Analysis
-
max time kernel
147s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe
-
Size
67KB
-
MD5
ccd52c6dfd02d57fb0ef7741e1a24510
-
SHA1
103a8c9753059bd92788fc804fcf2d1e013b7217
-
SHA256
73c0baaae752addd26288324a52fa6521f1d97f2d556f3bd1ecc51c4e36833ec
-
SHA512
207f6507d8e327d96cfbeb281f74d3026496a6d6157c67f913c2ccde71300cdea25393282c1b1b467ff42a47bb8348384c0deb79282bc8c6c2ffef6629d209f1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIaS:ymb3NkkiQ3mdBjFIFdJ8bP
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/1892-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2856-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4264-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5032-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1096-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/116-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4796-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1380-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1600-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5068-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2380-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3644-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2808-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3784-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4124-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1984-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4936-125-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3636-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4804-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2584-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4908-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5000-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5060-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3060-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/656-210-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2856 h9a58k.exe 4264 7aqu1.exe 5032 s6c4s.exe 1096 mkb2l.exe 116 219pwf.exe 4796 ggg73.exe 5056 b4wgww2.exe 1380 83o2105.exe 1600 959d9.exe 5068 2v1i76.exe 2380 n8526.exe 3644 l857ii.exe 2808 f57p4k.exe 3784 6ja322.exe 4124 1cxr3x9.exe 1984 4gt55e1.exe 4936 9cgq0p.exe 3636 j2e8r.exe 4804 kl1m7.exe 5020 7uu3i.exe 2584 sq71xf1.exe 4992 t2ir0rl.exe 4908 j5g41.exe 5000 s9q8l.exe 4272 qoeccd.exe 1772 0q4n7fl.exe 2248 k3uo56d.exe 5060 pb8he.exe 3744 35171.exe 3060 6fg54k0.exe 656 f6u4pl.exe 1980 4513t67.exe 208 9mkl0.exe 2672 53wxtf4.exe 4176 4d1g1.exe 4796 5l90607.exe 4532 3vsgf.exe 1620 4ev9g.exe 3112 58173h.exe 1112 d4v2v7v.exe 1144 i2l7vi.exe 4828 7704k.exe 4224 912j7.exe 3644 4436tb.exe 1428 h2un5.exe 2536 t592h2.exe 1080 lmtc1.exe 3632 u45maj.exe 1984 336m2wk.exe 4332 35gtbw.exe 1444 2ko33.exe 4500 n2ig9.exe 3956 a2u7md.exe 1568 x9vwu.exe 1020 8tu81gw.exe 3052 6ng2n1.exe 4344 v430l.exe 4908 369erpl.exe 60 i6echa.exe 3952 3hho14.exe 4104 h27j3.exe 2696 28we1hh.exe 2428 576sx.exe 3416 262ut.exe -
