb5a13e95341b120b881bc78d89ca495aec33775b4b500763dfea0f5a738bfe0a92abccd854e424812fa5639a9

Download Submit
C:\Windows\System\cMbXciO.exe

Filesize
2.3MB

MD5
b4887840fd9d8cb2c1a2b667e031f6b4

SHA1
ff08377c02d716d815c72a96f0aa449902b80133

SHA256
d95246650484573f4cf7a6bf08e2d70c3e1b9ca5cb8be95d111a563d5db40ffe

SHA512
2288e2daa26e0964dab3636c534477507122c41848ad435357c9f8de5a0c9119cd7053bc43d8b19326990c6dd0d72b2cd49d183f59ee3f9db9c57f1f82d65086

Download Submit
C:\Windows\System\cbgSRGl.exe

Filesize
2.3MB

MD5
8479bbe85b44e63e24d63aeb1226b215

SHA1
f1bdf19575eb0c1441763fa3a6eee526bbb3cd32

SHA256
481c5871da09e73b8a96a881571f6fd1595e715e47e92684783288bf21ba8788

SHA512
649cdb6d49c2e5eb3ffdad9281f56e984dfb2ee8ca27610eb0c872683b023b04603f4616d9caef43c80c907cbfe7b1608adf20164b5ae965c0919e4059cb80cb

Download Submit
C:\Windows\System\jBskSAO.exe

Filesize
2.3MB

MD5
74b284f6a5aedc7ffd3bab2ea749eda2

SHA1
3f8e6691abb748c93726616163d0f6d1b7649e90

SHA256
f1904c0637e3220af11da905118250752988d69999759d8b42e844956c1abc9a

SHA512
748ddee248fb6c5e8783c7e547b401404756be4b2d76a61714c95a549580c059809c73095c84b92573fd9a50d561524953ebbb2c46779ae1d5a5d2c8999ea635

Download Submit
C:\Windows\System\jTOIkzv.exe

Filesize
2.3MB

MD5
9b10783503a30f7395d2919b2900b584

SHA1
8b8521f25cc9eac6b0cfcb54e94281cdc33c76e5

SHA256
8145b8f968c0fb038efe98aafd798d013b60504f07bd9cfbd47923978fdc069f

SHA512
53ee8b0af8a04be62dd5d227ab4f90fbbf8eacd6f730bee2b8b2af2f9cbc0ef8c9d6bc614515eb86860e156f7dd0fb6ffd85a472af7bfe391ce33a9e348a91b8

Download Submit
C:\Windows\System\kSqQxUZ.exe

Filesize
2.3MB

MD5
1ea5b3240b018c8a60519b964c405fb5

SHA1
23d37f7e1d8ce3ecb657c9dfdafbf9dff6660a49

SHA256
beeb981bdf37b5a0b9e92e28cd94b98ce227fdc2cd49edd7225ceee454203c1a

SHA512
93b9032e438f1c9c17d33f40e78d71c5614b35454775d41ad888f7fc46bd8261f15c7a787885f0ec6237a8b95d62e7220322d32a887d7e38b46931b020bc6565

Download Submit
C:\Windows\System\khxTrbx.exe

Filesize
2.3MB

MD5
5d305ac12255ecaf29feec579c3d5e35

SHA1
9e0f6eb5b0b962262a576f8edeb752a4a0ff280f

SHA256
173059fccc04361e7c273206778de50fc01a5ee9a49b931dce646ca5fd7617e0

SHA512
32085b79e65f36886543a17db036da44a7c7ad00e2008b16895790b20ee3a7d2b33b56a47affe9f3b6772f74144b2a93687d5c441b89b964c600e0029c57d0c4

Download Submit
C:\Windows\System\mDRErAz.exe

Filesize
2.3MB

MD5
b1ab423ad5f51f779cec9f909d644eaf

SHA1
a61bcb45f67dd0ad874fa84da83df873a657ebd1

SHA256
74b7cf5b1c6f8749e56f1780e4c14d3c6c92ec28ef8a08874560108b59d03445

SHA512
a15ea7fa81067ee95719f12630d3b73e2a43331cc239415d3adae0f388dbff608880360124bdd5802043b50ae53f5ee6bcc6e89141ec2df68bf9342ddab8eb69

