Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe
Resource
win7-20240419-en
5 signatures
150 seconds
General
-
Target
67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe
-
Size
77KB
-
MD5
67310ab4dcee6eb180abfed55b4a6830
-
SHA1
e452ffc700e5eecbb60c3cc96d19d75de11c3145
-
SHA256
bc30194ebe8ac4292e0ab09f514a273492edf66415f7e98969050278c1731c88
-
SHA512
a07c0e91d63a04205d50c40899e8f8575ed49abbe86e6c59b81830fa5d6b1a6379d7d0138201baab0b64b601ca41cd6fdfbc82eccc7be8fc36d19eea011d2c53
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgygQwKjiawEmB0:ymb3NkkiQ3mdBjFo73thgQ/wEk0
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/2436-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2468-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2108-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1680-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1396-60-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1396-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2788-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1944-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1252-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2016-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/344-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1932-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/620-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2268-207-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/980-216-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2876-243-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1384-252-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/740-270-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2060-279-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3000-289-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/872-297-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2468 9dppv.exe 2108 llrfxxx.exe 1680 5nhnbt.exe 2740 3jvdp.exe 1396 1xllxxr.exe 2788 5xllxrf.exe 2684 jdjvj.exe 2520 9vvdj.exe 2944 xfrxfxr.exe 1944 7bnhhb.exe 1252 vpvdp.exe 2808 5fxfrrf.exe 2016 1lfxrxr.exe 1612 httbbn.exe 2224 ppjjp.exe 344 pppvp.exe 1932 lfxxflr.exe 376 bhthbt.exe 1956 ppjpd.exe 620 dppvv.exe 2268 xfrrflx.exe 980 hbtnhn.exe 1764 jdvdj.exe 3052 5fxflrl.exe 2876 9thnbn.exe 1384 9vjdp.exe 1532 vvpdj.exe 740 fxxxrrx.exe 2060 1thntb.exe 3000 jdvjj.exe 872 pjppv.exe 2920 xffxxrx.exe 1720 hbhhtt.exe 1600 tttbtb.exe 2080 ddvdp.exe 2412 jjvdp.exe 2108 fxxxlfr.exe 2744 bthhtb.exe 2764 7nbtnn.exe 3020 dvvvp.exe 2816 5dppv.exe 2676 lffrfrf.exe 2680 nbntbn.exe 2584 hbbbbb.exe 2104 jdvjv.exe 1836 vjdjv.exe 2604 rrrrxlr.exe 2704 lfrxffr.exe 2244 hbnthh.exe 2004 7vdjv.exe 1584 vpddp.exe 1612 7xlrffl.exe 1968 fxfflfl.exe 2200 nhbhnn.exe 744 hbnnbb.exe 296 jjvjv.exe 2672 1dvdj.exe 292 rlrrflr.exe 2804 rrllxfx.exe 1152 hhbbnb.exe 300 dppvj.exe 2352 pdvvd.exe 1312 9fffllx.exe 1344 bbnbnn.exe -
resource yara_rule behavioral1/memory/2436-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2436-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2468-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2108-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1680-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1396-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2788-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2788-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2788-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2788-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1944-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1252-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2016-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/344-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1932-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/620-199-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2268-207-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/980-216-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2876-243-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1384-252-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/740-270-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2060-279-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3000-289-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/872-297-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2436 wrote to memory of 2468 2436 67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe 28 PID 2436 wrote to memory of 2468 2436 67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe 28 PID 2436 wrote to memory of 2468 2436 67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe 28 PID 2436 wrote to memory of 2468 2436 67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe 28 PID 2468 wrote to memory of 2108 2468 9dppv.exe 29 PID 2468 wrote to memory of 2108 2468 9dppv.exe 29 PID 2468 wrote to memory of 2108 2468 9dppv.exe 29 PID 2468 wrote to memory of 2108 2468 9dppv.exe 29 PID 2108 wrote to memory of 1680 2108 llrfxxx.exe 30 PID 2108 wrote to memory of 1680 2108 llrfxxx.exe 30 PID 2108 wrote to memory of 1680 2108 llrfxxx.exe 30 PID 2108 wrote to memory of 1680 2108 llrfxxx.exe 30 PID 1680 wrote to memory of 2740 1680 5nhnbt.exe 31 PID 1680 wrote to memory of 2740 1680 5nhnbt.exe 31 PID 1680 wrote to memory of 2740 1680 5nhnbt.exe 31 PID 1680 wrote to memory of 2740 1680 5nhnbt.exe 31 PID 2740 wrote to memory of 1396 2740 3jvdp.exe 32 PID 2740 wrote to memory of 1396 2740 3jvdp.exe 32 PID 2740 wrote to memory of 1396 2740 3jvdp.exe 32 PID 2740 wrote to memory of 1396 2740 3jvdp.exe 32 PID 1396 wrote to memory of 2788 1396 1xllxxr.exe 33 PID 1396 wrote to memory of 2788 1396 1xllxxr.exe 33 PID 1396 wrote to memory of 2788 1396 1xllxxr.exe 33 PID 1396 wrote to memory of 2788 1396 1xllxxr.exe 33 PID 2788 wrote to memory of 2684 2788 5xllxrf.exe 34 PID 2788 wrote to memory of 2684 2788 5xllxrf.exe 34 PID 2788 wrote to memory of 2684 2788 5xllxrf.exe 34 PID 2788 wrote to memory of 2684 2788 5xllxrf.exe 34 PID 2684 wrote to memory of 2520 