Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe
-
Size
306KB
-
MD5
6cc49bd405510fdaefb5de79b5d197f0
-
SHA1
09b48120be291958f91772b29c171fa9f573769d
-
SHA256
22d683acfa42dfa9c168721ba65bded2ad499eecaa8601af2799f820e4595715
-
SHA512
e2934a8f1fa93a127289d44d0dfeb3521c45b8d8b56a719a3bb8303e780fc939894a6ccac8fd803f96c7e6ad682b1bac5e0f7c6b8868a875f2be412d842bed7d
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2vu:n3C9uUnAvtd3Ogld2vu
Malware Config
Signatures
-
Detect Blackmoon payload 19 IoCs
resource yara_rule behavioral1/memory/2896-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2648-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2652-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2492-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2516-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2480-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2416-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2484-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2160-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1912-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/832-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1636-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2028-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2928-245-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1064-255-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1252-263-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1092-281-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2256-290-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1484-299-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2896 rbvlx.exe 2652 ppvfffx.exe 2492 vbjjfdn.exe 2516 rnddppl.exe 2480 ldbtp.exe 2416 nhdpxvf.exe 2484 rxdbhtt.exe 2160 jrpjf.exe 1428 hhvpp.exe 1816 jjhnfx.exe 1508 bdxdd.exe 2680 vnrtrpv.exe 1888 vpndnvx.exe 2336 flpbx.exe 1912 ttxhj.exe 832 ldftr.exe 1636 hdlfjx.exe 2028 plpdrhb.exe 1992 xxtrfdf.exe 2232 xjfxtdn.exe 516 vhjbn.exe 2732 nppprtx.exe 2212 xrrht.exe 2928 lphbh.exe 1064 tbjpn.exe 1252 rhlrdh.exe 1664 nrlhr.exe 1092 xhbjl.exe 2256 hdbphr.exe 1484 vvvrvlx.exe 3068 nbtrpf.exe 2060 lrnrfxj.exe 2844 ffbnxjb.exe 2908 jbrxfr.exe 1572 lxlbr.exe 3008 phnjxvp.exe 2556 fjvfr.exe 2492 rnbpptj.exe 2628 hfvbb.exe 2640 dddrnb.exe 2460 jdfllv.exe 2364 hnjjbp.exe 2424 lrjpt.exe 2968 jpvhbvx.exe 1200 xnlrlbp.exe 1028 ppblhfx.exe 1648 xpjtfjl.exe 1820 rfbxrvx.exe 1816 hvbjv.exe 2420 pntrdj.exe 1952 xdtjvbb.exe 2276 vphfv.exe 1676 hxrbnlf.exe 1908 drhthp.exe 1928 dthxjh.exe 2332 dpvhdxt.exe 1412 vbrln.exe 1148 bbvjb.exe 2076 dlnvnl.exe 676 jthbxrr.exe 1068 dvdvjvb.exe 2712 dljbn.exe 2728 dlrpbt.exe 2948 hrldfp.exe -