resource yara_rule behavioral2/memory/1892-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2856-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4264-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5032-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1096-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1096-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1096-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/116-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/116-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/116-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/116-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4796-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4796-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5056-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1380-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1600-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1600-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5068-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2380-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3644-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2808-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3784-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4124-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1984-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4936-125-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3636-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4804-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2584-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4908-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5000-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5060-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3060-203-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/656-210-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1892 wrote to memory of 2856 1892 ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe 92 PID 1892 wrote to memory of 2856 1892 ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe 92 PID 1892 wrote to memory of 2856 1892 ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe 92 PID 2856 wrote to memory of 4264 2856 h9a58k.exe 93 PID 2856 wrote to memory of 4264 2856 h9a58k.exe 93 PID 2856 wrote to memory of 4264 2856 h9a58k.exe 93 PID 4264 wrote to memory of 5032 4264 7aqu1.exe 94 PID 4264 wrote to memory of 5032 4264 7aqu1.exe 94 PID 4264 wrote to memory of 5032 4264 7aqu1.exe 94 PID 5032 wrote to memory of 1096 5032 s6c4s.exe 95 PID 5032 wrote to memory of 1096 5032 s6c4s.exe 95 PID 5032 wrote to memory of 1096 5032 s6c4s.exe 95 PID 1096 wrote to memory of 116 1096 mkb2l.exe 96 PID 1096 wrote to memory of 116 1096 mkb2l.exe 96 PID 1096 wrote to memory of 116 1096 mkb2l.exe 96 PID 116 wrote to memory of 4796 116 219pwf.exe 97 PID 116 wrote to memory of 4796 116 219pwf.exe 97 PID 116 wrote to memory of 4796 116 219pwf.exe 97 PID 4796 wrote to memory of 5056 4796 ggg73.exe 98 PID 4796 wrote to memory of 5056 4796 ggg73.exe 98 PID 4796 wrote to memory of 5056 4796 ggg73.exe 98 PID 5056 wrote to memory of 1380 5056 b4wgww2.exe 99 PID 5056 wrote to memory of 1380 5056 b4wgww2.exe 99 PID 5056 wrote to memory of 1380 5056 b4wgww2.exe 99 PID 1380 