Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe
-
Size
92KB
-
MD5
6714262332d39ab80b732afbfd4673e0
-
SHA1
35f7c16c77fae625325f52e7c8568898effcf54d
-
SHA256
e6ba6720ffad5085ea83878d584a545a9f4fa2b2879d28fcd349d52c9dfd9e6a
-
SHA512
082c50011b91e410125bd48b59d8ee4fc1a165c2128f935c98835df1b1f33c51077889e93a09890985c019628a835b7b9597dcbeaf7e8676618bb3bbabb71804
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/210:ymb3NkkiQ3mdBjFo73PYP1lri3K8GN4f
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/2256-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2796-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2192-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2600-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2808-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2736-63-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2736-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2528-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2384-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2956-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2724-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1556-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2340-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1448-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2148-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2344-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1728-254-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2804-272-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2960-281-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1176-290-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1956-299-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2796 9pdjp.exe 2192 xllrxfl.exe 2600 jjpdj.exe 2808 pjvdj.exe 2736 7fxrrlf.exe 2528 bthttn.exe 2384 vpppj.exe 2956 dvjpv.exe 2244 xrllrfr.exe 2752 hbtntb.exe 2724 vpjjd.exe 1556 rrrxrrl.exe 1584 htnbhh.exe 2036 bnbbbb.exe 2340 rrfrxrx.exe 896 bbbtbb.exe 1448 vpvpd.exe 2404 rxxlfxr.exe 2020 3bbnhb.exe 2148 djvvv.exe 536 ppvdj.exe 988 ffxlxfr.exe 2344 3tbnnh.exe 1196 vdvpv.exe 1304 lxlfrlr.exe 1728 tttnnt.exe 380 vvpdp.exe 2804 llxxxfl.exe 2960 5hnhbn.exe 1176 3pjjv.exe 1956 xfrfxrr.exe 1664 hthnht.exe 1652 vjjdp.exe 2492 fffrlrl.exe 2576 nhbnbh.exe 2824 pppvd.exe 2600 vjvpv.exe 2612 rlrrrrf.exe 2596 5hbbhn.exe 2388 bhnnhb.exe 2528 pdpdd.exe 2628 rfxfrlr.exe 2156 xrflrff.exe 2452 nhttbh.exe 2784 vvdvj.exe 2692 ddpjj.exe 2424 lllrfxl.exe 1888 3nttbh.exe 1004 nbbttb.exe 768 7ddvj.exe 2644 5dpdj.exe 2908 xxfxxrf.exe 1340 ttnbnt.exe 1264 hbnnbb.exe 2920 jddpj.exe 2312 3jvvp.exe 2168 3lrllff.exe 2080 rfrxlfr.exe 872 htbbhn.exe 1416 bbntnt.exe 988 jjppv.exe 2344 jvjjp.exe 1692 rxrxxlf.exe 376 rxlxlfl.exe -