resource yara_rule behavioral1/memory/2648-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2896-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2648-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2652-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2652-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2416-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2416-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2416-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2416-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2484-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2484-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2160-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2160-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2160-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1912-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/832-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1636-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2028-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2928-245-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1064-255-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1252-263-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1092-281-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2256-290-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1484-299-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2648 wrote to memory of 2896 2648 6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe 28 PID 2648 wrote to memory of 2896 2648 6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe 28 PID 2648 wrote to memory of 2896 2648 6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe 28 PID 2648 wrote to memory of 2896 2648 6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe 28 PID 2896 wrote to memory of 2652 2896 rbvlx.exe 29 PID 2896 wrote to memory of 2652 2896 rbvlx.exe 29 PID 2896 wrote to memory of 2652 2896 rbvlx.exe 29 PID 2896 wrote to memory of 2652 2896 rbvlx.exe 29 PID 2652 wrote to memory of 2492 2652 ppvfffx.exe 30 PID 2652 wrote to memory of 2492 2652 ppvfffx.exe 30 PID 2652 wrote to memory of 2492 2652 ppvfffx.exe 30 PID 2652 wrote to memory of 2492 2652 ppvfffx.exe 30 PID 2492 wrote to memory of 2516 2492 vbjjfdn.exe 31 PID 2492 wrote to memory of 2516 2492 vbjjfdn.exe 31 PID 2492 wrote to memory of 2516 2492 vbjjfdn.exe 31 PID 2492 wrote to memory of 2516 2492 vbjjfdn.exe 31 PID 2516 wrote to memory of 2480 2516 rnddppl.exe 32 PID 2516 wrote to memory of 2480 2516 rnddppl.exe 32 PID 2516 wrote to memory of 2480 2516 rnddppl.exe 32 PID 2516 wrote to memory of 2480 2516 rnddppl.exe 32 PID 2480 wrote to memory of 2416 2480 ldbtp.exe 33 PID 2480 wrote to memory of 2416 2480 ldbtp.exe 33 PID 2480 wrote to memory of 2416 2480 ldbtp.exe 33 PID 2480 wrote to memory of 2416 2480 ldbtp.exe 33 PID 2416 wrote to memory of 2484 2416 nhdpxvf.exe 34 PID 2416 wrote to memory of 2484 2416 nhdpxvf.exe 34 PID 2416 wrote to memory of 2484 2416 nhdpxvf.exe 34 PID 2416 wrote to memory of 2484 2416 nhdpxvf.exe 34 PID 2484 wrote to memory of 2160 2484 rxdbhtt.exe 35 PID 2484 wrote to memory of 2160 2484 rxdbhtt.exe 35 PID 2484 wrote to memory