Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2024 06:08
Behavioral task
behavioral1
Sample
9ffc841ae5f592725c1a88eb97da3300_NeikiAnalytics.exe
Resource
win7-20240220-en
General
-
Target
9ffc841ae5f592725c1a88eb97da3300_NeikiAnalytics.exe
-
Size
463KB
-
MD5
9ffc841ae5f592725c1a88eb97da3300
-
SHA1
a2b9b59131c99ec92d2665540ca0de92ba9ce12e
-
SHA256
5f4a0fac7c0ddc8aadc485422c4e1d641b7e3044e078e12be781884c193ea5d7
-
SHA512
8c6b405565ea252729b9f133712d66429cf93dfd1f57a763821add3664f13c7bd016f3d244c83d6e703d15f3da80c68d6064752ea69732568e737495a7763bd4
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1Vx:VeR0oykayRFp3lztP+OKaf1Vx
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/4616-5-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/64-11-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3308-18-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3468-25-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2240-30-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/848-36-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1688-44-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3144-49-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5064-56-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/228-54-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2896-66-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/440-73-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4640-75-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1396-85-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1816-95-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2140-101-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4340-107-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3600-110-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1976-123-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4824-132-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3592-131-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2428-147-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3740-159-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4868-164-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1612-176-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4516-180-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3876-187-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4616-193-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4324-200-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2148-201-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2776-210-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1380-214-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1380-218-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1548-222-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1712-235-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1552-239-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4272-246-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4372-250-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2052-284-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4500-288-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2172-292-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4560-299-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4660-303-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1452-325-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2156-339-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3012-348-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3012-352-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3388-359-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/440-393-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/796