Download Submit
C:\Windows\System\njpIjoM.exe

Filesize
2.3MB

MD5
d4a71af0f32df64e9f2673a4c97b9ff4

SHA1
31e320c05f944e35dfeef3bbcc0d9d6940e1c53e

SHA256
2e01d6c7515b1068195c6398087448161d3a85436b5244930e277d8afa9887d0

SHA512
e7b27337a5fa866793f9c37d8a479bf2971fd350659d473b4b419cf821aa995be4bb9721671386d8f5c78ba32f01bfef01a8323aac9a638be43ed64b12d77074

Download Submit
C:\Windows\System\nviqsHn.exe

Filesize
2.3MB

MD5
2fda1b8470c0b02a49490cedff5a0d93

SHA1
52222917d722a82c9a7a906ab9ea5626b104c723

SHA256
94e2e313f17f159c28b69591338e0f6c9e768fd82632ff30cf049d3cf6bc39f9

SHA512
96de70e892218a5cf50a21d2db7da3659b17c9659ac497c44b84b8e702d5ff660e84756ee4253218ae055282e7cebc848497dce0ae5fb028a6d4b86ea341da22

Download Submit
C:\Windows\System\oxslwfH.exe

Filesize
2.3MB

MD5
daf2e709e11f8cb022d82850c62edc78

SHA1
cde52d8eb3d86e2c03891f5a27e300f82335cfce

SHA256
fb73d56b912ffc66b09c55491eef5163f4a8fbfb4b5c8bb0fd07e724a752a953

SHA512
d2a7b5182b21b77729c5c235f9469074be69eca63ce0db3fc7145db2cf36c19217f547797fe3d84cfaae6cd734b258a3105dd77c2570f1f6f5d04e9719b8c928

Download Submit
C:\Windows\System\pyAkEmq.exe

Filesize
2.3MB

MD5
8afd31b2976fac11e81712cfebfa5b4a

SHA1
86deee880ca687e161539858d4a327975a958bd6

SHA256
a75e53f20c17fb71adf64f821d77ccf2ed7542c176b51d1a6f6c66232167ce0d

SHA512
648e69c3611d2f325065ca3b400ddce4ea3be3ef9768586ecb0415f871e1e7205d0d933cf1422f4e53c9fd1b26042dfe2775224baaf606caa40d326267e67f5a

Download Submit
C:\Windows\System\qeWLVSg.exe

Filesize
2.3MB

MD5
cff705f8e665d15c6bb119f15cc9ea39

SHA1
451abbb393a2fffba1ed79e5ecde83e0a7d532e4

SHA256
57c526d4b5b3b7c46cd2edb092a50ae50c4d367419f4de9a8c73f60605e46e19

SHA512
8195f422f53d2cb2398a8b3682ef9ffe342c011566215eae26de3d886297f8e04593b141648748822be088e656ab5ed6a103a073834c0e9d137cebed2b941552

Download Submit
C:\Windows\System\rydOhRh.exe

Filesize
2.3MB

MD5
5e7d1c84fdefd8b535e5e138f9cf920a

SHA1
c7a084968a308f7ca7a225ec7c23aeb68fc4d44f

SHA256
398df0245e15a34f92c7a34ab58fdf375edcf3d5c544380d7a81a199d499a63c

SHA512
5a7bc6beb28d2bd03cbce8277f29fb0e5846acee131692b6c119005ce4791f316f83d4cd2eba7ab20525b1abd26ce0d062b738a6ba4704063e1089d862370e16

Download Submit
C:\Windows\System\vssotuE.exe

Filesize
2.3MB

MD5
9ccaa3a6663e21eab33aa979212e8465

SHA1
950bffb25cfa9cba38d97fd921834892e08512e4

SHA256
7aa383bcfd2d84e1dc7eec0bef00e26b9a496222950df86a30676eb600ac69dd

SHA512
5d94c054d76319129b223895dd052f32a5629f0c2c4a59ae60062a07c5f2573b64af5b59763debcce65606b90f83ce12f2fe106f4cef85f15b379a2c7a1cf2e1

