Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 12:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe
-
Size
73KB
-
MD5
c85067c3dd04ea09ad7bedd9636858b0
-
SHA1
11f83acace07a92a97cec8baac0ea8f3817274c6
-
SHA256
279d50173961a50c7f9e148be3543052fa809f041afefab11d152ff9bd418d66
-
SHA512
93ee451b6f12a65caedc09adde43761bdaeb042af4499e7ee3523ecf6c33cd0faea1fd102e13d72e449da65f1054339c9bb1acced46a4b0354ec529463ebfc28
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAw4Pp:ymb3NkkiQ3mdBjFIpkPcy8qs4Pp
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral1/memory/2932-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2608-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2544-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2680-54-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2680-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2444-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2424-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2888-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2720-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1768-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1376-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1192-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2044-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2228-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1944-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1876-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1572-229-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2308-238-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2992-246-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1816-255-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/280-264-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2380-291-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2156-300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2740 rlxflrl.exe 2608 xrfrlfr.exe 2544 3httbb.exe 2680 dvpvj.exe 2444 rlxxxfr.exe 2424 fxrrxxx.exe 2888 9nntht.exe 712 hnbhtt.exe 2720 1jdpv.exe 2780 jpvjv.exe 1244 7frrflx.exe 1768 rrlrxfr.exe 1376 btnttn.exe 1192 5nbbhn.exe 2460 pdpvv.exe 2044 pppdj.exe 2024 pppdv.exe 2228 5rllxxl.exe 1944 tnnhtb.exe 1876 3thhnn.exe 604 9pjvp.exe 1004 pjvdp.exe 1572 3rflrfl.exe 2308 hhtbbh.exe 2992 btbbhh.exe 1816 dvjpv.exe 280 jdpvd.exe 2108 rrlxffl.exe 1744 fxlxrxr.exe 2380 hththn.exe 2156 bbtthn.exe 2152 jdvdj.exe 1932 dvjpp.exe 2512 1pddj.exe 1540 rfrfflx.exe 2548 7hbbhn.exe 2536 vvjvj.exe 2700 vvjjp.exe 2676 dvjpd.exe 2600 llxxlrf.exe 2472 nnhnth.exe 2968 dvdpv.exe 1592 3lfflxr.exe 2136 vdvvd.exe 2520 pppjp.exe 2752 fxrxlrf.exe 1496 lllrlrf.exe 1588 hnnbtt.exe 1260 hbnttb.exe 1764 dvddj.exe 1752 vjpdv.exe 1324 dvjjj.exe 2032 xrfflrf.exe 2036 bntnth.exe 2256 nhtttb.exe 2024 vpppp.exe 1940 jddjj.exe 1972 rfxfxfx.exe 1960 rlrxlrf.exe 2232 nhbhbb.exe 1416 hbhhnn.exe 1808 jjppp.exe 1132 vpddd.exe 3004 llxflxf.exe -
resource yara_rule behavioral1/memory/2932-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2544-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2680-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2444-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2888-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2720-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1768-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1376-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1192-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2044-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2228-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1944-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1876-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1572-229-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2308-238-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-246-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1816-255-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/280-264-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2380-291-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2156-300-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2932 wrote to memory of 2740 2932 c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe 28 PID 2932 wrote to memory of 2740 2932 c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe 28 PID 2932 wrote to memory of 2740 2932 c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe 28 PID 2932 wrote to memory of 2740 2932 c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe 28 PID 2740 wrote to memory of 2608 2740 rlxflrl.exe 29 PID 2740 wrote to memory of 2608 2740 rlxflrl.exe 29 PID 2740 wrote to memory of 2608 2740 rlxflrl.exe 29 PID 2740 wrote to memory of 2608 2740 rlxflrl.exe 29 PID 2608 wrote to memory of 2544 2608 xrfrlfr.exe 30 PID 2608 wrote to memory of 2544 2608 xrfrlfr.exe 30 PID 2608 wrote to memory of 2544 2608 xrfrlfr.exe 30 PID 2608 wrote to memory of 2544 2608 xrfrlfr.exe 30 PID 2544 wrote to memory of 2680 2544 3httbb.exe 31 PID 2544 wrote to memory of 2680 2544 3httbb.exe 31 PID 2544 wrote to memory of 2680 2544 3httbb.exe 31 PID 2544 wrote to memory of 2680 2544 3httbb.exe 31 PID 2680 wrote to memory of 2444 2680 dvpvj.exe 32 PID 2680 wrote to memory of 2444 2680 dvpvj.exe 32 PID 2680 wrote to memory of 2444 2680 dvpvj.exe 32 PID 2680 wrote to memory of 2444 2680 dvpvj.exe 32 PID 2444 wrote to memory of 2424 2444 rlxxxfr.exe 33 PID 2444 wrote to memory of 2424 2444 rlxxxfr.exe 33 PID 2444 wrote to memory of 2424 2444 rlxxxfr.exe 33 PID 2444 wrote to memory of 2424 2444 rlxxxfr.exe 33 PID 2424 wrote to memory of 2888 2424 fxrrxxx.exe 34 PID 2424 wrote to memory of 2888 2424 fxrrxxx.exe 34 PID 2424 wrote to memory of 2888 2424 fxrrxxx.exe 34 PID 2424 wrote to memory of 2888 2424 fxrrxxx.exe 34 PID 2888 wrote to memory of 712 2888 9nntht.exe 35 PID 2888 wrote to memory of 712 2888 9nntht.exe 35 PID 