Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe
-
Size
88KB
-
MD5
c8c61f3368a76bce2edb6bb8338bea90
-
SHA1
9d901d6835c44942e9ca75005ca8ac813ede1100
-
SHA256
5a996ff5533414444b99dc48be35fdea81d651d2158535e303a0baccb9bf740d
-
SHA512
cf77725223ba60f2e02f37becfb06b21d3a07167a9131ab500e0b9e6fd3c972338d863c65b53b6e0e3f797de2c4c37d306f2d6ebb36c4f275a238468b771b698
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1grORPfr0k890Ci:ymb3NkkiQ3mdBjFoLk8Pk890Ci
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/4620-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4620-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4996-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1428-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3568-27-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1956-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3536-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/972-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4252-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5584-71-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5772-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5364-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/560-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/644-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5936-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5916-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5976-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5824-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3860-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/712-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4256-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4344-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5808-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5400-189-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3884-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4996 5n8d6t.exe 1428 w4jh2.exe 3568 c8qnwc.exe 1956 qi671vv.exe 3536 8b63j.exe 972 363pk.exe 4252 d1i3915.exe 5584 35666xi.exe 5404 31752.exe 5772 v1573.exe 5364 2t2wq06.exe 5396 nc08s.exe 4408 9115i75.exe 560 76v3s08.exe 644 2fctp.exe 5936 ma33u.exe 5916 x97q56c.exe 5976 9pn0f2.exe 5824 tetex.exe 1940 ksh66.exe 3860 w3l0w.exe 5480 0n9gas2.exe 4812 5dd96a.exe 712 69uc7x.exe 4256 95r3q9.exe 4344 her6271.exe 5808 459o92.exe 5400 p8ia2sw.exe 3884 0r4de.exe 3964 9e3wc2f.exe 116 3xmw3.exe 3076 o59j3k.exe 6024 p836b.exe 2992 50598.exe 1812 011htf.exe 3564 o4gsa68.exe 1608 xu9758.exe 4636 5f7774.exe 5184 ds0e9i3.exe 5052 k09n8j2.exe 3304 dsv57.exe 4124 134he3.exe 2308 c1394s2.exe 2912 89ifaa.exe 3316 v18w3.exe 1652 003nbi.exe 820 sp25d.exe 3188 b99m435.exe 3952 j15ia31.exe 3816 235516.exe 3728 pjw5e.exe 1640 32mo3.exe 3020 37wq8.exe 4512 9t763.exe 332 0uic43.exe 4912 b26j3m.exe 1648 bf474.exe 4372 e6488a.exe 4072 r9i11h1.exe 1836 140h6t.exe 656 xa1o0e.exe 3236 q4cf38.exe 6008 qos82a.exe 4596 778b9.exe -
resource yara_rule behavioral2/memory/4620-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4620-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4996-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1428-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1428-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3568-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1956-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3536-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/972-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4252-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5584-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5584-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5584-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5584-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5772-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