resource yara_rule behavioral1/memory/2256-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2796-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2192-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2192-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2192-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2192-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2600-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2808-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2384-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2956-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2724-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1556-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2340-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1448-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2148-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2344-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1728-254-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2804-272-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2960-281-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1176-290-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1956-299-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2256 wrote to memory of 2796 2256 6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe 28 PID 2256 wrote to memory of 2796 2256 6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe 28 PID 2256 wrote to memory of 2796 2256 6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe 28 PID 2256 wrote to memory of 2796 2256 6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe 28 PID 2796 wrote to memory of 2192 2796 9pdjp.exe 29 PID 2796 wrote to memory of 2192 2796 9pdjp.exe 29 PID 2796 wrote to memory of 2192 2796 9pdjp.exe 29 PID 2796 wrote to memory of 2192 2796 9pdjp.exe 29 PID 2192 wrote to memory of 2600 2192 xllrxfl.exe 30 PID 2192 wrote to memory of 2600 2192 xllrxfl.exe 30 PID 2192 wrote to memory of 2600 2192 xllrxfl.exe 30 PID 2192 wrote to memory of 2600 2192 xllrxfl.exe 30 PID 2600 wrote to memory of 2808 2600 jjpdj.exe 31 PID 2600 wrote to memory of 2808 2600 jjpdj.exe 31 PID 2600 wrote to memory of 2808 2600 jjpdj.exe 31 PID 2600 wrote to memory of 2808 2600 jjpdj.exe 31 PID 2808 wrote to memory of 2736 2808 pjvdj.exe 32 PID 2808 wrote to memory of 2736 2808 pjvdj.exe 32 PID 2808 wrote to memory of 2736 2808 pjvdj.exe 32 PID 2808 wrote to memory of 2736 2808 pjvdj.exe 32 PID 2736 wrote to memory of 2528 2736 7fxrrlf.exe 33 PID 2736 wrote to memory of 2528 2736 7fxrrlf.exe 33 PID 2736 wrote to memory of 2528 2736 7fxrrlf.exe 33 PID 2736 wrote to memory of 2528 2736 7fxrrlf.exe 33 PID 2528 wrote to memory of 2384 2528 bthttn.exe 34 PID 2528 wrote to memory of 2384 2528 bthttn.exe 34 PID 2528 wrote to memory of 2384 2528 bthttn.exe 34 PID 2528 wrote to memory of 2384 2528 bthttn.exe 34 PID 2384 wrote to memory of 2956 2384 vpppj.exe 35 PID 2384 wrote to memory of 2956 2384 vpppj.exe 35 PID 2384 wrote to memory of 2956 2384 vpppj.exe 35 PID 2384 wrote to memory of 2956 2384 