Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cf8282ff9f3d6cfc8f058e1ae89b4470_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cf8282ff9f3d6cfc8f058e1ae89b4470_NeikiAnalytics.exe
-
Size
267KB
-
MD5
cf8282ff9f3d6cfc8f058e1ae89b4470
-
SHA1
baeb34b5a61e239bb08fdefeda5395b4150217a0
-
SHA256
d39880316c726b22b6fbe996b614626ca9d4b2d516bba73ebe60a147f9da3104
-
SHA512
29d0feaac12319a80cff685dbbb8a895fa10bc0d4cc18c23d19bcd63fbba53ec3f912e49a59398f09a1a54f1437cf1da2eb8ee0a762e860497477fb82c97618e
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmPzTkV2y/QTa9RBZydZbf83pnzgmmIMN:n3C9BRIG0asYFm71mPfkVB8dKwaW9
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/2044-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2364-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2692-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2724-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2524-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2156-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2564-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2912-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2604-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1584-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2116-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/544-158-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/448-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1480-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2228-193-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2348-220-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3044-238-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/344-247-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1012-265-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1068-274-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1684-292-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2984-301-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2364 4688484.exe 2692 lfrrxxf.exe 2524 u628622.exe 2724 7tntnb.exe 2564 ffxflrf.exe 2156 pdppp.exe 2912 9pjvj.exe 1964 thhntt.exe 2604 a4442.exe 2576 864462.exe 1584 4244628.exe 2116 s2680.exe 1912 48008.exe 112 vpddd.exe 544 nhnnnt.exe 448 04468.exe 1480 jvvvp.exe 2880 u028002.exe 2228 m2840.exe 2828 frxxffl.exe 2596 9xlrxfl.exe 2348 1tbhnn.exe 1672 fxrrflx.exe 3044 bbtnhh.exe 344 pdpvj.exe 1288 646022.exe 1012 bnnnnt.exe 1068 vpvjp.exe 1496 ffxxllr.exe 1684 nhtbhn.exe 2984 28800.exe 880 42006.exe 1372 g2002.exe 2540 0088062.exe 1548 5thhhh.exe 1540 4622882.exe 3020 64246.exe 864 rlrrlll.exe 2424 088440.exe 2716 lxxxflx.exe 2396 u244444.exe 2564 008046.exe 1180 bthnnb.exe 1212 64284.exe 2640 68044.exe 2488 1rflrrx.exe 2612 8644006.exe 1648 q08882.exe 2196 644448.exe 1900 46084.exe 1952 64224.exe 2152 w64400.exe 1604 820444.exe 1520 rfxxffl.exe 1048 0242884.exe 1428 s4628.exe 2952 2080228.exe 2936 e46080.exe 2248 0402002.exe 2124 2022400.exe 2136 pdppv.exe 2060 hbnnth.exe 2348 frflxrx.exe 3056 lfrrxfr.exe -
