Analysis
-
max time kernel
129s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23/05/2024, 20:53
Behavioral task
behavioral1
Sample
864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe
-
Size
1.5MB
-
MD5
864f90bb005b5d78cd32a6256ebc0d90
-
SHA1
70cdb5c79a749a3b359f4c0b9c853780648aa176
-
SHA256
0906e48959797ae08b7e74e01f0c950ce2d756b4a5868a372960ab806122fc9d
-
SHA512
be3f941b0a5f2ff4b218c6be94169b3901882862015f58d3134ee8a0160e892c75364d7a446e27dfa54e5100aa8b3f00104ce688b9dabf16c6bf2261c75696c5
-
SSDEEP
24576:RVIl/WDGCi7/qkatXBF6727HeoPO+XC7A9GaFDnFelC3yH09MvFcUVkl9O6pvVGG:ROdWCCi7/rahOY7CH09QFRk3FVFGF21
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
description pid Process procid_target PID 1048 created 3204 1048 WerFaultSecure.exe 81 -
XMRig Miner payload 58 IoCs
resource yara_rule behavioral2/memory/3180-42-0x00007FF74D760000-0x00007FF74DAB1000-memory.dmp xmrig behavioral2/memory/2028-45-0x00007FF77D330000-0x00007FF77D681000-memory.dmp xmrig behavioral2/memory/4896-58-0x00007FF6A97B0000-0x00007FF6A9B01000-memory.dmp xmrig behavioral2/memory/3928-302-0x00007FF7684A0000-0x00007FF7687F1000-memory.dmp xmrig behavioral2/memory/2512-307-0x00007FF6EF170000-0x00007FF6EF4C1000-memory.dmp xmrig behavioral2/memory/1916-313-0x00007FF6FE650000-0x00007FF6FE9A1000-memory.dmp xmrig behavioral2/memory/4924-314-0x00007FF71F830000-0x00007FF71FB81000-memory.dmp xmrig behavioral2/memory/2784-318-0x00007FF6581F0000-0x00007FF658541000-memory.dmp xmrig behavioral2/memory/4900-319-0x00007FF77DC90000-0x00007FF77DFE1000-memory.dmp xmrig behavioral2/memory/1132-322-0x00007FF7B8D80000-0x00007FF7B90D1000-memory.dmp xmrig behavioral2/memory/1736-325-0x00007FF7896E0000-0x00007FF789A31000-memory.dmp xmrig behavioral2/memory/2736-324-0x00007FF6F4CF0000-0x00007FF6F5041000-memory.dmp xmrig behavioral2/memory/664-323-0x00007FF7F5670000-0x00007FF7F59C1000-memory.dmp xmrig behavioral2/memory/4460-321-0x00007FF6987F0000-0x00007FF698B41000-memory.dmp xmrig behavioral2/memory/4032-320-0x00007FF66B570000-0x00007FF66B8C1000-memory.dmp xmrig behavioral2/memory/4264-316-0x00007FF769F50000-0x00007FF76A2A1000-memory.dmp xmrig behavioral2/memory/4504-317-0x00007FF60D1B0000-0x00007FF60D501000-memory.dmp xmrig behavioral2/memory/4816-315-0x00007FF78F140000-0x00007FF78F491000-memory.dmp xmrig behavioral2/memory/4988-310-0x00007FF71FBB0000-0x00007FF71FF01000-memory.dmp xmrig behavioral2/memory/2292-312-0x00007FF738CA0000-0x00007FF738FF1000-memory.dmp xmrig behavioral2/memory/4164-306-0x00007FF7AF520000-0x00007FF7AF871000-memory.dmp xmrig behavioral2/memory/2528-54-0x00007FF797250000-0x00007FF7975A1000-memory.dmp xmrig behavioral2/memory/4652-43-0x00007FF66DCA0000-0x00007FF66DFF1000-memory.dmp xmrig behavioral2/memory/3456-38-0x00007FF729BE0000-0x00007FF729F31000-memory.dmp xmrig behavioral2/memory/3324-35-0x00007FF6C0820000-0x00007FF6C0B71000-memory.dmp xmrig behavioral2/memory/2636-2183-0x00007FF69E410000-0x00007FF69E761000-memory.dmp xmrig behavioral2/memory/4520-2184-0x00007FF679B20000-0x00007FF679E71000-memory.dmp xmrig behavioral2/memory/3080-2200-0x00007FF6EA560000-0x00007FF6EA8B1000-memory.dmp xmrig behavioral2/memory/756-2204-0x00007FF745B10000-0x00007FF745E61000-memory.dmp xmrig behavioral2/memory/3324-2235-0x00007FF6C0820000-0x00007FF6C0B71000-memory.dmp xmrig behavioral2/memory/2528-2237-0x00007FF797250000-0x00007FF7975A1000-memory.dmp xmrig behavioral2/memory/3456-2239-0x00007FF729BE0000-0x00007FF729F31000-memory.dmp xmrig behavioral2/memory/4652-2243-0x00007FF66DCA0000-0x00007FF66DFF1000-memory.dmp xmrig behavioral2/memory/3180-2245-0x00007FF74D760000-0x00007FF74DAB1000-memory.dmp xmrig behavioral2/memory/2028-2241-0x00007FF77D330000-0x00007FF77D681000-memory.dmp xmrig behavioral2/memory/4896-2249-0x00007FF6A97B0000-0x00007FF6A9B01000-memory.dmp xmrig behavioral2/memory/2636-2247-0x00007FF69E410000-0x00007FF69E761000-memory.dmp xmrig behavioral2/memory/4520-2251-0x00007FF679B20000-0x00007FF679E71000-memory.dmp xmrig behavioral2/memory/3080-2253-0x00007FF6EA560000-0x00007FF6EA8B1000-memory.dmp xmrig behavioral2/memory/1736-2255-0x00007FF7896E0000-0x00007FF789A31000-memory.dmp xmrig behavioral2/memory/3928-2259-0x00007FF7684A0000-0x00007FF7687F1000-memory.dmp xmrig behavioral2/memory/756-2258-0x00007FF745B10000-0x00007FF745E61000-memory.dmp xmrig behavioral2/memory/2512-2263-0x00007FF6EF170000-0x00007FF6EF4C1000-memory.dmp xmrig behavioral2/memory/4988-2265-0x00007FF71FBB0000-0x00007FF71FF01000-memory.dmp xmrig behavioral2/memory/4164-2261-0x00007FF7AF520000-0x00007FF7AF871000-memory.dmp xmrig behavioral2/memory/4504-2277-0x00007FF60D1B0000-0x00007FF60D501000-memory.dmp xmrig behavioral2/memory/4264-2267-0x00007FF769F50000-0x00007FF76A2A1000-memory.dmp xmrig behavioral2/memory/1916-2275-0x00007FF6FE650000-0x00007FF6FE9A1000-memory.dmp xmrig behavioral2/memory/4924-2273-0x00007FF71F830000-0x00007FF71FB81000-memory.dmp xmrig behavioral2/memory/4816-2271-0x00007FF78F140000-0x00007FF78F491000-memory.dmp xmrig behavioral2/memory/2292-2269-0x00007FF738CA0000-0x00007FF738FF1000-memory.dmp xmrig behavioral2/memory/4032-2283-0x00007FF66B570000-0x00007FF66B8C1000-memory.dmp xmrig behavioral2/memory/664-2292-0x00007FF7F5670000-0x00007FF7F59C1000-memory.dmp xmrig behavioral2/memory/4460-2290-0x00007FF6987F0000-0x00007FF698B41000-memory.dmp xmrig behavioral2/memory/1132-2288-0x00007FF7B8D80000-0x00007FF7B90D1000-memory.dmp xmrig behavioral2/memory/4900-2281-0x00007FF77DC90000-0x00007FF77DFE1000-memory.dmp xmrig behavioral2/memory/2736-2286-0x00007FF6F4CF0000-0x00007FF6F5041000-memory.dmp xmrig behavioral2/memory/2784-2279-0x00007FF6581F0000-0x00007FF658541000-memory.dmp xmrig -
Executes dropped EXE 64 IoCs
pid Process 3324 juLDMnF.exe 2528 koDZomb.exe 3456 uwSbDuX.exe 3180 bfcGVZi.exe 4652 VnPFsgk.exe 2028 mJkWfeP.exe 4896 LCbSaZF.exe 2636 yWbGpqX.exe 4520 NUMToot.exe 3080 oiCWZFi.exe 756 uAUcZNZ.exe 1736 DaOHDBY.exe 3928 MeEyDje.exe 4164 HlRxBcd.exe 2512 vvBTMwS.exe 4988 CFSTHTD.exe 2292 gUmyOTJ.exe 1916 sSpspLM.exe 4924 lfwaqCt.exe 4816 RKVBugS.exe 4264 ZldiXeT.exe 4504 rkMgGua.exe 2784 lixswFw.exe 4900 EdFDOGr.exe 4032 BXPdIpU.exe 4460 HgPIhav.exe 1132 idGmYid.exe 664 pnwRlvU.exe 2736 YYvGtje.exe 1492 CrdEAuv.exe 2268 cWwVVMd.exe 3328 eesLwjS.exe 1828 VjTydqf.exe 4880 tSGQhkM.exe 1956 fiwJktc.exe 4100 yKNBmAY.exe 4268 FeHCNBO.exe 3188 nspZkjm.exe 4600 rweLJWZ.exe 5044 TmGCWmR.exe 4524 KTVnqTI.exe 4772 DXVMYSo.exe 4192 MaMgjsJ.exe 1444 FYuKNpV.exe 2808 mJCkCkI.exe 4648 tSJAIBW.exe 3916 YOuTDOA.exe 3156 hDwHSxe.exe 3272 SObFSKj.exe 5008 ajLwrQr.exe 4108 WhjrdBZ.exe 1968 YmMdsdu.exe 4140 PsKwKvV.exe 1628 LYDfSjF.exe 556 fxfCaOa.exe 3640 hVcVEmE.exe 3872 naBnnyn.exe 5088 WMGyQKs.exe 4512 IWuCDXj.exe 4308 DkmaoiM.exe 844 ybyiEfl.exe 4732 KtlAdHi.exe 4928 VNbtvfv.exe 4412 ncPIZUk.exe -
resource yara_rule behavioral2/memory/832-0-0x00007FF6808A0000-0x00007FF680BF1000-memory.dmp upx behavioral2/files/0x0008000000023454-4.dat upx behavioral2/files/0x0007000000023458-11.dat upx behavioral2/files/0x0007000000023459-9.dat upx behavioral2/files/0x000700000002345a-21.dat upx behavioral2/files/0x000700000002345b-26.dat upx behavioral2/files/0x000700000002345c-31.dat upx behavioral2/memory/3180-42-0x00007FF74D760000-0x00007FF74DAB1000-memory.dmp upx behavioral2/memory/2028-45-0x00007FF77D330000-0x00007FF77D681000-memory.dmp upx behavioral2/memory/2636-52-0x00007FF69E410000-0x00007FF69E761000-memory.dmp upx behavioral2/memory/4896-58-0x00007FF6A97B0000-0x00007FF6A9B01000-memory.dmp upx behavioral2/files/0x0007000000023461-61.dat upx behavioral2/files/0x0007000000023464-78.dat upx behavioral2/files/0x0007000000023466-94.dat upx behavioral2/files/0x0007000000023468-106.dat upx behavioral2/files/0x000700000002346c-118.dat upx behavioral2/files/0x000700000002346d-131.dat upx behavioral2/files/0x0007000000023471-143.dat upx behavioral2/files/0x0007000000023472-156.dat upx behavioral2/memory/756-297-0x00007FF745B10000-0x00007FF745E61000-memory.dmp upx behavioral2/memory/3928-302-0x00007FF7684A0000-0x00007FF7687F1000-memory.dmp upx behavioral2/memory/2512-307-0x00007FF6EF170000-0x00007FF6EF4C1000-memory.dmp upx behavioral2/memory/1916-313-0x00007FF6FE650000-0x00007FF6FE9A1000-memory.dmp upx behavioral2/memory/4924-314-0x00007FF71F830000-0x00007FF71FB81000-memory.dmp upx behavioral2/memory/2784-318-0x00007FF6581F0000-0x00007FF658541000-memory.dmp upx behavioral2/memory/4900-319-0x00007FF77DC90000-0x00007FF77DFE1000-memory.dmp upx behavioral2/memory/1132-322-0x00007FF7B8D80000-0x00007FF7B90D1000-memory.dmp upx behavioral2/memory/1736-325-0x00007FF7896E0000-0x00007FF789A31000-memory.dmp upx behavioral2/memory/2736-324-0x00007FF6F4CF0000-0x00007FF6F5041000-memory.dmp upx behavioral2/memory/664-323-0x00007FF7F5670000-0x00007FF7F59C1000-memory.dmp upx behavioral2/memory/4460-321-0x00007FF6987F0000-0x00007FF698B41000-memory.dmp upx behavioral2/memory/4032-320-0x00007FF66B570000-0x00007FF66B8C1000-memory.dmp upx behavioral2/memory/4264-316-0x00007FF769F50000-0x00007FF76A2A1000-memory.dmp upx behavioral2/memory/4504-317-0x00007FF60D1B0000-0x00007FF60D501000-memory.dmp upx behavioral2/memory/4816-315-0x00007FF78F140000-0x00007FF78F491000-memory.dmp upx behavioral2/memory/4988-310-0x00007FF71FBB0000-0x00007FF71FF01000-memory.dmp upx behavioral2/memory/2292-312-0x00007FF738CA0000-0x00007FF738FF1000-memory.dmp upx behavioral2/memory/4164-306-0x00007FF7AF520000-0x00007FF7AF871000-memory.dmp upx behavioral2/files/0x0007000000023477-173.dat upx behavioral2/files/0x0007000000023475-171.dat upx behavioral2/files/0x0007000000023476-168.dat upx behavioral2/files/0x0007000000023474-166.dat upx behavioral2/files/0x0007000000023473-161.dat upx behavioral2/files/0x0007000000023470-146.dat upx behavioral2/files/0x000700000002346f-141.dat upx behavioral2/files/0x000700000002346e-136.dat upx behavioral2/files/0x000700000002346b-121.dat upx behavioral2/files/0x000700000002346a-116.dat upx behavioral2/files/0x0007000000023469-111.dat upx behavioral2/files/0x0007000000023467-98.dat upx behavioral2/files/0x0007000000023465-91.dat upx behavioral2/files/0x0007000000023463-81.dat upx behavioral2/files/0x0007000000023462-72.dat upx behavioral2/files/0x0007000000023460-66.dat upx behavioral2/memory/3080-62-0x00007FF6EA560000-0x00007FF6EA8B1000-memory.dmp upx behavioral2/memory/4520-59-0x00007FF679B20000-0x00007FF679E71000-memory.dmp upx behavioral2/files/0x000700000002345f-60.dat upx behavioral2/memory/2528-54-0x00007FF797250000-0x00007FF7975A1000-memory.dmp upx behavioral2/files/0x000700000002345e-50.dat upx behavioral2/files/0x000700000002345d-47.dat upx behavioral2/memory/4652-43-0x00007FF66DCA0000-0x00007FF66DFF1000-memory.dmp upx behavioral2/memory/3456-38-0x00007FF729BE0000-0x00007FF729F31000-memory.dmp upx behavioral2/memory/3324-35-0x00007FF6C0820000-0x00007FF6C0B71000-memory.dmp upx behavioral2/memory/2636-2183-0x00007FF69E410000-0x00007FF69E761000-memory.dmp upx -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\System\UIjjPQZ.