vpppj.exe 35 PID 2956 wrote to memory of 2244 2956 dvjpv.exe 36 PID 2956 wrote to memory of 2244 2956 dvjpv.exe 36 PID 2956 wrote to memory of 2244 2956 dvjpv.exe 36 PID 2956 wrote to memory of 2244 2956 dvjpv.exe 36 PID 2244 wrote to memory of 2752 2244 xrllrfr.exe 37 PID 2244 wrote to memory of 2752 2244 xrllrfr.exe 37 PID 2244 wrote to memory of 2752 2244 xrllrfr.exe 37 PID 2244 wrote to memory of 2752 2244 xrllrfr.exe 37 PID 2752 wrote to memory of 2724 2752 hbtntb.exe 38 PID 2752 wrote to memory of 2724 2752 hbtntb.exe 38 PID 2752 wrote to memory of 2724 2752 hbtntb.exe 38 PID 2752 wrote to memory of 2724 2752 hbtntb.exe 38 PID 2724 wrote to memory of 1556 2724 vpjjd.exe 39 PID 2724 wrote to memory of 1556 2724 vpjjd.exe 39 PID 2724 wrote to memory of 1556 2724 vpjjd.exe 39 PID 2724 wrote to memory of 1556 2724 vpjjd.exe 39 PID 1556 wrote to memory of 1584 1556 rrrxrrl.exe 40 PID 1556 wrote to memory of 1584 1556 rrrxrrl.exe 40 PID 1556 wrote to memory of 1584 1556 rrrxrrl.exe 40 PID 1556 wrote to memory of 1584 1556 rrrxrrl.exe 40 PID 1584 wrote to memory of 2036 1584 htnbhh.exe 41 PID 1584 wrote to memory of 2036 1584 htnbhh.exe 41 PID 1584 wrote to memory of 2036 1584 htnbhh.exe 41 PID 1584 wrote to memory of 2036 1584 htnbhh.exe 41 PID 2036 wrote to memory of 2340 2036 bnbbbb.exe 42 PID 2036 wrote to memory of 2340 2036 bnbbbb.exe 42 PID 2036 wrote to memory of 2340 2036 bnbbbb.exe 42 PID 2036 wrote to memory of 2340 2036 bnbbbb.exe 42 PID 2340 wrote to memory of 896 2340 rrfrxrx.exe 43 PID 2340 wrote to memory of 896 2340 rrfrxrx.exe 43 PID 2340 wrote to memory of 896 2340 rrfrxrx.exe 43 PID 2340 wrote to memory of 896 2340 rrfrxrx.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
\??\c:\9pdjp.exec:\9pdjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2796 -
\??\c:\xllrxfl.exec:\xllrxfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2192 -
\??\c:\jjpdj.exec:\jjpdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\pjvdj.exec:\pjvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808 -
\??\c:\7fxrrlf.exec:\7fxrrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\bthttn.exec:\bthttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\vpppj.exec:\vpppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\dvjpv.exec:\dvjpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956 -
\??\c:\xrllrfr.exec:\xrllrfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2244 -
\??\c:\hbtntb.exec:\hbtntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\vpjjd.exec:\vpjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\rrrxrrl.exec:\rrrxrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1556 -
\??\c:\htnbhh.exec:\htnbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\bnbbbb.exec:\bnbbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2036 -
\??\c:\rrfrxrx.exec:\rrfrxrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2340 -
\??\c:\bbbtbb.exec:\bbbtbb.exe17⤵
- Executes dropped EXE
PID:896 -
\??\c:\vpvpd.exec:\vpvpd.exe18⤵
- Executes dropped EXE
PID:1448 -
\??\c:\rxxlfxr.exec:\rxxlfxr.exe19⤵
- Executes dropped EXE
PID:2404 -
\??\c:\3bbnhb.exec:\3bbnhb.exe20⤵
- Executes dropped EXE
PID:2020 -
\??\c:\djvvv.exec:\djvvv.exe21⤵
- Executes dropped EXE
PID:2148 -
\??\c:\ppvdj.exec:\ppvdj.exe22⤵
- Executes dropped EXE
PID:536 -
\??\c:\ffxlxfr.exec:\ffxlxfr.exe23⤵
- Executes dropped EXE
PID:988 -
\??\c:\3tbnnh.exec:\3tbnnh.exe24⤵
- Executes dropped EXE
PID:2344 -
\??\c:\vdvpv.exec:\vdvpv.exe25⤵
- Executes dropped EXE
PID:1196 -
\??\c:\lxlfrlr.exec:\lxlfrlr.exe26⤵
- Executes dropped EXE
PID:1304 -
\??\c:\tttnnt.exec:\tttnnt.exe27⤵
- Executes dropped EXE
PID:1728 -
\??\c:\vvpdp.exec:\vvpdp.exe28⤵
- Executes dropped EXE
PID:380 -
\??\c:\llxxxfl.exec:\llxxxfl.exe29⤵
- Executes dropped EXE
PID:2804 -
\??\c:\5hnhbn.exec:\5hnhbn.exe30⤵
- Executes dropped EXE
PID:2960 -
\??\c:\3pjjv.exec:\3pjjv.exe31⤵
- Executes dropped EXE
PID:1176 -
\??\c:\xfrfxrr.exec:\xfrfxrr.exe32⤵
- Executes dropped EXE
PID:1956 -
\??\c:\hthnht.exec:\hthnht.exe33⤵
- Executes dropped EXE
PID:1664 -
\??\c:\vdpdv.exec:\vdpdv.exe34⤵PID:2996
-
\??\c:\vjjdp.exec:\vjjdp.exe35⤵
- Executes dropped EXE
PID:1652 -
\??\c:\fffrlrl.exec:\fffrlrl.exe36⤵
- Executes dropped EXE
PID:2492 -
\??\c:\nhbnbh.exec:\nhbnbh.exe37⤵
- Executes dropped EXE
PID:2576 -
\??\c:\pppvd.exec:\pppvd.exe38⤵
- Executes dropped EXE
PID:2824 -
\??\c:\vjvpv.exec:\vjvpv.exe39⤵
- Executes dropped EXE
PID:2600 -
\??\c:\rlrrrrf.exec:\rlrrrrf.exe40⤵
- Executes dropped EXE
PID:2612 -
\??\c:\5hbbhn.exec:\5hbbhn.exe41⤵
- Executes dropped EXE
PID:2596 -
\??\c:\bhnnhb.exec:\bhnnhb.exe42⤵
- Executes dropped EXE
PID:2388 -
\??\c:\pdpdd.exec:\pdpdd.exe43⤵
- Executes dropped EXE
PID:2528 -
\??\c:\rfxfrlr.exec:\rfxfrlr.exe44⤵
- Executes dropped EXE
PID:2628 -
\??\c:\xrflrff.exec:\xrflrff.exe45⤵
- Executes dropped EXE
PID:2156 -
\??\c:\nhttbh.exec:\nhttbh.exe46⤵
- Executes dropped EXE
PID:2452 -
\??\c:\vvdvj.exec:\vvdvj.exe47⤵
- Executes dropped EXE
PID:2784 -
\??\c:\ddpjj.exec:\ddpjj.exe48⤵
- Executes dropped EXE
PID:2692 -
\??\c:\lllrfxl.exec:\lllrfxl.exe49⤵
- Executes dropped EXE
PID:2424 -
\??\c:\3nttbh.exec:\3nttbh.exe50⤵
- Executes dropped EXE
PID:1888 -
\??\c:\nbbttb.exec:\nbbttb.exe51⤵
- Executes dropped EXE
PID:1004 -
\??\c:\7ddvj.exec:\7ddvj.exe52⤵
- Executes dropped EXE
PID:768 -
\??\c:\5dpdj.exec:\5dpdj.exe53⤵
- Executes dropped EXE
PID:2644 -
\??\c:\xxfxxrf.exec:\xxfxxrf.exe54⤵
- Executes dropped EXE
PID:2908 -
\??\c:\ttnbnt.exec:\ttnbnt.exe55⤵
- Executes dropped EXE
PID:1340 -
\??\c:\hbnnbb.exec:\hbnnbb.exe56⤵
- Executes dropped EXE
PID:1264 -
\??\c:\jddpj.exec:\jddpj.exe57⤵
- Executes dropped EXE
PID:2920 -
\??\c:\3jvvp.exec:\3jvvp.exe58⤵
- Executes dropped EXE
PID:2312 -
\??\c:\3lrllff.exec:\3lrllff.exe59⤵
- Executes dropped EXE
PID:2168 -
\??\c:\rfrxlfr.exec:\rfrxlfr.exe60⤵
- Executes dropped EXE
PID:2080 -