of 2160 2484 rxdbhtt.exe 35 PID 2484 wrote to memory of 2160 2484 rxdbhtt.exe 35 PID 2160 wrote to memory of 1428 2160 jrpjf.exe 36 PID 2160 wrote to memory of 1428 2160 jrpjf.exe 36 PID 2160 wrote to memory of 1428 2160 jrpjf.exe 36 PID 2160 wrote to memory of 1428 2160 jrpjf.exe 36 PID 1428 wrote to memory of 1816 1428 hhvpp.exe 37 PID 1428 wrote to memory of 1816 1428 hhvpp.exe 37 PID 1428 wrote to memory of 1816 1428 hhvpp.exe 37 PID 1428 wrote to memory of 1816 1428 hhvpp.exe 37 PID 1816 wrote to memory of 1508 1816 jjhnfx.exe 38 PID 1816 wrote to memory of 1508 1816 jjhnfx.exe 38 PID 1816 wrote to memory of 1508 1816 jjhnfx.exe 38 PID 1816 wrote to memory of 1508 1816 jjhnfx.exe 38 PID 1508 wrote to memory of 2680 1508 bdxdd.exe 39 PID 1508 wrote to memory of 2680 1508 bdxdd.exe 39 PID 1508 wrote to memory of 2680 1508 bdxdd.exe 39 PID 1508 wrote to memory of 2680 1508 bdxdd.exe 39 PID 2680 wrote to memory of 1888 2680 vnrtrpv.exe 40 PID 2680 wrote to memory of 1888 2680 vnrtrpv.exe 40 PID 2680 wrote to memory of 1888 2680 vnrtrpv.exe 40 PID 2680 wrote to memory of 1888 2680 vnrtrpv.exe 40 PID 1888 wrote to memory of 2336 1888 vpndnvx.exe 41 PID 1888 wrote to memory of 2336 1888 vpndnvx.exe 41 PID 1888 wrote to memory of 2336 1888 vpndnvx.exe 41 PID 1888 wrote to memory of 2336 1888 vpndnvx.exe 41 PID 2336 wrote to memory of 1912 2336 flpbx.exe 42 PID 2336 wrote to memory of 1912 2336 flpbx.exe 42 PID 2336 wrote to memory of 1912 2336 flpbx.exe 42 PID 2336 wrote to memory of 1912 2336 flpbx.exe 42 PID 1912 wrote to memory of 832 1912 ttxhj.exe 43 PID 1912 wrote to memory of 832 1912 ttxhj.exe 43 PID 1912 wrote to memory of 832 1912 ttxhj.exe 43 PID 1912 wrote to memory of 832 1912 ttxhj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\rbvlx.exec:\rbvlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\ppvfffx.exec:\ppvfffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\vbjjfdn.exec:\vbjjfdn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\rnddppl.exec:\rnddppl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516 -
\??\c:\ldbtp.exec:\ldbtp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\nhdpxvf.exec:\nhdpxvf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\rxdbhtt.exec:\rxdbhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\jrpjf.exec:\jrpjf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2160 -
\??\c:\hhvpp.exec:\hhvpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1428 -
\??\c:\jjhnfx.exec:\jjhnfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1816 -
\??\c:\bdxdd.exec:\bdxdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1508 -
\??\c:\vnrtrpv.exec:\vnrtrpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2680 -
\??\c:\vpndnvx.exec:\vpndnvx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1888 -
\??\c:\flpbx.exec:\flpbx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2336 -
\??\c:\ttxhj.exec:\ttxhj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1912 -
\??\c:\ldftr.exec:\ldftr.exe17⤵
- Executes dropped EXE
PID:832 -
\??\c:\hdlfjx.exec:\hdlfjx.exe18⤵
- Executes dropped EXE
PID:1636 -
\??\c:\plpdrhb.exec:\plpdrhb.exe19⤵
- Executes dropped EXE
PID:2028 -
\??\c:\xxtrfdf.exec:\xxtrfdf.exe20⤵
- Executes dropped EXE
PID:1992 -
\??\c:\xjfxtdn.exec:\xjfxtdn.exe21⤵
- Executes dropped EXE
PID:2232 -
\??\c:\vhjbn.exec:\vhjbn.exe22⤵
- Executes dropped EXE
PID:516 -
\??\c:\nppprtx.exec:\nppprtx.exe23⤵
- Executes dropped EXE
PID:2732 -
\??\c:\xrrht.exec:\xrrht.exe24⤵
- Executes dropped EXE
PID:2212 -
\??\c:\lphbh.exec:\lphbh.exe25⤵
- Executes dropped EXE
PID:2928 -
\??\c:\tbjpn.exec:\tbjpn.exe26⤵
- Executes dropped EXE
PID:1064 -
\??\c:\rhlrdh.exec:\rhlrdh.exe27⤵
- Executes dropped EXE
PID:1252 -
\??\c:\nrlhr.exec:\nrlhr.exe28⤵
- Executes dropped EXE
PID:1664 -
\??\c:\xhbjl.exec:\xhbjl.exe29⤵
- Executes dropped EXE
PID:1092 -
\??\c:\hdbphr.exec:\hdbphr.exe30⤵
- Executes dropped EXE
PID:2256 -
\??\c:\vvvrvlx.exec:\vvvrvlx.exe31⤵
- Executes dropped EXE
PID:1484 -
\??\c:\nbtrpf.exec:\nbtrpf.exe32⤵
- Executes dropped EXE
PID:3068 -
\??\c:\lrnrfxj.exec:\lrnrfxj.exe33⤵
- Executes dropped EXE
PID:2060 -
\??\c:\ffbnxjb.exec:\ffbnxjb.exe34⤵
- Executes dropped EXE
PID:2844 -
\??\c:\jbrxfr.exec:\jbrxfr.exe35⤵
- Executes dropped EXE
PID:2908 -
\??\c:\lxlbr.exec:\lxlbr.exe36⤵
- Executes dropped EXE
PID:1572 -
\??\c:\phnjxvp.exec:\phnjxvp.exe37⤵
- Executes dropped EXE
PID:3008 -
\??\c:\fjvfr.exec:\fjvfr.exe38⤵
- Executes dropped EXE
PID:2556 -
\??\c:\rnbpptj.exec:\rnbpptj.exe39⤵
- Executes dropped EXE
PID:2492 -
\??\c:\hfvbb.exec:\hfvbb.exe40⤵
- Executes dropped EXE
PID:2628 -
\??\c:\dddrnb.exec:\dddrnb.exe41⤵
- Executes dropped EXE
PID:2640 -
\??\c:\jdfllv.exec:\jdfllv.exe42⤵
- Executes dropped EXE
PID:2460 -
\??\c:\hnjjbp.exec:\hnjjbp.exe43⤵
- Executes dropped EXE
PID:2364 -
\??\c:\lrjpt.exec:\lrjpt.exe44⤵
- Executes dropped EXE
PID:2424 -
\??\c:\jpvhbvx.exec:\jpvhbvx.exe45⤵
- Executes dropped EXE
PID:2968 -
\??\c:\xnlrlbp.exec:\xnlrlbp.exe46⤵
- Executes dropped EXE
PID:1200 -
\??\c:\ppblhfx.exec:\ppblhfx.exe47⤵
- Executes dropped EXE
PID:1028 -
\??\c:\xpjtfjl.exec:\xpjtfjl.exe48⤵
- Executes dropped EXE
PID:1648 -
\??\c:\rfbxrvx.exec:\rfbxrvx.exe49⤵
- Executes dropped EXE
PID:1820 -
\??\c:\hvbjv.exec:\hvbjv.exe50⤵
- Executes dropped EXE
PID:1816 -
\??\c:\pntrdj.exec:\pntrdj.exe51⤵
- Executes dropped EXE
PID:2420 -
\??\c:\xdtjvbb.exec:\xdtjvbb.exe52⤵
- Executes dropped EXE
PID:1952 -
\??\c:\vphfv.exec:\vphfv.exe53⤵
- Executes dropped EXE
PID:2276 -
\??\c:\hxrbnlf.exec:\hxrbnlf.exe54⤵
- Executes dropped EXE
PID:1676 -
\??\c:\drhthp.exec:\drhthp.exe55⤵
- Executes dropped EXE
PID:1908 -
\??\c:\dthxjh.exec:\dthxjh.exe56⤵
- Executes dropped EXE
PID:1928 -
\??\c:\dpvhdxt.exec:\dpvhdxt.exe57⤵
- Executes dropped EXE
PID:2332 -
\??\c:\vbrln.exec:\vbrln.exe58⤵
- Executes dropped EXE
PID:1412 -
\??\c:\bbvjb.exec:\bbvjb.exe59⤵
- Executes dropped EXE
PID:1148 -
\??\c:\dlnvnl.exec:\dlnvnl.exe60⤵
- Executes dropped EXE
PID:2076 -
\??\c:\jthbxrr.exec:\jthbxrr.exe61⤵
- Executes dropped EXE
PID:676 -
\??\c:\dvdvjvb.exec:\dvdvjvb.exe62⤵
- Executes dropped EXE
PID:1068 -
\??\c:\dljbn.exec:\dljbn.exe63⤵
- Executes dropped EXE
PID:2712 -
\??\c:\dlrpbt.exec:\dlrpbt.exe64⤵
- Executes dropped EXE
PID:2728 -
\??\c:\hrldfp.exec:\hrldfp.exe65⤵
- Executes dropped EXE
PID:2948 -
\??\c:\xjxjj.exec:\xjxjj.exe66⤵PID:2944
-
\??\c:\jhrhfdx.exec:\jhrhfdx.exe67⤵PID:2928
-
\??\c:\nflvhb.exec:\nflvhb.exe68⤵PID:1608
-
\??\c:\fddjh.exec:\fddjh.exe69⤵PID:1828
-
\??\c:\xnfjx.exec:\xnfjx.exe70⤵PID:1104
-
\??\c:\txpxhl.exec:\txpxhl.exe71⤵PID:288
-
\??\c:\bbldd.exec:\bbldd.exe72⤵PID:1968
-
\??\c:\vrvjt.exec:\vrvjt.exe73⤵PID:2188
-
\??\c:\pjjxd.exec:\pjjxd.exe74⤵PID:796
-
\??\c:\fldxv.exec:\fldxv.exe75⤵PID:2112
-
\??\c:\pxjdxld.exec:\pxjdxld.exe76⤵PID:880
-
\??\c:\brndrl.exec:\brndrl.exe77⤵PID:1140
-
\??\c:\pvpjxx.exec:\pvpjxx.exe78⤵PID:2984
-
\??\c:\bfbfbbl.exec:\bfbfbbl.exe79⤵PID:2452
-
\??\c:\ltrvxlr.exec:\ltrvxlr.exe80⤵PID:1600
-
\??\c:\ndpfnhj.exec:\ndpfnhj.exe81⤵PID:2860
-
\??\c:\xbtjj.exec:\xbtjj.exe82⤵PID:2572
-
\??\c:\tfffx.exec:\tfffx.exe83⤵PID:2704
-
\??\c:\bhrdh.exec:\bhrdh.exe84⤵PID:2624
-
\??\c:\xvnpn.exec:\xvnpn.exe85⤵PID:2644
-
\??\c:\rbntvn.exec:\rbntvn.exe86⤵PID:2360
-
\??\c:\dxtvnl.exec:\dxtvnl.exe87⤵PID:2772
-
\??\c:\xnjdrp.exec:\xnjdrp.exe88⤵PID:2780
-
\??\c:\jrxrf.exec:\jrxrf.exe89⤵PID:588
-
\??\c:\fbbthf.exec:\fbbthf.exe90⤵PID:548
-
\??\c:\rrxlt.exec:\rrxlt.exe91⤵PID:1112
-
\??\c:\phvxv.exec:\phvxv.exe92⤵PID:836
-
\??\c:\lxrpnl.exec:\lxrpnl.exe93⤵PID:1648
-
\??\c:\xdtdrxf.exec:\xdtdrxf.exe94⤵PID:2588
-
\??\c:\fvbdx.exec:\fvbdx.exe95⤵PID:2980
-
\??\c:\nlhdvvd.exec:\nlhdvvd.exe96⤵PID:2680
-
\??\c:\hhlfdbr.exec:\hhlfdbr.exe97⤵PID:1976
-
\??\c:\jjbtnb.exec:\jjbtnb.exe98⤵PID:1656
-
\??\c:\jpxjfrp.exec:\jpxjfrp.exe99⤵PID:1948
-
\??\c:\dxhvhjp.exec:\dxhvhjp.exe100⤵PID:1216
-
\??\c:\flvtf.exec:\flvtf.exe101⤵PID:1712
-
\??\c:\vhprhp.exec:\vhprhp.exe102⤵PID:1488
-
\??\c:\xdrln.exec:\xdrln.exe103⤵PID:1704
-
\??\c:\xppjj.exec:\xppjj.exe104⤵PID:2224
-
\??\c:\tbjrtht.exec:\tbjrtht.exe105⤵PID:592
-
\??\c:\rbbvrb.exec:\rbbvrb.exe106⤵PID:2144
-
\??\c:\pdnrbv.exec:\pdnrbv.exe107⤵PID:2200
-
\??\c:\xdjxlx.exec:\xdjxlx.exe108⤵PID:420
-
\??\c:\pdftf.exec:\pdftf.exe109⤵PID:3052
-
\??\c:\rvtrpl.exec:\rvtrpl.exe110⤵PID:1424
-
\??\c:\fnldvbn.exec:\fnldvbn.exe111⤵PID:840
-
\??\c:\xnthl.exec:\xnthl.exe112⤵PID:1064
-
\??\c:\xhrpbtp.exec:\xhrpbtp.exe113⤵PID:1528
-
\??\c:\rrfjr.exec:\rrfjr.exe114⤵PID:768
-
\??\c:\ljxtfrj.exec:\ljxtfrj.exe115⤵PID:1552
-
\??\c:\ntpft.exec:\ntpft.exe116⤵PID:1744
-
\??\c:\jtdtvvr.exec:\jtdtvvr.exe117⤵PID:2052
-
\??\c:\dpjdvx.exec:\dpjdvx.exe118⤵PID:2296
-
\??\c:\nffxhjp.exec:\nffxhjp.exe119⤵PID:796
-
\??\c:\jtvlrjh.exec:\jtvlrjh.exe120⤵PID:2740
-
\??\c:\fhdrprl.exec:\fhdrprl.exe121⤵PID:2856
-
\??\c:\txnplvt.exec:\txnplvt.exe122⤵PID:2896
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-