Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe
-
Size
401KB
-
MD5
65d4b4de56ee85759cbd651ecdeef130
-
SHA1
0b1ee38539ff94ce2f1bbf615356c6023c18fe7d
-
SHA256
9bee78c5f5b4ab82cf53dad99b88b5637799f34e4f39d198598173f61bb3c29a
-
SHA512
fbf83c360efa3aa83fe74db849364928644f0d7674e7ffb06c0d25f2c49cea2311aef1001f24f418abb2aab253c8a4fdef5961d40658e43b747cce55b8001e98
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmX5kr+uIBpkJITEEuR9XTVyXm9:n3C9BRIG0asYFm71mJkr+uIBe1T8Q
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/2872-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1624-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2952-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2628-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2432-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2568-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2428-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2464-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2716-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2772-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2752-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/804-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/828-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/112-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2176-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2028-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2136-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1960-209-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1396-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2156-281-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2832-290-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2488-299-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1624 dpvdj.exe 2952 pjvdp.exe 2628 rrlxrxr.exe 2680 hbthbh.exe 2432 pvvpd.exe 2568 fffxlrl.exe 2428 jjppd.exe 2464 rxrfxxr.exe 1064 3nhntb.exe 2716 vvpjj.exe 2772 lfxlrxr.exe 2752 btnthn.exe 804 1pjpj.exe 828 btbbhh.exe 112 dvjpd.exe 2176 xlrrxfr.exe 2028 hnnnbn.exe 2496 3dvjj.exe 2204 hntbhh.exe 2136 tbbbnh.exe 1960 lffflrf.exe 1396 hhbhbn.exe 1768 rffrlxl.exe 452 3fxfrrf.exe 384 lfrfllx.exe 1304 tnbhnn.exe 332 vpddp.exe 472 bbtbtb.exe 2156 bbntbh.exe 2832 1dpjp.exe 2488 ttnbnb.exe 1532 pjdpd.exe 2912 llfrxxl.exe 1512 hbntbb.exe 2148 vvjdj.exe 2604 llrlxrf.exe 2592 nhhhtb.exe 2532 1vpjv.exe 1948 9pjjp.exe 2324 flffrfx.exe 2632 ntbnnh.exe 2416 jppjp.exe 2408 jdvdv.exe 2896 flffrxr.exe 2464 nhtbnt.exe 2676 vvvdd.exe 2744 jddjv.exe 2736 lxflrrf.exe 296 bbbbnt.exe 1020 vvdvv.exe 1260 lfxlffr.exe 1408 5fflrfl.exe 872 hnthbh.exe 1256 vpppj.exe 2012 rlxfxfx.exe 2028 hhbhth.exe 1940 hbbnnt.exe 2228 3jjpj.exe 2052 fffrlxl.exe 668 lfrfrrf.exe 588 bbnhtb.exe 1392 jdvvd.exe 2748 xrrffrf.exe 1708 llfrffr.exe -