wrote to memory of 1600 1380 83o2105.exe 100 PID 1380 wrote to memory of 1600 1380 83o2105.exe 100 PID 1380 wrote to memory of 1600 1380 83o2105.exe 100 PID 1600 wrote to memory of 5068 1600 959d9.exe 101 PID 1600 wrote to memory of 5068 1600 959d9.exe 101 PID 1600 wrote to memory of 5068 1600 959d9.exe 101 PID 5068 wrote to memory of 2380 5068 2v1i76.exe 102 PID 5068 wrote to memory of 2380 5068 2v1i76.exe 102 PID 5068 wrote to memory of 2380 5068 2v1i76.exe 102 PID 2380 wrote to memory of 3644 2380 n8526.exe 103 PID 2380 wrote to memory of 3644 2380 n8526.exe 103 PID 2380 wrote to memory of 3644 2380 n8526.exe 103 PID 3644 wrote to memory of 2808 3644 l857ii.exe 104 PID 3644 wrote to memory of 2808 3644 l857ii.exe 104 PID 3644 wrote to memory of 2808 3644 l857ii.exe 104 PID 2808 wrote to memory of 3784 2808 f57p4k.exe 105 PID 2808 wrote to memory of 3784 2808 f57p4k.exe 105 PID 2808 wrote to memory of 3784 2808 f57p4k.exe 105 PID 3784 wrote to memory of 4124 3784 6ja322.exe 106 PID 3784 wrote to memory of 4124 3784 6ja322.exe 106 PID 3784 wrote to memory of 4124 3784 6ja322.exe 106 PID 4124 wrote to memory of 1984 4124 1cxr3x9.exe 107 PID 4124 wrote to memory of 1984 4124 1cxr3x9.exe 107 PID 4124 wrote to memory of 1984 4124 1cxr3x9.exe 107 PID 1984 wrote to memory of 4936 1984 4gt55e1.exe 108 PID 1984 wrote to memory of 4936 1984 4gt55e1.exe 108 PID 1984 wrote to memory of 4936 1984 4gt55e1.exe 108 PID 4936 wrote to memory of 3636 4936 9cgq0p.exe 109 PID 4936 wrote to memory of 3636 4936 9cgq0p.exe 109 PID 4936 wrote to memory of 3636 4936 9cgq0p.exe 109 PID 3636 wrote to memory of 4804 3636 j2e8r.exe 110 PID 3636 wrote to memory of 4804 3636 j2e8r.exe 110 PID 3636 wrote to memory of 4804 3636 j2e8r.exe 110 PID 4804 wrote to memory of 5020 4804 kl1m7.exe 111 PID 4804 wrote to memory of 5020 4804 kl1m7.exe 111 PID 4804 wrote to memory of 5020 4804 kl1m7.exe 111 PID 5020 wrote to memory of 2584 5020 7uu3i.exe 112 PID 5020 wrote to memory of 2584 5020 7uu3i.exe 112 PID 5020 wrote to memory of 2584 5020 7uu3i.exe 112 PID 2584 wrote to memory of 4992 2584 sq71xf1.exe 113
Processes
-
C:\Users\Admin\AppData\Local\Temp\ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1892 -
\??\c:\h9a58k.exec:\h9a58k.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2856 -
\??\c:\7aqu1.exec:\7aqu1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4264 -
\??\c:\s6c4s.exec:\s6c4s.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5032 -
\??\c:\mkb2l.exec:\mkb2l.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1096 -
\??\c:\219pwf.exec:\219pwf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:116 -
\??\c:\ggg73.exec:\ggg73.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4796 -
\??\c:\b4wgww2.exec:\b4wgww2.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5056 -
\??\c:\83o2105.exec:\83o2105.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1380 -
\??\c:\959d9.exec:\959d9.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1600 -
\??\c:\2v1i76.exec:\2v1i76.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5068 -
\??\c:\n8526.exec:\n8526.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\l857ii.exec:\l857ii.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3644 -