-397-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2140-422-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4596-460-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1976-464-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4708-514-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3656-545-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2740-591-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1892-593-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1524-602-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2220-615-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/840-622-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4204-630-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4400-633-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1200-646-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/652-668-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule behavioral2/memory/4616-0-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\020440.exe family_berbew behavioral2/memory/4616-5-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\ac9l9.exe family_berbew behavioral2/memory/64-11-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\s3gd60b.exe family_berbew behavioral2/memory/3468-19-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/3308-18-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\09or5.exe family_berbew behavioral2/memory/3468-25-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/2240-30-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\aw923.exe family_berbew C:\o8ua4x0.exe family_berbew behavioral2/memory/848-36-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\rf970bh.exe family_berbew behavioral2/memory/1688-44-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\0isg03.exe family_berbew behavioral2/memory/3144-49-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\30q0r0.exe family_berbew behavioral2/memory/5064-56-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/228-54-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\81x8s6.exe family_berbew C:\eeww898.exe family_berbew behavioral2/memory/2896-66-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\os857.exe family_berbew behavioral2/memory/440-73-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4640-75-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\ad7k3.exe family_berbew C:\p1o050.exe family_berbew behavioral2/memory/1396-85-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\1h375v4.exe family_berbew behavioral2/memory/1816-95-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\upmvvs2.exe family_berbew behavioral2/memory/2140-101-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew \??\c:\68tgq.exe family_berbew C:\28k3i.exe family_berbew behavioral2/memory/4340-107-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/3600-110-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\91t273.exe family_berbew C:\w9bke8.exe family_berbew behavioral2/memory/1976-123-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\2lu45.exe family_berbew C:\u0rim.exe family_berbew behavioral2/memory/4824-132-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/3592-131-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\u3g63cf.exe family_berbew C:\h1ubi.exe family_berbew C:\2fo04jm.exe family_berbew behavioral2/memory/2428-147-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\p4cxr.exe family_berbew \??\c:\846j339.exe family_berbew behavioral2/memory/3740-159-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\n8s311.exe family_berbew behavioral2/memory/4868-164-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\t2xku8l.exe family_berbew C:\hei4517.exe family_berbew behavioral2/memory/1612-176-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\97ks95n.exe family_berbew behavioral2/memory/4516-180-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew C:\84311t.exe family_berbew behavioral2/memory/3876-187-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4616-193-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4324-200-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/2148-201-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew -
Executes dropped EXE 64 IoCs
Processes:
020440.exeac9l9.exes3gd60b.exe09or5.exeaw923.exeo8ua4x0.exerf970bh.exe0isg03.exe30q0r0.exe81x8s6.exeeeww898.exeos857.exead7k3.exep1o050.exe1h375v4.exeupmvvs2.exe68tgq.exe28k3i.exe91t273.exew9bke8.exe2lu45.exeu0rim.exeu3g63cf.exeh1ubi.exe2fo04jm.exep4cxr.exe846j339.exen8s311.exet2xku8l.exehei4517.exe97ks95n.exe84311t.exenxi77h.exeekvk27.exe09jp5.exex362o0.exe1vdak.exefwx3s.exeo4aj76.exes674k.exe9vpdb3.exew86j9g.exe159vp0.exes8kva.exe8pdei6.exe3khe44i.exe4i5i59v.exe7d0b630.exe9qer0pj.exe51vbe.exer42fr7.exe3gf0p65.exewl1sp7.exek956f3k.exeot8ogvd.exe1jx0070.exe981n3i4.exe4xn61r.exeggj7ulu.exe38v687.exennb19qx.exe76wq3.exesm1k17s.exe8v487.exepid process 64 020440.exe 3308 ac9l9.exe 3468 s3gd60b.exe 2240 09or5.exe 848 aw923.exe 1688 o8ua4x0.exe 3144 rf970bh.exe 228 0isg03.exe 5064 30q0r0.exe 2896 81x8s6.exe 440 eeww898.exe 4640 os857.exe 1160 ad7k3.exe 1396 p1o050.exe 1816 1h375v4.exe 2140 upmvvs2.exe 4340 68tgq.exe 3600 28k3i.exe 4748 91t273.exe 1976 w9bke8.exe 3592 2lu45.exe 4824 u0rim.exe 3196 u3g63cf.exe 2428 h1ubi.exe 4392 2fo04jm.exe 3740 p4cxr.exe 4868 846j339.exe 1452 n8s311.exe 1612 t2xku8l.exe 4516 hei4517.exe 3876 97ks95n.exe 1308 84311t.exe 4616 nxi77h.exe 4324 ekvk27.exe 2148 09jp5.exe 664 x362o0.exe 2776 1vdak.exe 4928 fwx3s.exe 1380 o4aj76.exe 1548 s674k.exe 4556 9vpdb3.exe 5016 w86j9g.exe 556 159vp0.exe 1712 s8kva.exe 1552 8pdei6.exe 1012 3khe44i.exe 4272 4i5i59v.exe 4372 7d0b630.exe 1640 9qer0pj.exe 1040 51vbe.exe 4480 r42fr7.exe 936 3gf0p65.exe 3864 wl1sp7.exe 4908 k956f3k.exe 2140 ot8ogvd.exe 3264 1jx0070.exe 3348 981n3i4.exe 1112 4xn61r.exe 2052 ggj7ulu.exe 4500 38v687.exe 2172 nnb19qx.exe 3592 76wq3.exe 4560 sm1k17s.exe 4660 8v487.exe -
Processes:
resource yara_rule behavioral2/memory/4616-0-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\020440.exe upx behavioral2/memory/4616-5-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\ac9l9.exe upx behavioral2/memory/64-11-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\s3gd60b.exe upx behavioral2/memory/3468-19-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3308-18-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\09or5.exe upx behavioral2/memory/3468-25-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/2240-30-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\aw923.exe upx C:\o8ua4x0.exe upx behavioral2/memory/848-36-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\rf970bh.exe upx behavioral2/memory/1688-44-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\0isg03.exe upx behavioral2/memory/3144-49-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\30q0r0.exe upx behavioral2/memory/5064-56-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/228-54-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\81x8s6.exe upx C:\eeww898.exe upx behavioral2/memory/2896-66-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\os857.exe upx behavioral2/memory/440-73-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4640-75-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\ad7k3.exe upx C:\p1o050.exe upx behavioral2/memory/1396-85-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\1h375v4.exe upx behavioral2/memory/1816-95-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\upmvvs2.exe upx behavioral2/memory/2140-101-0x0000000000400000-0x000000000043A000-memory.dmp upx \??