5364-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/560-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/644-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5936-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5916-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5976-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5824-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3860-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/712-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4256-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4344-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5808-183-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5400-189-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3884-195-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4620 wrote to memory of 4996 4620 c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe 91 PID 4620 wrote to memory of 4996 4620 c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe 91 PID 4620 wrote to memory of 4996 4620 c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe 91 PID 4996 wrote to memory of 1428 4996 5n8d6t.exe 92 PID 4996 wrote to memory of 1428 4996 5n8d6t.exe 92 PID 4996 wrote to memory of 1428 4996 5n8d6t.exe 92 PID 1428 wrote to memory of 3568 1428 w4jh2.exe 93 PID 1428 wrote to memory of 3568 1428 w4jh2.exe 93 PID 1428 wrote to memory of 3568 1428 w4jh2.exe 93 PID 3568 wrote to memory of 1956 3568 c8qnwc.exe 94 PID 3568 wrote to memory of 1956 3568 c8qnwc.exe 94 PID 3568 wrote to memory of 1956 3568 c8qnwc.exe 94 PID 1956 wrote to memory of 3536 1956 qi671vv.exe 95 PID 1956 wrote to memory of 3536 1956 qi671vv.exe 95 PID 1956 wrote to memory of 3536 1956 qi671vv.exe 95 PID 3536 wrote to memory of 972 3536 8b63j.exe 96 PID 3536 wrote to memory of 972 3536 8b63j.exe 96 PID 3536 wrote to memory of 972 3536 8b63j.exe 96 PID 972 wrote to memory of 4252 972 363pk.exe 97 PID 972 wrote to memory of 4252 972 363pk.exe 97 PID 972 wrote to memory of 4252 972 363pk.exe 97 PID 4252 wrote to memory of 5584 4252 d1i3915.exe 98 PID 4252 wrote to memory of 5584 4252 d1i3915.exe 98 PID 4252 wrote to memory of 5584 4252 d1i3915.exe 98 PID 5584 wrote to memory of 5404 5584 35666xi.exe 99 PID 5584 wrote to memory of 5404 5584 35666xi.exe 99 PID 5584 wrote to memory of 5404 5584 35666xi.exe 99 PID 5404 wrote to memory of 5772 5404 31752.exe 100 PID 5404 wrote to memory of 5772 5404 31752.exe 100 PID 5404 wrote to memory of 5772 5404 31752.exe 100 PID 5772 wrote to memory of 5364 5772 v1573.exe 101 PID 5772 wrote to memory of 5364 5772 v1573.exe 101 PID 5772 wrote to memory of 5364 5772 v1573.exe 101 PID 5364 wrote to memory of 5396 5364 2t2wq06.exe 102 PID 5364 wrote to memory of 5396 5364 2t2wq06.exe 102 PID 5364 wrote to memory of 5396 5364 2t2wq06.exe 102 PID 5396 wrote to memory of 4408 5396 nc08s.exe 103 PID 5396 wrote to memory of 4408 5396 nc08s.exe 103 PID 5396 wrote to memory of 4408 5396 nc08s.exe 103 PID 4408 wrote to memory of 560 4408 9115i75.exe 104 PID 4408 wrote to memory of 560 4408 9115i75.exe 104 PID 4408 wrote to memory of 560 4408 9115i75.exe 104 PID 560 wrote to memory of 644 560 76v3s08.exe 105 PID 560 wrote to memory of 644 560 76v3s08.exe 105 PID 560 wrote to memory of 644 560 76v3s08.exe 105 PID 644 wrote to memory of 5936 644 2fctp.exe 106 PID 644 wrote to memory of 5936 644 2fctp.exe 106 PID 644 wrote to memory of 5936 644 2fctp.exe 106 PID 5936 wrote to memory of 5916 5936 ma33u.exe 107 PID 5936 wrote to memory of 5916 5936 ma33u.exe 107 PID 5936 wrote to memory of 5916 5936 ma33u.exe 107 PID 5916 wrote to memory of 5976 5916 x97q56c.exe 108 PID 5916 wrote to memory of 5976 5916 x97q56c.exe 108 PID 5916 wrote to memory of 5976 5916 x97q56c.exe 108 PID 5976 wrote to memory of 5824 5976 9pn0f2.exe 109 PID 5976 wrote to memory of 5824 5976 9pn0f2.exe 109 PID 5976 wrote to memory of 5824 5976 9pn0f2.exe 109 PID 5824 wrote to memory of 1940 5824 tetex.exe 110 PID 5824 wrote to memory of 1940 5824 tetex.exe 110 PID 5824 wrote to memory of 1940 5824 tetex.exe 110 PID 1940 wrote to memory of 3860 1940 ksh66.exe 111 PID 1940 wrote to memory of 3860 1940 ksh66.exe 111 PID 1940 wrote to memory of 3860 1940 ksh66.exe 111 PID 3860 wrote to memory of 5480 3860 w3l0w.exe 112