\??\c:\f57p4k.exec:\f57p4k.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808 -
\??\c:\6ja322.exec:\6ja322.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3784 -
\??\c:\1cxr3x9.exec:\1cxr3x9.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4124 -
\??\c:\4gt55e1.exec:\4gt55e1.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\9cgq0p.exec:\9cgq0p.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4936 -
\??\c:\j2e8r.exec:\j2e8r.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3636 -
\??\c:\kl1m7.exec:\kl1m7.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4804 -
\??\c:\7uu3i.exec:\7uu3i.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5020 -
\??\c:\sq71xf1.exec:\sq71xf1.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\t2ir0rl.exec:\t2ir0rl.exe23⤵
- Executes dropped EXE
PID:4992 -
\??\c:\j5g41.exec:\j5g41.exe24⤵
- Executes dropped EXE
PID:4908 -
\??\c:\s9q8l.exec:\s9q8l.exe25⤵
- Executes dropped EXE
PID:5000 -
\??\c:\qoeccd.exec:\qoeccd.exe26⤵
- Executes dropped EXE
PID:4272 -
\??\c:\0q4n7fl.exec:\0q4n7fl.exe27⤵
- Executes dropped EXE
PID:1772 -
\??\c:\k3uo56d.exec:\k3uo56d.exe28⤵
- Executes dropped EXE
PID:2248 -
\??\c:\pb8he.exec:\pb8he.exe29⤵
- Executes dropped EXE
PID:5060 -
\??\c:\35171.exec:\35171.exe30⤵
- Executes dropped EXE
PID:3744 -
\??\c:\6fg54k0.exec:\6fg54k0.exe31⤵
- Executes dropped EXE
PID:3060 -
\??\c:\f6u4pl.exec:\f6u4pl.exe32⤵
- Executes dropped EXE
PID:656 -
\??\c:\4513t67.exec:\4513t67.exe33⤵
- Executes dropped EXE
PID:1980 -
\??\c:\9mkl0.exec:\9mkl0.exe34⤵
- Executes dropped EXE
PID:208 -
\??\c:\53wxtf4.exec:\53wxtf4.exe35⤵
- Executes dropped EXE
PID:2672 -
\??\c:\4d1g1.exec:\4d1g1.exe36⤵
- Executes dropped EXE
PID:4176 -
\??\c:\5l90607.exec:\5l90607.exe37⤵
- Executes dropped EXE
PID:4796 -
\??\c:\3vsgf.exec:\3vsgf.exe38⤵
- Executes dropped EXE
PID:4532 -
\??\c:\4ev9g.exec:\4ev9g.exe39⤵
- Executes dropped EXE
PID:1620 -
\??\c:\58173h.exec:\58173h.exe40⤵
- Executes dropped EXE
PID:3112 -
\??\c:\d4v2v7v.exec:\d4v2v7v.exe41⤵
- Executes dropped EXE
PID:1112 -
\??\c:\i2l7vi.exec:\i2l7vi.exe42⤵
- Executes dropped EXE
PID:1144 -
\??\c:\7704k.exec:\7704k.exe43⤵
- Executes dropped EXE
PID:4828 -
\??\c:\912j7.exec:\912j7.exe44⤵
- Executes dropped EXE
PID:4224 -
\??\c:\4436tb.exec:\4436tb.exe45⤵
- Executes dropped EXE
PID:3644 -
\??\c:\h2un5.exec:\h2un5.exe46⤵
- Executes dropped EXE
PID:1428 -
\??\c:\t592h2.exec:\t592h2.exe47⤵
- Executes dropped EXE
PID:2536 -
\??\c:\lmtc1.exec:\lmtc1.exe48⤵
- Executes dropped EXE
PID:1080 -
\??\c:\u45maj.exec:\u45maj.exe49⤵
- Executes dropped EXE
PID:3632 -
\??\c:\336m2wk.exec:\336m2wk.exe50⤵
- Executes dropped EXE
PID:1984 -
\??\c:\35gtbw.exec:\35gtbw.exe51⤵
- Executes dropped EXE
PID:4332 -
\??\c:\2ko33.exec:\2ko33.exe52⤵
- Executes dropped EXE
PID:1444 -
\??\c:\n2ig9.exec:\n2ig9.exe53⤵
- Executes dropped EXE
PID:4500 -
\??\c:\a2u7md.exec:\a2u7md.exe54⤵
- Executes dropped EXE
PID:3956 -
\??\c:\x9vwu.exec:\x9vwu.exe55⤵
- Executes dropped EXE
PID:1568 -
\??\c:\8tu81gw.exec:\8tu81gw.exe56⤵
- Executes dropped EXE
PID:1020 -
\??\c:\6ng2n1.exec:\6ng2n1.exe57⤵