\??\c:\htbbhn.exec:\htbbhn.exe61⤵
- Executes dropped EXE
PID:872 -
\??\c:\bbntnt.exec:\bbntnt.exe62⤵
- Executes dropped EXE
PID:1416 -
\??\c:\jjppv.exec:\jjppv.exe63⤵
- Executes dropped EXE
PID:988 -
\??\c:\jvjjp.exec:\jvjjp.exe64⤵
- Executes dropped EXE
PID:2344 -
\??\c:\rxrxxlf.exec:\rxrxxlf.exe65⤵
- Executes dropped EXE
PID:1692 -
\??\c:\rxlxlfl.exec:\rxlxlfl.exe66⤵
- Executes dropped EXE
PID:376 -
\??\c:\hnnbnh.exec:\hnnbnh.exe67⤵PID:1304
-
\??\c:\nnntnh.exec:\nnntnh.exe68⤵PID:2072
-
\??\c:\tbbbbb.exec:\tbbbbb.exe69⤵PID:380
-
\??\c:\pdjpd.exec:\pdjpd.exe70⤵PID:2864
-
\??\c:\pjvvd.exec:\pjvvd.exe71⤵PID:1824
-
\??\c:\xfxxllf.exec:\xfxxllf.exe72⤵PID:2616
-
\??\c:\1rffflr.exec:\1rffflr.exe73⤵PID:1176
-
\??\c:\hbhnnn.exec:\hbhnnn.exe74⤵PID:1956
-
\??\c:\jdvvj.exec:\jdvvj.exe75⤵PID:1664
-
\??\c:\dpddp.exec:\dpddp.exe76⤵PID:1832
-
\??\c:\1xrfxrr.exec:\1xrfxrr.exe77⤵PID:2508
-
\??\c:\5xlxxfr.exec:\5xlxxfr.exe78⤵PID:2024
-
\??\c:\bhtnht.exec:\bhtnht.exe79⤵PID:2620
-
\??\c:\nbbhht.exec:\nbbhht.exe80⤵PID:1972
-
\??\c:\pppvj.exec:\pppvj.exe81⤵PID:2172
-
\??\c:\pvpdd.exec:\pvpdd.exe82⤵PID:2712
-
\??\c:\dvjpd.exec:\dvjpd.exe83⤵PID:2096
-
\??\c:\rrlxfrl.exec:\rrlxfrl.exe84⤵PID:2416
-
\??\c:\rrfrllr.exec:\rrfrllr.exe85⤵PID:2892
-
\??\c:\thttbb.exec:\thttbb.exe86⤵PID:2484
-
\??\c:\nbtntn.exec:\nbtntn.exe87⤵PID:1572
-
\??\c:\hhhtnt.exec:\hhhtnt.exe88⤵PID:2464
-
\??\c:\pppvv.exec:\pppvv.exe89⤵PID:2676
-
\??\c:\jvvdv.exec:\jvvdv.exe90⤵PID:1564
-
\??\c:\xxxllxl.exec:\xxxllxl.exe91⤵PID:996
-
\??\c:\3xrxxlx.exec:\3xrxxlx.exe92⤵PID:764
-
\??\c:\lflxrlf.exec:\lflxrlf.exe93⤵PID:1512
-
\??\c:\1nnnht.exec:\1nnnht.exe94⤵PID:1876
-
\??\c:\nhnbtt.exec:\nhnbtt.exe95⤵PID:2668
-
\??\c:\3vjvj.exec:\3vjvj.exe96⤵PID:1356
-
\??\c:\vvdjv.exec:\vvdjv.exe97⤵PID:3060
-
\??\c:\lxrxrrf.exec:\lxrxrrf.exe98⤵PID:2932
-
\??\c:\fxxlxfr.exec:\fxxlxfr.exe99⤵PID:2000
-
\??\c:\bnnhth.exec:\bnnhth.exe100⤵PID:2056
-
\??\c:\nhbhhh.exec:\nhbhhh.exe101⤵PID:1992
-
\??\c:\pvpdv.exec:\pvpdv.exe102⤵PID:484
-
\??\c:\jppjd.exec:\jppjd.exe103⤵PID:668
-
\??\c:\xlxlxlr.exec:\xlxlxlr.exe104⤵PID:1400
-
\??\c:\lflffxf.exec:\lflffxf.exe105⤵PID:2988
-
\??\c:\bhbthn.exec:\bhbthn.exe106⤵PID:2116
-
\??\c:\nnbhbb.exec:\nnbhbb.exe107⤵PID:1312
-
\??\c:\1djvj.exec:\1djvj.exe108⤵PID:3044
-
\??\c:\vpjdp.exec:\vpjdp.exe109⤵PID:1748
-
\??\c:\5lllflr.exec:\5lllflr.exe110⤵PID:2832
-
\??\c:\7lflxlf.exec:\7lflxlf.exe111⤵PID:568
-
\??\c:\ffrxfrf.exec:\ffrxfrf.exe112⤵PID:2076
-
\??\c:\nthhbh.exec:\nthhbh.exe113⤵PID:2284
-
\??\c:\bbbnnb.exec:\bbbnnb.exe114⤵PID:1580
-
\??\c:\jdddd.exec:\jdddd.exe115⤵PID:1960
-
\??\c:\llxlrxr.exec:\llxlrxr.exe116⤵PID:2328
-
\??\c:\flrfffl.exec:\flrfffl.exe117⤵PID:2324
-
\??\c:\tnhntb.exec:\tnhntb.exe118⤵PID:1496
-
\??\c:\tbhhnn.exec:\tbhhnn.exe119⤵PID:2472
-
\??\c:\pdvdp.exec:\pdvdp.exe120⤵PID:1256
-
\??\c:\vpdpv.exec:\vpdpv.exe121⤵PID:2568
-
\??\c:\lllxlfr.exec:\lllxlfr.exe122⤵PID:2488
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-