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4620 -
\??\c:\5n8d6t.exec:\5n8d6t.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4996 -
\??\c:\w4jh2.exec:\w4jh2.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1428 -
\??\c:\c8qnwc.exec:\c8qnwc.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3568 -
\??\c:\qi671vv.exec:\qi671vv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1956 -
\??\c:\8b63j.exec:\8b63j.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3536 -
\??\c:\363pk.exec:\363pk.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:972 -
\??\c:\d1i3915.exec:\d1i3915.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4252 -
\??\c:\35666xi.exec:\35666xi.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5584 -
\??\c:\31752.exec:\31752.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5404 -
\??\c:\v1573.exec:\v1573.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5772 -
\??\c:\2t2wq06.exec:\2t2wq06.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5364 -
\??\c:\nc08s.exec:\nc08s.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5396 -
\??\c:\9115i75.exec:\9115i75.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4408 -
\??\c:\76v3s08.exec:\76v3s08.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:560 -
\??\c:\2fctp.exec:\2fctp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:644 -
\??\c:\ma33u.exec:\ma33u.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5936 -
\??\c:\x97q56c.exec:\x97q56c.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5916 -
\??\c:\9pn0f2.exec:\9pn0f2.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5976 -
\??\c:\tetex.exec:\tetex.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5824 -
\??\c:\ksh66.exec:\ksh66.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1940 -
\??\c:\w3l0w.exec:\w3l0w.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3860 -
\??\c:\0n9gas2.exec:\0n9gas2.exe23⤵
- Executes dropped EXE
PID:5480 -
\??\c:\5dd96a.exec:\5dd96a.exe24⤵
- Executes dropped EXE
PID:4812 -
\??\c:\69uc7x.exec:\69uc7x.exe25⤵
- Executes dropped EXE
PID:712 -
\??\c:\95r3q9.exec:\95r3q9.exe26⤵
- Executes dropped EXE
PID:4256 -
\??\c:\her6271.exec:\her6271.exe27⤵
- Executes dropped EXE
PID:4344 -
\??\c:\459o92.exec:\459o92.exe28⤵
- Executes dropped EXE
PID:5808 -
\??\c:\p8ia2sw.exec:\p8ia2sw.exe29⤵
- Executes dropped EXE
PID:5400 -
\??\c:\0r4de.exec:\0r4de.exe30⤵
- Executes dropped EXE
PID:3884 -
\??\c:\9e3wc2f.exec:\9e3wc2f.exe31⤵
- Executes dropped EXE
PID:3964 -
\??\c:\3xmw3.exec:\3xmw3.exe32⤵
- Executes dropped EXE
PID:116 -
\??\c:\o59j3k.exec:\o59j3k.exe33⤵
- Executes dropped EXE
PID:3076 -
\??\c:\p836b.exec:\p836b.exe34⤵
- Executes dropped EXE
PID:6024 -
\??\c:\50598.exec:\50598.exe35⤵
- Executes dropped EXE
PID:2992 -
\??\c:\011htf.exec:\011htf.exe36⤵
- Executes dropped EXE
PID:1812 -
\??\c:\o4gsa68.exec:\o4gsa68.exe37⤵
- Executes dropped EXE
PID:3564 -
\??\c:\xu9758.exec:\xu9758.exe38⤵
- Executes dropped EXE
PID:1608 -
\??\c:\5f7774.exec:\5f7774.exe39⤵
- Executes dropped EXE
PID:4636 -
\??\c:\ds0e9i3.exec:\ds0e9i3.exe40⤵
- Executes dropped EXE
PID:5184 -
\??\c:\k09n8j2.exec:\k09n8j2.exe41⤵
- Executes dropped EXE
PID:5052 -
\??\c:\dsv57.exec:\dsv57.exe42⤵
- Executes dropped EXE
PID:3304 -
\??\c:\134he3.exec:\134he3.exe43⤵
- Executes dropped EXE
PID:4124 -
\??\c:\c1394s2.exec:\c1394s2.exe44⤵
- Executes dropped EXE
PID:2308 -
\??\c:\89ifaa.exec:\89ifaa.exe45⤵
- Executes dropped EXE
PID:2912 -
\??\c:\v18w3.exec:\v18w3.exe46⤵