Download Submit
C:\Windows\System\yfdvunE.exe

Filesize
2.3MB

MD5
8af7c1d20016204a30d773eeb13e1462

SHA1
516cdd458f823db9454a85061afcae54a4c1bc49

SHA256
18152d1b7d4ffd4847dca05a4db8da95006c0cf4cf0ed0b3181da2c97b774be4

SHA512
7d04596402fcd6c1de101538686ed360236385de15483475f16df49975e48f8881b46909054bfacb1035aa36b7e6ff57120090b78545c7a2410b7e5fa776ea57

Download Submit
C:\Windows\System\zNVdHQu.exe

Filesize
2.3MB

MD5
c7f2b758ef00f9a17462f54335ebbe9a

SHA1
deb6c8574cd7e157e09c57897d27657586517cdb

SHA256
cfe56ce5761e3342c4a5b71c603ff68669c7f497150eb71da86a080a822ab1c8

SHA512
e5d7228dcabd2bc6d2819de11cc35046628084729fdb21992ffd833f4be0e847f1b38f6b8d6d5d8a9110069b47f9297059036fd4690c250bcd606159941b4ed0

Download Submit
C:\Windows\System\zodEdoy.exe

Filesize
2.3MB

MD5
148f8497858c583279818c0eaccca87b

SHA1
43c602abeaf19340e58302076920dc778778fab5

SHA256
c949720e43bd324faa52d8926888d603becc55f8a849ba9e5aa861ecd8727251

SHA512
013d9e367d81534a569321f8eb06fdafa4dd605d3f15c0f4fad3d61ba8da5b376a6274832948d9d4362ab20c9d6a33e38e0b73085067afbe90dfd3b62928a19c

Download Submit
C:\Windows\System\zofvuTp.exe

Filesize
2.3MB

MD5
79a686c63467c9240591828af7e600fa

SHA1
3503294dd33738e0fbea8dcd95de3af7492fdbc2

SHA256
308ab57f4870e39392b57f62f4f098ca59419694da5a5c76d2eef58cab56ce49

SHA512
f73b45cafe68eb1e00322bc2d8a7cb99e408bb928721c65ae3eab13d33b15a6a990cd36f89d0000b3f94d6d3abe106eca49a0b809646a9c6d48e77e433746fe3

Download Submit
memory/560-634-0x00007FF7D8570000-0x00007FF7D88C4000-memory.dmp

Filesize
3.3MB

Download
memory/560-2093-0x00007FF7D8570000-0x00007FF7D88C4000-memory.dmp

Filesize
3.3MB

Download
memory/728-2110-0x00007FF72E300000-0x00007FF72E654000-memory.dmp

Filesize
3.3MB

Download
memory/728-693-0x00007FF72E300000-0x00007FF72E654000-memory.dmp

Filesize
3.3MB

Download
memory/948-2095-0x00007FF6B3D80000-0x00007FF6B40D4000-memory.dmp

Filesize
3.3MB

Download
memory/948-635-0x00007FF6B3D80000-0x00007FF6B40D4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2096-0x00007FF6153A0000-0x00007FF6156F4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-637-0x00007FF6153A0000-0x00007FF6156F4000-memory.dmp

Filesize
3.3MB

Download
memory/1112-638-0x00007FF6FBB60000-0x00007FF6FBEB4000-memory.dmp

Filesize
3.3MB

Download
memory/1112-2097-0x00007FF6FBB60000-0x00007FF6FBEB4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-631-0x00007FF7F8D60000-0x00007FF7F90B4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2094-0x00007FF7F8D60000-0x00007FF7F90B4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-633-0x00007FF7080D0000-0x00007FF708424000-memory.dmp

Filesize
3.3MB

Download
memory/1312-2091-0x00007FF7080D0000-0x00007FF708424000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2109-0x00007FF6F0FF0000-0x00007FF6F1344000-memory.dmp