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\DQtfnvr.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\VVIszQd.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\uOGudsx.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\Gtqczdl.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\GlbGpJL.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\uUyWBSh.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\IxWavhI.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\LOluUfR.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\HwmInyD.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\mLYrkFV.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\aOFzdFK.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\IdSOZYF.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\rdrZesU.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\VjTydqf.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\zQgNxsp.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\fTKTVbl.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\NzVxplt.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\wjwPzAZ.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\Ufntugb.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\mXWxpek.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\hxfwTUT.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\AoSKDgP.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\aGjDxGI.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\jLZevii.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\WhjrdBZ.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\cQLhnPV.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\DQNobUI.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\FkHFrPz.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\AFBKDxe.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\TAaUbJJ.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\LDTTKpQ.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\SVdwNnQ.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\XeilCfu.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\QlCbNgH.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\wOVPgru.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\wzRnWFQ.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\AspRLxW.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\hfRixKN.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\EwMxJBk.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\yKNBmAY.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\BVGvtft.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\HHTAzva.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\tBXQZvA.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\sYOVIDY.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\kYyiRNK.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\AWCAqac.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\BIuZAFA.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\eibnlnr.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\NbilRYM.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\bkobiqn.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\aVDijuG.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\scJPJIk.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\peRrkLd.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\Ooxvrbl.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\prloCms.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\acEqUwB.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\yHRywsK.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\bFnoWBA.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\grjsFGI.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\ozIeKzA.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\koWlHPS.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\OIPhYsB.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe File created C:\Windows\System\SZXUKIp.exe 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 dwm.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags dwm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 dwm.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags dwm.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID dwm.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID dwm.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WerFaultSecure.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WerFaultSecure.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WerFaultSecure.exe -
Enumerates system info in registry 2 TTPs 4 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS dwm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU dwm.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WerFaultSecure.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WerFaultSecure.exe -
Modifies data under HKEY_USERS 18 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople dwm.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 14540 WerFaultSecure.exe 14540 WerFaultSecure.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeCreateGlobalPrivilege 3340 dwm.exe Token: SeChangeNotifyPrivilege 3340 dwm.exe Token: 33 3340 dwm.exe Token: SeIncBasePriorityPrivilege 3340 dwm.exe Token: SeShutdownPrivilege 3340 dwm.exe Token: SeCreatePagefilePrivilege 3340 dwm.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 832 wrote to memory of 3324 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 86 PID 832 wrote to memory of 3324 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 86 PID 832 wrote to memory of 2528 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 87 PID 832 wrote to memory of 2528 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 87 PID 832 wrote to memory of 3456 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 88 PID 832 wrote to memory of 3456 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 88 PID 832 wrote to memory of 3180 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 89 PID 832 wrote to memory of 3180 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 89 PID 832 wrote to memory of 4652 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 90 PID 832 wrote to memory of 4652 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 90 PID 832 wrote to memory of 2028 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 91 PID 832 wrote to memory of 2028 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 91 PID 832 wrote to memory of 4896 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 92 PID 832 wrote to memory of 4896 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 92 PID 832 wrote to memory of 2636 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 93 PID 832 wrote to memory of 2636 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 93 PID 832 wrote to memory of 4520 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 94 PID 832 wrote to memory of 4520 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 94 PID 832 wrote to memory of 3080 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 95 PID 832 wrote to memory of 3080 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 95 PID 832 wrote to memory of 756 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 96 PID 832 wrote to memory of 756 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 96 PID 832 wrote to memory of 1736 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 97 PID 832 wrote to memory of 1736 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 97 PID 832 wrote to memory of 3928 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 98 PID 832 wrote to memory of 3928 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 98 PID 832 wrote to memory of 4164 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 99 PID 832 wrote to memory of 4164 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 99 PID 832 wrote to memory of 2512 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 100 PID 832 wrote to memory of 2512 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 100 PID 832 wrote to memory of 4988 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 101 PID 832 wrote to memory of 4988 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 101 PID 832 wrote to memory of 2292 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 102 PID 832 wrote to memory of 2292 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 102 PID 832 wrote to memory of 1916 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 103 PID 832 wrote to memory of 1916 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 103 PID 832 wrote to memory of 4924 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 104 PID 832 wrote to memory of 4924 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 104 PID 832 wrote to memory of 4816 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 105 PID 832 wrote to memory of 4816 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 105 PID 832 wrote to memory of 4264 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 106 PID 832 wrote to memory of 4264 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 106 PID 832 wrote to memory of 4504 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 107 PID 832 wrote to memory of 4504 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 107 PID 832 wrote to memory of 2784 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 108 PID 832 wrote to memory of 2784 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 108 PID 832 wrote to memory of 4900 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 109 PID 832 wrote to memory of 4900 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 109 PID 832 wrote to memory of 4032 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 110 PID 832 wrote to memory of 4032 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 110 PID 832 wrote to memory of 4460 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 111 PID 832 wrote to memory of 4460 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 111 PID 832 wrote to memory of 1132 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 112 PID 832 wrote to memory of 1132 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 112 PID 832 wrote to memory of 664 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 113 PID 832 wrote to memory of 664 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 113 PID 832 wrote to memory of 2736 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 114 PID 832 wrote to memory of 2736 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 114 PID 832 wrote to memory of 1492 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 115 PID 832 wrote to memory of 1492 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 115 PID 832 wrote to memory of 2268 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 116 PID 832 wrote to memory of 2268 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 116 PID 832 wrote to memory of 3328 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 117 PID 832 wrote to memory of 3328 832 864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe 117
Processes
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc1⤵PID:3204
-
C:\Windows\system32\WerFaultSecure.exeC:\Windows\system32\WerFaultSecure.exe -u -p 3204 -s 21242⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:14540
-
-
C:\Users\Admin\AppData\Local\Temp\864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\864f90bb005b5d78cd32a6256ebc0d90_NeikiAnalytics.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Windows\System\juLDMnF.exeC:\Windows\System\juLDMnF.exe2⤵
- Executes dropped EXE
PID:3324
-
-
C:\Windows\System\koDZomb.exeC:\Windows\System\koDZomb.exe2⤵
- Executes dropped EXE
PID:2528
-
-
C:\Windows\System\uwSbDuX.exeC:\Windows\System\uwSbDuX.exe2⤵
- Executes dropped EXE
PID:3456
-
-
C:\Windows\System\bfcGVZi.exeC:\Windows\System\bfcGVZi.exe2⤵
- Executes dropped EXE
PID:3180
-
-
C:\Windows\System\VnPFsgk.exeC:\Windows\System\VnPFsgk.exe2⤵
- Executes dropped EXE
PID:4652
-
-
C:\Windows\System\mJkWfeP.exeC:\Windows\System\mJkWfeP.exe2⤵
- Executes dropped EXE
PID:2028
-
-
C:\Windows\System\LCbSaZF.exeC:\Windows\System\LCbSaZF.exe2⤵
- Executes dropped EXE
PID:4896
-
-
C:\Windows\System\yWbGpqX.exeC:\Windows\System\yWbGpqX.exe2⤵
- Executes dropped EXE
PID:2636
-
-
C:\Windows\System\NUMToot.exeC:\Windows\System\NUMToot.exe2⤵
- Executes dropped EXE
PID:4520
-
-
C:\Windows\System\oiCWZFi.exeC:\Windows\System\oiCWZFi.exe2⤵
- Executes dropped EXE
PID:3080
-
-
C:\Windows\System\uAUcZNZ.exeC:\Windows\System\uAUcZNZ.exe2⤵
- Executes dropped EXE
PID:756
-
-
C:\Windows\System\DaOHDBY.exeC:\Windows\System\DaOHDBY.exe2⤵
- Executes dropped EXE
PID:1736
-
-
C:\Windows\System\MeEyDje.exeC:\Windows\System\MeEyDje.exe2⤵
- Executes dropped EXE
PID:3928
-
-
C:\Windows\System\HlRxBcd.exeC:\Windows\System\HlRxBcd.exe2⤵
- Executes dropped EXE
PID:4164
-
-
C:\Windows\System\vvBTMwS.exeC:\Windows\System\vvBTMwS.exe2⤵
- Executes dropped EXE
PID:2512
-
-
C:\Windows\System\CFSTHTD.exeC:\Windows\System\CFSTHTD.exe2⤵
- Executes dropped EXE
PID:4988
-
-
C:\Windows\System\gUmyOTJ.exeC:\Windows\System\gUmyOTJ.exe2⤵
- Executes dropped EXE
PID:2292
-
-
C:\Windows\System\sSpspLM.exeC:\Windows\System\sSpspLM.exe2⤵
- Executes dropped EXE
PID:1916
-
-
C:\Windows\System\lfwaqCt.exeC:\Windows\System\lfwaqCt.exe2⤵
- Executes dropped EXE
PID:4924
-
-
C:\Windows\System\RKVBugS.exeC:\Windows\System\RKVBugS.exe2⤵
- Executes dropped EXE
PID:4816
-
-
C:\Windows\System\ZldiXeT.exeC:\Windows\System\ZldiXeT.exe2⤵
- Executes dropped EXE
PID:4264
-
-
C:\Windows\System\rkMgGua.exeC:\Windows\System\rkMgGua.exe2⤵
- Executes dropped EXE
PID:4504
-
-
C:\Windows\System\lixswFw.exeC:\Windows\System\lixswFw.exe2⤵
- Executes dropped EXE
PID:2784
-
-
C:\Windows\System\EdFDOGr.exeC:\Windows\System\EdFDOGr.exe2⤵
- Executes dropped EXE
PID:4900
-
-
C:\Windows\System\BXPdIpU.exeC:\Windows\System\BXPdIpU.exe2⤵
- Executes dropped EXE
PID:4032
-
-
C:\Windows\System\HgPIhav.exeC:\Windows\System\HgPIhav.exe2⤵
- Executes dropped EXE
PID:4460
-
-
C:\Windows\System\idGmYid.exeC:\Windows\System\idGmYid.exe2⤵
- Executes dropped EXE
PID:1132
-
-
C:\Windows\System\pnwRlvU.exeC:\Windows\System\pnwRlvU.exe2⤵
- Executes dropped EXE
PID:664
-
-
C:\Windows\System\YYvGtje.exeC:\Windows\System\YYvGtje.exe2⤵
- Executes dropped EXE
PID:2736
-
-
C:\Windows\System\CrdEAuv.exeC:\Windows\System\CrdEAuv.exe2⤵
- Executes dropped EXE
PID:1492
-
-
C:\Windows\System\cWwVVMd.exeC:\Windows\System\cWwVVMd.exe2⤵
- Executes dropped EXE
PID:2268
-
-
C:\Windows\System\eesLwjS.exeC:\Windows\System\eesLwjS.exe2⤵
- Executes dropped EXE
PID:3328
-
-
C:\Windows\System\VjTydqf.exeC:\Windows\System\VjTydqf.exe2⤵
- Executes dropped EXE
PID:1828
-
-
C:\Windows\System\tSGQhkM.exeC:\Windows\System\tSGQhkM.exe2⤵
- Executes dropped EXE
PID:4880
-
-
C:\Windows\System\fiwJktc.exeC:\Windows\System\fiwJktc.exe2⤵
- Executes dropped EXE
PID:1956
-
-
C:\Windows\System\yKNBmAY.exeC:\Windows\System\yKNBmAY.exe2⤵
- Executes dropped EXE
PID:4100
-
-
C:\Windows\System\FeHCNBO.exeC:\Windows\System\FeHCNBO.exe2⤵
- Executes dropped EXE
PID:4268
-
-
C:\Windows\System\nspZkjm.exeC:\Windows\System\nspZkjm.exe2⤵
- Executes dropped EXE
PID:3188
-
-
C:\Windows\System\rweLJWZ.exeC:\Windows\System\rweLJWZ.exe2⤵
- Executes dropped EXE
PID:4600
-
-
C:\Windows\System\TmGCWmR.exeC:\Windows\System\TmGCWmR.exe2⤵
- Executes dropped EXE
PID:5044
-
-
C:\Windows\System\KTVnqTI.exeC:\Windows\System\KTVnqTI.exe2⤵
- Executes dropped EXE
PID:4524
-
-
C:\Windows\System\DXVMYSo.exeC:\Windows\System\DXVMYSo.exe2⤵
- Executes dropped EXE
PID:4772
-
-
C:\Windows\System\MaMgjsJ.exeC:\Windows\System\MaMgjsJ.exe2⤵
- Executes dropped EXE
PID:4192
-
-
C:\Windows\System\FYuKNpV.exeC:\Windows\System\FYuKNpV.exe2⤵
- Executes dropped EXE
PID:1444
-
-
C:\Windows\System\mJCkCkI.exeC:\Windows\System\mJCkCkI.exe2⤵
- Executes dropped EXE
PID:2808
-
-
C:\Windows\System\tSJAIBW.exeC:\Windows\System\tSJAIBW.exe2⤵
- Executes dropped EXE
PID:4648
-
-
C:\Windows\System\YOuTDOA.exeC:\Windows\System\YOuTDOA.exe2⤵
- Executes dropped EXE
PID:3916
-
-
C:\Windows\System\hDwHSxe.exeC:\Windows\System\hDwHSxe.exe2⤵
- Executes dropped EXE
PID:3156
-
-
C:\Windows\System\SObFSKj.exeC:\Windows\System\SObFSKj.exe2⤵
- Executes dropped EXE
PID:3272
-
-
C:\Windows\System\ajLwrQr.exeC:\Windows\System\ajLwrQr.exe2⤵
- Executes dropped EXE
PID:5008
-
-
C:\Windows\System\WhjrdBZ.exeC:\Windows\System\WhjrdBZ.exe2⤵
- Executes dropped EXE
PID:4108
-
-
C:\Windows\System\YmMdsdu.exeC:\Windows\System\YmMdsdu.exe2⤵
- Executes dropped EXE
PID:1968
-
-
C:\Windows\System\PsKwKvV.exeC:\Windows\System\PsKwKvV.exe2⤵
- Executes dropped EXE
PID:4140
-
-
C:\Windows\System\LYDfSjF.exeC:\Windows\System\LYDfSjF.exe2⤵
- Executes dropped EXE
PID:1628
-
-
C:\Windows\System\fxfCaOa.exeC:\Windows\System\fxfCaOa.exe2⤵
- Executes dropped EXE
PID:556
-
-
C:\Windows\System\hVcVEmE.exeC:\Windows\System\hVcVEmE.exe2⤵
- Executes dropped EXE
PID:3640
-
-
C:\Windows\System\naBnnyn.exeC:\Windows\System\naBnnyn.exe2⤵
- Executes dropped EXE
PID:3872
-
-
C:\Windows\System\WMGyQKs.exeC:\Windows\System\WMGyQKs.exe2⤵
- Executes dropped EXE
PID:5088
-
-
C:\Windows\System\IWuCDXj.exeC:\Windows\System\IWuCDXj.exe2⤵
- Executes dropped EXE
PID:4512
-
-
C:\Windows\System\DkmaoiM.exeC:\Windows\System\DkmaoiM.exe2⤵
- Executes dropped EXE
PID:4308
-
-
C:\Windows\System\ybyiEfl.exeC:\Windows\System\ybyiEfl.exe2⤵
- Executes dropped EXE
PID:844
-
-
C:\Windows\System\KtlAdHi.exeC:\Windows\System\KtlAdHi.exe2⤵
- Executes dropped EXE
PID:4732
-
-
C:\Windows\System\VNbtvfv.exeC:\Windows\System\VNbtvfv.exe2⤵
- Executes dropped EXE
PID:4928
-
-
C:\Windows\System\ncPIZUk.exeC:\Windows\System\ncPIZUk.exe2⤵
- Executes dropped EXE
PID:4412
-
-
C:\Windows\System\ELGJKyq.exeC:\Windows\System\ELGJKyq.exe2⤵PID:3560
-
-
C:\Windows\System\wctyYeh.exeC:\Windows\System\wctyYeh.exe2⤵PID:5100
-
-
C:\Windows\System\QIajvnx.exeC:\Windows\System\QIajvnx.exe2⤵PID:4500
-
-
C:\Windows\System\tjeeFBf.exeC:\Windows\System\tjeeFBf.exe2⤵PID:1936
-
-
C:\Windows\System\pmSqGic.exeC:\Windows\System\pmSqGic.exe2⤵PID:5128
-
-
C:\Windows\System\EanJJlq.exeC:\Windows\System\EanJJlq.exe2⤵PID:5156
-
-
C:\Windows\System\mwDVkyl.exeC:\Windows\System\mwDVkyl.exe2⤵PID:5184
-
-
C:\Windows\System\LOvsHdP.exeC:\Windows\System\LOvsHdP.exe2⤵PID:5208
-
-
C:\Windows\System\NbilRYM.exeC:\Windows\System\NbilRYM.exe2⤵PID:5240
-
-
C:\Windows\System\YLhKhBE.exeC:\Windows\System\YLhKhBE.exe2⤵PID:5268
-
-
C:\Windows\System\dgITOCQ.exeC:\Windows\System\dgITOCQ.exe2⤵PID:5296
-
-
C:\Windows\System\ejUVABA.exeC:\Windows\System\ejUVABA.exe2⤵PID:5360
-
-
C:\Windows\System\kpRWaMO.exeC:\Windows\System\kpRWaMO.exe2⤵PID:5384
-
-
C:\Windows\System\UDyepXw.exeC:\Windows\System\UDyepXw.exe2⤵PID:5400
-
-
C:\Windows\System\fFROFok.exeC:\Windows\System\fFROFok.exe2⤵PID:5556
-
-
C:\Windows\System\CMvLcTr.exeC:\Windows\System\CMvLcTr.exe2⤵PID:5604
-
-
C:\Windows\System\fYurCRj.exeC:\Windows\System\fYurCRj.exe2⤵PID:5632
-
-
C:\Windows\System\acEqUwB.exeC:\Windows\System\acEqUwB.exe2⤵PID:5656
-
-
C:\Windows\System\qCQpbKv.exeC:\Windows\System\qCQpbKv.exe2⤵PID:5676
-
-
C:\Windows\System\mjVsxNL.exeC:\Windows\System\mjVsxNL.exe2⤵PID:5692
-
-
C:\Windows\System\GSsHfsc.exeC:\Windows\System\GSsHfsc.exe2⤵PID:5724
-
-
C:\Windows\System\CpopVIK.exeC:\Windows\System\CpopVIK.exe2⤵PID:5768
-
-
C:\Windows\System\rFeeZZN.exeC:\Windows\System\rFeeZZN.exe2⤵PID:5808
-
-
C:\Windows\System\fjDGOpt.exeC:\Windows\System\fjDGOpt.exe2⤵PID:5828
-
-
C:\Windows\System\sfHxhEV.exeC:\Windows\System\sfHxhEV.exe2⤵PID:5848
-
-
C:\Windows\System\CMROIME.exeC:\Windows\System\CMROIME.exe2⤵PID:5872
-
-
C:\Windows\System\MgjnZBS.exeC:\Windows\System\MgjnZBS.exe2⤵PID:5904
-
-
C:\Windows\System\TBwdhPe.exeC:\Windows\System\TBwdhPe.exe2⤵PID:5932
-
-
C:\Windows\System\CVunChr.exeC:\Windows\System\CVunChr.exe2⤵PID:5976
-
-
C:\Windows\System\VVIszQd.exeC:\Windows\System\VVIszQd.exe2⤵PID:5996
-
-
C:\Windows\System\ujlvPqB.exeC:\Windows\System\ujlvPqB.exe2⤵PID:6028
-
-
C:\Windows\System\XDZzTgu.exeC:\Windows\System\XDZzTgu.exe2⤵PID:6048
-
-
C:\Windows\System\LOluUfR.exeC:\Windows\System\LOluUfR.exe2⤵PID:6064
-
-
C:\Windows\System\PgArIrs.exeC:\Windows\System\PgArIrs.exe2⤵PID:6112
-
-
C:\Windows\System\WERgaOb.exeC:\Windows\System\WERgaOb.exe2⤵PID:6132
-
-
C:\Windows\System\NHqXcjS.exeC:\Windows\System\NHqXcjS.exe2⤵PID:1312
-
-
C:\Windows\System\hGJVkFl.exeC:\Windows\System\hGJVkFl.exe2⤵PID:2920
-
-
C:\Windows\System\mLHyrxG.exeC:\Windows\System\mLHyrxG.exe2⤵PID:2912
-
-
C:\Windows\System\RKOaQbD.exeC:\Windows\System\RKOaQbD.exe2⤵PID:1612
-
-
C:\Windows\System\ilGMKlf.exeC:\Windows\System\ilGMKlf.exe2⤵PID:2468
-
-
C:\Windows\System\aSQhjnd.exeC:\Windows\System\aSQhjnd.exe2⤵PID:5260
-
-
C:\Windows\System\OIPhYsB.exeC:\Windows\System\OIPhYsB.exe2⤵PID:4020
-
-
C:\Windows\System\DqGMZeH.exeC:\Windows\System\DqGMZeH.exe2⤵PID:4484
-
-
C:\Windows\System\rMVECeP.exeC:\Windows\System\rMVECeP.exe2⤵PID:2500
-
-
C:\Windows\System\wjwPzAZ.exeC:\Windows\System\wjwPzAZ.exe2⤵PID:1432
-
-
C:\Windows\System\MjPBAkg.exeC:\Windows\System\MjPBAkg.exe2⤵PID:212
-
-
C:\Windows\System\pFuJtVf.exeC:\Windows\System\pFuJtVf.exe2⤵PID:4292
-
-
C:\Windows\System\JaIQMjB.exeC:\Windows\System\JaIQMjB.exe2⤵PID:2640
-
-
C:\Windows\System\ZkTEsuB.exeC:\Windows\System\ZkTEsuB.exe2⤵PID:4856
-
-
C:\Windows\System\pILQcMp.exeC:\Windows\System\pILQcMp.exe2⤵PID:116
-
-
C:\Windows\System\mHHcUVo.exeC:\Windows\System\mHHcUVo.exe2⤵PID:5336
-
-
C:\Windows\System\zdTiKIK.exeC:\Windows\System\zdTiKIK.exe2⤵PID:4656
-
-
C:\Windows\System\gmceePg.exeC:\Windows\System\gmceePg.exe2⤵PID:960
-
-
C:\Windows\System\weeSjHW.exeC:\Windows\System\weeSjHW.exe2⤵PID:2244
-
-
C:\Windows\System\woKUPHR.exeC:\Windows\System\woKUPHR.exe2⤵PID:1704
-
-
C:\Windows\System\SfibOxz.exeC:\Windows\System\SfibOxz.exe2⤵PID:4404
-
-
C:\Windows\System\pVjgjmu.exeC:\Windows\System\pVjgjmu.exe2⤵PID:2284
-
-
C:\Windows\System\ZASZAFQ.exeC:\Windows\System\ZASZAFQ.exe2⤵PID:1772
-
-
C:\Windows\System\SVdwNnQ.exeC:\Windows\System\SVdwNnQ.exe2⤵PID:4288
-
-
C:\Windows\System\YBPjQqN.exeC:\Windows\System\YBPjQqN.exe2⤵PID:3496
-
-
C:\Windows\System\irtxnMk.exeC:\Windows\System\irtxnMk.exe2⤵PID:2984
-
-
C:\Windows\System\rvNAwaK.exeC:\Windows\System\rvNAwaK.exe2⤵PID:5600
-
-
C:\Windows\System\QBnJXoz.exeC:\Windows\System\QBnJXoz.exe2⤵PID:548
-
-
C:\Windows\System\INGIciH.exeC:\Windows\System\INGIciH.exe2⤵PID:920
-
-
C:\Windows\System\PfMNDyE.exeC:\Windows\System\PfMNDyE.exe2⤵PID:2632
-
-
C:\Windows\System\fpsxugX.exeC:\Windows\System\fpsxugX.exe2⤵PID:5652
-
-
C:\Windows\System\iYjVcQK.exeC:\Windows\System\iYjVcQK.exe2⤵PID:4476
-
-
C:\Windows\System\ROyRsOd.exeC:\Windows\System\ROyRsOd.exe2⤵PID:5704
-
-
C:\Windows\System\NffiWvy.exeC:\Windows\System\NffiWvy.exe2⤵PID:856
-
-
C:\Windows\System\ICYcyGO.exeC:\Windows\System\ICYcyGO.exe2⤵PID:5868
-
-
C:\Windows\System\PFEbHtA.exeC:\Windows\System\PFEbHtA.exe2⤵PID:5952
-
-
C:\Windows\System\YcMtWLO.exeC:\Windows\System\YcMtWLO.exe2⤵PID:5988
-
-
C:\Windows\System\ohXPvxT.exeC:\Windows\System\ohXPvxT.exe2⤵PID:6036
-
-
C:\Windows\System\LQaJOQd.exeC:\Windows\System\LQaJOQd.exe2⤵PID:6092
-
-
C:\Windows\System\EpzUNuC.exeC:\Windows\System\EpzUNuC.exe2⤵PID:1900
-
-
C:\Windows\System\DLFakjJ.exeC:\Windows\System\DLFakjJ.exe2⤵PID:5144
-
-
C:\Windows\System\gVDUyMJ.exeC:\Windows\System\gVDUyMJ.exe2⤵PID:5048
-
-
C:\Windows\System\GkJGosI.exeC:\Windows\System\GkJGosI.exe2⤵PID:2020
-
-
C:\Windows\System\yuQqExD.exeC:\Windows\System\yuQqExD.exe2⤵PID:2348
-
-
C:\Windows\System\mIxtbHR.exeC:\Windows\System\mIxtbHR.exe2⤵PID:5352
-
-
C:\Windows\System\TsZQpHC.exeC:\Windows\System\TsZQpHC.exe2⤵PID:3700
-
-
C:\Windows\System\wrApIrX.exeC:\Windows\System\wrApIrX.exe2⤵PID:3836
-
-
C:\Windows\System\oHIhYmc.exeC:\Windows\System\oHIhYmc.exe2⤵PID:4860
-
-
C:\Windows\System\KYLvxGk.exeC:\Windows\System\KYLvxGk.exe2⤵PID:4552
-
-
C:\Windows\System\zodmsRL.exeC:\Windows\System\zodmsRL.exe2⤵PID:220
-
-
C:\Windows\System\EtCCEWb.exeC:\Windows\System\EtCCEWb.exe2⤵PID:4444
-
-
C:\Windows\System\mPazuPn.exeC:\Windows\System\mPazuPn.exe2⤵PID:5648
-
-
C:\Windows\System\SbZQAUS.exeC:\Windows\System\SbZQAUS.exe2⤵PID:6108
-
-
C:\Windows\System\ZphehIK.exeC:\Windows\System\ZphehIK.exe2⤵PID:5992
-
-
C:\Windows\System\AxbOtQz.exeC:\Windows\System\AxbOtQz.exe2⤵PID:5224
-
-
C:\Windows\System\mopxfHf.exeC:\Windows\System\mopxfHf.exe2⤵PID:5340
-
-
C:\Windows\System\uOGudsx.exeC:\Windows\System\uOGudsx.exe2⤵PID:1668
-
-
C:\Windows\System\IwFxsao.exeC:\Windows\System\IwFxsao.exe2⤵PID:3764
-
-
C:\Windows\System\ZfxrpwT.exeC:\Windows\System\ZfxrpwT.exe2⤵PID:5504
-
-
C:\Windows\System\OMxIQip.exeC:\Windows\System\OMxIQip.exe2⤵PID:5824
-
-
C:\Windows\System\cQLhnPV.exeC:\Windows\System\cQLhnPV.exe2⤵PID:5468
-
-
C:\Windows\System\HwmInyD.exeC:\Windows\System\HwmInyD.exe2⤵PID:6044
-
-
C:\Windows\System\sjUNlRe.exeC:\Windows\System\sjUNlRe.exe2⤵PID:1652
-
-
C:\Windows\System\iPuJTWy.exeC:\Windows\System\iPuJTWy.exe2⤵PID:3920
-
-
C:\Windows\System\qsFghDR.exeC:\Windows\System\qsFghDR.exe2⤵PID:884
-
-
C:\Windows\System\JMjZoIT.exeC:\Windows\System\JMjZoIT.exe2⤵PID:2344
-
-
C:\Windows\System\LssWqEa.exeC:\Windows\System\LssWqEa.exe2⤵PID:5472
-
-
C:\Windows\System\ZPFdpSx.exeC:\Windows\System\ZPFdpSx.exe2⤵PID:4868
-
-
C:\Windows\System\EukMcDL.exeC:\Windows\System\EukMcDL.exe2⤵PID:6156
-
-
C:\Windows\System\nPXPItS.exeC:\Windows\System\nPXPItS.exe2⤵PID:6176
-
-
C:\Windows\System\VTFpzgi.exeC:\Windows\System\VTFpzgi.exe2⤵PID:6200
-
-
C:\Windows\System\pEQDlIE.exeC:\Windows\System\pEQDlIE.exe2⤵PID:6220
-
-
C:\Windows\System\XIzpPsf.exeC:\Windows\System\XIzpPsf.exe2⤵PID:6236
-
-
C:\Windows\System\SZXUKIp.exeC:\Windows\System\SZXUKIp.exe2⤵PID:6260
-
-
C:\Windows\System\WwwmrVe.exeC:\Windows\System\WwwmrVe.exe2⤵PID:6296
-
-
C:\Windows\System\BEQiTwC.exeC:\Windows\System\BEQiTwC.exe2⤵PID:6312
-
-
C:\Windows\System\dXUfswS.exeC:\Windows\System\dXUfswS.exe2⤵PID:6336
-
-
C:\Windows\System\CGgXprp.exeC:\Windows\System\CGgXprp.exe2⤵PID:6368
-
-
C:\Windows\System\NKMHLsV.exeC:\Windows\System\NKMHLsV.exe2⤵PID:6384
-
-
C:\Windows\System\pmnHwka.exeC:\Windows\System\pmnHwka.exe2⤵PID:6420
-
-
C:\Windows\System\vcpTvcI.exeC:\Windows\System\vcpTvcI.exe2⤵PID:6472
-
-
C:\Windows\System\YkziwRT.exeC:\Windows\System\YkziwRT.exe2⤵PID:6500
-
-
C:\Windows\System\moclwxn.exeC:\Windows\System\moclwxn.exe2⤵PID:6520
-
-
C:\Windows\System\iGbhYZe.exeC:\Windows\System\iGbhYZe.exe2⤵PID:6560
-
-
C:\Windows\System\KpEXfPp.exeC:\Windows\System\KpEXfPp.exe2⤵PID:6580
-
-
C:\Windows\System\ETKNvra.exeC:\Windows\System\ETKNvra.exe2⤵PID:6600
-
-
C:\Windows\System\fSriyrq.exeC:\Windows\System\fSriyrq.exe2⤵PID:6628
-
-
C:\Windows\System\jWawjrz.exeC:\Windows\System\jWawjrz.exe2⤵PID:6652
-
-
C:\Windows\System\eWenvEn.exeC:\Windows\System\eWenvEn.exe2⤵PID:6716
-
-
C:\Windows\System\OIcHphu.exeC:\Windows\System\OIcHphu.exe2⤵PID:6736
-
-
C:\Windows\System\bkobiqn.exeC:\Windows\System\bkobiqn.exe2⤵PID:6776
-
-
C:\Windows\System\pfChPxj.exeC:\Windows\System\pfChPxj.exe2⤵PID:6792
-
-
C:\Windows\System\ITznZXO.exeC:\Windows\System\ITznZXO.exe2⤵PID:6820
-
-
C:\Windows\System\njFQgQa.exeC:\Windows\System\njFQgQa.exe2⤵PID:6880
-
-
C:\Windows\System\HTnZBGS.exeC:\Windows\System\HTnZBGS.exe2⤵PID:6900
-
-
C:\Windows\System\yiJMXXG.exeC:\Windows\System\yiJMXXG.exe2⤵PID:6940
-
-
C:\Windows\System\DQNobUI.exeC:\Windows\System\DQNobUI.exe2⤵PID:6980
-
-
C:\Windows\System\hxfwTUT.exeC:\Windows\System\hxfwTUT.exe2⤵PID:7000
-
-
C:\Windows\System\qVciSPS.exeC:\Windows\System\qVciSPS.exe2⤵PID:7024
-
-
C:\Windows\System\yiNegAR.exeC:\Windows\System\yiNegAR.exe2⤵PID:7052
-
-
C:\Windows\System\sfhQmUQ.exeC:\Windows\System\sfhQmUQ.exe2⤵PID:7080
-
-
C:\Windows\System\TOHkfXD.exeC:\Windows\System\TOHkfXD.exe2⤵PID:7096
-
-
C:\Windows\System\irXCmSk.exeC:\Windows\System\irXCmSk.exe2⤵PID:7124
-
-
C:\Windows\System\WLgQNZW.exeC:\Windows\System\WLgQNZW.exe2⤵PID:7152
-
-
C:\Windows\System\iXMoVGX.exeC:\Windows\System\iXMoVGX.exe2⤵PID:2608
-
-
C:\Windows\System\YDeIsvu.exeC:\Windows\System\YDeIsvu.exe2⤵PID:6172
-
-
C:\Windows\System\mLYrkFV.exeC:\Windows\System\mLYrkFV.exe2⤵PID:6228
-
-
C:\Windows\System\GfeWEzn.exeC:\Windows\System\GfeWEzn.exe2⤵PID:6304
-
-
C:\Windows\System\aVDijuG.exeC:\Windows\System\aVDijuG.exe2⤵PID:6280
-
-
C:\Windows\System\oYSJovV.exeC:\Windows\System\oYSJovV.exe2⤵PID:6448
-
-
C:\Windows\System\NXxqdWB.exeC:\Windows\System\NXxqdWB.exe2⤵PID:6488
-
-
C:\Windows\System\ZFoXEsn.exeC:\Windows\System\ZFoXEsn.exe2⤵PID:6512
-
-
C:\Windows\System\bMZbEVe.exeC:\Windows\System\bMZbEVe.exe2⤵PID:6576
-
-
C:\Windows\System\zDybfqA.exeC:\Windows\System\zDybfqA.exe2⤵PID:6568
-
-
C:\Windows\System\bgbLOml.exeC:\Windows\System\bgbLOml.exe2⤵PID:6636
-
-
C:\Windows\System\vJUNblK.exeC:\Windows\System\vJUNblK.exe2⤵PID:6748
-
-
C:\Windows\System\UonnjKV.exeC:\Windows\System\UonnjKV.exe2⤵PID:6840
-
-
C:\Windows\System\zzSPMug.exeC:\Windows\System\zzSPMug.exe2⤵PID:6936
-
-
C:\Windows\System\CnOVAkt.exeC:\Windows\System\CnOVAkt.exe2⤵PID:6960
-
-
C:\Windows\System\TmnqfcK.exeC:\Windows\System\TmnqfcK.exe2⤵PID:7048
-
-
C:\Windows\System\IanrkqR.exeC:\Windows\System\IanrkqR.exe2⤵PID:7116
-
-
C:\Windows\System\uvNKUBC.exeC:\Windows\System\uvNKUBC.exe2⤵PID:7160
-
-
C:\Windows\System\ojRnwRO.exeC:\Windows\System\ojRnwRO.exe2⤵PID:6380
-
-
C:\Windows\System\wwraiWK.exeC:\Windows\System\wwraiWK.exe2⤵PID:6592
-
-
C:\Windows\System\JiRwQey.exeC:\Windows\System\JiRwQey.exe2⤵PID:6412
-
-
C:\Windows\System\QRKVSeV.exeC:\Windows\System\QRKVSeV.exe2⤵PID:6816
-
-
C:\Windows\System\FkHFrPz.exeC:\Windows\System\FkHFrPz.exe2⤵PID:6948
-
-
C:\Windows\System\ojMQExy.exeC:\Windows\System\ojMQExy.exe2⤵PID:7016
-
-
C:\Windows\System\BIDuCAQ.exeC:\Windows\System\BIDuCAQ.exe2⤵PID:6188
-
-
C:\Windows\System\EqfofmH.exeC:\Windows\System\EqfofmH.exe2⤵PID:6456
-
-
C:\Windows\System\hRUrIwj.exeC:\Windows\System\hRUrIwj.exe2⤵PID:7172
-
-
C:\Windows\System\KXvwfqY.exeC:\Windows\System\KXvwfqY.exe2⤵PID:7228
-
-
C:\Windows\System\yHRywsK.exeC:\Windows\System\yHRywsK.exe2⤵PID:7260
-
-
C:\Windows\System\JQglMkc.exeC:\Windows\System\JQglMkc.exe2⤵PID:7304
-
-
C:\Windows\System\omxnncE.exeC:\Windows\System\omxnncE.exe2⤵PID:7332
-
-
C:\Windows\System\PSHbGtQ.exeC:\Windows\System\PSHbGtQ.exe2⤵PID:7352
-
-
C:\Windows\System\UrgnvzO.exeC:\Windows\System\UrgnvzO.exe2⤵PID:7388
-
-
C:\Windows\System\fZuTHqP.exeC:\Windows\System\fZuTHqP.exe2⤵PID:7412
-
-
C:\Windows\System\YHoKyYF.exeC:\Windows\System\YHoKyYF.exe2⤵PID:7436
-
-
C:\Windows\System\CmxMENC.exeC:\Windows\System\CmxMENC.exe2⤵PID:7456
-
-
C:\Windows\System\kJAZpZq.exeC:\Windows\System\kJAZpZq.exe2⤵PID:7476
-
-
C:\Windows\System\VCFWSiU.exeC:\Windows\System\VCFWSiU.exe2⤵PID:7528
-
-
C:\Windows\System\YoRbrGE.exeC:\Windows\System\YoRbrGE.exe2⤵PID:7576
-
-
C:\Windows\System\zXktyqO.exeC:\Windows\System\zXktyqO.exe2⤵PID:7596
-
-
C:\Windows\System\FmShAJi.exeC:\Windows\System\FmShAJi.exe2⤵PID:7636
-
-
C:\Windows\System\sYOVIDY.exeC:\Windows\System\sYOVIDY.exe2⤵PID:7660
-
-
C:\Windows\System\awkwEbt.exeC:\Windows\System\awkwEbt.exe2⤵PID:7684
-
-
C:\Windows\System\OvyjkwP.exeC:\Windows\System\OvyjkwP.exe2⤵PID:7704
-
-
C:\Windows\System\OMfeZxO.exeC:\Windows\System\OMfeZxO.exe2⤵PID:7740
-
-
C:\Windows\System\JQRuWZa.exeC:\Windows\System\JQRuWZa.exe2⤵PID:7760
-
-
C:\Windows\System\QNMiVos.exeC:\Windows\System\QNMiVos.exe2⤵PID:7780
-
-
C:\Windows\System\wASVoxi.exeC:\Windows\System\wASVoxi.exe2⤵PID:7804
-
-
C:\Windows\System\qmQkyuR.exeC:\Windows\System\qmQkyuR.exe2⤵PID:7824
-
-
C:\Windows\System\JyUfQse.exeC:\Windows\System\JyUfQse.exe2⤵PID:7868
-
-
C:\Windows\System\scJPJIk.exeC:\Windows\System\scJPJIk.exe2⤵PID:7888
-
-
C:\Windows\System\bFnoWBA.exeC:\Windows\System\bFnoWBA.exe2⤵PID:7936
-
-
C:\Windows\System\RiDQUra.exeC:\Windows\System\RiDQUra.exe2⤵PID:7960
-
-
C:\Windows\System\JJkbJyZ.exeC:\Windows\System\JJkbJyZ.exe2⤵PID:7988
-
-
C:\Windows\System\pSUYWjt.exeC:\Windows\System\pSUYWjt.exe2⤵PID:8040
-
-
C:\Windows\System\Pdfqjin.exeC:\Windows\System\Pdfqjin.exe2⤵PID:8060
-
-
C:\Windows\System\jWGcWEr.exeC:\Windows\System\jWGcWEr.exe2⤵PID:8084
-
-
C:\Windows\System\EAVDufn.exeC:\Windows\System\EAVDufn.exe2⤵PID:8100
-
-
C:\Windows\System\dbDGvGU.exeC:\Windows\System\dbDGvGU.exe2⤵PID:8120
-
-
C:\Windows\System\iGMNSBG.exeC:\Windows\System\iGMNSBG.exe2⤵PID:8136
-
-
C:\Windows\System\AmERptI.exeC:\Windows\System\AmERptI.exe2⤵PID:8156
-
-
C:\Windows\System\RqJbIvb.exeC:\Windows\System\RqJbIvb.exe2⤵PID:8180
-
-
C:\Windows\System\QHQNuXi.exeC:\Windows\System\QHQNuXi.exe2⤵PID:6852
-
-
C:\Windows\System\saVZbwx.exeC:\Windows\System\saVZbwx.exe2⤵PID:6644
-
-
C:\Windows\System\ONGWlFt.exeC:\Windows\System\ONGWlFt.exe2⤵PID:7224
-
-
C:\Windows\System\AFBKDxe.exeC:\Windows\System\AFBKDxe.exe2⤵PID:7296
-
-
C:\Windows\System\Aedwvon.exeC:\Windows\System\Aedwvon.exe2⤵PID:7472
-
-
C:\Windows\System\YWSdXyI.exeC:\Windows\System\YWSdXyI.exe2⤵PID:7504
-
-
C:\Windows\System\tvGQJEx.exeC:\Windows\System\tvGQJEx.exe2⤵PID:7512
-
-
C:\Windows\System\weRHLsm.exeC:\Windows\System\weRHLsm.exe2⤵PID:7588
-
-
C:\Windows\System\lROtBct.exeC:\Windows\System\lROtBct.exe2⤵PID:7668
-
-
C:\Windows\System\xUKEpCU.exeC:\Windows\System\xUKEpCU.exe2⤵PID:7712
-
-
C:\Windows\System\GkNeGkV.exeC:\Windows\System\GkNeGkV.exe2⤵PID:7748
-
-
C:\Windows\System\bTEHLRZ.exeC:\Windows\System\bTEHLRZ.exe2⤵PID:7864
-
-
C:\Windows\System\rKmscbb.exeC:\Windows\System\rKmscbb.exe2⤵PID:7948
-
-
C:\Windows\System\ahBMrBF.exeC:\Windows\System\ahBMrBF.exe2⤵PID:7984
-
-
C:\Windows\System\imTZIsX.exeC:\Windows\System\imTZIsX.exe2⤵PID:8032
-
-
C:\Windows\System\jwGcIdj.exeC:\Windows\System\jwGcIdj.exe2⤵PID:8092
-
-
C:\Windows\System\fbClUzC.exeC:\Windows\System\fbClUzC.exe2⤵PID:8176
-
-
C:\Windows\System\fsLxAIc.exeC:\Windows\System\fsLxAIc.exe2⤵PID:6152
-
-
C:\Windows\System\Gtqczdl.exeC:\Windows\System\Gtqczdl.exe2⤵PID:7368
-
-
C:\Windows\System\nwmZuoY.exeC:\Windows\System\nwmZuoY.exe2⤵PID:7548
-
-
C:\Windows\System\kPXrFrO.exeC:\Windows\System\kPXrFrO.exe2⤵PID:7568
-
-
C:\Windows\System\PoUUHQD.exeC:\Windows\System\PoUUHQD.exe2⤵PID:7656
-
-
C:\Windows\System\NiczjMm.exeC:\Windows\System\NiczjMm.exe2⤵PID:7840
-
-
C:\Windows\System\HJJGxHx.exeC:\Windows\System\HJJGxHx.exe2⤵PID:7736
-
-
C:\Windows\System\GpMTyrP.exeC:\Windows\System\GpMTyrP.exe2⤵PID:8080
-
-
C:\Windows\System\PUyBYzN.exeC:\Windows\System\PUyBYzN.exe2⤵PID:7980
-
-
C:\Windows\System\hXQrPRv.exeC:\Windows\System\hXQrPRv.exe2⤵PID:6688
-
-
C:\Windows\System\XeilCfu.exeC:\Windows\System\XeilCfu.exe2⤵PID:7612
-
-
C:\Windows\System\pNyZOZQ.exeC:\Windows\System\pNyZOZQ.exe2⤵PID:8196
-
-
C:\Windows\System\NKojonr.exeC:\Windows\System\NKojonr.exe2⤵PID:8224
-
-
C:\Windows\System\wBAaVXg.exeC:\Windows\System\wBAaVXg.exe2⤵PID:8244
-
-
C:\Windows\System\inPjJMH.exeC:\Windows\System\inPjJMH.exe2⤵PID:8312
-
-
C:\Windows\System\GbNDQGR.exeC:\Windows\System\GbNDQGR.exe2⤵PID:8336
-
-
C:\Windows\System\tWCexVe.exeC:\Windows\System\tWCexVe.exe2⤵PID:8352
-
-
C:\Windows\System\cdndCUT.exeC:\Windows\System\cdndCUT.exe2⤵PID:8372
-
-
C:\Windows\System\hexJFYw.exeC:\Windows\System\hexJFYw.exe2⤵PID:8436
-
-
C:\Windows\System\BVGvtft.exeC:\Windows\System\BVGvtft.exe2⤵PID:8460
-
-
C:\Windows\System\YLYyNTj.exeC:\Windows\System\YLYyNTj.exe2⤵PID:8484
-
-
C:\Windows\System\LfaMTQJ.exeC:\Windows\System\LfaMTQJ.exe2⤵PID:8508
-
-
C:\Windows\System\JSYKSlx.exeC:\Windows\System\JSYKSlx.exe2⤵PID:8532
-
-
C:\Windows\System\GoupRnJ.exeC:\Windows\System\GoupRnJ.exe2⤵PID:8568
-
-
C:\Windows\System\aRqAaTZ.exeC:\Windows\System\aRqAaTZ.exe2⤵PID:8604
-
-
C:\Windows\System\peRrkLd.exeC:\Windows\System\peRrkLd.exe2⤵PID:8636
-
-
C:\Windows\System\MpuVNUP.exeC:\Windows\System\MpuVNUP.exe2⤵PID:8652
-
-
C:\Windows\System\vQSjkjw.exeC:\Windows\System\vQSjkjw.exe2⤵PID:8676
-
-
C:\Windows\System\EbcCAwg.exeC:\Windows\System\EbcCAwg.exe2⤵PID:8720
-
-
C:\Windows\System\ypjrkGN.exeC:\Windows\System\ypjrkGN.exe2⤵PID:8768
-
-
C:\Windows\System\QlCbNgH.exeC:\Windows\System\QlCbNgH.exe2⤵PID:8784
-
-
C:\Windows\System\ZVWDyZA.exeC:\Windows\System\ZVWDyZA.exe2⤵PID:8800
-
-
C:\Windows\System\Fvcuizb.exeC:\Windows\System\Fvcuizb.exe2⤵PID:8820
-
-
C:\Windows\System\gNZJxOT.exeC:\Windows\System\gNZJxOT.exe2⤵PID:8848
-
-
C:\Windows\System\EBZdMDg.exeC:\Windows\System\EBZdMDg.exe2⤵PID:8892
-
-
C:\Windows\System\rUJDGai.exeC:\Windows\System\rUJDGai.exe2⤵PID:8916
-
-
C:\Windows\System\vdcMcdK.exeC:\Windows\System\vdcMcdK.exe2⤵PID:8948
-
-
C:\Windows\System\wOVPgru.exeC:\Windows\System\wOVPgru.exe2⤵PID:8968
-
-
C:\Windows\System\hfRixKN.exeC:\Windows\System\hfRixKN.exe2⤵PID:8988
-
-
C:\Windows\System\kCglgPG.exeC:\Windows\System\kCglgPG.exe2⤵PID:9016
-
-
C:\Windows\System\bFmWNYw.exeC:\Windows\System\bFmWNYw.exe2⤵PID:9040
-
-
C:\Windows\System\wKCsssz.exeC:\Windows\System\wKCsssz.exe2⤵PID:9060
-
-
C:\Windows\System\DELVTWx.exeC:\Windows\System\DELVTWx.exe2⤵PID:9076
-
-
C:\Windows\System\GxcxauF.exeC:\Windows\System\GxcxauF.exe2⤵PID:9100
-
-
C:\Windows\System\sBStriM.exeC:\Windows\System\sBStriM.exe2⤵PID:9128
-
-
C:\Windows\System\rvWodwj.exeC:\Windows\System\rvWodwj.exe2⤵PID:9148
-
-
C:\Windows\System\kJutYLs.exeC:\Windows\System\kJutYLs.exe2⤵PID:9172
-
-
C:\Windows\System\aIGOFnX.exeC:\Windows\System\aIGOFnX.exe2⤵PID:9188
-
-
C:\Windows\System\JymxnpL.exeC:\Windows\System\JymxnpL.exe2⤵PID:8000
-
-
C:\Windows\System\UrbIYac.exeC:\Windows\System\UrbIYac.exe2⤵PID:8220
-
-
C:\Windows\System\nchbgXw.exeC:\Windows\System\nchbgXw.exe2⤵PID:7448
-
-
C:\Windows\System\zQgNxsp.exeC:\Windows\System\zQgNxsp.exe2⤵PID:8368
-
-
C:\Windows\System\jZhhdLd.exeC:\Windows\System\jZhhdLd.exe2⤵PID:8456
-
-
C:\Windows\System\ISKBExz.exeC:\Windows\System\ISKBExz.exe2⤵PID:7556
-
-
C:\Windows\System\NzEgNCC.exeC:\Windows\System\NzEgNCC.exe2⤵PID:8584
-
-
C:\Windows\System\unEnhdY.exeC:\Windows\System\unEnhdY.exe2⤵PID:8692
-
-
C:\Windows\System\ZQUareY.exeC:\Windows\System\ZQUareY.exe2⤵PID:8796
-
-
C:\Windows\System\CSfOxls.exeC:\Windows\System\CSfOxls.exe2⤵PID:8876
-
-
C:\Windows\System\PpiYdUs.exeC:\Windows\System\PpiYdUs.exe2⤵PID:8944
-
-
C:\Windows\System\pLItmuS.exeC:\Windows\System\pLItmuS.exe2⤵PID:8980
-
-
C:\Windows\System\iFMyfSp.exeC:\Windows\System\iFMyfSp.exe2⤵PID:8996
-
-
C:\Windows\System\rpXoWAM.exeC:\Windows\System\rpXoWAM.exe2⤵PID:9096
-
-
C:\Windows\System\cMxBvkG.exeC:\Windows\System\cMxBvkG.exe2⤵PID:9196
-
-
C:\Windows\System\cPuMilN.exeC:\Windows\System\cPuMilN.exe2⤵PID:8240
-
-
C:\Windows\System\UYGmfXM.exeC:\Windows\System\UYGmfXM.exe2⤵PID:8212
-
-
C:\Windows\System\LMZVlRe.exeC:\Windows\System\LMZVlRe.exe2⤵PID:8444
-
-
C:\Windows\System\YWPyaTo.exeC:\Windows\System\YWPyaTo.exe2⤵PID:8556
-
-
C:\Windows\System\lKdbbqO.exeC:\Windows\System\lKdbbqO.exe2⤵PID:8888
-
-
C:\Windows\System\Aubmnvl.exeC:\Windows\System\Aubmnvl.exe2⤵PID:8960
-
-
C:\Windows\System\AmwbkZF.exeC:\Windows\System\AmwbkZF.exe2⤵PID:9032
-
-
C:\Windows\System\TAaUbJJ.exeC:\Windows\System\TAaUbJJ.exe2⤵PID:8252
-
-
C:\Windows\System\Ooxvrbl.exeC:\Windows\System\Ooxvrbl.exe2⤵PID:8660
-
-
C:\Windows\System\dfNcBpr.exeC:\Windows\System\dfNcBpr.exe2⤵PID:8672
-
-
C:\Windows\System\rVjJHhk.exeC:\Windows\System\rVjJHhk.exe2⤵PID:9184
-
-
C:\Windows\System\GWvIkYA.exeC:\Windows\System\GWvIkYA.exe2⤵PID:8480
-
-
C:\Windows\System\GwnmMUD.exeC:\Windows\System\GwnmMUD.exe2⤵PID:9224
-
-
C:\Windows\System\GlbGpJL.exeC:\Windows\System\GlbGpJL.exe2⤵PID:9248
-
-
C:\Windows\System\JRPowbE.exeC:\Windows\System\JRPowbE.exe2⤵PID:9268
-
-
C:\Windows\System\IeFJsRu.exeC:\Windows\System\IeFJsRu.exe2⤵PID:9308
-
-
C:\Windows\System\QsFVIsV.exeC:\Windows\System\QsFVIsV.exe2⤵PID:9336
-
-
C:\Windows\System\uzSeZQL.exeC:\Windows\System\uzSeZQL.exe2⤵PID:9372
-
-
C:\Windows\System\wzRnWFQ.exeC:\Windows\System\wzRnWFQ.exe2⤵PID:9392
-
-
C:\Windows\System\FYWIBBs.exeC:\Windows\System\FYWIBBs.exe2⤵PID:9424
-
-
C:\Windows\System\HHTAzva.exeC:\Windows\System\HHTAzva.exe2⤵PID:9440
-
-
C:\Windows\System\grjsFGI.exeC:\Windows\System\grjsFGI.exe2⤵PID:9456
-
-
C:\Windows\System\iDjKHDG.exeC:\Windows\System\iDjKHDG.exe2⤵PID:9484
-
-
C:\Windows\System\rNFhmxa.exeC:\Windows\System\rNFhmxa.exe2⤵PID:9532
-
-
C:\Windows\System\UxBmNcZ.exeC:\Windows\System\UxBmNcZ.exe2⤵PID:9584
-
-
C:\Windows\System\UPMuIve.exeC:\Windows\System\UPMuIve.exe2⤵PID:9604
-
-
C:\Windows\System\OevdgiU.exeC:\Windows\System\OevdgiU.exe2⤵PID:9624
-
-
C:\Windows\System\cnrYMsq.exeC:\Windows\System\cnrYMsq.exe2⤵PID:9644
-
-
C:\Windows\System\CuIafQr.exeC:\Windows\System\CuIafQr.exe2⤵PID:9676
-
-
C:\Windows\System\DiZYwma.exeC:\Windows\System\DiZYwma.exe2⤵PID:9732
-
-
C:\Windows\System\xLrNqOX.exeC:\Windows\System\xLrNqOX.exe2⤵PID:9752
-
-
C:\Windows\System\wJSEQBM.exeC:\Windows\System\wJSEQBM.exe2⤵PID:9768
-
-
C:\Windows\System\aOFzdFK.exeC:\Windows\System\aOFzdFK.exe2⤵PID:9788
-
-
C:\Windows\System\RfGIGkL.exeC:\Windows\System\RfGIGkL.exe2⤵PID:9816
-
-
C:\Windows\System\HjdGraW.exeC:\Windows\System\HjdGraW.exe2⤵PID:9836
-
-
C:\Windows\System\HSPpLIG.exeC:\Windows\System\HSPpLIG.exe2⤵PID:9852
-
-