resource yara_rule behavioral1/memory/2872-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2872-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1624-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2952-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2628-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2680-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2680-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2680-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2432-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2568-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2428-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2464-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2752-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/804-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/828-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/112-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2176-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2028-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2136-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1960-209-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1396-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2156-281-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2832-290-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2488-299-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2872 wrote to memory of 1624 2872 65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe 28 PID 2872 wrote to memory of 1624 2872 65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe 28 PID 2872 wrote to memory of 1624 2872 65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe 28 PID 2872 wrote to memory of 1624 2872 65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe 28 PID 1624 wrote to memory of 2952 1624 dpvdj.exe 29 PID 1624 wrote to memory of 2952 1624 dpvdj.exe 29 PID 1624 wrote to memory of 2952 1624 dpvdj.exe 29 PID 1624 wrote to memory of 2952 1624 dpvdj.exe 29 PID 2952 wrote to memory of 2628 2952 pjvdp.exe 30 PID 2952 wrote to memory of 2628 2952 pjvdp.exe 30 PID 2952 wrote to memory of 2628 2952 pjvdp.exe 30 PID 2952 wrote to memory of 2628 2952 pjvdp.exe 30 PID 2628 wrote to memory of 2680 2628 rrlxrxr.exe 31 PID 2628 wrote to memory of 2680 2628 rrlxrxr.exe 31 PID 2628 wrote to memory of 2680 2628 rrlxrxr.exe 31 PID 2628 wrote to memory of 2680 2628 rrlxrxr.exe 31 PID 2680 wrote to memory of 2432 2680 hbthbh.exe 32 PID 2680 wrote to memory of 2432 2680 hbthbh.exe 32 PID 2680 wrote to memory of 2432 2680 hbthbh.exe 32 PID 2680 wrote to memory of 2432 2680 hbthbh.exe 32 PID 2432 wrote to memory of 2568 2432 pvvpd.exe 33 PID 2432 wrote to memory of 2568 2432 pvvpd.exe 33 PID 2432 wrote to memory of 2568 2432 pvvpd.exe 33 PID 2432 wrote to memory of 2568 2432 pvvpd.exe 33 PID 2568 wrote to memory of 2428 2568 fffxlrl.exe 34 PID 2568 wrote to memory of 2428 2568 fffxlrl.exe 34 PID 2568 wrote to memory of 2428 2568 fffxlrl.exe 34 PID 2568 wrote to memory of 2428 2568 fffxlrl.exe 34 PID 2428 wrote to memory of 2464 2428 jjppd.exe 35 PID 