\c:\68tgq.exe upx C:\28k3i.exe upx behavioral2/memory/4340-107-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3600-110-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\91t273.exe upx C:\w9bke8.exe upx behavioral2/memory/1976-123-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\2lu45.exe upx C:\u0rim.exe upx behavioral2/memory/4824-132-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3592-131-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\u3g63cf.exe upx C:\h1ubi.exe upx C:\2fo04jm.exe upx behavioral2/memory/2428-147-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\p4cxr.exe upx \??\c:\846j339.exe upx behavioral2/memory/3740-159-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\n8s311.exe upx behavioral2/memory/4868-164-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\t2xku8l.exe upx C:\hei4517.exe upx behavioral2/memory/1612-176-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\97ks95n.exe upx behavioral2/memory/4516-180-0x0000000000400000-0x000000000043A000-memory.dmp upx C:\84311t.exe upx behavioral2/memory/3876-187-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4616-193-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4324-200-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/2148-201-0x0000000000400000-0x000000000043A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
9ffc841ae5f592725c1a88eb97da3300_NeikiAnalytics.exe020440.exeac9l9.exes3gd60b.exe09or5.exeaw923.exeo8ua4x0.exerf970bh.exe0isg03.exe30q0r0.exe81x8s6.exeeeww898.exeos857.exead7k3.exep1o050.exe1h375v4.exeupmvvs2.exe68tgq.exe28k3i.exe91t273.exew9bke8.exe2lu45.exedescription pid process target process PID 4616 wrote to memory of 64 4616 9ffc841ae5f592725c1a88eb97da3300_NeikiAnalytics.exe 020440.exe PID 4616 wrote to memory of 64 4616 9ffc841ae5f592725c1a88eb97da3300_NeikiAnalytics.exe 020440.exe PID 4616 wrote to memory of 64 4616 9ffc841ae5f592725c1a88eb97da3300_NeikiAnalytics.exe 020440.exe PID 64 wrote to memory of 3308 64 020440.exe ac9l9.exe PID 64 wrote to memory of 3308 64 020440.exe ac9l9.exe PID 64 wrote to memory of 3308 64 020440.exe ac9l9.exe PID 3308 wrote to memory of 3468 3308 ac9l9.exe s3gd60b.exe PID 3308 wrote to memory of 3468 3308 ac9l9.exe s3gd60b.exe PID 3308 wrote to memory of 3468 3308 ac9l9.exe s3gd60b.exe PID 3468 wrote to memory of 2240 3468 s3gd60b.exe 09or5.exe PID 3468 wrote to memory of 2240 3468 s3gd60b.exe 09or5.exe PID 3468 wrote to memory of 2240 3468 s3gd60b.exe 09or5.exe PID 2240 wrote to memory of 848 2240 09or5.exe aw923.exe PID 2240 wrote to memory of 848 2240 09or5.exe aw923.exe PID 2240 wrote to memory of 848 2240 09or5.exe aw923.exe PID 848 wrote to memory of 1688 848 aw923.exe o8ua4x0.exe PID 848 wrote to memory of 1688 848 aw923.exe o8ua4x0.exe PID 848 wrote to memory of 1688 848 aw923.exe o8ua4x0.exe PID 1688 wrote to memory of 3144 1688 o8ua4x0.exe rf970bh.exe PID 1688 wrote to memory of 3144 1688 o8ua4x0.exe rf970bh.exe PID 1688 wrote to memory of 3144 1688 o8ua4x0.exe rf970bh.exe PID 3144 wrote to memory of 228 3144 rf970bh.exe 0isg03.exe PID 3144 wrote to memory of 228 3144 rf970bh.exe 0isg03.exe PID 3144 wrote to memory of 228 3144 rf970bh.exe 0isg03.exe PID 228 wrote to memory of 5064 228 0isg03.exe 30q0r0.exe PID 228 wrote to memory of 5064 228 0isg03.exe 30q0r0.exe PID 228 wrote to memory of 5064 228 0isg03.exe 30q0r0.exe PID 5064 wrote to memory of 2896 5064 30q0r0.exe 81x8s6.exe PID 5064 wrote to memory of 2896 5064 30q0r0.exe 81x8s6.exe PID 5064 wrote to memory of 2896 5064 30q0r0.exe 81x8s6.exe PID 2896 wrote to memory of 440 2896 81x8s6.exe eeww898.exe PID 2896 wrote to memory of 440 2896 81x8s6.exe eeww898.exe PID 2896 wrote to memory of 440 2896 81x8s6.exe eeww898.exe PID 440 wrote to memory of 4640 440 eeww898.exe os857.exe PID 440 wrote to memory of 4640 440 eeww898.exe os857.exe PID 440 wrote to memory of 4640 440 eeww898.exe os857.exe PID 4640 wrote to memory of 1160 4640 os857.exe ad7k3.exe PID 4640 wrote to memory of 1160 4640 os857.exe ad7k3.exe PID 4640 wrote to memory of 1160 4640 os857.exe ad7k3.exe PID 1160 wrote to memory of 1396 1160 ad7k3.exe p1o050.exe PID 1160 wrote to memory of 1396 1160 ad7k3.exe p1o050.exe PID 1160 wrote to memory of 1396 1160 ad7k3.exe p1o050.exe PID 1396 wrote to memory of 1816 1396 p1o050.exe 1h375v4.exe PID 1396 wrote to memory of 1816 1396 p1o050.exe 1h375v4.exe PID 1396 wrote to memory of 1816 1396 p1o050.exe 1h375v4.exe PID 1816 wrote to memory of 2140 1816 1h375v4.exe upmvvs2.exe PID 1816 wrote to memory of 2140 1816 1h375v4.exe upmvvs2.exe PID 1816 wrote to memory of 2140 1816 1h375v4.exe upmvvs2.exe PID 2140 wrote to memory of 4340 2140 upmvvs2.exe 68tgq.exe PID 2140 wrote to memory of 4340 2140 upmvvs2.exe 68tgq.exe PID 2140 wrote to memory of 4340 2140 upmvvs2.exe 68tgq.exe PID 4340 wrote to memory of 3600 4340 68tgq.exe 28k3i.exe PID 4340 wrote to memory of 3600 4340 68tgq.exe 28k3i.exe PID 4340 wrote to memory of 3600 4340 68tgq.exe 28k3i.exe PID 3600 wrote to memory of 4748 3600 28k3i.exe 91t273.exe PID 3600 wrote to memory of 4748 3600 28k3i.exe 91t273.exe PID 3600 wrote to memory of 4748 3600 28k3i.exe 91t273.exe PID 4748 wrote to memory of 1976 4748 91t273.exe w9bke8.exe PID 4748 wrote to memory of 1976 4748 91t273.exe w9bke8.exe PID 4748 wrote to memory of 1976 4748 91t273.exe w9bke8.exe PID 1976 wrote to memory of 3592 1976 w9bke8.exe 2lu45.exe PID 1976 wrote to memory of 3592 1976 w9bke8.exe 2lu45.exe PID 1976 wrote to memory of 3592 1976 w9bke8.exe 2lu45.exe PID 3592 wrote to memory of 4824 3592 2lu45.exe u0rim.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ffc841ae5f592725c1a88eb97da3300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9ffc841ae5f592725c1a88eb97da3300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4616 -
\??\c:\020440.exec:\020440.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:64 -
\??\c:\ac9l9.exec:\ac9l9.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3308 -
\??\c:\s3gd60b.exec:\s3gd60b.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3468 -
\??\c:\09or5.exec:\09or5.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2240 -
\??\c:\aw923.exec:\aw923.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:848 -
\??\c:\o8ua4x0.exec:\o8ua4x0.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1688 -
\??\c:\rf970bh.exec:\rf970bh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3144 -
\??\c:\0isg03.exec:\0isg03.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:228 -
\??\c:\30q0r0.exec:\30q0r0.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5064 -
\??\c:\81x8s6.exec:\81x8s6.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\eeww898.exec:\eeww898.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:440 -
\??\c:\os857.exec:\os857.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4640 -
\??\c:\ad7k3.exec:\ad7k3.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1160 -
\??\c:\p1o050.exec:\p1o050.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1396 -
\??\c:\1h375v4.exec:\1h375v4.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1816 -
\??\c:\upmvvs2.exec:\upmvvs2.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2140 -
\??\c:\68tgq.exec:\68tgq.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4340 -
\??\c:\28k3i.exec:\28k3i.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3600 -
\??\c:\91t273.exec:\91t273.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4748 -
\??\c:\w9bke8.exec:\w9bke8.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1976 -
\??\c:\2lu45.exec:\2lu45.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3592 -
\??\c:\u0rim.exec:\u0rim.exe23⤵
- Executes dropped EXE
PID:4824 -
\??\c:\u3g63cf.exec:\u3g63cf.exe24⤵
- Executes dropped EXE
PID:3196 -
\??\c:\h1ubi.exec:\h1ubi.exe25⤵
- Executes dropped EXE
PID:2428 -
\??\c:\2fo04jm.exec:\2fo04jm.exe26⤵
- Executes dropped EXE
PID:4392 -
\??\c:\p4cxr.exec:\p4cxr.exe27⤵
- Executes dropped EXE
PID:3740 -
\??\c:\846j339.exec:\846j339.exe28⤵
- Executes dropped EXE
PID:4868 -
\??\c:\n8s311.exec:\n8s311.exe29⤵
- Executes dropped EXE
PID:1452 -
\??\c:\t2xku8l.exec:\t2xku8l.exe30⤵
- Executes dropped EXE
PID:1612 -
\??\c:\hei4517.exec:\hei4517.exe31⤵
- Executes dropped EXE
PID:4516 -
\??\c:\97ks95n.exec:\97ks95n.exe32⤵
- Executes dropped EXE
PID:3876 -
\??\c:\84311t.exec:\84311t.exe33⤵
- Executes dropped EXE
PID:1308 -
\??\c:\nxi77h.exec:\nxi77h.exe34⤵
- Executes dropped EXE
PID:4616 -
\??\c:\ekvk27.exec:\ekvk27.exe35⤵
- Executes dropped EXE
PID:4324 -
\??\c:\09jp5.exec:\09jp5.exe36⤵
- Executes dropped EXE
PID:2148 -
\??\c:\x362o0.exec:\x362o0.exe37⤵
- Executes dropped EXE
PID:664 -
\??\c:\1vdak.exec:\1vdak.exe38⤵
- Executes dropped EXE
PID:2776 -
\??\c:\fwx3s.exec:\fwx3s.exe39⤵
- Executes dropped EXE
PID:4928 -
\??\c:\o4aj76.exec:\o4aj76.exe40⤵
- Executes dropped EXE
PID:1380 -
\??\c:\s674k.exec:\s674k.exe41⤵
- Executes dropped EXE
PID:1548 -
\??\c:\9vpdb3.exec:\9vpdb3.exe42⤵
- Executes dropped EXE
PID:4556 -
\??\c:\w86j9g.exec:\w86j9g.exe43⤵
- Executes dropped EXE
PID:5016 -
\??\c:\159vp0.exec:\159vp0.exe44⤵
- Executes dropped EXE
PID:556 -
\??\c:\s8kva.exec:\s8kva.exe45⤵
- Executes dropped EXE
PID:1712 -
\??\c:\8pdei6.exec:\8pdei6.exe46⤵
- Executes dropped EXE
PID:1552 -
\??\c:\3khe44i.exec:\3khe44i.exe47⤵
- Executes dropped EXE
PID:1012 -
\??\c:\4i5i59v.exec:\4i5i59v.exe48⤵
- Executes dropped EXE
PID:4272 -
\??\c:\7d0b630.exec:\7d0b630.exe49⤵
- Executes dropped EXE
PID:4372 -
\??\c:\9qer0pj.exec:\9qer0pj.exe50⤵
- Executes dropped EXE
PID:1640 -
\??\c:\51vbe.exec:\51vbe.exe51⤵
- Executes dropped EXE
PID:1040 -
\??\c:\r42fr7.exec:\r42fr7.exe52⤵
- Executes dropped EXE
PID:4480 -
\??\c:\3gf0p65.exec:\3gf0p65.exe53⤵
- Executes dropped EXE
PID:936 -
\??\c:\wl1sp7.exec:\wl1sp7.exe54⤵
- Executes dropped EXE
PID:3864 -
\??\c:\k956f3k.exec:\k956f3k.exe55⤵
- Executes dropped EXE
PID:4908 -
\??\c:\ot8ogvd.exec:\ot8ogvd.exe56⤵
- Executes dropped EXE
PID:2140 -
\??\c:\1jx0070.exec:\1jx0070.exe57⤵
- Executes dropped EXE
PID:3264 -
\??\c:\981n3i4.exec:\981n3i4.exe58⤵
- Executes dropped EXE
PID:3348 -
\??\c:\4xn61r.exec:\4xn61r.exe59⤵
- Executes dropped EXE
PID:1112 -
\??\c:\ggj7ulu.exec:\ggj7ulu.exe60⤵
- Executes dropped EXE
PID:2052 -
\??\c:\38v687.exec:\38v687.exe61⤵
- Executes dropped EXE
PID:4500 -
\??\c:\nnb19qx.exec:\nnb19qx.exe62⤵
- Executes dropped EXE
PID:2172 -
\??\c:\76wq3.exec:\76wq3.exe63⤵
- Executes dropped EXE
PID:3592 -
\??\c:\sm1k17s.exec:\sm1k17s.exe64⤵
- Executes dropped EXE
PID:4560 -
\??\c:\8v487.exec:\8v487.exe65⤵
- Executes dropped EXE
PID:4660 -
\??\c:\u24i93f.exec:\u24i93f.exe66⤵PID:2208
-
\??\c:\d77q7.exec:\d77q7.exe67⤵PID:4872
-
\??\c:\sd9vr.exec:\sd9vr.exe68⤵PID:3400
-
\??\c:\1tod91.exec:\1tod91.exe69⤵PID:3828
-
\??\c:\fbo15.exec:\fbo15.exe70⤵PID:2496
-
\??\c:\x4r9w4v.exec:\x4r9w4v.exe71⤵PID:4868
-
\??\c:\35e992j.exec:\35e992j.exe72⤵PID:1452
-
\??\c:\7x5a8m3.exec:\7x5a8m3.exe73⤵PID:4672
-
\??\c:\plgvho1.exec:\plgvho1.exe74⤵PID:2612
-
\??\c:\x1cdw0.exec:\x1cdw0.exe75⤵PID:4976
-
\??\c:\bx5de66.exec:\bx5de66.exe76⤵PID:4716
-
\??\c:\0wbw7dd.exec:\0wbw7dd.exe77⤵PID:2156
-
\??\c:\47c1dj9.exec:\47c1dj9.exe78⤵PID:4896
-
\??\c:\bo1mwq.exec:\bo1mwq.exe79⤵PID:4456
-
\??\c:\s9xli.exec:\s9xli.exe80⤵PID:3012
-
\??\c:\n633c3.exec:\n633c3.exe81⤵PID:3300
-
\??\c:\49911.exec:\49911.exe82⤵PID:3388
-
\??\c:\068804.exec:\068804.exe83⤵PID:4060
-
\??\c:\l6x1fi.exec:\l6x1fi.exe84⤵PID:4232
-
\??\c:\nu263.exec:\nu263.exe85⤵PID:3304
-
\??\c:\9b14uf.exec:\9b14uf.exe86⤵PID:4144
-
\??\c:\8ks3m.exec:\8ks3m.exe87⤵PID:4704
-
\??\c:\ktwi9.exec:\ktwi9.exe88⤵PID:852
-
\??\c:\qq99wn9.exec:\qq99wn9.exe89⤵PID:3568
-
\??\c:\i131g2.exec:\i131g2.exe90⤵PID:4848
-
\??\c:\b07o16.exec:\b07o16.exe91⤵PID:1364
-
\??\c:\abnox6.exec:\abnox6.exe92⤵PID:624
-
\??\c:\c549v.exec:\c549v.exe93⤵PID:440
-
\??\c:\53a84eo.exec:\53a84eo.exe94⤵PID:796
-
\??\c:\qw5oa1.exec:\qw5oa1.exe95⤵PID:3484
-
\??\c:\1x51i.exec:\1x51i.exe96⤵PID:4336
-
\??\c:\0g65w5.exec:\0g65w5.exe97⤵PID:1752
-
\??\c:\570wn3l.exec:\570wn3l.exe98⤵PID:2764
-
\??\c:\q199u44.exec:\q199u44.exe99⤵PID:4752
-
\??\c:\36300.exec:\36300.exe100⤵PID:4476
-
\??\c:\089mmv.exec:\089mmv.exe101⤵PID:2140
-
\??\c:\8031232.exec:\8031232.exe102⤵PID:3600
-
\??\c:\71ms145.exec:\71ms145.exe103⤵PID:1036
-
\??\c:\e1984.exec:\e1984.exe104⤵PID:748
-
\??\c:\7077876.exec:\7077876.exe105⤵PID:1976
-
\??\c:\htgo85.exec:\htgo85.exe106⤵PID:3480
-
\??\c:\2l3lrmv.exec:\2l3lrmv.exe107⤵PID:1144
-
\??\c:\5i9mm.exec:\5i9mm.exe108⤵PID:4460
-
\??\c:\b7wq0s.exec:\b7wq0s.exe109⤵PID:540
-
\??\c:\fi39p.exec:\fi39p.exe110⤵PID:3724
-
\??\c:\oc70l13.exec:\oc70l13.exe111⤵PID:2428
-
\??\c:\868e49.exec:\868e49.exe112⤵PID:4952
-
\??\c:\2rsdg95.exec:\2rsdg95.exe113⤵PID:4596
-
\??\c:\t67ssa.exec:\t67ssa.exe114⤵PID:3120
-
\??\c:\028442.exec:\028442.exe115⤵PID:3180
-
\??\c:\5f47s5.exec:\5f47s5.exe116⤵PID:4868
-
\??\c:\wi7s34r.exec:\wi7s34r.exe117⤵PID:5076
-
\??\c:\5l49x.exec:\5l49x.exe118⤵PID:4516
-
\??\c:\b9alpx.exec:\b9alpx.exe119⤵PID:2612
-
\??\c:\0bl9s9.exec:\0bl9s9.exe120⤵PID:4976
-
\??\c:\755o1.exec:\755o1.exe121⤵PID:4016
-
\??\c:\f8sm4k.exec:\f8sm4k.exe122⤵PID:3352
-
\??\c:\47ev94.exec:\47ev94.exe123⤵PID:64
-
\??\c:\i4qipb.exec:\i4qipb.exe124⤵PID:2756
-
\??\c:\9v52qw.exec:\9v52qw.exe125⤵PID:3576
-
\??\c:\88a335.exec:\88a335.exe126⤵PID:1724
-
\??\c:\157nk84.exec:\157nk84.exe127⤵PID:2360
-
\??\c:\e8p9n3.exec:\e8p9n3.exe128⤵PID:5068
-
\??\c:\iko10sj.exec:\iko10sj.exe129⤵PID:1052
-
\??\c:\skogs2.exec:\skogs2.exe130⤵PID:4708
-
\??\c:\03kp482.exec:\03kp482.exe131⤵PID:1688
-
\??\c:\56vo5oj.exec:\56vo5oj.exe132⤵PID:5016
-
\??\c:\30v5ir3.exec:\30v5ir3.exe133⤵PID:228
-
\??\c:\8nnccma.exec:\8nnccma.exe134⤵PID:5064
-
\??\c:\65m1e.exec:\65m1e.exe135⤵PID:3996
-
\??\c:\8g6g98.exec:\8g6g98.exe136⤵PID:516
-
\??\c:\726ek1.exec:\726ek1.exe137⤵PID:532
-
\??\c:\gp55rpb.exec:\gp55rpb.exe138⤵PID:4640
-
\??\c:\l8432.exec:\l8432.exe139⤵PID:1556
-
\??\c:\9w28ek6.exec:\9w28ek6.exe140⤵PID:3656
-
\??\c:\80l1sa.exec:\80l1sa.exe141⤵PID:1824
-
\??\c:\5qqu1.exec:\5qqu1.exe142⤵PID:4480
-
\??\c:\k57837a.exec:\k57837a.exe143⤵PID:4700
-
\??\c:\vohf1.exec:\vohf1.exe144⤵PID:1480
-
\??\c:\gf7lx2.exec:\gf7lx2.exe145⤵PID:2280
-
\??\c:\m93dv.exec:\m93dv.exe146⤵PID:4748
-
\??\c:\wen6i11.exec:\wen6i11.exe147⤵PID:1312
-
\??\c:\250h5.exec:\250h5.exe148⤵PID:1404
-
\??\c:\34q8iol.exec:\34q8iol.exe149⤵PID:3872
-
\??\c:\82910a.exec:\82910a.exe150⤵PID:3512
-
\??\c:\p3pq20.exec:\p3pq20.exe151⤵PID:1940
-
\??\c:\28h7wa.exec:\28h7wa.exe152⤵PID:2068
-
\??\c:\r8wtc9.exec:\r8wtc9.exe153⤵PID:3632
-
\??\c:\w707b.exec:\w707b.exe154⤵PID:3724
-
\??\c:\e979c84.exec:\e979c84.exe155⤵PID:2740
-
\??\c:\f9621.exec:\f9621.exe156⤵PID:1892
-
\??\c:\31v30uc.exec:\31v30uc.exe157⤵PID:4040
-
\??\c:\k05uv6.exec:\k05uv6.exe158⤵PID:1524
-
\??\c:\2v210.exec:\2v210.exe159⤵PID:1452
-
\??\c:\mm3309.exec:\mm3309.exe160⤵PID:2348
-
\??\c:\n5c7r.exec:\n5c7r.exe161⤵PID:3876
-
\??\c:\01wg4.exec:\01wg4.exe162⤵PID:2220
-
\??\c:\483b77.exec:\483b77.exe163⤵PID:2464
-
\??\c:\rf6o9.exec:\rf6o9.exe164⤵PID:5040
-
\??\c:\7m3c7jb.exec:\7m3c7jb.exe165⤵PID:840
-
\??\c:\4440462.exec:\4440462.exe166⤵PID:4204
-
\??\c:\d2gga0.exec:\d2gga0.exe167⤵PID:4400
-
\??\c:\l6nmnc.exec:\l6nmnc.exe168⤵PID:3388
-
\??\c:\q8jsb.exec:\q8jsb.exe169⤵PID:1464
-
\??\c:\3ds2i.exec:\3ds2i.exe170⤵PID:1484
-
\??\c:\11b31a.exec:\11b31a.exe171⤵PID:2076
-
\??\c:\a71u52.exec:\a71u52.exe172⤵PID:1200
-
\??\c:\uj5k9f.exec:\uj5k9f.exe173⤵PID:1284
-
\??\c:\560baq.exec:\560baq.exe174⤵PID:876
-
\??\c:\iroc06.exec:\iroc06.exe175⤵PID:3568
-
\??\c:\7a7ae.exec:\7a7ae.exe176⤵PID:2912
-
\??\c:\i5k3s.exec:\i5k3s.exe177⤵PID:4848
-
\??\c:\206848.exec:\206848.exe178⤵PID:652
-
\??\c:\is1gm.exec:\is1gm.exe179⤵PID:3124
-
\??\c:\19b2tst.exec:\19b2tst.exe180⤵PID:1368
-
\??\c:\oj751j.exec:\oj751j.exe181⤵PID:1396
-
\??\c:\8b382.exec:\8b382.exe182⤵PID:5012
-
\??\c:\ec1avsk.exec:\ec1avsk.exe183⤵PID:1824
-
\??\c:\37i4ri3.exec:\37i4ri3.exe184⤵PID:2764
-
\??\c:\29e32.exec:\29e32.exe185⤵PID:4772
-
\??\c:\3a7c3g6.exec:\3a7c3g6.exe186⤵PID:3368
-
\??\c:\1n101.exec:\1n101.exe187⤵PID:4728
-
\??\c:\v6bm8.exec:\v6bm8.exe188⤵PID:3168
-
\??\c:\6re48n4.exec:\6re48n4.exe189⤵PID:1020
-
\??\c:\00d0r7.exec:\00d0r7.exe190⤵PID:1940
-
\??\c:\vv6h9.exec:\vv6h9.exe191⤵PID:4660
-
\??\c:\t96x07.exec:\t96x07.exe192⤵PID:4668
-
\??\c:\6se3283.exec:\6se3283.exe193⤵PID:3704
-
\??\c:\1m45to.exec:\1m45to.exe194⤵PID:3828
-
\??\c:\v4c2753.exec:\v4c2753.exe195⤵PID:1184
-
\??\c:\x0769f0.exec:\x0769f0.exe196⤵PID:1524
-
\??\c:\kbc7p.exec:\kbc7p.exe197⤵PID:4672
-
\??\c:\22pn1m.exec:\22pn1m.exe198⤵PID:4656
-
\??\c:\w6gd8.exec:\w6gd8.exe199⤵PID:3876
-
\??\c:\sk5g022.exec:\sk5g022.exe200⤵PID:4004
-
\??\c:\dkxg92.exec:\dkxg92.exe201⤵PID:4716
-
\??\c:\rleq9.exec:\rleq9.exe202⤵PID:3352
-
\??\c:\23le1.exec:\23le1.exe203⤵PID:2120
-
\??\c:\4x5mvb.exec:\4x5mvb.exe204⤵PID:4928
-
\??\c:\co760p.exec:\co760p.exe205⤵PID:2776
-
\??\c:\4iu1sh.exec:\4iu1sh.exe206⤵PID:1380
-
\??\c:\254o005.exec:\254o005.exe207⤵PID:1948
-
\??\c:\6f40uc6.exec:\6f40uc6.exe208⤵PID:3144
-
\??\c:\882644.exec:\882644.exe209⤵PID:4168
-
\??\c:\22r64.exec:\22r64.exe210⤵PID:1548
-
\??\c:\0104m4.exec:\0104m4.exe211⤵PID:852
-
\??\c:\r5dp18.exec:\r5dp18.exe212⤵PID:3924
-
\??\c:\ti6pf.exec:\ti6pf.exe213⤵PID:1712
-
\??\c:\2t7fa7.exec:\2t7fa7.exe214⤵PID:1828
-
\??\c:\nnn6hn0.exec:\nnn6hn0.exe215⤵PID:2788
-
\??\c:\6fx37.exec:\6fx37.exe216⤵PID:4272
-
\??\c:\8ma768.exec:\8ma768.exe217⤵PID:532
-
\??\c:\vn309t.exec:\vn309t.exe218⤵PID:1640
-
\??\c:\p0r7l1.exec:\p0r7l1.exe219⤵PID:3656
-
\??\c:\ht207g2.exec:\ht207g2.exe220⤵PID:1752
-
\??\c:\7hbn7o.exec:\7hbn7o.exe221⤵PID:4700
-
\??\c:\m0x41b.exec:\m0x41b.exe222⤵PID:1480
-
\??\c:\s36mjm.exec:\s36mjm.exe223⤵PID:3804
-
\??\c:\i51771.exec:\i51771.exe224⤵PID:2304
-
\??\c:\nw57690.exec:\nw57690.exe225⤵PID:4500
-
\??\c:\6v499o.exec:\6v499o.exe226⤵PID:3600
-
\??\c:\c129c0u.exec:\c129c0u.exe227⤵PID:4872
-
\??\c:\3gd13.exec:\3gd13.exe228⤵PID:2724
-
\??\c:\ti752.exec:\ti752.exe229⤵PID:2992
-
\??\c:\3j099lc.exec:\3j099lc.exe230⤵PID:4596
-
\??\c:\9g033xv.exec:\9g033xv.exe231⤵PID:4780
-
\??\c:\7a2sgg.exec:\7a2sgg.exe232⤵PID:1260
-
\??\c:\25gd4kb.exec:\25gd4kb.exe233⤵PID:4540
-
\??\c:\755k1.exec:\755k1.exe234⤵PID:4308
-
\??\c:\46822.exec:\46822.exe235⤵PID:3184
-
\??\c:\7p58t.exec:\7p58t.exe236⤵PID:1308
-
\??\c:\05s2gp7.exec:\05s2gp7.exe237⤵PID:392
-
\??\c:\c48621.exec:\c48621.exe238⤵PID:4324
-
\??\c:\4k9f5ff.exec:\4k9f5ff.exe239⤵PID:64
-
\??\c:\kt7av.exec:\kt7av.exe240⤵PID:3576
-
\??\c:\8o7d4.exec:\8o7d4.exe241⤵PID:2880
-
\??\c:\6sm8v5.exec:\6sm8v5.exe242⤵PID:2572