Filesize
3.3MB

Download
memory/1524-696-0x00007FF6F0FF0000-0x00007FF6F1344000-memory.dmp

Filesize
3.3MB

Download
memory/1588-667-0x00007FF7DFA20000-0x00007FF7DFD74000-memory.dmp

Filesize
3.3MB

Download
memory/1588-2102-0x00007FF7DFA20000-0x00007FF7DFD74000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2090-0x00007FF7CCCF0000-0x00007FF7CD044000-memory.dmp

Filesize
3.3MB

Download
memory/1848-630-0x00007FF7CCCF0000-0x00007FF7CD044000-memory.dmp

Filesize
3.3MB

Download
memory/2240-763-0x00007FF7C9480000-0x00007FF7C97D4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-2088-0x00007FF7C9480000-0x00007FF7C97D4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-670-0x00007FF69F5A0000-0x00007FF69F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2106-0x00007FF69F5A0000-0x00007FF69F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-707-0x00007FF705060000-0x00007FF7053B4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2108-0x00007FF705060000-0x00007FF7053B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2099-0x00007FF7C6DA0000-0x00007FF7C70F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-639-0x00007FF7C6DA0000-0x00007FF7C70F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-642-0x00007FF6C6940000-0x00007FF6C6C94000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2105-0x00007FF6C6940000-0x00007FF6C6C94000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2087-0x00007FF7E7200000-0x00007FF7E7554000-memory.dmp

Filesize
3.3MB

Download
memory/3000-24-0x00007FF7E7200000-0x00007FF7E7554000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2103-0x00007FF780010000-0x00007FF780364000-memory.dmp

Filesize
3.3MB

Download
memory/3020-643-0x00007FF780010000-0x00007FF780364000-memory.dmp

Filesize
3.3MB

Download
memory/3276-2086-0x00007FF7802D0000-0x00007FF780624000-memory.dmp

Filesize
3.3MB

Download
memory/3276-628-0x00007FF7802D0000-0x00007FF780624000-memory.dmp

Filesize
3.3MB

Download
memory/3296-2085-0x00007FF6AC170000-0x00007FF6AC4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3296-17-0x00007FF6AC170000-0x00007FF6AC4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3588-740-0x00007FF67B540000-0x00007FF67B894000-memory.dmp

Filesize
3.3MB

Download
memory/3588-2113-0x00007FF67B540000-0x00007FF67B894000-memory.dmp

Filesize
3.3MB

Download
memory/3640-2084-0x00007FF7E4180000-0x00007FF7E44D4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-1-0x000002BCAB6D0000-0x000002BCAB6E0000-memory.dmp

Filesize
64KB

Download
memory/3640-0-0x00007FF7E4180000-0x00007FF7E44D4000-memory.dmp

Filesize
3.3MB

Download
memory/3672-2104-0x00007FF771B60000-0x00007FF771EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3672-641-0x00007FF771B60000-0x00007FF771EB4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2111-0x00007FF73FF30000-0x00007FF740284000-memory.dmp

Filesize
3.3MB

Download
memory/4072-746-0x00007FF73FF30000-0x00007FF740284000-memory.dmp

Filesize
3.3MB

Download
memory/4080-2089-0x00007FF7FA320000-0x00007FF7FA674000-memory.dmp

Filesize
3.3MB

Download
memory/4080-629-0x00007FF7FA320000-0x00007FF7FA674000-memory.dmp

Filesize
3.3MB

Download
memory/4148-660-0x00007FF629C70000-0x00007FF629FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2100-0x00007FF629C70000-0x00007FF629FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-632-0x00007FF6F79A0000-0x00007FF6F7CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2092-0x00007FF6F79A0000-0x00007FF6F7CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-640-0x00007FF69F220000-0x00007FF69F574000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2101-0x00007FF69F220000-0x00007FF69F574000-memory.dmp

Filesize
3.3MB

Download
memory/4576-2098-0x00007FF737DA0000-0x00007FF7380F4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-636-0x00007FF737DA0000-0x00007FF7380F4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-723-0x00007FF676410000-0x00007FF676764000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2112-0x00007FF676410000-0x00007FF676764000-memory.dmp

Filesize
3.3MB

Download
memory/5048-680-0x00007FF686580000-0x00007FF6868D4000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2107-0x00007FF686580000-0x00007FF6868D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads