Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 12:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe
-
Size
75KB
-
MD5
c87306f395b50f6fe19f9c27b89d3d20
-
SHA1
9593576688529c1e3620a30c24efbc8f9a3fd4fe
-
SHA256
2d92feebe443356fa8feb501fb91785b80f2b9014e4c30861e40b2e114c5b0f8
-
SHA512
1d6888fdffa71bbc3baeebc2bee1d674533b2e658e658976af1846bb274f0f4aa9dac309fbf25d848835ed4f28ce0dc945ca18ededc034617fcd279c5f564e29
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1AP0:ymb3NkkiQ3mdBjFIsIVbpUO0
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral1/memory/2804-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2052-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2080-29-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2080-28-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2896-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2536-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2564-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2536-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2368-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2352-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2388-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1052-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1936-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2000-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1632-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2308-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/952-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2588-193-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2664-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2676-212-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/836-238-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1984-247-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1208-256-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2832-265-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2052 ptfrbhp.exe 2080 rvhdxn.exe 2896 ndxhpn.exe 2536 bjjnjb.exe 2564 dxrxlfx.exe 2368 fxljr.exe 2500 jpdjxv.exe 2352 jrxrbf.exe 2388 xjvvtp.exe 564 fptpppv.exe 1052 tvjjfhb.exe 1476 xvnbxf.exe 2192 nbjdn.exe 1936 btlrnx.exe 2000 vfvprjn.exe 1632 pvvjnxl.exe 2308 lnlnppr.exe 952 hlxpvhl.exe 2588 xvphnd.exe 2664 xnbxbtx.exe 2676 vxbxr.exe 2508 jxdbb.exe 1084 jdhdpbd.exe 836 nntdndr.exe 1984 vplnvd.exe 1208 jxhpxvf.exe 2832 npnlr.exe 1976 vtjdrpr.exe 3036 lhnhrr.exe 2928 pbrjvlp.exe 2088 pxdvrj.exe 892 ffnbrxd.exe 2264 tnbpvht.exe 1896 vftrbbp.exe 1216 jxtppnn.exe 2228 hdrdxh.exe 1692 jllvb.exe 3056 pnnpbpn.exe 2524 fptbvjn.exe 2700 fvhnbl.exe 2604 nhpdvfn.exe 2484 jlnnbt.exe 2640 frvxjnx.exe 2468 vdxbxh.exe 2344 bndbtfb.exe 2188 xnbvhv.exe 2784 lpbrrjx.exe 680 rrhdvbr.exe 1008 dxdjx.exe 1212 bfhvrlf.exe 1932 hlthfp.exe 1168 dnlhdd.exe 1156 ntrnpjt.exe 2044 bdhhjf.exe 1648 xvbxxnh.exe 1796 ftfvndb.exe 940 lrhlrt.exe 2160 dnpjd.exe 2432 jtfrth.exe 2580 tbhxvpb.exe 2156 fxbpnvl.exe 2252 djlvn.exe 1100 rtjjjf.exe 2576 vtdbf.exe -
resource yara_rule behavioral1/memory/2804-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2052-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2080-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2896-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2896-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2368-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2352-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2388-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1052-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1936-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2000-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1632-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2308-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/952-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2588-193-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2664-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2676-212-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/836-238-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1984-247-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1208-256-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2832-265-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2804 