2888 wrote to memory of 712 2888 9nntht.exe 35 PID 2888 wrote to memory of 712 2888 9nntht.exe 35 PID 712 wrote to memory of 2720 712 hnbhtt.exe 36 PID 712 wrote to memory of 2720 712 hnbhtt.exe 36 PID 712 wrote to memory of 2720 712 hnbhtt.exe 36 PID 712 wrote to memory of 2720 712 hnbhtt.exe 36 PID 2720 wrote to memory of 2780 2720 1jdpv.exe 37 PID 2720 wrote to memory of 2780 2720 1jdpv.exe 37 PID 2720 wrote to memory of 2780 2720 1jdpv.exe 37 PID 2720 wrote to memory of 2780 2720 1jdpv.exe 37 PID 2780 wrote to memory of 1244 2780 jpvjv.exe 38 PID 2780 wrote to memory of 1244 2780 jpvjv.exe 38 PID 2780 wrote to memory of 1244 2780 jpvjv.exe 38 PID 2780 wrote to memory of 1244 2780 jpvjv.exe 38 PID 1244 wrote to memory of 1768 1244 7frrflx.exe 39 PID 1244 wrote to memory of 1768 1244 7frrflx.exe 39 PID 1244 wrote to memory of 1768 1244 7frrflx.exe 39 PID 1244 wrote to memory of 1768 1244 7frrflx.exe 39 PID 1768 wrote to memory of 1376 1768 rrlrxfr.exe 40 PID 1768 wrote to memory of 1376 1768 rrlrxfr.exe 40 PID 1768 wrote to memory of 1376 1768 rrlrxfr.exe 40 PID 1768 wrote to memory of 1376 1768 rrlrxfr.exe 40 PID 1376 wrote to memory of 1192 1376 btnttn.exe 41 PID 1376 wrote to memory of 1192 1376 btnttn.exe 41 PID 1376 wrote to memory of 1192 1376 btnttn.exe 41 PID 1376 wrote to memory of 1192 1376 btnttn.exe 41 PID 1192 wrote to memory of 2460 1192 5nbbhn.exe 42 PID 1192 wrote to memory of 2460 1192 5nbbhn.exe 42 PID 1192 wrote to memory of 2460 1192 5nbbhn.exe 42 PID 1192 wrote to memory of 2460 1192 5nbbhn.exe 42 PID 2460 wrote to memory of 2044 2460 pdpvv.exe 43 PID 2460 wrote to memory of 2044 2460 pdpvv.exe 43 PID 2460 wrote to memory of 2044 2460 pdpvv.exe 43 PID 2460 wrote to memory of 2044 2460 pdpvv.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\rlxflrl.exec:\rlxflrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\xrfrlfr.exec:\xrfrlfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\3httbb.exec:\3httbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\dvpvj.exec:\dvpvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2680 -
\??\c:\rlxxxfr.exec:\rlxxxfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2444 -
\??\c:\fxrrxxx.exec:\fxrrxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\9nntht.exec:\9nntht.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2888 -
\??\c:\hnbhtt.exec:\hnbhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:712 -
\??\c:\1jdpv.exec:\1jdpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\jpvjv.exec:\jpvjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\7frrflx.exec:\7frrflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1244 -
\??\c:\rrlrxfr.exec:\rrlrxfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1768 -
\??\c:\btnttn.exec:\btnttn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1376 -
\??\c:\5nbbhn.exec:\5nbbhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1192 -
\??\c:\pdpvv.exec:\pdpvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\pppdj.exec:\pppdj.exe17⤵