2684 jdjvj.exe 35 PID 2684 wrote to memory of 2520 2684 jdjvj.exe 35 PID 2684 wrote to memory of 2520 2684 jdjvj.exe 35 PID 2684 wrote to memory of 2520 2684 jdjvj.exe 35 PID 2520 wrote to memory of 2944 2520 9vvdj.exe 36 PID 2520 wrote to memory of 2944 2520 9vvdj.exe 36 PID 2520 wrote to memory of 2944 2520 9vvdj.exe 36 PID 2520 wrote to memory of 2944 2520 9vvdj.exe 36 PID 2944 wrote to memory of 1944 2944 xfrxfxr.exe 37 PID 2944 wrote to memory of 1944 2944 xfrxfxr.exe 37 PID 2944 wrote to memory of 1944 2944 xfrxfxr.exe 37 PID 2944 wrote to memory of 1944 2944 xfrxfxr.exe 37 PID 1944 wrote to memory of 1252 1944 7bnhhb.exe 38 PID 1944 wrote to memory of 1252 1944 7bnhhb.exe 38 PID 1944 wrote to memory of 1252 1944 7bnhhb.exe 38 PID 1944 wrote to memory of 1252 1944 7bnhhb.exe 38 PID 1252 wrote to memory of 2808 1252 vpvdp.exe 39 PID 1252 wrote to memory of 2808 1252 vpvdp.exe 39 PID 1252 wrote to memory of 2808 1252 vpvdp.exe 39 PID 1252 wrote to memory of 2808 1252 vpvdp.exe 39 PID 2808 wrote to memory of 2016 2808 5fxfrrf.exe 40 PID 2808 wrote to memory of 2016 2808 5fxfrrf.exe 40 PID 2808 wrote to memory of 2016 2808 5fxfrrf.exe 40 PID 2808 wrote to memory of 2016 2808 5fxfrrf.exe 40 PID 2016 wrote to memory of 1612 2016 1lfxrxr.exe 41 PID 2016 wrote to memory of 1612 2016 1lfxrxr.exe 41 PID 2016 wrote to memory of 1612 2016 1lfxrxr.exe 41 PID 2016 wrote to memory of 1612 2016 1lfxrxr.exe 41 PID 1612 wrote to memory of 2224 1612 httbbn.exe 42 PID 1612 wrote to memory of 2224 1612 httbbn.exe 42 PID 1612 wrote to memory of 2224 1612 httbbn.exe 42 PID 1612 wrote to memory of 2224 1612 httbbn.exe 42 PID 2224 wrote to memory of 344 2224 ppjjp.exe 43 PID 2224 wrote to memory of 344 2224 ppjjp.exe 43 PID 2224 wrote to memory of 344 2224 ppjjp.exe 43 PID 2224 wrote to memory of 344 2224 ppjjp.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\9dppv.exec:\9dppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\llrfxxx.exec:\llrfxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2108 -
\??\c:\5nhnbt.exec:\5nhnbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1680 -
\??\c:\3jvdp.exec:\3jvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\1xllxxr.exec:\1xllxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1396 -
\??\c:\5xllxrf.exec:\5xllxrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2788 -
\??\c:\jdjvj.exec:\jdjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2684 -
\??\c:\9vvdj.exec:\9vvdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\xfrxfxr.exec:\xfrxfxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2944 -
\??\c:\7bnhhb.exec:\7bnhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1944 -
\??\c:\vpvdp.exec:\vpvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1252 -
\??\c:\5fxfrrf.exec:\5fxfrrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808 -
\??\c:\1lfxrxr.exec:\1lfxrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2016 -
\??\c:\httbbn.exec:\httbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1612 -
\??\c:\ppjjp.exec:\ppjjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2224 -
\??\c:\pppvp.exec:\pppvp.exe17⤵
- Executes dropped EXE
PID:344 -
\??\c:\lfxxflr.exec:\lfxxflr.exe18⤵
- Executes dropped EXE
PID:1932 -
\??\c:\bhthbt.exec:\bhthbt.exe19⤵
- Executes dropped EXE
PID:376 -
\??\c:\ppjpd.exec:\ppjpd.exe20⤵
- Executes dropped EXE
PID:1956 -
\??\c:\dppvv.exec:\dppvv.exe21⤵
- Executes dropped EXE
PID:620 -
\??\c:\xfrrflx.exec:\xfrrflx.exe22⤵
- Executes dropped EXE
PID:2268 -
\??\c:\hbtnhn.exec:\hbtnhn.exe23⤵
- Executes dropped EXE
PID:980 -
\??\c:\jdvdj.exec:\jdvdj.exe24⤵
- Executes dropped EXE
PID:1764 -
\??\c:\5fxflrl.exec:\5fxflrl.exe25⤵
- Executes dropped EXE
PID:3052 -
\??\c:\9thnbn.exec:\9thnbn.exe26⤵
- Executes dropped EXE
PID:2876 -
\??\c:\9vjdp.exec:\9vjdp.exe27⤵
- Executes dropped EXE
PID:1384 -
\??\c:\vvpdj.exec:\vvpdj.exe28⤵
- Executes dropped EXE
PID:1532 -
\??\c:\fxxxrrx.exec:\fxxxrrx.exe29⤵
- Executes dropped EXE
PID:740 -
\??\c:\1thntb.exec:\1thntb.exe30⤵
- Executes dropped EXE
PID:2060 -
\??\c:\jdvjj.exec:\jdvjj.exe31⤵
- Executes dropped EXE
PID:3000 -
\??\c:\pjppv.exec:\pjppv.exe32⤵
- Executes dropped EXE
PID:872 -
\??\c:\xffxxrx.exec:\xffxxrx.exe33⤵
- Executes dropped EXE
PID:2920 -
\??\c:\hbhhtt.exec:\hbhhtt.exe34⤵
- Executes dropped EXE
PID:1720 -
\??\c:\tttbtb.exec:\tttbtb.exe35⤵
- Executes dropped EXE
PID:1600 -
\??\c:\ddvdp.exec:\ddvdp.exe36⤵
- Executes dropped EXE
PID:2080 -
\??\c:\jjvdp.exec:\jjvdp.exe37⤵
- Executes dropped EXE
PID:2412 -
\??\c:\fxxxlfr.exec:\fxxxlfr.exe38⤵
- Executes dropped EXE
PID:2108 -
\??\c:\bthhtb.exec:\bthhtb.exe39⤵
- Executes dropped EXE
PID:2744 -
\??\c:\7nbtnn.exec:\7nbtnn.exe40⤵
- Executes dropped EXE
PID:2764 -
\??\c:\dvvvp.exec:\dvvvp.exe41⤵
- Executes dropped EXE
PID:3020 -
\??\c:\5dppv.exec:\5dppv.exe42⤵
- Executes dropped EXE
PID:2816 -
\??\c:\lffrfrf.exec:\lffrfrf.exe43⤵
- Executes dropped EXE
PID:2676 -
\??\c:\nbntbn.exec:\nbntbn.exe44⤵
- Executes dropped EXE
PID:2680 -
\??\c:\hbbbbb.exec:\hbbbbb.exe45⤵
- Executes dropped EXE
PID:2584 -
\??\c:\jdvjv.exec:\jdvjv.exe46⤵
- Executes dropped EXE
PID:2104 -
\??\c:\vjdjv.exec:\vjdjv.exe47⤵
- Executes dropped EXE
PID:1836 -
\??\c:\rrrrxlr.exec:\rrrrxlr.exe48⤵
- Executes dropped EXE
PID:2604 -
\??\c:\lfrxffr.exec:\lfrxffr.exe49⤵
- Executes dropped EXE
PID:2704 -
\??\c:\hbnthh.exec:\hbnthh.exe50⤵
- Executes dropped EXE
PID:2244 -
\??\c:\7vdjv.exec:\7vdjv.exe51⤵
- Executes dropped EXE
PID:2004 -
\??\c:\vpddp.exec:\vpddp.exe52⤵
- Executes dropped EXE
PID:1584 -
\??\c:\7xlrffl.exec:\7xlrffl.exe53⤵
- Executes dropped EXE
PID:1612 -
\??\c:\fxfflfl.exec:\fxfflfl.exe54⤵
- Executes dropped EXE
PID:1968 -
\??\c:\nhbhnn.exec:\nhbhnn.exe55⤵
- Executes dropped EXE
PID:2200 -
\??\c:\hbnnbb.exec:\hbnnbb.exe56⤵
- Executes dropped EXE
PID:744 -
\??\c:\jjvjv.exec:\jjvjv.exe57⤵
- Executes dropped EXE
PID:296 -
\??\c:\1dvdj.exec:\1dvdj.exe58⤵
- Executes dropped EXE
PID:2672 -
\??\c:\rlrrflr.exec:\rlrrflr.exe59⤵
- Executes dropped EXE
PID:292 -
\??\c:\rrllxfx.exec:\rrllxfx.exe60⤵
- Executes dropped EXE
PID:2804 -
\??\c:\hhbbnb.exec:\hhbbnb.exe61⤵
- Executes dropped EXE
PID:1152 -
\??\c:\dppvj.exec:\dppvj.exe62⤵
- Executes dropped EXE
PID:300 -
\??\c:\pdvvd.exec:\pdvvd.exe63⤵
- Executes dropped EXE
PID:2352 -
\??\c:\9fffllx.exec:\9fffllx.exe64⤵
- Executes dropped EXE
PID:1312 -
\??\c:\bbnbnn.exec:\bbnbnn.exe65⤵
- Executes dropped EXE
PID:1344 -
\??\c:\bhnhhh.exec:\bhnhhh.exe66⤵PID:1256
-
\??\c:\1jddj.exec:\1jddj.exe67⤵PID:2440
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe68⤵PID:1976
-
\??\c:\ffxlxlr.exec:\ffxlxlr.exe69⤵PID:1532
-
\??\c:\3hnbht.exec:\3hnbht.exe70⤵PID:3064
-
\??\c:\jjjdd.exec:\jjjdd.exe71⤵PID:1504
-
\??\c:\pvjvd.exec:\pvjvd.exe72⤵PID:2396
-
\??\c:\3rrrflx.exec:\3rrrflx.exe73⤵PID:1508
-
\??\c:\httnnb.exec:\httnnb.exe74⤵PID:2592
-
\??\c:\nntnnh.exec:\nntnnh.exe75⤵PID:2708
-
\??\c:\vvddj.exec:\vvddj.exe76⤵PID:1712
-
\??\c:\ddjjd.exec:\ddjjd.exe77⤵PID:2928
-
\??\c:\5lxxfrl.exec:\5lxxfrl.exe78⤵PID:2832
-
\??\c:\bbtbtt.exec:\bbtbtt.exe79⤵PID:2636
-
\??\c:\ttnbtt.exec:\ttnbtt.exe80⤵PID:2712
-
\??\c:\dvpvj.exec:\dvpvj.exe81⤵PID:2784
-
\??\c:\xffrflx.exec:\xffrflx.exe82⤵PID:2516
-
\??\c:\3fxrxlr.exec:\3fxrxlr.exe83⤵PID:2536
-
\??\c:\hnbhtt.exec:\hnbhtt.exe84⤵PID:2544
-
\??\c:\jddpp.exec:\jddpp.exe85⤵PID:2504
-
\??\c:\pjvjp.exec:\pjvjp.exe86⤵PID:2684
-
\??\c:\5llflxr.exec:\5llflxr.exe87⤵PID:2388
-
\??\c:\9fxlrxl.exec:\9fxlrxl.exe88⤵PID:2356
-
\??\c:\7bthbt.exec:\7bthbt.exe89⤵PID:2164
-
\??\c:\hbnbhn.exec:\hbnbhn.exe90⤵PID:2820
-
\??\c:\vjpjp.exec:\vjpjp.exe91⤵PID:1912
-
\??\c:\vvdjd.exec:\vvdjd.exe92⤵PID:2908
-
\??\c:\frxrfxl.exec:\frxrfxl.exe93⤵PID:1232
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe94⤵PID:1916
-
\??\c:\tbhtnb.exec:\tbhtnb.exe95⤵PID:1820
-
\??\c:\bthnbh.exec:\bthnbh.exe96⤵PID:2224
-
\??\c:\vddjv.exec:\vddjv.exe97⤵PID:2204
-
\??\c:\djdpv.exec:\djdpv.exe98⤵PID:888
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe99⤵PID:2376
-
\??\c:\tttbhn.exec:\tttbhn.exe100⤵PID:3044
-
\??\c:\bbbbnh.exec:\bbbbnh.exe101⤵PID:2312
-
\??\c:\3dppd.exec:\3dppd.exe102⤵PID:2296
-
\??\c:\pdvjj.exec:\pdvjj.exe103⤵PID:1276
-
\??\c:\rxfflfl.exec:\rxfflfl.exe104⤵PID:556
-
\??\c:\lfllxfl.exec:\lfllxfl.exe105⤵PID:3040
-
\??\c:\tbtnhn.exec:\tbtnhn.exe106⤵PID:1764
-
\??\c:\hthtbh.exec:\hthtbh.exe107⤵PID:940
-
\??\c:\vpvpd.exec:\vpvpd.exe108⤵PID:1332
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe109⤵PID:2892
-
\??\c:\rlrrlxf.exec:\rlrrlxf.exe110⤵PID:936
-
\??\c:\nhthtb.exec:\nhthtb.exe111⤵PID:1616
-
\??\c:\3tnntt.exec:\3tnntt.exe112⤵PID:3064
-
\??\c:\9pjvd.exec:\9pjvd.exe113⤵PID:1688
-
\??\c:\lrfrfrl.exec:\lrfrfrl.exe114⤵PID:2904
-
\??\c:\5lrfxfl.exec:\5lrfxfl.exe115⤵PID:2900
-
\??\c:\nhbtbb.exec:\nhbtbb.exe116⤵PID:2464
-
\??\c:\5vjpd.exec:\5vjpd.exe117⤵PID:1788
-
\??\c:\jjvpd.exec:\jjvpd.exe118⤵PID:1712
-
\??\c:\xlffllx.exec:\xlffllx.exe119⤵PID:2040
-
\??\c:\btnnbn.exec:\btnnbn.exe120⤵PID:2080
-
\??\c:\7ntnnn.exec:\7ntnnn.exe121⤵PID:2716
-
\??\c:\7pjdp.exec:\7pjdp.exe122⤵PID:2744
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-