C:\Windows\System\LGDHnKt.exeC:\Windows\System\LGDHnKt.exe2⤵PID:9880
-
-
C:\Windows\System\hdmIjKp.exeC:\Windows\System\hdmIjKp.exe2⤵PID:9928
-
-
C:\Windows\System\AjzxlRY.exeC:\Windows\System\AjzxlRY.exe2⤵PID:9948
-
-
C:\Windows\System\uUyWBSh.exeC:\Windows\System\uUyWBSh.exe2⤵PID:10008
-
-
C:\Windows\System\GQqcADN.exeC:\Windows\System\GQqcADN.exe2⤵PID:10032
-
-
C:\Windows\System\judJVFb.exeC:\Windows\System\judJVFb.exe2⤵PID:10048
-
-
C:\Windows\System\iyYsaOI.exeC:\Windows\System\iyYsaOI.exe2⤵PID:10068
-
-
C:\Windows\System\pVaxZwC.exeC:\Windows\System\pVaxZwC.exe2⤵PID:10084
-
-
C:\Windows\System\cZhQmLA.exeC:\Windows\System\cZhQmLA.exe2⤵PID:10104
-
-
C:\Windows\System\QzqAnBO.exeC:\Windows\System\QzqAnBO.exe2⤵PID:10184
-
-
C:\Windows\System\mNmqSTE.exeC:\Windows\System\mNmqSTE.exe2⤵PID:10208
-
-
C:\Windows\System\hfRHHJC.exeC:\Windows\System\hfRHHJC.exe2⤵PID:10228
-
-
C:\Windows\System\onVZFaK.exeC:\Windows\System\onVZFaK.exe2⤵PID:8912
-
-
C:\Windows\System\KItWkyb.exeC:\Windows\System\KItWkyb.exe2⤵PID:9084
-
-
C:\Windows\System\AoSKDgP.exeC:\Windows\System\AoSKDgP.exe2⤵PID:9348
-
-
C:\Windows\System\FpKybDl.exeC:\Windows\System\FpKybDl.exe2⤵PID:9364
-
-
C:\Windows\System\IxWavhI.exeC:\Windows\System\IxWavhI.exe2⤵PID:9468
-
-
C:\Windows\System\QOidcAm.exeC:\Windows\System\QOidcAm.exe2⤵PID:9548
-
-
C:\Windows\System\yvCEhhw.exeC:\Windows\System\yvCEhhw.exe2⤵PID:9600
-
-
C:\Windows\System\gIRSnFY.exeC:\Windows\System\gIRSnFY.exe2⤵PID:9636
-
-
C:\Windows\System\qfXLkxp.exeC:\Windows\System\qfXLkxp.exe2⤵PID:9744
-
-
C:\Windows\System\pOCjjmb.exeC:\Windows\System\pOCjjmb.exe2⤵PID:9764
-
-
C:\Windows\System\YfdaufD.exeC:\Windows\System\YfdaufD.exe2⤵PID:9848
-
-
C:\Windows\System\OrRAFRN.exeC:\Windows\System\OrRAFRN.exe2⤵PID:9900
-
-
C:\Windows\System\VfBGctS.exeC:\Windows\System\VfBGctS.exe2⤵PID:9940
-
-
C:\Windows\System\kcKwekp.exeC:\Windows\System\kcKwekp.exe2⤵PID:10024
-
-
C:\Windows\System\oGTKyXn.exeC:\Windows\System\oGTKyXn.exe2⤵PID:10080
-
-
C:\Windows\System\kTWDFJe.exeC:\Windows\System\kTWDFJe.exe2⤵PID:10132
-
-
C:\Windows\System\RcPwRXz.exeC:\Windows\System\RcPwRXz.exe2⤵PID:8548
-
-
C:\Windows\System\slregGb.exeC:\Windows\System\slregGb.exe2⤵PID:9400
-
-
C:\Windows\System\tVRWnKk.exeC:\Windows\System\tVRWnKk.exe2⤵PID:9452
-
-
C:\Windows\System\ZZxhDIS.exeC:\Windows\System\ZZxhDIS.exe2⤵PID:9480
-
-
C:\Windows\System\JwYzIaz.exeC:\Windows\System\JwYzIaz.exe2⤵PID:9844
-
-
C:\Windows\System\STxgvHU.exeC:\Windows\System\STxgvHU.exe2⤵PID:9984
-
-
C:\Windows\System\AspRLxW.exeC:\Windows\System\AspRLxW.exe2⤵PID:10100
-
-
C:\Windows\System\SCBZxpF.exeC:\Windows\System\SCBZxpF.exe2⤵PID:9332
-
-
C:\Windows\System\SUvhmOS.exeC:\Windows\System\SUvhmOS.exe2⤵PID:9780
-
-
C:\Windows\System\CSdhDGU.exeC:\Windows\System\CSdhDGU.exe2⤵PID:10200
-
-
C:\Windows\System\yWdjuNI.exeC:\Windows\System\yWdjuNI.exe2⤵PID:9664
-
-
C:\Windows\System\UwcVTPU.exeC:\Windows\System\UwcVTPU.exe2⤵PID:10248
-
-
C:\Windows\System\ymqjxMV.exeC:\Windows\System\ymqjxMV.exe2⤵PID:10276
-
-
C:\Windows\System\cXwONFc.exeC:\Windows\System\cXwONFc.exe2⤵PID:10296
-
-
C:\Windows\System\OFnkAFv.exeC:\Windows\System\OFnkAFv.exe2⤵PID:10320
-
-
C:\Windows\System\XAWbQbm.exeC:\Windows\System\XAWbQbm.exe2⤵PID:10340
-
-
C:\Windows\System\OnyNYlY.exeC:\Windows\System\OnyNYlY.exe2⤵PID:10368
-
-
C:\Windows\System\jVCxzvT.exeC:\Windows\System\jVCxzvT.exe2⤵PID:10412
-
-
C:\Windows\System\LLdpFMK.exeC:\Windows\System\LLdpFMK.exe2⤵PID:10432
-
-
C:\Windows\System\mnDqOxm.exeC:\Windows\System\mnDqOxm.exe2⤵PID:10456
-
-
C:\Windows\System\eYqeJxT.exeC:\Windows\System\eYqeJxT.exe2⤵PID:10480
-
-
C:\Windows\System\GqnmJGO.exeC:\Windows\System\GqnmJGO.exe2⤵PID:10524
-
-
C:\Windows\System\kYyiRNK.exeC:\Windows\System\kYyiRNK.exe2⤵PID:10540
-
-
C:\Windows\System\fPKhyro.exeC:\Windows\System\fPKhyro.exe2⤵PID:10568
-
-
C:\Windows\System\aoYVKnc.exeC:\Windows\System\aoYVKnc.exe2⤵PID:10600
-
-
C:\Windows\System\hbTOfrL.exeC:\Windows\System\hbTOfrL.exe2⤵PID:10644
-
-
C:\Windows\System\dJQuwTg.exeC:\Windows\System\dJQuwTg.exe2⤵PID:10664
-
-
C:\Windows\System\zyAscTz.exeC:\Windows\System\zyAscTz.exe2⤵PID:10700
-
-
C:\Windows\System\ecwSTpz.exeC:\Windows\System\ecwSTpz.exe2⤵PID:10728
-
-
C:\Windows\System\TJoGrcR.exeC:\Windows\System\TJoGrcR.exe2⤵PID:10756
-
-
C:\Windows\System\MKYSQRg.exeC:\Windows\System\MKYSQRg.exe2⤵PID:10788
-
-
C:\Windows\System\uPYlCOi.exeC:\Windows\System\uPYlCOi.exe2⤵PID:10812
-
-
C:\Windows\System\LIwYRfX.exeC:\Windows\System\LIwYRfX.exe2⤵PID:10836
-
-
C:\Windows\System\RYJIAkh.exeC:\Windows\System\RYJIAkh.exe2⤵PID:10860
-
-
C:\Windows\System\wkXwtga.exeC:\Windows\System\wkXwtga.exe2⤵PID:10912
-
-
C:\Windows\System\RbRTuBS.exeC:\Windows\System\RbRTuBS.exe2⤵PID:10932
-
-
C:\Windows\System\tPkDAjY.exeC:\Windows\System\tPkDAjY.exe2⤵PID:10952
-
-
C:\Windows\System\EwMxJBk.exeC:\Windows\System\EwMxJBk.exe2⤵PID:10976
-
-
C:\Windows\System\ntuUtDI.exeC:\Windows\System\ntuUtDI.exe2⤵PID:11008
-
-
C:\Windows\System\pjhWlAy.exeC:\Windows\System\pjhWlAy.exe2⤵PID:11032
-
-
C:\Windows\System\rSUuylQ.exeC:\Windows\System\rSUuylQ.exe2⤵PID:11056
-
-
C:\Windows\System\TwddrCJ.exeC:\Windows\System\TwddrCJ.exe2⤵PID:11088
-
-
C:\Windows\System\yRSYsdB.exeC:\Windows\System\yRSYsdB.exe2⤵PID:11112
-
-
C:\Windows\System\TjNcFxa.exeC:\Windows\System\TjNcFxa.exe2⤵PID:11140
-
-
C:\Windows\System\cZjoJJr.exeC:\Windows\System\cZjoJJr.exe2⤵PID:11156
-
-
C:\Windows\System\hYpnbhh.exeC:\Windows\System\hYpnbhh.exe2⤵PID:11192
-
-
C:\Windows\System\VcSFGBJ.exeC:\Windows\System\VcSFGBJ.exe2⤵PID:11216
-
-
C:\Windows\System\HtvRDLE.exeC:\Windows\System\HtvRDLE.exe2⤵PID:11240
-
-
C:\Windows\System\GWkyehg.exeC:\Windows\System\GWkyehg.exe2⤵PID:11260
-
-
C:\Windows\System\nGjWviC.exeC:\Windows\System\nGjWviC.exe2⤵PID:10328
-
-
C:\Windows\System\REzEyPH.exeC:\Windows\System\REzEyPH.exe2⤵PID:10364
-
-
C:\Windows\System\LbTaTPN.exeC:\Windows\System\LbTaTPN.exe2⤵PID:10428
-
-
C:\Windows\System\eibnlnr.exeC:\Windows\System\eibnlnr.exe2⤵PID:10468
-
-
C:\Windows\System\WPGiejt.exeC:\Windows\System\WPGiejt.exe2⤵PID:10660
-
-
C:\Windows\System\wEbhcNr.exeC:\Windows\System\wEbhcNr.exe2⤵PID:10696
-
-
C:\Windows\System\UDYPoxO.exeC:\Windows\System\UDYPoxO.exe2⤵PID:10768
-
-
C:\Windows\System\BgGoIst.exeC:\Windows\System\BgGoIst.exe2⤵PID:10780
-
-
C:\Windows\System\YkuaNdN.exeC:\Windows\System\YkuaNdN.exe2⤵PID:10856
-
-
C:\Windows\System\oswygKU.exeC:\Windows\System\oswygKU.exe2⤵PID:10888
-
-
C:\Windows\System\pXoKGul.exeC:\Windows\System\pXoKGul.exe2⤵PID:11020
-
-
C:\Windows\System\OWgIRJm.exeC:\Windows\System\OWgIRJm.exe2⤵PID:11072
-
-
C:\Windows\System\QGfzOrG.exeC:\Windows\System\QGfzOrG.exe2⤵PID:11188
-
-
C:\Windows\System\xvwekmt.exeC:\Windows\System\xvwekmt.exe2⤵PID:11172
-
-
C:\Windows\System\khZADbW.exeC:\Windows\System\khZADbW.exe2⤵PID:11252
-
-
C:\Windows\System\RHlPKXj.exeC:\Windows\System\RHlPKXj.exe2⤵PID:10308
-
-
C:\Windows\System\nyYPaMk.exeC:\Windows\System\nyYPaMk.exe2⤵PID:10448
-
-
C:\Windows\System\cyhjtNG.exeC:\Windows\System\cyhjtNG.exe2⤵PID:10508
-
-
C:\Windows\System\FdvKaYQ.exeC:\Windows\System\FdvKaYQ.exe2⤵PID:10736
-
-
C:\Windows\System\tBXQZvA.exeC:\Windows\System\tBXQZvA.exe2⤵PID:10808
-
-
C:\Windows\System\qIOKfEE.exeC:\Windows\System\qIOKfEE.exe2⤵PID:10972
-
-
C:\Windows\System\SPyCTce.exeC:\Windows\System\SPyCTce.exe2⤵PID:10244
-
-
C:\Windows\System\dbwTyJT.exeC:\Windows\System\dbwTyJT.exe2⤵PID:10576
-
-
C:\Windows\System\WRVCncG.exeC:\Windows\System\WRVCncG.exe2⤵PID:10820
-
-
C:\Windows\System\cPtRsFP.exeC:\Windows\System\cPtRsFP.exe2⤵PID:11100
-
-
C:\Windows\System\PuetyWi.exeC:\Windows\System\PuetyWi.exe2⤵PID:10724
-
-
C:\Windows\System\eLKRTqL.exeC:\Windows\System\eLKRTqL.exe2⤵PID:11304
-
-
C:\Windows\System\WfsxiUl.exeC:\Windows\System\WfsxiUl.exe2⤵PID:11324
-
-
C:\Windows\System\sHlJZVh.exeC:\Windows\System\sHlJZVh.exe2⤵PID:11344
-
-
C:\Windows\System\LzXviaJ.exeC:\Windows\System\LzXviaJ.exe2⤵PID:11368
-
-
C:\Windows\System\IhZeDSD.exeC:\Windows\System\IhZeDSD.exe2⤵PID:11388
-
-
C:\Windows\System\bXQEfFJ.exeC:\Windows\System\bXQEfFJ.exe2⤵PID:11408
-
-
C:\Windows\System\PQYiPIZ.exeC:\Windows\System\PQYiPIZ.exe2⤵PID:11436
-
-
C:\Windows\System\bWsgLjw.exeC:\Windows\System\bWsgLjw.exe2⤵PID:11468
-
-
C:\Windows\System\icMSWAb.exeC:\Windows\System\icMSWAb.exe2⤵PID:11492
-
-
C:\Windows\System\jbUTnjw.exeC:\Windows\System\jbUTnjw.exe2⤵PID:11512
-
-
C:\Windows\System\FFDMNQV.exeC:\Windows\System\FFDMNQV.exe2⤵PID:11568
-
-
C:\Windows\System\SSpYpSt.exeC:\Windows\System\SSpYpSt.exe2⤵PID:11588
-
-
C:\Windows\System\kUBFlWm.exeC:\Windows\System\kUBFlWm.exe2⤵PID:11644
-
-
C:\Windows\System\nvPadWx.exeC:\Windows\System\nvPadWx.exe2⤵PID:11668
-
-
C:\Windows\System\CMCUPNF.exeC:\Windows\System\CMCUPNF.exe2⤵PID:11708
-
-
C:\Windows\System\tjfRzAB.exeC:\Windows\System\tjfRzAB.exe2⤵PID:11728
-
-
C:\Windows\System\OKCLyKS.exeC:\Windows\System\OKCLyKS.exe2⤵PID:11752
-
-
C:\Windows\System\ZtPJJIH.exeC:\Windows\System\ZtPJJIH.exe2⤵PID:11772
-
-
C:\Windows\System\miClWUB.exeC:\Windows\System\miClWUB.exe2⤵PID:11800
-
-
C:\Windows\System\fClJNHD.exeC:\Windows\System\fClJNHD.exe2⤵PID:11832
-
-
C:\Windows\System\eFBnYtB.exeC:\Windows\System\eFBnYtB.exe2⤵PID:11848
-
-
C:\Windows\System\TXQMLNL.exeC:\Windows\System\TXQMLNL.exe2⤵PID:11868
-
-
C:\Windows\System\UnwzTse.exeC:\Windows\System\UnwzTse.exe2⤵PID:11896
-
-
C:\Windows\System\eADtrPv.exeC:\Windows\System\eADtrPv.exe2⤵PID:11912
-
-
C:\Windows\System\vejDsVI.exeC:\Windows\System\vejDsVI.exe2⤵PID:11952
-
-
C:\Windows\System\xEEoxBk.exeC:\Windows\System\xEEoxBk.exe2⤵PID:11992
-
-
C:\Windows\System\QHURvUY.exeC:\Windows\System\QHURvUY.exe2⤵PID:12012
-
-
C:\Windows\System\yAdeZwj.exeC:\Windows\System\yAdeZwj.exe2⤵PID:12040
-
-
C:\Windows\System\equBUvz.exeC:\Windows\System\equBUvz.exe2⤵PID:12084
-
-
C:\Windows\System\dijpVPN.exeC:\Windows\System\dijpVPN.exe2⤵PID:12100
-
-
C:\Windows\System\yfeIOxC.exeC:\Windows\System\yfeIOxC.exe2⤵PID:12148
-
-
C:\Windows\System\YPJsZNv.exeC:\Windows\System\YPJsZNv.exe2⤵PID:12208
-
-
C:\Windows\System\hHJQqFQ.exeC:\Windows\System\hHJQqFQ.exe2⤵PID:12268
-
-
C:\Windows\System\tEJjwJG.exeC:\Windows\System\tEJjwJG.exe2⤵PID:12284
-
-
C:\Windows\System\rUbLjKg.exeC:\Windows\System\rUbLjKg.exe2⤵PID:10776
-
-
C:\Windows\System\sZCKnRD.exeC:\Windows\System\sZCKnRD.exe2⤵PID:11312
-
-
C:\Windows\System\HlQcFzf.exeC:\Windows\System\HlQcFzf.exe2⤵PID:11380
-
-