resource yara_rule behavioral1/memory/2044-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2364-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2724-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2156-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2604-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1584-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2116-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/544-158-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/448-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1480-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2228-193-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2348-220-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3044-238-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/344-247-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1012-265-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1068-274-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1684-292-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2984-301-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2044 wrote to memory of 2364 2044 cf8282ff9f3d6cfc8f058e1ae89b4470_NeikiAnalytics.exe 28 PID 2044 wrote to memory of 2364 2044 cf8282ff9f3d6cfc8f058e1ae89b4470_NeikiAnalytics.exe 28 PID 2044 wrote to memory of 2364 2044 cf8282ff9f3d6cfc8f058e1ae89b4470_NeikiAnalytics.exe 28 PID 2044 wrote to memory of 2364 2044 cf8282ff9f3d6cfc8f058e1ae89b4470_NeikiAnalytics.exe 28 PID 2364 wrote to memory of 2692 2364 4688484.exe 29 PID 2364 wrote to memory of 2692 2364 4688484.exe 29 PID 2364 wrote to memory of 2692 2364 4688484.exe 29 PID 2364 wrote to memory of 2692 2364 4688484.exe 29 PID 2692 wrote to memory of 2524 2692 lfrrxxf.exe 30 PID 2692 wrote to memory of 2524 2692 lfrrxxf.exe 30 PID 2692 wrote to memory of 2524 2692 lfrrxxf.exe 30 PID 2692 wrote to memory of 2524 2692 lfrrxxf.exe 30 PID 2524 wrote to memory of 2724 2524 u628622.exe 31 PID 2524 wrote to memory of 2724 2524 u628622.exe 31 PID 2524 wrote to memory of 2724 2524 u628622.exe 31 PID 2524 wrote to memory of 2724 2524 u628622.exe 31 PID 2724 wrote to memory of 2564 2724 7tntnb.exe 32 PID 2724 wrote to memory of 2564 2724 7tntnb.exe 32 PID 2724 wrote to memory of 2564 2724 7tntnb.exe 32 PID 2724 wrote to memory of 2564 2724 7tntnb.exe 32 PID 2564 wrote to memory of 2156 2564 ffxflrf.exe 33 PID 2564 wrote to memory of 2156 2564 ffxflrf.exe 33 PID 2564 wrote to memory of 2156 2564 ffxflrf.exe 33 PID 2564 wrote to memory of 2156 2564 ffxflrf.exe 33 PID 2156 wrote to memory of 2912 2156 pdppp.exe 34 PID 2156 wrote to memory of 2912 2156 pdppp.exe 34 PID 2156 wrote to memory of 2912 2156 pdppp.exe 34 PID 2156 wrote to memory of 2912 2156 pdppp.exe 34 PID 2912 wrote to memory of 1964 2912 9pjvj.exe 35 PID 2912 wrote to memory of 1964 2912 9pjvj.exe 35 PID 2912 wrote to memory of 1964 2912 9pjvj.exe 35 PID 2912 wrote to memory of 1964 2912 9pjvj.exe 35 PID 1964 