- Executes dropped EXE
PID:3316 -
\??\c:\003nbi.exec:\003nbi.exe47⤵
- Executes dropped EXE
PID:1652 -
\??\c:\sp25d.exec:\sp25d.exe48⤵
- Executes dropped EXE
PID:820 -
\??\c:\b99m435.exec:\b99m435.exe49⤵
- Executes dropped EXE
PID:3188 -
\??\c:\j15ia31.exec:\j15ia31.exe50⤵
- Executes dropped EXE
PID:3952 -
\??\c:\235516.exec:\235516.exe51⤵
- Executes dropped EXE
PID:3816 -
\??\c:\pjw5e.exec:\pjw5e.exe52⤵
- Executes dropped EXE
PID:3728 -
\??\c:\32mo3.exec:\32mo3.exe53⤵
- Executes dropped EXE
PID:1640 -
\??\c:\37wq8.exec:\37wq8.exe54⤵
- Executes dropped EXE
PID:3020 -
\??\c:\9t763.exec:\9t763.exe55⤵
- Executes dropped EXE
PID:4512 -
\??\c:\0uic43.exec:\0uic43.exe56⤵
- Executes dropped EXE
PID:332 -
\??\c:\b26j3m.exec:\b26j3m.exe57⤵
- Executes dropped EXE
PID:4912 -
\??\c:\bf474.exec:\bf474.exe58⤵
- Executes dropped EXE
PID:1648 -
\??\c:\e6488a.exec:\e6488a.exe59⤵
- Executes dropped EXE
PID:4372 -
\??\c:\r9i11h1.exec:\r9i11h1.exe60⤵
- Executes dropped EXE
PID:4072 -
\??\c:\140h6t.exec:\140h6t.exe61⤵
- Executes dropped EXE
PID:1836 -
\??\c:\xa1o0e.exec:\xa1o0e.exe62⤵
- Executes dropped EXE
PID:656 -
\??\c:\q4cf38.exec:\q4cf38.exe63⤵
- Executes dropped EXE
PID:3236 -
\??\c:\qos82a.exec:\qos82a.exe64⤵
- Executes dropped EXE
PID:6008 -
\??\c:\778b9.exec:\778b9.exe65⤵
- Executes dropped EXE
PID:4596 -
\??\c:\cw5oj.exec:\cw5oj.exe66⤵PID:2676
-
\??\c:\vdkt5.exec:\vdkt5.exe67⤵PID:3104
-
\??\c:\0e3i41.exec:\0e3i41.exe68⤵PID:4692
-
\??\c:\5b2m5tr.exec:\5b2m5tr.exe69⤵PID:4320
-
\??\c:\8l355w.exec:\8l355w.exe70⤵PID:5308
-
\??\c:\8xb65.exec:\8xb65.exe71⤵PID:972
-
\??\c:\wfe29.exec:\wfe29.exe72⤵PID:5152
-
\??\c:\515160.exec:\515160.exe73⤵PID:5436
-
\??\c:\csbko.exec:\csbko.exe74⤵PID:5440
-
\??\c:\112mvq.exec:\112mvq.exe75⤵PID:2852
-
\??\c:\qusl9f5.exec:\qusl9f5.exe76⤵PID:5772
-
\??\c:\mufv92.exec:\mufv92.exe77⤵PID:5516
-
\??\c:\51lid.exec:\51lid.exe78⤵PID:5408
-
\??\c:\lo4e5.exec:\lo4e5.exe79⤵PID:4628
-
\??\c:\6pk9e6.exec:\6pk9e6.exe80⤵PID:5036
-
\??\c:\401rl.exec:\401rl.exe81⤵PID:5948
-
\??\c:\4ptu9u.exec:\4ptu9u.exe82⤵PID:5912
-
\??\c:\ld6ds.exec:\ld6ds.exe83⤵PID:5964
-
\??\c:\w96413.exec:\w96413.exe84⤵PID:448
-
\??\c:\rkum9.exec:\rkum9.exe85⤵PID:5984
-
\??\c:\f90u1.exec:\f90u1.exe86⤵PID:5988
-
\??\c:\me9n8.exec:\me9n8.exe87⤵PID:4980
-
\??\c:\84nfj5.exec:\84nfj5.exe88⤵PID:5828
-
\??\c:\3ii3a0n.exec:\3ii3a0n.exe89⤵PID:1600
-
\??\c:\9513111.exec:\9513111.exe90⤵PID:3732
-
\??\c:\e7830.exec:\e7830.exe91⤵PID:5544
-
\??\c:\7a387.exec:\7a387.exe92⤵PID:3468
-
\??\c:\a705l.exec:\a705l.exe93⤵PID:4584
-
\??\c:\h3h33.exec:\h3h33.exe94⤵PID:1800
-
\??\c:\hfxae.exec:\hfxae.exe95⤵PID:5384
-
\??\c:\451q84.exec:\451q84.exe96⤵PID:4256
-
\??\c:\t19r70f.exec:\t19r70f.exe97⤵PID:1084
-
\??\c:\12c9cq9.exec:\12c9cq9.exe98⤵PID:4036
-
\??\c:\o02ml.exec:\o02ml.exe99⤵PID:412
-
\??\c:\il169.exec:\il169.exe100⤵PID:4520
-
\??\c:\41w65ee.exec:\41w65ee.exe101⤵PID:2964
-
\??\c:\2ww47ad.exec:\2ww47ad.exe102⤵PID:3964
-
\??\c:\1d4dq5.exec:\1d4dq5.exe103⤵PID:2908
-
\??\c:\465337.exec:\465337.exe104⤵PID:3848
-
\??\c:\257kec.exec:\257kec.exe105⤵PID:3792
-
\??\c:\2ettx.exec:\2ettx.exe106⤵PID:1996
-
\??\c:\nikaw.exec:\nikaw.exe107⤵PID:3976
-
\??\c:\xpn0n0n.exec:\xpn0n0n.exe108⤵PID:3968
-
\??\c:\sv433l.exec:\sv433l.exe109⤵PID:4820
-
\??\c:\1nm2bh3.exec:\1nm2bh3.exe110⤵PID:4496
-
\??\c:\6r584.exec:\6r584.exe111⤵PID:5052
-
\??\c:\4orx83.exec:\4orx83.exe112⤵PID:3304
-
\??\c:\87931.exec:\87931.exe113⤵PID:4124
-
\??\c:\49t7xu2.exec:\49t7xu2.exe114⤵PID:2832
-
\??\c:\06p8x.exec:\06p8x.exe115⤵PID:3120
-
\??\c:\41513s.exec:\41513s.exe116⤵PID:3396
-
\??\c:\ls709.exec:\ls709.exe117⤵PID:5180
-
\??\c:\42co7.exec:\42co7.exe118⤵PID:5360
-
\??\c:\63w9uup.exec:\63w9uup.exe119⤵PID:1504
-
\??\c:\32i98.exec:\32i98.exe120⤵PID:4836
-
\??\c:\183p1vd.exec:\183p1vd.exe121⤵PID:1640
-
\??\c:\sk7pa9o.exec:\sk7pa9o.exe122⤵PID:2592
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-