C:\Windows\System\fPceSrk.exeC:\Windows\System\fPceSrk.exe2⤵PID:11376
-
-
C:\Windows\System\HKHQrZE.exeC:\Windows\System\HKHQrZE.exe2⤵PID:11396
-
-
C:\Windows\System\AvYfZcc.exeC:\Windows\System\AvYfZcc.exe2⤵PID:11464
-
-
C:\Windows\System\VqBlpaD.exeC:\Windows\System\VqBlpaD.exe2⤵PID:11652
-
-
C:\Windows\System\WBiRnOn.exeC:\Windows\System\WBiRnOn.exe2⤵PID:11684
-
-
C:\Windows\System\Xbxefnj.exeC:\Windows\System\Xbxefnj.exe2⤵PID:11704
-
-
C:\Windows\System\eLAcwXB.exeC:\Windows\System\eLAcwXB.exe2⤵PID:12096
-
-
C:\Windows\System\KuDlpCR.exeC:\Windows\System\KuDlpCR.exe2⤵PID:12156
-
-
C:\Windows\System\AWCAqac.exeC:\Windows\System\AWCAqac.exe2⤵PID:12276
-
-
C:\Windows\System\XEVLVvB.exeC:\Windows\System\XEVLVvB.exe2⤵PID:12244
-
-
C:\Windows\System\BQLOVSt.exeC:\Windows\System\BQLOVSt.exe2⤵PID:12184
-
-
C:\Windows\System\wQdZBOY.exeC:\Windows\System\wQdZBOY.exe2⤵PID:12216
-
-
C:\Windows\System\NluJRrT.exeC:\Windows\System\NluJRrT.exe2⤵PID:11300
-
-
C:\Windows\System\ZPeRojk.exeC:\Windows\System\ZPeRojk.exe2⤵PID:11444
-
-
C:\Windows\System\pCGYjAS.exeC:\Windows\System\pCGYjAS.exe2⤵PID:11784
-
-
C:\Windows\System\PTUCROL.exeC:\Windows\System\PTUCROL.exe2⤵PID:11608
-
-
C:\Windows\System\lPXURmT.exeC:\Windows\System\lPXURmT.exe2⤵PID:11792
-
-
C:\Windows\System\ylmTSMd.exeC:\Windows\System\ylmTSMd.exe2⤵PID:12128
-
-
C:\Windows\System\heXJaEV.exeC:\Windows\System\heXJaEV.exe2⤵PID:12232
-
-
C:\Windows\System\dmGSWcb.exeC:\Windows\System\dmGSWcb.exe2⤵PID:12180
-
-
C:\Windows\System\AhAUJuu.exeC:\Windows\System\AhAUJuu.exe2⤵PID:11340
-
-
C:\Windows\System\TottvmI.exeC:\Windows\System\TottvmI.exe2⤵PID:11544
-
-
C:\Windows\System\Nrjwxek.exeC:\Windows\System\Nrjwxek.exe2⤵PID:11700
-
-
C:\Windows\System\HcEBnfU.exeC:\Windows\System\HcEBnfU.exe2⤵PID:12236
-
-
C:\Windows\System\prowJJw.exeC:\Windows\System\prowJJw.exe2⤵PID:12292
-
-
C:\Windows\System\IdSOZYF.exeC:\Windows\System\IdSOZYF.exe2⤵PID:12316
-
-
C:\Windows\System\qmtnNdY.exeC:\Windows\System\qmtnNdY.exe2⤵PID:12340
-
-
C:\Windows\System\ozIeKzA.exeC:\Windows\System\ozIeKzA.exe2⤵PID:12360
-
-
C:\Windows\System\tbhmqWQ.exeC:\Windows\System\tbhmqWQ.exe2⤵PID:12380
-
-
C:\Windows\System\SvIhxTf.exeC:\Windows\System\SvIhxTf.exe2⤵PID:12408
-
-
C:\Windows\System\HKsASzp.exeC:\Windows\System\HKsASzp.exe2⤵PID:12456
-
-
C:\Windows\System\rNPQuTU.exeC:\Windows\System\rNPQuTU.exe2⤵PID:12492
-
-
C:\Windows\System\cMewfxF.exeC:\Windows\System\cMewfxF.exe2⤵PID:12536
-
-
C:\Windows\System\nkFRQRW.exeC:\Windows\System\nkFRQRW.exe2⤵PID:12556
-
-
C:\Windows\System\whaaiUT.exeC:\Windows\System\whaaiUT.exe2⤵PID:12576
-
-
C:\Windows\System\aVKEeTb.exeC:\Windows\System\aVKEeTb.exe2⤵PID:12600
-
-
C:\Windows\System\CGVMcHP.exeC:\Windows\System\CGVMcHP.exe2⤵PID:12624
-
-
C:\Windows\System\mKFHMmc.exeC:\Windows\System\mKFHMmc.exe2⤵PID:12640
-
-
C:\Windows\System\DiRoqmO.exeC:\Windows\System\DiRoqmO.exe2⤵PID:12676
-
-
C:\Windows\System\OpaVMut.exeC:\Windows\System\OpaVMut.exe2⤵PID:12696
-
-
C:\Windows\System\oXHtqQZ.exeC:\Windows\System\oXHtqQZ.exe2⤵PID:12728
-
-
C:\Windows\System\XSiwpLX.exeC:\Windows\System\XSiwpLX.exe2⤵PID:12748
-
-
C:\Windows\System\rxZneXi.exeC:\Windows\System\rxZneXi.exe2⤵PID:12768
-
-
C:\Windows\System\Eopkuns.exeC:\Windows\System\Eopkuns.exe2⤵PID:12804
-
-
C:\Windows\System\whgtYVk.exeC:\Windows\System\whgtYVk.exe2⤵PID:12832
-
-
C:\Windows\System\qfPrhNp.exeC:\Windows\System\qfPrhNp.exe2⤵PID:12880
-
-
C:\Windows\System\hXXuDYR.exeC:\Windows\System\hXXuDYR.exe2⤵PID:12924
-
-
C:\Windows\System\XCtIaME.exeC:\Windows\System\XCtIaME.exe2⤵PID:12944
-
-
C:\Windows\System\jLZevii.exeC:\Windows\System\jLZevii.exe2⤵PID:12968
-
-
C:\Windows\System\nuAHXCJ.exeC:\Windows\System\nuAHXCJ.exe2⤵PID:12988
-
-
C:\Windows\System\WAPisjc.exeC:\Windows\System\WAPisjc.exe2⤵PID:13020
-
-
C:\Windows\System\phzSTAp.exeC:\Windows\System\phzSTAp.exe2⤵PID:13044
-
-
C:\Windows\System\WYmsZgM.exeC:\Windows\System\WYmsZgM.exe2⤵PID:13076
-
-
C:\Windows\System\XwDhwRc.exeC:\Windows\System\XwDhwRc.exe2⤵PID:13104
-
-
C:\Windows\System\YhtpUIl.exeC:\Windows\System\YhtpUIl.exe2⤵PID:13124
-
-
C:\Windows\System\koWlHPS.exeC:\Windows\System\koWlHPS.exe2⤵PID:13144
-
-
C:\Windows\System\KSqbmPo.exeC:\Windows\System\KSqbmPo.exe2⤵PID:13200
-
-
C:\Windows\System\McnMWLt.exeC:\Windows\System\McnMWLt.exe2⤵PID:13224
-
-
C:\Windows\System\QAkgyGd.exeC:\Windows\System\QAkgyGd.exe2⤵PID:13244
-
-
C:\Windows\System\mQeyNMc.exeC:\Windows\System\mQeyNMc.exe2⤵PID:13268
-
-
C:\Windows\System\piALetz.exeC:\Windows\System\piALetz.exe2⤵PID:13300
-
-
C:\Windows\System\UIjjPQZ.exeC:\Windows\System\UIjjPQZ.exe2⤵PID:12312
-
-
C:\Windows\System\iyAipJJ.exeC:\Windows\System\iyAipJJ.exe2⤵PID:12372
-
-
C:\Windows\System\xxTHwoi.exeC:\Windows\System\xxTHwoi.exe2⤵PID:12436
-
-
C:\Windows\System\DQtfnvr.exeC:\Windows\System\DQtfnvr.exe2⤵PID:12592
-
-
C:\Windows\System\vLHglfI.exeC:\Windows\System\vLHglfI.exe2⤵PID:12552
-
-
C:\Windows\System\INfVztN.exeC:\Windows\System\INfVztN.exe2⤵PID:12684
-
-
C:\Windows\System\XSoWBPU.exeC:\Windows\System\XSoWBPU.exe2⤵PID:12720
-
-
C:\Windows\System\IjEugmX.exeC:\Windows\System\IjEugmX.exe2⤵PID:12800
-
-
C:\Windows\System\UuqWUYn.exeC:\Windows\System\UuqWUYn.exe2⤵PID:12824
-
-
C:\Windows\System\PLPpyJR.exeC:\Windows\System\PLPpyJR.exe2⤵PID:12916
-
-
C:\Windows\System\toDvisU.exeC:\Windows\System\toDvisU.exe2⤵PID:12984
-
-
C:\Windows\System\PdjKZAZ.exeC:\Windows\System\PdjKZAZ.exe2⤵PID:12964
-
-
C:\Windows\System\CoSaChM.exeC:\Windows\System\CoSaChM.exe2⤵PID:13084
-
-
C:\Windows\System\UuYyaQe.exeC:\Windows\System\UuYyaQe.exe2⤵PID:13184
-
-
C:\Windows\System\eeyvtJG.exeC:\Windows\System\eeyvtJG.exe2⤵PID:13240
-
-
C:\Windows\System\aGjDxGI.exeC:\Windows\System\aGjDxGI.exe2⤵PID:13288
-
-
C:\Windows\System\oPMgPZi.exeC:\Windows\System\oPMgPZi.exe2⤵PID:11748
-
-
C:\Windows\System\dVZUgoZ.exeC:\Windows\System\dVZUgoZ.exe2⤵PID:12632
-
-
C:\Windows\System\zjpDijF.exeC:\Windows\System\zjpDijF.exe2⤵PID:12756
-
-
C:\Windows\System\sYyPBdI.exeC:\Windows\System\sYyPBdI.exe2⤵PID:2104
-
-
C:\Windows\System\FFgMPAT.exeC:\Windows\System\FFgMPAT.exe2⤵PID:1020
-
-
C:\Windows\System\oZoSTZc.exeC:\Windows\System\oZoSTZc.exe2⤵PID:13120
-
-
C:\Windows\System\EsmfUbW.exeC:\Windows\System\EsmfUbW.exe2⤵PID:13096
-
-
C:\Windows\System\UMoEFKF.exeC:\Windows\System\UMoEFKF.exe2⤵PID:13264
-
-
C:\Windows\System\LDTTKpQ.exeC:\Windows\System\LDTTKpQ.exe2⤵PID:12336
-
-
C:\Windows\System\XQehkAe.exeC:\Windows\System\XQehkAe.exe2⤵PID:12692
-
-
C:\Windows\System\RIYLQxn.exeC:\Windows\System\RIYLQxn.exe2⤵PID:12932
-
-
C:\Windows\System\krIdpxV.exeC:\Windows\System\krIdpxV.exe2⤵PID:13140
-
-
C:\Windows\System\BUsyNyJ.exeC:\Windows\System\BUsyNyJ.exe2⤵PID:13340
-
-
C:\Windows\System\SIiCMUb.exeC:\Windows\System\SIiCMUb.exe2⤵PID:13368
-
-
C:\Windows\System\BEbBCoc.exeC:\Windows\System\BEbBCoc.exe2⤵PID:13388
-
-
C:\Windows\System\pjAgbJx.exeC:\Windows\System\pjAgbJx.exe2⤵PID:13412
-
-
C:\Windows\System\JWhQoBh.exeC:\Windows\System\JWhQoBh.exe2⤵PID:13448
-
-
C:\Windows\System\jWyWbSo.exeC:\Windows\System\jWyWbSo.exe2⤵PID:13488
-
-
C:\Windows\System\cRAXwoC.exeC:\Windows\System\cRAXwoC.exe2⤵PID:13512
-
-
C:\Windows\System\cOpDRLD.exeC:\Windows\System\cOpDRLD.exe2⤵PID:13564
-
-
C:\Windows\System\rGsWDQJ.exeC:\Windows\System\rGsWDQJ.exe2⤵PID:13584
-
-
C:\Windows\System\MjiUXqb.exeC:\Windows\System\MjiUXqb.exe2⤵PID:13608
-
-
C:\Windows\System\JYVgNYd.exeC:\Windows\System\JYVgNYd.exe2⤵PID:13624
-
-
C:\Windows\System\zIguVUl.exeC:\Windows\System\zIguVUl.exe2⤵PID:13648
-
-
C:\Windows\System\BXexvOE.exeC:\Windows\System\BXexvOE.exe2⤵PID:13672
-
-
C:\Windows\System\gmxGBdq.exeC:\Windows\System\gmxGBdq.exe2⤵PID:13696
-
-
C:\Windows\System\DUmRzyp.exeC:\Windows\System\DUmRzyp.exe2⤵PID:13716
-
-
C:\Windows\System\dBYistD.exeC:\Windows\System\dBYistD.exe2⤵PID:13772
-
-
C:\Windows\System\PKnWNwb.exeC:\Windows\System\PKnWNwb.exe2⤵PID:13808
-
-
C:\Windows\System\XNxBkLg.exeC:\Windows\System\XNxBkLg.exe2⤵PID:13832
-
-
C:\Windows\System\KeoPbQp.exeC:\Windows\System\KeoPbQp.exe2⤵PID:13852
-
-
C:\Windows\System\mEUJWOG.exeC:\Windows\System\mEUJWOG.exe2⤵PID:13880
-
-
C:\Windows\System\XbqqzvN.exeC:\Windows\System\XbqqzvN.exe2⤵PID:13908
-
-
C:\Windows\System\fVCGTIZ.exeC:\Windows\System\fVCGTIZ.exe2⤵PID:13932
-
-
C:\Windows\System\SyjGnlw.exeC:\Windows\System\SyjGnlw.exe2⤵PID:13976
-
-
C:\Windows\System\mhiqIqf.exeC:\Windows\System\mhiqIqf.exe2⤵PID:14000
-
-
C:\Windows\System\WPRSCvD.exeC:\Windows\System\WPRSCvD.exe2⤵PID:14020
-
-
C:\Windows\System\sKxARBK.exeC:\Windows\System\sKxARBK.exe2⤵PID:14056
-
-
C:\Windows\System\iGvqwHl.exeC:\Windows\System\iGvqwHl.exe2⤵PID:14072
-
-
C:\Windows\System\tCTtVAB.exeC:\Windows\System\tCTtVAB.exe2⤵PID:14092
-
-
C:\Windows\System\jEAWhzJ.exeC:\Windows\System\jEAWhzJ.exe2⤵PID:14120
-
-
C:\Windows\System\yvBDgTu.exeC:\Windows\System\yvBDgTu.exe2⤵PID:14148
-
-
C:\Windows\System\YWldVxk.exeC:\Windows\System\YWldVxk.exe2⤵PID:14168
-
-
C:\Windows\System\GkySVTe.exeC:\Windows\System\GkySVTe.exe2⤵PID:14192
-
-
C:\Windows\System\HdpPZRa.exeC:\Windows\System\HdpPZRa.exe2⤵PID:14220
-
-
C:\Windows\System\dYtYKUw.exeC:\Windows\System\dYtYKUw.exe2⤵PID:14240
-
-
C:\Windows\System\rxDvqbk.exeC:\Windows\System\rxDvqbk.exe2⤵PID:14264
-
-
C:\Windows\System\JPjLwmo.exeC:\Windows\System\JPjLwmo.exe2⤵PID:14288
-
-
C:\Windows\System\GeSieXJ.exeC:\Windows\System\GeSieXJ.exe2⤵PID:12528
-
-
C:\Windows\System\fFmsFdN.exeC:\Windows\System\fFmsFdN.exe2⤵PID:12896
-
-
C:\Windows\System\kAlRiuK.exeC:\Windows\System\kAlRiuK.exe2⤵PID:4368
-
-
C:\Windows\System\fTKTVbl.exeC:\Windows\System\fTKTVbl.exe2⤵PID:13380
-
-
C:\Windows\System\bxYLBMf.exeC:\Windows\System\bxYLBMf.exe2⤵PID:13540
-
-
C:\Windows\System\uqAcEIj.exeC:\Windows\System\uqAcEIj.exe2⤵PID:13576
-
-
C:\Windows\System\Ufntugb.exeC:\Windows\System\Ufntugb.exe2⤵PID:13640
-
-
C:\Windows\System\vJFUwAV.exeC:\Windows\System\vJFUwAV.exe2⤵PID:13708
-
-
C:\Windows\System\MgCjtar.exeC:\Windows\System\MgCjtar.exe2⤵PID:13780
-
-
C:\Windows\System\MLJEmyk.exeC:\Windows\System\MLJEmyk.exe2⤵PID:13820
-
-
C:\Windows\System\rdrZesU.exeC:\Windows\System\rdrZesU.exe2⤵PID:13888
-
-
C:\Windows\System\KdgbqAV.exeC:\Windows\System\KdgbqAV.exe2⤵PID:13972
-
-
C:\Windows\System\YufkkRF.exeC:\Windows\System\YufkkRF.exe2⤵PID:14012
-
-
C:\Windows\System\lcgTymN.exeC:\Windows\System\lcgTymN.exe2⤵PID:14088
-
-
C:\Windows\System\YxHgjTS.exeC:\Windows\System\YxHgjTS.exe2⤵PID:14156
-
-