wrote to memory of 2052 2804 c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe 28 PID 2804 wrote to memory of 2052 2804 c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe 28 PID 2804 wrote to memory of 2052 2804 c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe 28 PID 2804 wrote to memory of 2052 2804 c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe 28 PID 2052 wrote to memory of 2080 2052 ptfrbhp.exe 29 PID 2052 wrote to memory of 2080 2052 ptfrbhp.exe 29 PID 2052 wrote to memory of 2080 2052 ptfrbhp.exe 29 PID 2052 wrote to memory of 2080 2052 ptfrbhp.exe 29 PID 2080 wrote to memory of 2896 2080 rvhdxn.exe 30 PID 2080 wrote to memory of 2896 2080 rvhdxn.exe 30 PID 2080 wrote to memory of 2896 2080 rvhdxn.exe 30 PID 2080 wrote to memory of 2896 2080 rvhdxn.exe 30 PID 2896 wrote to memory of 2536 2896 ndxhpn.exe 31 PID 2896 wrote to memory of 2536 2896 ndxhpn.exe 31 PID 2896 wrote to memory of 2536 2896 ndxhpn.exe 31 PID 2896 wrote to memory of 2536 2896 ndxhpn.exe 31 PID 2536 wrote to memory of 2564 2536 bjjnjb.exe 32 PID 2536 wrote to memory of 2564 2536 bjjnjb.exe 32 PID 2536 wrote to memory of 2564 2536 bjjnjb.exe 32 PID 2536 wrote to memory of 2564 2536 bjjnjb.exe 32 PID 2564 wrote to memory of 2368 2564 dxrxlfx.exe 33 PID 2564 wrote to memory of 2368 2564 dxrxlfx.exe 33 PID 2564 wrote to memory of 2368 2564 dxrxlfx.exe 33 PID 2564 wrote to memory of 2368 2564 dxrxlfx.exe 33 PID 2368 wrote to memory of 2500 2368 fxljr.exe 34 PID 2368 wrote to memory of 2500 2368 fxljr.exe 34 PID 2368 wrote to memory of 2500 2368 fxljr.exe 34 PID 2368 wrote to memory of 2500 2368 fxljr.exe 34 PID 2500 wrote to memory of 2352 2500 jpdjxv.exe 35 PID 2500 wrote to memory of 2352 2500 jpdjxv.exe 35 PID 2500 wrote to memory of 2352 2500 jpdjxv.exe 35 PID 2500 wrote to memory of 2352 2500 jpdjxv.exe 35 PID 2352 wrote to memory of 2388 2352 jrxrbf.exe 36 PID 2352 wrote to memory of 2388 2352 jrxrbf.exe 36 PID 2352 wrote to memory of 2388 2352 jrxrbf.exe 36 PID 2352 wrote to memory of 2388 2352 jrxrbf.exe 36 PID 2388 wrote to memory of 564 2388 xjvvtp.exe 37 PID 2388 wrote to memory of 564 2388 xjvvtp.exe 37 PID 2388 wrote to memory of 564 2388 xjvvtp.exe 37 PID 2388 wrote to memory of 564 2388 xjvvtp.exe 37 PID 564 wrote to memory of 1052 564 fptpppv.exe 38 PID 564 wrote to memory of 1052 564 fptpppv.exe 38 PID 564 wrote to memory of 1052 564 fptpppv.exe 38 PID 564 wrote to memory of 1052 564 fptpppv.exe 38 PID 1052 wrote to memory of 1476 1052 tvjjfhb.exe 39 PID 1052 wrote to memory of 1476 1052 tvjjfhb.exe 39 PID 1052 wrote to memory of 1476 1052 tvjjfhb.exe 39 PID 1052 wrote to memory of 1476 1052 tvjjfhb.exe 39 PID 1476 wrote to memory of 2192 1476 xvnbxf.exe 40 PID 1476 wrote to memory of 2192 1476 xvnbxf.exe 40 PID 1476 wrote to memory of 2192 1476 xvnbxf.exe 40 PID 1476 wrote to memory of 2192 1476 xvnbxf.exe 40 PID 2192 wrote to memory of 1936 2192 nbjdn.exe 41 PID 2192 wrote to memory of 1936 2192 nbjdn.exe 41 PID 2192 wrote to memory of 1936 2192 nbjdn.exe 41 PID 2192 wrote to memory of 1936 2192 nbjdn.exe 41 PID 1936 wrote to memory of 2000 1936 btlrnx.exe 42 PID 1936 wrote to memory of 2000 1936 btlrnx.exe 42 PID 1936 wrote to memory of 2000 1936 btlrnx.exe 42 PID 1936 wrote to memory of 2000 1936 btlrnx.exe 42 PID 2000 wrote to memory of 1632 2000 vfvprjn.exe 43 PID 2000 wrote to memory of 1632 2000 vfvprjn.exe 43 PID 2000 wrote to memory of 1632 2000 vfvprjn.exe 43 PID 2000 wrote to memory of 1632 2000 vfvprjn.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2804 -