- Executes dropped EXE
PID:2044 -
\??\c:\pppdv.exec:\pppdv.exe18⤵
- Executes dropped EXE
PID:2024 -
\??\c:\5rllxxl.exec:\5rllxxl.exe19⤵
- Executes dropped EXE
PID:2228 -
\??\c:\tnnhtb.exec:\tnnhtb.exe20⤵
- Executes dropped EXE
PID:1944 -
\??\c:\3thhnn.exec:\3thhnn.exe21⤵
- Executes dropped EXE
PID:1876 -
\??\c:\9pjvp.exec:\9pjvp.exe22⤵
- Executes dropped EXE
PID:604 -
\??\c:\pjvdp.exec:\pjvdp.exe23⤵
- Executes dropped EXE
PID:1004 -
\??\c:\3rflrfl.exec:\3rflrfl.exe24⤵
- Executes dropped EXE
PID:1572 -
\??\c:\hhtbbh.exec:\hhtbbh.exe25⤵
- Executes dropped EXE
PID:2308 -
\??\c:\btbbhh.exec:\btbbhh.exe26⤵
- Executes dropped EXE
PID:2992 -
\??\c:\dvjpv.exec:\dvjpv.exe27⤵
- Executes dropped EXE
PID:1816 -
\??\c:\jdpvd.exec:\jdpvd.exe28⤵
- Executes dropped EXE
PID:280 -
\??\c:\rrlxffl.exec:\rrlxffl.exe29⤵
- Executes dropped EXE
PID:2108 -
\??\c:\fxlxrxr.exec:\fxlxrxr.exe30⤵
- Executes dropped EXE
PID:1744 -
\??\c:\hththn.exec:\hththn.exe31⤵
- Executes dropped EXE
PID:2380 -
\??\c:\bbtthn.exec:\bbtthn.exe32⤵
- Executes dropped EXE
PID:2156 -
\??\c:\jdvdj.exec:\jdvdj.exe33⤵
- Executes dropped EXE
PID:2152 -
\??\c:\dvjpp.exec:\dvjpp.exe34⤵
- Executes dropped EXE
PID:1932 -
\??\c:\1pddj.exec:\1pddj.exe35⤵
- Executes dropped EXE
PID:2512 -
\??\c:\rfrfflx.exec:\rfrfflx.exe36⤵
- Executes dropped EXE
PID:1540 -
\??\c:\7hbbhn.exec:\7hbbhn.exe37⤵
- Executes dropped EXE
PID:2548 -
\??\c:\vvjvj.exec:\vvjvj.exe38⤵
- Executes dropped EXE
PID:2536 -
\??\c:\vvjjp.exec:\vvjjp.exe39⤵
- Executes dropped EXE
PID:2700 -
\??\c:\dvjpd.exec:\dvjpd.exe40⤵
- Executes dropped EXE
PID:2676 -
\??\c:\llxxlrf.exec:\llxxlrf.exe41⤵
- Executes dropped EXE
PID:2600 -
\??\c:\nnhnth.exec:\nnhnth.exe42⤵
- Executes dropped EXE
PID:2472 -
\??\c:\dvdpv.exec:\dvdpv.exe43⤵
- Executes dropped EXE
PID:2968 -
\??\c:\3lfflxr.exec:\3lfflxr.exe44⤵
- Executes dropped EXE
PID:1592 -
\??\c:\vdvvd.exec:\vdvvd.exe45⤵
- Executes dropped EXE
PID:2136 -
\??\c:\pppjp.exec:\pppjp.exe46⤵
- Executes dropped EXE
PID:2520 -
\??\c:\fxrxlrf.exec:\fxrxlrf.exe47⤵
- Executes dropped EXE
PID:2752 -
\??\c:\lllrlrf.exec:\lllrlrf.exe48⤵
- Executes dropped EXE
PID:1496 -
\??\c:\hnnbtt.exec:\hnnbtt.exe49⤵
- Executes dropped EXE
PID:1588 -
\??\c:\hbnttb.exec:\hbnttb.exe50⤵
- Executes dropped EXE
PID:1260 -
\??\c:\dvddj.exec:\dvddj.exe51⤵
- Executes dropped EXE
PID:1764 -
\??\c:\vjpdv.exec:\vjpdv.exe52⤵
- Executes dropped EXE
PID:1752 -
\??\c:\dvjjj.exec:\dvjjj.exe53⤵
- Executes dropped EXE
PID:1324 -
\??\c:\xrfflrf.exec:\xrfflrf.exe54⤵
- Executes dropped EXE
PID:2032 -
\??\c:\bntnth.exec:\bntnth.exe55⤵
- Executes dropped EXE
PID:2036 -
\??\c:\nhtttb.exec:\nhtttb.exe56⤵
- Executes dropped EXE
PID:2256 -
\??\c:\vpppp.exec:\vpppp.exe57⤵
- Executes dropped EXE
PID:2024 -
\??\c:\jddjj.exec:\jddjj.exe58⤵
- Executes dropped EXE
PID:1940 -
\??\c:\rfxfxfx.exec:\rfxfxfx.exe59⤵
- Executes dropped EXE
PID:1972 -
\??\c:\rlrxlrf.exec:\rlrxlrf.exe60⤵