C:\Windows\System\sHuhFxG.exeC:\Windows\System\sHuhFxG.exe2⤵PID:14188
-
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3340
-
C:\Windows\system32\WerFaultSecure.exe"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 3204 -i 3204 -h 468 -j 460 -s 536 -d 01⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:1048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD526d90333d71566bf39d3b48d8b9b5079
SHA1ec8a89b50d220f0b3d07f7fac52a1d66cd7abb44
SHA256b18e30801a0cc00c06c8297026ea35ca3bb577792084d46037bbcf6adb1a37f3
SHA512a966ff837a677577c5e2d7f41529356b9da5caa40e50aa157f2b06c71379e5ef44c46395961f57762bdca9c7559a456a1f6a35e726386cc439c3681fc8ad9faa
-
Filesize
1.5MB
MD5a1b0281d4060361a914dde0bb6254b37
SHA10e3fc1eb12def6397f2c4578d6c906cf3c0a3ba0
SHA256d9736bef87bf465f2c3789892383d355343b41ff0c83583b681accea065e10cc
SHA512232c285496eaad33d8658e4da9371e9bdd8e4971cb2b752c4cdbb70a4d2d4530614acccb11e1c85f88f1b13eecbdf21f9ef42c5f5f08719d241cd0510acb288d
-
Filesize
1.5MB
MD5dd059168ec6f4867608bc2ad1d621edf
SHA1364b199b763d5f4927fed4c8b6fe5740598123b9
SHA2560debaed3c91b25ad3323fc549db47fd1c7d86ed9543711ec8f3e650b96c3d58b
SHA5124e8a761d10d2e8d36a40aa608fb4b70e6e2259a170e7416ba21e17fdbf58ec03ef8a1240d802b7c81271447bf19850f557671974e1735218a53d2f3f8d4bb9e3
-
Filesize
1.5MB
MD52305d46d3b9a82944ed6c80277aeee67
SHA107adb28730459e9eb3836442f0415b5e4d797fc8
SHA2560a473dfa6e8f0e8d9fec6482715c82775cdb679f8e8ddf6f9e071d5a70440897
SHA51232ddf0cc05d682ef9a5f57eec4393958fa2f352c4f20314332459840b668e2d8513ab96bdca2de68563cae65d4d420fb5bf29f2ddc5ac6d60777fca4a971862f
-
Filesize
1.5MB
MD53d555143f4b848c63253bebd6c626616
SHA166df818d09708416e1fb5221aa46bad101d01c51
SHA2563d9ce7911668bd5ee2cb128db5a388651216ba7b73f9675b36cfdf5f8d9e26d3
SHA5125a90a32a22d1e7643358c9d2165417e54142c4d612210e96ebc689f4aa09add053d100f79300e4269d0284da02d84f4232ecff4d502eb821a66c5975591b69af
-
Filesize
1.5MB
MD513d2f41965e37409b7c77743e530599e
SHA1fe8f23458ad8cbede7b6bb01713d00ec17697964
SHA2560db16f7cfcfbeb6b436c1dc0c1b2c2a0a9738dffc71b964579df5bca259adf11
SHA512bbb2348dfbd377ae61aaf21d879b27f971d951161f1a832f8bae2567dd095fc8ca1a94e71e46fba14f4922d09865c77cb70ec3b11a21f2b76c64cf4adb7766f7
-
Filesize
1.5MB
MD59f0038633f1623312518134ce7dd8d58
SHA1a753b024b00c8403003d63f477c8ccf062c555ba
SHA2562f3c9df33e5934982c5bbd7b911d54af181c7fad60bbe3010765773689f43615
SHA51233c68d93d85c20cbd5999f7a507992c11b054339cff520f3165ff52aa83f3c2b48e383d6e372499dffc00a5cb5871bedddb284e95c342b9741129a555c45216d
-
Filesize
1.5MB
MD51868e63737a0b157f66ba1f310b6b5b1
SHA1fe0f37a363ea16bfe5cfec626c493729632f3962
SHA2561a2f0ed8f9d95e3e5bb109044d41e9c9c697d59ec2bc27b9162a4b5a3f787db6
SHA512d623fff6a5e0f2ae30514d6d5328c79e60ee58f0bdac3d7c39a2cd2f3c6bc4d08ebe95bf41f0919155f3796c7de9da5fe50cef4cdf7563f01a989898a9ed434d
-
Filesize
1.5MB
MD5c05494660bc0e65ed156b4931f5e71fe
SHA1b0b95e0de8cd0af4d8b834112a4c17aa9096cdd6
SHA2566391a80555d844883b9d684a93e18cbc4d3cc358ad7cda2cc93faacbf8d38de6
SHA5124adbc7572038008939a003a8b1b211b3cb8d7341b38a6d54f325b99825805911f533d565135866128b43a6451352c6fdd3dd4dfd7119347ec0c3b0135687febc
-
Filesize
1.5MB
MD591e3849e80b00f9e5b16caa5a282ff74
SHA10fee03cac500d62b6cf7dcb7a0d8d73e0d7fdcb3
SHA256bf45be8f4b30e0130e8b072788c8413b9912582279bf1bd4cd0a7aee14be63eb
SHA512ae1c6ccc69ec7eeaf01a1bfb8f0b2588b2ffcb1d0c66e4add184ffd9db34f18905a945453f63f3ca454eb2f70fedf6957b62e71717b8a80a38e0538fb85642d2
-
Filesize
1.5MB
MD547588bb401a27ee8b9e4fc76f5d2f99f
SHA18e679ecc0f1dd0e2465b6031c82627c3bcb8ad91
SHA2560f4de58c3cdaca1582bfe13a0cea6d4a19e959e4d274dfdbe209c14d3cbbfb3e
SHA5122ca5f28e4c083299a82635b698334ae19aadbcea47dc0b0da7aa6bccf69160dccee6116c5a649fa45b225aaad1ff83c3e1e182f1d3b03034cbf322c534af6cc2
-
Filesize
1.5MB
MD5c6afd79c8e66cc5b854307aee24b1fb4
SHA11c8c95d852c77a9b2dd1099da4edbaa38b7f37f7
SHA256b216404f7666369817b750f1d34a3c434afe9f98ad15d58f9b810e94ac9824a1
SHA512c6f9587545286eeb0f0400fd854c4fd2d3e1621699a55c0da949b08b08baf909dfd381db20b6a3242ade4a7c9bd0d6495de9cb25b898075bd216b1d9b8acf563
-
Filesize
1.5MB
MD534b6734a508fe8d92d36287d004b6106
SHA12828001bf5fd422082e77a75be6bde7f5773ff23
SHA256bf43f35c7665d26b6077ef385a11e520595dba174df858cdc658ac2eeddcbedc
SHA512a5b956ca049ef8ccf929274a31f74127335c70d55d06d5512688d185d7260a0c57a761ec981fd0e473d88427fa4202858b9666284742527634e298365052d9f7
-
Filesize
1.5MB
MD5b6b57f62e5c1e5ec908bad9186954beb
SHA120f18463f06c40cb6a45175e32a5c98c8827c57b
SHA2567889d6bd77974a6d0b7941753787b67b72cf57309d514dd623bfe134c7371a22
SHA5128f5c164f7d31e2f05593cb417c27b4908f075cd88e7eec0d38a856cacdc7ce40b7ed979d49f0f63a9711c30628ca1ebc479df6d212f45b8c1c3a6676903e83b9
-
Filesize
1.5MB
MD517ec7d40d208e4ef930bb3d152dc7eef
SHA1e9c70d422778986328249751756efe574c626af7
SHA256509dcae0548f85d297e7187b2910141de93bec94592195944df3a3fa4e935aa4
SHA512f656417a3111d7f452e3408a74646cc0b22f52c1633137761fcb983b8b4fabb08d86977abd3aebaaf7cd6e48283d0cb319ecc663915bb1c1aa84553656b7073a
-
Filesize
1.5MB
MD55a434cc6ca3fe5b575c61de534786848
SHA1d10f8d0d8bbfc4804e7c43130b70dfaf2f6f0acc
SHA2563d979ccb6e5744d4fff7be9b687832deb3e00121fd7f2e33cad383cbd4a31f1c
SHA512e6c9acddc3f8759e6ce19ee6b8e21627ebaf8a05424ba762fa2d3d4ae4f2602308a1883410001398cc483d9eeaaecca52f5dcb6070df586632bb4b9987cdcafb
-
Filesize
1.5MB
MD5a7164b48c910ef05b74327b0ea852984
SHA10fb32a51bd037fda1d757002e949564aa9e3ed3f
SHA256b7efab67d523b32674a8118a1c6cc0234b2d8181eb95db1feba7d63011491775
SHA512a531d63018f5b308ad092756209cad23647ca2da87dccc7208c80360042e9b16eab2fd68b5c3fdf6f17546d7636cd61da8ed320239e3dbde064b7b05dc36b392
-
Filesize
1.5MB
MD57e1e374f12af936b8155ff34063af450
SHA1719ac03fceebe8b39701b7033088bcaf5a3345e3
SHA256ac17d189cd984e5978c85fff0b688c2503ca1a8916f3135591a18ae386cd37b3
SHA5125d42b6b7da760e5dbb90dc3d2f844307c4138e54779e57c49697a445119bd2ad9135d33f2884c3a24722bf5ac0b425d08c3c19c4c9548f2cf4ad477eb54c3408
-
Filesize
1.5MB
MD57693e195fa52985798f7a7dd030b6b0b
SHA101091eb133e3769a364946ec96484c6dfe97cb80
SHA256febe482b71dbcb472c56c0d7729a7723c0a283e30b402f2291dda98ab505a499
SHA5120385b8401638eee46e404b930e5b7b291bb1f2ba8a8b77bd6c5ffa7cd886d0bd284932a454f726e8868e605fffddfce942af43c57139212519c3030980ea5a1f
-
Filesize
1.5MB
MD55f5d6dd0f20f67a776bd35866b2bbbf7
SHA1b3b4f0296bef220f98e06c0090ef7bc39e55dbc0
SHA2560d38770a468583ec0f7b921ab6231902349e7f53707ba6be59a3f0f0b408179d
SHA5122490f4ed724eed05aa949d9f254f35a560337362b7f59dc42a6486793d9e4dc3555a481122a8073f821c610ae9118a0ac3d85c09c3ad9cccc5aa630a826bfaf8
-
Filesize
1.5MB
MD518b5b841d9e6817668c9418ccd192bd8
SHA18502a13f17b2f03908f84c9b3e8191129a2fb69f
SHA256cfa8a98485de7f8c7eaba14ae7f5893b77748ab51924f21bd02107af705855eb
SHA5128f7e94d598ba355866bc9d19a7122e68e0f52bca13ab1004f37b32ab4c55069c011615d08d68c24cf9cbb8b73e11511037a039cb5501fc99a8e9dccf84c35da5
-
Filesize
1.5MB
MD524fb42562986f498ee52960d040a85f1
SHA12ee2db7ed7a9f8bbef1b7f1b58c681939f26ff09
SHA256d13141480ad6fb2fc8952c6e17ac8e4e96bafb0f46bdb49300eae4c391d8d676
SHA51263299f739c5f13413ecc3457075525a1d6fcbdcaeab9354d722008f6ea0288decddf5e9473f0cf643f758147d04413a57e255c5de96b6fbaf221df1ef643de9c
-
Filesize
1.5MB
MD5106911f7814865b72226f35129c468a2
SHA16b5412d044142b13383144d759f845cb3f0afa2c
SHA25600cae9943a49854f03a3d79c090c1f045ed7733acd408af38612fcd0b8a3a361
SHA51273ce81a161b902742a113d5ed2bec1caef43ed1ad87b81853670d2912e6a97ec16b1321c9df214593f9db30e4a7ba7240b1c12af6eccbd6d842011f2a74d697b
-
Filesize
1.5MB
MD58ed58e2e72b69acb347bf4ca7e790eaf
SHA1ce5a8d850572d7c2eca33ddf872d68f7183bac81
SHA256c37a6e408f306588fd8169c6010562ec718723ec17e82dea8daaf640a8005684
SHA51251c6094a85839e2607cc598b997fb46cda8bba2a28e1b91275b00c0c30d6c76f806610dec45ac292c5b40d935981f1d062f420d8539014843f7bd88135f7c3f2
-
Filesize
1.5MB
MD5eef5837152acfe2a94dcad6e11bd99e2
SHA1ef07343b248b1aca4344323196ff859835d4dfc4
SHA2563f955d3ffc7bc83405d20de62edc041f2a27ed91e3593e6e311012cef1ca0207
SHA512c24b0fd87b76ca2c0de242993ee88a62371f8f8494c23c8457d971b6cd9ff39ac2bd4f41be66f85bbb645b8936d4556050e23f45fd7ce36946b60183e1e1ca87
-
Filesize
1.5MB
MD5d7b9f1d03581e1b881451e7ee6062448
SHA153bdfb131e7da60e9569dfe966e52a65f68f0a28
SHA2560570403d70e6a80bf0b2a2555f2ee106f57e318f5573cb8efee524060cd0038f
SHA51251f53dee3ae54059df1e3748e2d0200a029314ebb324650008920bae4405b7597889043a79b105ac893c3743ef5bcb97169be267300dbad62ce279098253b94c
-
Filesize
1.5MB
MD552e1bbf3400653817ea91d6b9ba4739f
SHA123a50f7fb9ccc1580f967c1ad1ac4255abc07973
SHA256eb5255bd9048ed8a7abe358f4989bf55a3ec1ec89aed32b0ef2d107b95f837f6
SHA51204e78d9ed8f230a4f798102c0a37d12e2dbc2dc065cf25d10d4d931fd0e5a8e35acadb410abf6031d6fc47228763c7b5d926e0bbc397f50460c661e9fb0b2f77
-
Filesize
1.5MB
MD5df499841279080b93cc0fac981c831f9
SHA1fe2ebdb1abaa878c9758f6bcbfe32512d349e514
SHA256cdfd73e651284f52b2b01252b01d272821106f43455e9e84489459733a39916f
SHA5125a2cd6624ef2e1a29db2dea4ff5f2a6f5e6c52654442aa0630e7daee130099c51aa7945ece740502168c413cdfcb05b2e7c82c0bac9f8dfdf6b9366de9f422a0
-
Filesize
1.5MB
MD56d41f7206992f3088bf36b306ea52ba1
SHA1848f3ed56adddd5f2a7cf7a120c4820bc6747c58
SHA2563b144cf07e1f6b6cb9695115ac78080071344470aa3303b7b9fd6d49f038084d
SHA51248fc5ed2ee6383ccb73232931bf0725e26ec54160a036b5f93dc5da263537e674f77f45c7a407352dcea85b386692781cc145c8b9d7076c274ff2fc9e0071b54
-
Filesize
1.5MB
MD5f31aa357d121945ce8ea61a4a491c580
SHA109b9bd3f65436fd8566d0d6d6c0f33ed66bd3579
SHA2562d177f70fc804b4e1ceb7c698544d50fbc2e9074367e925c99cc0ee47251282f
SHA512644b77435789a81905e47c81eeb7bf4f89cea6c43f21124c4d387ee11e53c56afc8d172c8754969a35f0aaadfcab7916ab189cd36d94183cb99b804e4435a54a
-
Filesize
1.5MB
MD5275ef0df0c62e45e811f854e90878fa1
SHA1b5d24b3ae08a03b71ffc5e4816e85ff4c179d89f
SHA256811a3b9a7babf1bb45307a80f25dcb9e89ca9fbfeb58cc9653e3c80e3bb55254
SHA5122202d5cc349054f00b9cefe7c90c7979d836353d2a67cdbcef740d812fc430d10e0000a9bd1c834fa954f04b4176b9e8296f80fbf40d533fb1eba7a8a69fd4b6
-
Filesize
1.5MB
MD5dcf8bf51868cd6afc5e5b83b6459bcc0
SHA19a19907444c7dacda99a41df528722ff39732c55
SHA256c6376ba202bf0ca1308dc3667ca6674e134d4f7e07d2d3b290308b861b837d2c
SHA512446203834975f5e9ce50d704595a6f53900424ab356d8f5e6ea7def37e58a8d584674aaea24d592f213939ba17a8396ef6cd690bac9ce9df0985ff1137aaca56
-
Filesize
1.5MB
MD554c7f98c3f5dd73481142bbe991d7cdf
SHA109d0dc97cd808380c8cd2202b45ad9026547609e
SHA2560703dd8594daaf6fb44ea095680003896f14b29e8aac4e5de57cbf69754fc48d
SHA512c6f5cc45eb438e5e9a493105196add0b7c21ceca160528cffbd1a57ac06e9b7517f8f275e89b1137a0db8f4d9a0a969f1a6d64d778b7508b95f72b15eaae55ec