wrote to memory of 2604 1964 thhntt.exe 36 PID 1964 wrote to memory of 2604 1964 thhntt.exe 36 PID 1964 wrote to memory of 2604 1964 thhntt.exe 36 PID 1964 wrote to memory of 2604 1964 thhntt.exe 36 PID 2604 wrote to memory of 2576 2604 a4442.exe 37 PID 2604 wrote to memory of 2576 2604 a4442.exe 37 PID 2604 wrote to memory of 2576 2604 a4442.exe 37 PID 2604 wrote to memory of 2576 2604 a4442.exe 37 PID 2576 wrote to memory of 1584 2576 864462.exe 38 PID 2576 wrote to memory of 1584 2576 864462.exe 38 PID 2576 wrote to memory of 1584 2576 864462.exe 38 PID 2576 wrote to memory of 1584 2576 864462.exe 38 PID 1584 wrote to memory of 2116 1584 4244628.exe 39 PID 1584 wrote to memory of 2116 1584 4244628.exe 39 PID 1584 wrote to memory of 2116 1584 4244628.exe 39 PID 1584 wrote to memory of 2116 1584 4244628.exe 39 PID 2116 wrote to memory of 1912 2116 s2680.exe 40 PID 2116 wrote to memory of 1912 2116 s2680.exe 40 PID 2116 wrote to memory of 1912 2116 s2680.exe 40 PID 2116 wrote to memory of 1912 2116 s2680.exe 40 PID 1912 wrote to memory of 112 1912 48008.exe 41 PID 1912 wrote to memory of 112 1912 48008.exe 41 PID 1912 wrote to memory of 112 1912 48008.exe 41 PID 1912 wrote to memory of 112 1912 48008.exe 41 PID 112 wrote to memory of 544 112 vpddd.exe 42 PID 112 wrote to memory of 544 112 vpddd.exe 42 PID 112 wrote to memory of 544 112 vpddd.exe 42 PID 112 wrote to memory of 544 112 vpddd.exe 42 PID 544 wrote to memory of 448 544 nhnnnt.exe 43 PID 544 wrote to memory of 448 544 nhnnnt.exe 43 PID 544 wrote to memory of 448 544 nhnnnt.exe 43 PID 544 wrote to memory of 448 544 nhnnnt.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf8282ff9f3d6cfc8f058e1ae89b4470_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cf8282ff9f3d6cfc8f058e1ae89b4470_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2044 -
\??\c:\4688484.exec:\4688484.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2364 -
\??\c:\lfrrxxf.exec:\lfrrxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\u628622.exec:\u628622.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\7tntnb.exec:\7tntnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\ffxflrf.exec:\ffxflrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\pdppp.exec:\pdppp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2156 -
\??\c:\9pjvj.exec:\9pjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\thhntt.exec:\thhntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\a4442.exec:\a4442.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2604 -
\??\c:\864462.exec:\864462.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\4244628.exec:\4244628.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\s2680.exec:\s2680.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2116 -
\??\c:\48008.exec:\48008.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1912 -
\??\c:\vpddd.exec:\vpddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:112 -
\??\c:\nhnnnt.exec:\nhnnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:544 -