- Executes dropped EXE
PID:3052 -
\??\c:\v430l.exec:\v430l.exe58⤵
- Executes dropped EXE
PID:4344 -
\??\c:\369erpl.exec:\369erpl.exe59⤵
- Executes dropped EXE
PID:4908 -
\??\c:\i6echa.exec:\i6echa.exe60⤵
- Executes dropped EXE
PID:60 -
\??\c:\meqng1s.exec:\meqng1s.exe61⤵PID:4464
-
\??\c:\3hho14.exec:\3hho14.exe62⤵
- Executes dropped EXE
PID:3952 -
\??\c:\h27j3.exec:\h27j3.exe63⤵
- Executes dropped EXE
PID:4104 -
\??\c:\28we1hh.exec:\28we1hh.exe64⤵
- Executes dropped EXE
PID:2696 -
\??\c:\576sx.exec:\576sx.exe65⤵
- Executes dropped EXE
PID:2428 -
\??\c:\262ut.exec:\262ut.exe66⤵
- Executes dropped EXE
PID:3416 -
\??\c:\o0h127.exec:\o0h127.exe67⤵PID:2432
-
\??\c:\t3mgni1.exec:\t3mgni1.exe68⤵PID:1992
-
\??\c:\73f11.exec:\73f11.exe69⤵PID:216
-
\??\c:\428fv3.exec:\428fv3.exe70⤵PID:1980
-
\??\c:\r0132hk.exec:\r0132hk.exe71⤵PID:1988
-
\??\c:\5b9oxa5.exec:\5b9oxa5.exe72⤵PID:2672
-
\??\c:\1lq09a.exec:\1lq09a.exe73⤵PID:3540
-
\??\c:\j09g7.exec:\j09g7.exe74⤵PID:5056
-
\??\c:\7boe582.exec:\7boe582.exe75⤵PID:4532
-
\??\c:\49ond7.exec:\49ond7.exe76⤵PID:1620
-
\??\c:\57r82h.exec:\57r82h.exe77⤵PID:3112
-
\??\c:\c3u736.exec:\c3u736.exe78⤵PID:4624
-
\??\c:\4419k9i.exec:\4419k9i.exe79⤵PID:4876
-
\??\c:\3n207.exec:\3n207.exe80⤵PID:4828
-
\??\c:\53887.exec:\53887.exe81⤵PID:3460
-
\??\c:\wc35pf.exec:\wc35pf.exe82⤵PID:1812
-
\??\c:\n0r5tu.exec:\n0r5tu.exe83⤵PID:1428
-
\??\c:\536cap5.exec:\536cap5.exe84⤵PID:4432
-
\??\c:\8s216h.exec:\8s216h.exe85⤵PID:3968
-
\??\c:\171fujk.exec:\171fujk.exe86⤵PID:3528
-
\??\c:\2ltnn.exec:\2ltnn.exe87⤵PID:2976
-
\??\c:\lustn2.exec:\lustn2.exe88⤵PID:4372
-
\??\c:\u9mdhf.exec:\u9mdhf.exe89⤵PID:1708
-
\??\c:\q924358.exec:\q924358.exe90⤵PID:4732
-
\??\c:\x9o2fa.exec:\x9o2fa.exe91⤵PID:3092
-
\??\c:\f73aw3f.exec:\f73aw3f.exe92⤵PID:2172
-
\??\c:\a9e6473.exec:\a9e6473.exe93⤵PID:1568
-
\??\c:\n23d5l.exec:\n23d5l.exe94⤵PID:4992
-
\??\c:\1x96w.exec:\1x96w.exe95⤵PID:4220
-
\??\c:\18hg4.exec:\18hg4.exe96⤵PID:4388
-
\??\c:\456b10.exec:\456b10.exe97⤵PID:2316
-
\??\c:\c3ke177.exec:\c3ke177.exe98⤵PID:4272
-
\??\c:\v08ts.exec:\v08ts.exe99⤵PID:2252
-
\??\c:\6w37600.exec:\6w37600.exe100⤵PID:2696
-
\??\c:\2ln742.exec:\2ln742.exe101⤵PID:3496
-
\??\c:\c0m9jq.exec:\c0m9jq.exe102⤵PID:3060
-
\??\c:\rou2m5q.exec:\rou2m5q.exe103⤵PID:656
-
\??\c:\f6445x.exec:\f6445x.exe104⤵PID:1992
-
\??\c:\h0da1ha.exec:\h0da1ha.exe105⤵PID:1736
-
\??\c:\01k2p.exec:\01k2p.exe106⤵PID:892
-
\??\c:\g320np.exec:\g320np.exe107⤵PID:1580
-
\??\c:\3e4pnx.exec:\3e4pnx.exe108⤵PID:4860
-
\??\c:\m93xjs4.exec:\m93xjs4.exe109⤵PID:3980
-
\??\c:\4na4s.exec:\4na4s.exe110⤵PID:3156
-
\??\c:\k0f281.exec:\k0f281.exe111⤵PID:1620
-
\??\c:\7i7av77.exec:\7i7av77.exe112⤵PID:4284
-
\??\c:\79po36.exec:\79po36.exe113⤵PID:2380
-
\??\c:\4qd3p3f.exec:\4qd3p3f.exe114⤵PID:2320
-
\??\c:\es09m7.exec:\es09m7.exe115⤵PID:3460
-
\??\c:\449os98.exec:\449os98.exe116⤵PID:2536
-
\??\c:\dn20i.exec:\dn20i.exe117⤵PID:1428
-
\??\c:\ih111.exec:\ih111.exe118⤵PID:4432
-
\??\c:\10fhq6.exec:\10fhq6.exe119⤵PID:4312
-
\??\c:\4c7tt.exec:\4c7tt.exe120⤵PID:2764
-
\??\c:\416guch.exec:\416guch.exe121⤵PID:3576
-
\??\c:\1t0q7s7.exec:\1t0q7s7.exe122⤵PID:820
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-