2428 wrote to memory of 2464 2428 jjppd.exe 35 PID 2428 wrote to memory of 2464 2428 jjppd.exe 35 PID 2428 wrote to memory of 2464 2428 jjppd.exe 35 PID 2464 wrote to memory of 1064 2464 rxrfxxr.exe 36 PID 2464 wrote to memory of 1064 2464 rxrfxxr.exe 36 PID 2464 wrote to memory of 1064 2464 rxrfxxr.exe 36 PID 2464 wrote to memory of 1064 2464 rxrfxxr.exe 36 PID 1064 wrote to memory of 2716 1064 3nhntb.exe 37 PID 1064 wrote to memory of 2716 1064 3nhntb.exe 37 PID 1064 wrote to memory of 2716 1064 3nhntb.exe 37 PID 1064 wrote to memory of 2716 1064 3nhntb.exe 37 PID 2716 wrote to memory of 2772 2716 vvpjj.exe 38 PID 2716 wrote to memory of 2772 2716 vvpjj.exe 38 PID 2716 wrote to memory of 2772 2716 vvpjj.exe 38 PID 2716 wrote to memory of 2772 2716 vvpjj.exe 38 PID 2772 wrote to memory of 2752 2772 lfxlrxr.exe 39 PID 2772 wrote to memory of 2752 2772 lfxlrxr.exe 39 PID 2772 wrote to memory of 2752 2772 lfxlrxr.exe 39 PID 2772 wrote to memory of 2752 2772 lfxlrxr.exe 39 PID 2752 wrote to memory of 804 2752 btnthn.exe 40 PID 2752 wrote to memory of 804 2752 btnthn.exe 40 PID 2752 wrote to memory of 804 2752 btnthn.exe 40 PID 2752 wrote to memory of 804 2752 btnthn.exe 40 PID 804 wrote to memory of 828 804 1pjpj.exe 41 PID 804 wrote to memory of 828 804 1pjpj.exe 41 PID 804 wrote to memory of 828 804 1pjpj.exe 41 PID 804 wrote to memory of 828 804 1pjpj.exe 41 PID 828 wrote to memory of 112 828 btbbhh.exe 42 PID 828 wrote to memory of 112 828 btbbhh.exe 42 PID 828 wrote to memory of 112 828 btbbhh.exe 42 PID 828 wrote to memory of 112 828 btbbhh.exe 42 PID 112 wrote to memory of 2176 112 dvjpd.exe 43 PID 112 wrote to memory of 2176 112 dvjpd.exe 43 PID 112 wrote to memory of 2176 112 dvjpd.exe 43 PID 112 wrote to memory of 2176 112 dvjpd.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
\??\c:\dpvdj.exec:\dpvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1624 -
\??\c:\pjvdp.exec:\pjvdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2952 -
\??\c:\rrlxrxr.exec:\rrlxrxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\hbthbh.exec:\hbthbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2680 -
\??\c:\pvvpd.exec:\pvvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2432 -
\??\c:\fffxlrl.exec:\fffxlrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\jjppd.exec:\jjppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428 -
\??\c:\rxrfxxr.exec:\rxrfxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\3nhntb.exec:\3nhntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1064 -
\??\c:\vvpjj.exec:\vvpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\lfxlrxr.exec:\lfxlrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\btnthn.exec:\btnthn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\1pjpj.exec:\1pjpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:804 -
\??\c:\btbbhh.exec:\btbbhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:828 -
\??\c:\dvjpd.exec:\dvjpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:112 -
\??\c:\xlrrxfr.exec:\xlrrxfr.exe17⤵
- Executes dropped EXE
PID:2176 -
\??\c:\hnnnbn.exec:\hnnnbn.exe18⤵
- Executes dropped EXE
PID:2028 -
\??\c:\3dvjj.exec:\3dvjj.exe19⤵
- Executes dropped EXE
PID:2496 -
\??\c:\hntbhh.exec:\hntbhh.exe20⤵
- Executes dropped EXE
PID:2204 -
\??\c:\tbbbnh.exec:\tbbbnh.exe21⤵
- Executes dropped EXE
PID:2136 -
\??\c:\lffflrf.exec:\lffflrf.exe22⤵
- Executes dropped EXE
PID:1960 -
\??\c:\hhbhbn.exec:\hhbhbn.exe23⤵
- Executes dropped EXE
PID:1396 -
\??\c:\rffrlxl.exec:\rffrlxl.exe24⤵
- Executes dropped EXE
PID:1768 -
\??\c:\3fxfrrf.exec:\3fxfrrf.exe25⤵
- Executes dropped EXE
PID:452 -
\??\c:\lfrfllx.exec:\lfrfllx.exe26⤵
- Executes dropped EXE
PID:384 -
\??\c:\tnbhnn.exec:\tnbhnn.exe27⤵
- Executes dropped EXE
PID:1304 -
\??\c:\vpddp.exec:\vpddp.exe28⤵
- Executes dropped EXE
PID:332 -
\??\c:\bbtbtb.exec:\bbtbtb.exe29⤵
- Executes dropped EXE
PID:472 -
\??\c:\bbntbh.exec:\bbntbh.exe30⤵
- Executes dropped EXE
PID:2156 -
\??\c:\1dpjp.exec:\1dpjp.exe31⤵
- Executes dropped EXE
PID:2832 -
\??\c:\ttnbnb.exec:\ttnbnb.exe32⤵
- Executes dropped EXE
PID:2488 -
\??\c:\pjdpd.exec:\pjdpd.exe33⤵
- Executes dropped EXE
PID:1532 -
\??\c:\llfrxxl.exec:\llfrxxl.exe34⤵
- Executes dropped EXE
PID:2912 -
\??\c:\hbntbb.exec:\hbntbb.exe35⤵
- Executes dropped EXE
PID:1512 -
\??\c:\vvjdj.exec:\vvjdj.exe36⤵
- Executes dropped EXE
PID:2148 -
\??\c:\llrlxrf.exec:\llrlxrf.exe37⤵
- Executes dropped EXE
PID:2604 -
\??\c:\nhhhtb.exec:\nhhhtb.exe38⤵
- Executes dropped EXE
PID:2592 -
\??\c:\1vpjv.exec:\1vpjv.exe39⤵
- Executes dropped EXE
PID:2532 -
\??\c:\9pjjp.exec:\9pjjp.exe40⤵
- Executes dropped EXE
PID:1948 -
\??\c:\flffrfx.exec:\flffrfx.exe41⤵
- Executes dropped EXE
PID:2324 -
\??\c:\ntbnnh.exec:\ntbnnh.exe42⤵
- Executes dropped EXE
PID:2632 -
\??\c:\jppjp.exec:\jppjp.exe43⤵
- Executes dropped EXE
PID:2416 -
\??\c:\jdvdv.exec:\jdvdv.exe44⤵
- Executes dropped EXE
PID:2408 -
\??\c:\flffrxr.exec:\flffrxr.exe45⤵
- Executes dropped EXE
PID:2896 -
\??\c:\nhtbnt.exec:\nhtbnt.exe46⤵
- Executes dropped EXE
PID:2464 -
\??\c:\vvvdd.exec:\vvvdd.exe47⤵
- Executes dropped EXE
PID:2676 -
\??\c:\jddjv.exec:\jddjv.exe48⤵
- Executes dropped EXE
PID:2744 -
\??\c:\lxflrrf.exec:\lxflrrf.exe49⤵
- Executes dropped EXE
PID:2736 -
\??\c:\bbbbnt.exec:\bbbbnt.exe50⤵
- Executes dropped EXE
PID:296 -
\??\c:\vvdvv.exec:\vvdvv.exe51⤵
- Executes dropped EXE
PID:1020 -
\??\c:\lfxlffr.exec:\lfxlffr.exe52⤵
- Executes dropped EXE
PID:1260 -
\??\c:\5fflrfl.exec:\5fflrfl.exe53⤵
- Executes dropped EXE
PID:1408 -
\??\c:\hnthbh.exec:\hnthbh.exe54⤵
- Executes dropped EXE
PID:872 -
\??\c:\vpppj.exec:\vpppj.exe55⤵
- Executes dropped EXE
PID:1256 -
\??\c:\rlxfxfx.exec:\rlxfxfx.exe56⤵
- Executes dropped EXE
PID:2012 -
\??\c:\hhbhth.exec:\hhbhth.exe57⤵
- Executes dropped EXE
PID:2028 -
\??\c:\hbbnnt.exec:\hbbnnt.exe58⤵
- Executes dropped EXE
PID:1940 -
\??\c:\3jjpj.exec:\3jjpj.exe59⤵
- Executes dropped EXE
PID:2228 -
\??\c:\fffrlxl.exec:\fffrlxl.exe60⤵
- Executes dropped EXE
PID:2052 -
\??\c:\lfrfrrf.exec:\lfrfrrf.exe61⤵
- Executes dropped EXE
PID:668 -
\??\c:\bbnhtb.exec:\bbnhtb.exe62⤵
- Executes dropped EXE
PID:588 -
\??\c:\jdvvd.exec:\jdvvd.exe63⤵
- Executes dropped EXE
PID:1392 -
\??\c:\xrrffrf.exec:\xrrffrf.exe64⤵
- Executes dropped EXE
PID:2748 -
\??\c:\llfrffr.exec:\llfrffr.exe65⤵
- Executes dropped EXE
PID:1708 -
\??\c:\3nnhbb.exec:\3nnhbb.exe66⤵PID:452
-
\??\c:\ppppd.exec:\ppppd.exe67⤵PID:1776
-
\??\c:\lrlfrfr.exec:\lrlfrfr.exe68⤵PID:2276
-
\??\c:\ffffrxf.exec:\ffffrxf.exe69⤵PID:820
-
\??\c:\btnnbb.exec:\btnnbb.exe70⤵PID:1608
-
\??\c:\5ddvp.exec:\5ddvp.exe71⤵PID:2816
-
\??\c:\5lfxffr.exec:\5lfxffr.exe72⤵PID:2156
-
\??\c:\lxrxxxl.exec:\lxrxxxl.exe73⤵PID:1184
-
\??\c:\hhnbbt.exec:\hhnbbt.exe74⤵PID:1208
-
\??\c:\ppjjv.exec:\ppjjv.exe75⤵PID:1416
-
\??\c:\frflrrf.exec:\frflrrf.exe76⤵PID:2956
-
\??\c:\hhtthh.exec:\hhtthh.exe77⤵PID:1616
-
\??\c:\bntttt.exec:\bntttt.exe78⤵PID:2920
-
\??\c:\pjvvd.exec:\pjvvd.exe79⤵PID:2624
-
\??\c:\3xxfrfr.exec:\3xxfrfr.exe80⤵PID:2556
-
\??\c:\btnhhh.exec:\btnhhh.exe81⤵PID:2552
-
\??\c:\nnnthn.exec:\nnnthn.exe82⤵PID:2404
-
\??\c:\ppjvv.exec:\ppjvv.exe83⤵PID:2516
-
\??\c:\xrrffrl.exec:\xrrffrl.exe84⤵PID:2400
-
\??\c:\lffffrl.exec:\lffffrl.exe85⤵PID:2460
-
\??\c:\nbtnbn.exec:\nbtnbn.exe86⤵PID:2888
-
\??\c:\3jpvd.exec:\3jpvd.exe87⤵PID:360
-
\??\c:\llrfllf.exec:\llrfllf.exe88⤵PID:2640
-
\??\c:\httbht.exec:\httbht.exe89⤵PID:2636
-
\??\c:\tnhntt.exec:\tnhntt.exe90⤵PID:2712
-
\??\c:\dppvj.exec:\dppvj.exe91⤵PID:2744
-
\??\c:\rlxxfll.exec:\rlxxfll.exe92⤵PID:832
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe93⤵PID:356
-
\??\c:\7htbhn.exec:\7htbhn.exe94⤵PID:1880
-
\??\c:\9hbhbn.exec:\9hbhbn.exe95⤵PID:1260
-
\??\c:\1pdjp.exec:\1pdjp.exe96⤵PID:2372
-
\??\c:\rlrrxxr.exec:\rlrrxxr.exe97⤵PID:872
-
\??\c:\lffllxf.exec:\lffllxf.exe98⤵PID:2032
-
\??\c:\bnnhnb.exec:\bnnhnb.exe99⤵PID:2012
-
\??\c:\pdjpd.exec:\pdjpd.exe100⤵PID:1984
-
\??\c:\vppjd.exec:\vppjd.exe101⤵PID:2992
-
\??\c:\frlrxfr.exec:\frlrxfr.exe102⤵PID:2228
-
\??\c:\7tthnt.exec:\7tthnt.exe103⤵PID:688
-
\??\c:\dddjd.exec:\dddjd.exe104⤵PID:668
-
\??\c:\lrxrrff.exec:\lrxrrff.exe105⤵PID:1404
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe106⤵PID:2092
-
\??\c:\nhnntn.exec:\nhnntn.exe107⤵PID:864
-
\??\c:\vpjpv.exec:\vpjpv.exe108⤵PID:672
-
\??\c:\vppdv.exec:\vppdv.exe109⤵PID:1676
-
\??\c:\lfxrlrr.exec:\lfxrlrr.exe110⤵PID:1776
-
\??\c:\rfxlfxr.exec:\rfxlfxr.exe111⤵PID:1012
-
\??\c:\nnbtnb.exec:\nnbtnb.exe112⤵PID:1992
-
\??\c:\5djvd.exec:\5djvd.exe113⤵PID:1936
-
\??\c:\flflfxr.exec:\flflfxr.exe114⤵PID:2380
-
\??\c:\llrxlxf.exec:\llrxlxf.exe115⤵PID:3036
-
\??\c:\nnthtt.exec:\nnthtt.exe116⤵PID:1080
-
\??\c:\vpjpv.exec:\vpjpv.exe117⤵PID:1920
-
\??\c:\ffflrxf.exec:\ffflrxf.exe118⤵PID:2320
-
\??\c:\xlllxlf.exec:\xlllxlf.exe119⤵PID:2508
-
\??\c:\hbbhtb.exec:\hbbhtb.exe120⤵PID:1616
-
\??\c:\jdvdd.exec:\jdvdd.exe121⤵PID:2608
-
\??\c:\djvdp.exec:\djvdp.exe122⤵PID:2620
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-