\??\c:\04468.exec:\04468.exe17⤵
- Executes dropped EXE
PID:448 -
\??\c:\jvvvp.exec:\jvvvp.exe18⤵
- Executes dropped EXE
PID:1480 -
\??\c:\u028002.exec:\u028002.exe19⤵
- Executes dropped EXE
PID:2880 -
\??\c:\m2840.exec:\m2840.exe20⤵
- Executes dropped EXE
PID:2228 -
\??\c:\frxxffl.exec:\frxxffl.exe21⤵
- Executes dropped EXE
PID:2828 -
\??\c:\9xlrxfl.exec:\9xlrxfl.exe22⤵
- Executes dropped EXE
PID:2596 -
\??\c:\1tbhnn.exec:\1tbhnn.exe23⤵
- Executes dropped EXE
PID:2348 -
\??\c:\fxrrflx.exec:\fxrrflx.exe24⤵
- Executes dropped EXE
PID:1672 -
\??\c:\bbtnhh.exec:\bbtnhh.exe25⤵
- Executes dropped EXE
PID:3044 -
\??\c:\pdpvj.exec:\pdpvj.exe26⤵
- Executes dropped EXE
PID:344 -
\??\c:\646022.exec:\646022.exe27⤵
- Executes dropped EXE
PID:1288 -
\??\c:\bnnnnt.exec:\bnnnnt.exe28⤵
- Executes dropped EXE
PID:1012 -
\??\c:\vpvjp.exec:\vpvjp.exe29⤵
- Executes dropped EXE
PID:1068 -
\??\c:\ffxxllr.exec:\ffxxllr.exe30⤵
- Executes dropped EXE
PID:1496 -
\??\c:\nhtbhn.exec:\nhtbhn.exe31⤵
- Executes dropped EXE
PID:1684 -
\??\c:\28800.exec:\28800.exe32⤵
- Executes dropped EXE
PID:2984 -
\??\c:\42006.exec:\42006.exe33⤵
- Executes dropped EXE
PID:880 -
\??\c:\g2002.exec:\g2002.exe34⤵
- Executes dropped EXE
PID:1372 -
\??\c:\0088062.exec:\0088062.exe35⤵
- Executes dropped EXE
PID:2540 -
\??\c:\5thhhh.exec:\5thhhh.exe36⤵
- Executes dropped EXE
PID:1548 -
\??\c:\4622882.exec:\4622882.exe37⤵
- Executes dropped EXE
PID:1540 -
\??\c:\64246.exec:\64246.exe38⤵
- Executes dropped EXE
PID:3020 -
\??\c:\rlrrlll.exec:\rlrrlll.exe39⤵
- Executes dropped EXE
PID:864 -
\??\c:\088440.exec:\088440.exe40⤵
- Executes dropped EXE
PID:2424 -
\??\c:\lxxxflx.exec:\lxxxflx.exe41⤵
- Executes dropped EXE
PID:2716 -
\??\c:\u244444.exec:\u244444.exe42⤵
- Executes dropped EXE
PID:2396 -
\??\c:\008046.exec:\008046.exe43⤵
- Executes dropped EXE
PID:2564 -
\??\c:\bthnnb.exec:\bthnnb.exe44⤵
- Executes dropped EXE
PID:1180 -
\??\c:\64284.exec:\64284.exe45⤵
- Executes dropped EXE
PID:1212 -
\??\c:\68044.exec:\68044.exe46⤵
- Executes dropped EXE
PID:2640 -
\??\c:\1rflrrx.exec:\1rflrrx.exe47⤵
- Executes dropped EXE
PID:2488 -
\??\c:\8644006.exec:\8644006.exe48⤵
- Executes dropped EXE
PID:2612 -
\??\c:\q08882.exec:\q08882.exe49⤵
- Executes dropped EXE
PID:1648 -
\??\c:\644448.exec:\644448.exe50⤵
- Executes dropped EXE
PID:2196 -
\??\c:\46084.exec:\46084.exe51⤵
- Executes dropped EXE
PID:1900 -
\??\c:\64224.exec:\64224.exe52⤵
- Executes dropped EXE
PID:1952 -
\??\c:\w64400.exec:\w64400.exe53⤵
- Executes dropped EXE
PID:2152 -
\??\c:\820444.exec:\820444.exe54⤵
- Executes dropped EXE
PID:1604 -
\??\c:\rfxxffl.exec:\rfxxffl.exe55⤵
- Executes dropped EXE
PID:1520 -
\??\c:\0242884.exec:\0242884.exe56⤵
- Executes dropped EXE
PID:1048 -
\??\c:\s4628.exec:\s4628.exe57⤵
- Executes dropped EXE
PID:1428 -
\??\c:\2080228.exec:\2080228.exe58⤵
- Executes dropped EXE
PID:2952 -
\??\c:\e46080.exec:\e46080.exe59⤵
- Executes dropped EXE
PID:2936 -
\??\c:\0402002.exec:\0402002.exe60⤵