- Executes dropped EXE
PID:1960 -
\??\c:\nhbhbb.exec:\nhbhbb.exe61⤵
- Executes dropped EXE
PID:2232 -
\??\c:\hbhhnn.exec:\hbhhnn.exe62⤵
- Executes dropped EXE
PID:1416 -
\??\c:\jjppp.exec:\jjppp.exe63⤵
- Executes dropped EXE
PID:1808 -
\??\c:\vpddd.exec:\vpddd.exe64⤵
- Executes dropped EXE
PID:1132 -
\??\c:\llxflxf.exec:\llxflxf.exe65⤵
- Executes dropped EXE
PID:3004 -
\??\c:\fxfrxfl.exec:\fxfrxfl.exe66⤵PID:2992
-
\??\c:\thtthn.exec:\thtthn.exe67⤵PID:1368
-
\??\c:\5dppv.exec:\5dppv.exe68⤵PID:652
-
\??\c:\dvjvd.exec:\dvjvd.exe69⤵PID:1712
-
\??\c:\rlflllx.exec:\rlflllx.exe70⤵PID:2092
-
\??\c:\9frfrrr.exec:\9frfrrr.exe71⤵PID:2172
-
\??\c:\3nbbnn.exec:\3nbbnn.exe72⤵PID:2120
-
\??\c:\nnbnhh.exec:\nnbnhh.exe73⤵PID:2744
-
\??\c:\jdpvd.exec:\jdpvd.exe74⤵PID:2908
-
\??\c:\9ppvd.exec:\9ppvd.exe75⤵PID:2368
-
\??\c:\rllfrxl.exec:\rllfrxl.exe76⤵PID:2932
-
\??\c:\7rllfrf.exec:\7rllfrf.exe77⤵PID:1532
-
\??\c:\tnbbnt.exec:\tnbbnt.exe78⤵PID:2560
-
\??\c:\nnhttt.exec:\nnhttt.exe79⤵PID:2988
-
\??\c:\dvvjp.exec:\dvvjp.exe80⤵PID:2704
-
\??\c:\7jvvd.exec:\7jvvd.exe81⤵PID:2776
-
\??\c:\7xrlflx.exec:\7xrlflx.exe82⤵PID:2672
-
\??\c:\5frlxxl.exec:\5frlxxl.exe83⤵PID:2432
-
\??\c:\1nbhnh.exec:\1nbhnh.exe84⤵PID:2656
-
\??\c:\ttntht.exec:\ttntht.exe85⤵PID:2420
-
\??\c:\hthhth.exec:\hthhth.exe86⤵PID:2408
-
\??\c:\vpdjv.exec:\vpdjv.exe87⤵PID:1648
-
\??\c:\7vjjj.exec:\7vjjj.exe88⤵PID:2336
-
\??\c:\rrfllrx.exec:\rrfllrx.exe89⤵PID:1636
-
\??\c:\llxfrxl.exec:\llxfrxl.exe90⤵PID:776
-
\??\c:\tnbbnn.exec:\tnbbnn.exe91⤵PID:2868
-
\??\c:\1btbnt.exec:\1btbnt.exe92⤵PID:1508
-
\??\c:\vpdvd.exec:\vpdvd.exe93⤵PID:2372
-
\??\c:\5vvpv.exec:\5vvpv.exe94⤵PID:1564
-
\??\c:\jdpdv.exec:\jdpdv.exe95⤵PID:1364
-
\??\c:\lxxrxrl.exec:\lxxrxrl.exe96⤵PID:2460
-
\??\c:\lllxlrf.exec:\lllxlrf.exe97⤵PID:1612
-
\??\c:\nhbhtt.exec:\nhbhtt.exe98⤵PID:2516
-
\??\c:\nhbbnt.exec:\nhbbnt.exe99⤵PID:2084
-
\??\c:\ppjpd.exec:\ppjpd.exe100⤵PID:2404
-
\??\c:\pjjdd.exec:\pjjdd.exe101⤵PID:2244
-
\??\c:\1rxlxxl.exec:\1rxlxxl.exe102⤵PID:1880
-
\??\c:\frxllfl.exec:\frxllfl.exe103⤵PID:1428
-
\??\c:\bbbhnh.exec:\bbbhnh.exe104⤵PID:2840
-
\??\c:\bhbntt.exec:\bhbntt.exe105⤵PID:860
-
\??\c:\9djvv.exec:\9djvv.exe106⤵PID:2396
-
\??\c:\dvjpv.exec:\dvjpv.exe107⤵PID:1232
-
\??\c:\3rxlflx.exec:\3rxlflx.exe108⤵PID:2848
-
\??\c:\9xrflrf.exec:\9xrflrf.exe109⤵PID:1816
-
\??\c:\tnhhnn.exec:\tnhhnn.exe110⤵PID:280
-
\??\c:\tnbhtn.exec:\tnbhtn.exe111⤵PID:2844
-
\??\c:\bhbttb.exec:\bhbttb.exe112⤵PID:2356
-
\??\c:\jdvdj.exec:\jdvdj.exe113⤵PID:1820
-
\??\c:\jjppj.exec:\jjppj.exe114⤵PID:2296
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe115⤵PID:1276
-
\??\c:\5rffrll.exec:\5rffrll.exe116⤵PID:3048
-
\??\c:\5hbhtb.exec:\5hbhtb.exe117⤵PID:896
-
\??\c:\bbntbt.exec:\bbntbt.exe118⤵PID:1932
-
\??\c:\5bttbb.exec:\5bttbb.exe119⤵PID:2512
-
\??\c:\dvpjv.exec:\dvpjv.exe120⤵PID:2028
-
\??\c:\jdppp.exec:\jdppp.exe121⤵PID:2548
-
\??\c:\7fffrrx.exec:\7fffrrx.exe122⤵PID:2696
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-