- Executes dropped EXE
PID:2248 -
\??\c:\2022400.exec:\2022400.exe61⤵
- Executes dropped EXE
PID:2124 -
\??\c:\pdppv.exec:\pdppv.exe62⤵
- Executes dropped EXE
PID:2136 -
\??\c:\hbnnth.exec:\hbnnth.exe63⤵
- Executes dropped EXE
PID:2060 -
\??\c:\frflxrx.exec:\frflxrx.exe64⤵
- Executes dropped EXE
PID:2348 -
\??\c:\lfrrxfr.exec:\lfrrxfr.exe65⤵
- Executes dropped EXE
PID:3056 -
\??\c:\bnbtbt.exec:\bnbtbt.exe66⤵PID:1472
-
\??\c:\lxffllr.exec:\lxffllr.exe67⤵PID:356
-
\??\c:\480284.exec:\480284.exe68⤵PID:2360
-
\??\c:\rlflxlx.exec:\rlflxlx.exe69⤵PID:1424
-
\??\c:\48804.exec:\48804.exe70⤵PID:856
-
\??\c:\btnnbb.exec:\btnnbb.exe71⤵PID:1068
-
\??\c:\fxrrrlr.exec:\fxrrrlr.exe72⤵PID:1644
-
\??\c:\lfxrxff.exec:\lfxrxff.exe73⤵PID:2036
-
\??\c:\dvdjp.exec:\dvdjp.exe74⤵PID:1860
-
\??\c:\k84022.exec:\k84022.exe75⤵PID:2340
-
\??\c:\rfrxxff.exec:\rfrxxff.exe76⤵PID:1656
-
\??\c:\4806224.exec:\4806224.exe77⤵PID:1216
-
\??\c:\42884.exec:\42884.exe78⤵PID:1516
-
\??\c:\42484.exec:\42484.exe79⤵PID:2672
-
\??\c:\46884.exec:\46884.exe80⤵PID:1328
-
\??\c:\a8048.exec:\a8048.exe81⤵PID:2560
-
\??\c:\rlfxlll.exec:\rlfxlll.exe82⤵PID:2524
-
\??\c:\thnhnn.exec:\thnhnn.exe83⤵PID:2456
-
\??\c:\5jpjd.exec:\5jpjd.exe84⤵PID:2652
-
\??\c:\k42800.exec:\k42800.exe85⤵PID:2448
-
\??\c:\c200824.exec:\c200824.exe86⤵PID:1660
-
\??\c:\pdjjv.exec:\pdjjv.exe87⤵PID:1112
-
\??\c:\vjvdj.exec:\vjvdj.exe88⤵PID:2608
-
\??\c:\04668.exec:\04668.exe89⤵PID:2636
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe90⤵PID:2592
-
\??\c:\u440222.exec:\u440222.exe91⤵PID:2576
-
\??\c:\200626.exec:\200626.exe92⤵PID:616
-
\??\c:\802806.exec:\802806.exe93⤵PID:1880
-
\??\c:\pdpjp.exec:\pdpjp.exe94⤵PID:1884
-
\??\c:\tnbhhh.exec:\tnbhhh.exe95⤵PID:540
-
\??\c:\o862846.exec:\o862846.exe96⤵PID:1624
-
\??\c:\tnbbnb.exec:\tnbbnb.exe97⤵PID:748
-
\??\c:\5hbbnt.exec:\5hbbnt.exe98⤵PID:1104
-
\??\c:\k02622.exec:\k02622.exe99⤵PID:1244
-
\??\c:\flrllff.exec:\flrllff.exe100⤵PID:1480
-
\??\c:\rlxfrxr.exec:\rlxfrxr.exe101⤵PID:2880
-
\??\c:\0406888.exec:\0406888.exe102⤵PID:2832
-
\??\c:\btnhhn.exec:\btnhhn.exe103⤵PID:2440
-
\??\c:\rlxrrll.exec:\rlxrrll.exe104⤵PID:2028
-
\??\c:\g6806.exec:\g6806.exe105⤵PID:2596
-
\??\c:\g0226.exec:\g0226.exe106⤵PID:2352
-
\??\c:\0400224.exec:\0400224.exe107⤵PID:2148
-
\??\c:\rfllxrx.exec:\rfllxrx.exe108⤵PID:828
-
\??\c:\q20066.exec:\q20066.exe109⤵PID:2784
-
\??\c:\82006.exec:\82006.exe110⤵PID:1800
-
\??\c:\7dpjd.exec:\7dpjd.exe111⤵PID:2232
-
\??\c:\dpvvv.exec:\dpvvv.exe112⤵PID:3048
-
\??\c:\vpjpp.exec:\vpjpp.exe113⤵PID:2264
-
\??\c:\824466.exec:\824466.exe114⤵PID:2244
-
\??\c:\2244006.exec:\2244006.exe115⤵PID:2276
-
\??\c:\084804.exec:\084804.exe116⤵PID:2796
-
\??\c:\8680228.exec:\8680228.exe117⤵PID:2984
-
\??\c:\nhbbhh.exec:\nhbbhh.exe118⤵PID:2128
-
\??\c:\1dvvd.exec:\1dvvd.exe119⤵PID:3024
-
\??\c:\424062.exec:\424062.exe120⤵PID:2032
-
\??\c:\60828.exec:\60828.exe121⤵PID:2820
-
\??\c:\bthhnt.exec:\bthhnt.exe122⤵PID:2408
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-