\??\c:\ptfrbhp.exec:\ptfrbhp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2052 -
\??\c:\rvhdxn.exec:\rvhdxn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2080 -
\??\c:\ndxhpn.exec:\ndxhpn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\bjjnjb.exec:\bjjnjb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\dxrxlfx.exec:\dxrxlfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\fxljr.exec:\fxljr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2368 -
\??\c:\jpdjxv.exec:\jpdjxv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\jrxrbf.exec:\jrxrbf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2352 -
\??\c:\xjvvtp.exec:\xjvvtp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\fptpppv.exec:\fptpppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:564 -
\??\c:\tvjjfhb.exec:\tvjjfhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1052 -
\??\c:\xvnbxf.exec:\xvnbxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1476 -
\??\c:\nbjdn.exec:\nbjdn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2192 -
\??\c:\btlrnx.exec:\btlrnx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1936 -
\??\c:\vfvprjn.exec:\vfvprjn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\pvvjnxl.exec:\pvvjnxl.exe17⤵
- Executes dropped EXE
PID:1632 -
\??\c:\lnlnppr.exec:\lnlnppr.exe18⤵
- Executes dropped EXE
PID:2308 -
\??\c:\hlxpvhl.exec:\hlxpvhl.exe19⤵
- Executes dropped EXE
PID:952 -
\??\c:\xvphnd.exec:\xvphnd.exe20⤵
- Executes dropped EXE
PID:2588 -
\??\c:\xnbxbtx.exec:\xnbxbtx.exe21⤵
- Executes dropped EXE
PID:2664 -
\??\c:\vxbxr.exec:\vxbxr.exe22⤵
- Executes dropped EXE
PID:2676 -
\??\c:\jxdbb.exec:\jxdbb.exe23⤵
- Executes dropped EXE
PID:2508 -
\??\c:\jdhdpbd.exec:\jdhdpbd.exe24⤵
- Executes dropped EXE
PID:1084 -
\??\c:\nntdndr.exec:\nntdndr.exe25⤵
- Executes dropped EXE
PID:836 -
\??\c:\vplnvd.exec:\vplnvd.exe26⤵
- Executes dropped EXE
PID:1984 -
\??\c:\jxhpxvf.exec:\jxhpxvf.exe27⤵
- Executes dropped EXE
PID:1208 -
\??\c:\npnlr.exec:\npnlr.exe28⤵
- Executes dropped EXE
PID:2832 -
\??\c:\vtjdrpr.exec:\vtjdrpr.exe29⤵
- Executes dropped EXE
PID:1976 -
\??\c:\lhnhrr.exec:\lhnhrr.exe30⤵
- Executes dropped EXE
PID:3036 -
\??\c:\pbrjvlp.exec:\pbrjvlp.exe31⤵
- Executes dropped EXE
PID:2928 -
\??\c:\pxdvrj.exec:\pxdvrj.exe32⤵
- Executes dropped EXE
PID:2088 -
\??\c:\ffnbrxd.exec:\ffnbrxd.exe33⤵
- Executes dropped EXE
PID:892 -
\??\c:\tnbpvht.exec:\tnbpvht.exe34⤵
- Executes dropped EXE
PID:2264 -
\??\c:\vftrbbp.exec:\vftrbbp.exe35⤵
- Executes dropped EXE
PID:1896 -
\??\c:\jxtppnn.exec:\jxtppnn.exe36⤵
- Executes dropped EXE
PID:1216 -
\??\c:\hdrdxh.exec:\hdrdxh.exe37⤵
- Executes dropped EXE
PID:2228 -
\??\c:\jllvb.exec:\jllvb.exe38⤵
- Executes dropped EXE
PID:1692 -
\??\c:\pnnpbpn.exec:\pnnpbpn.exe39⤵
- Executes dropped EXE
PID:3056 -
\??\c:\fptbvjn.exec:\fptbvjn.exe40⤵
- Executes dropped EXE
PID:2524 -
\??\c:\fvhnbl.exec:\fvhnbl.exe41⤵
- Executes dropped EXE
PID:2700 -
\??\c:\nhpdvfn.exec:\nhpdvfn.exe42⤵
- Executes dropped EXE
PID:2604 -
\??\c:\jlnnbt.exec:\jlnnbt.exe43⤵
- Executes dropped EXE
PID:2484 -
\??\c:\frvxjnx.exec:\frvxjnx.exe44⤵
- Executes dropped EXE
PID:2640 -
\??\c:\vdxbxh.exec:\vdxbxh.exe45⤵
- Executes dropped EXE
PID:2468 -
\??\c:\bndbtfb.exec:\bndbtfb.exe46⤵
- Executes dropped EXE
PID:2344 -
\??\c:\xnbvhv.exec:\xnbvhv.exe47⤵
- Executes dropped EXE
PID:2188 -
\??\c:\lpbrrjx.exec:\lpbrrjx.exe48⤵
- Executes dropped EXE
PID:2784 -
\??\c:\rrhdvbr.exec:\rrhdvbr.exe49⤵
- Executes dropped EXE
PID:680 -
\??\c:\dxdjx.exec:\dxdjx.exe50⤵
- Executes dropped EXE
PID:1008 -
\??\c:\bfhvrlf.exec:\bfhvrlf.exe51⤵
- Executes dropped EXE
PID:1212 -
\??\c:\hlthfp.exec:\hlthfp.exe52⤵
- Executes dropped EXE
PID:1932 -
\??\c:\dnlhdd.exec:\dnlhdd.exe53⤵
- Executes dropped EXE
PID:1168 -
\??\c:\ntrnpjt.exec:\ntrnpjt.exe54⤵
- Executes dropped EXE
PID:1156 -
\??\c:\bdhhjf.exec:\bdhhjf.exe55⤵
- Executes dropped EXE
PID:2044 -
\??\c:\xvbxxnh.exec:\xvbxxnh.exe56⤵
- Executes dropped EXE
PID:1648 -
\??\c:\ftfvndb.exec:\ftfvndb.exe57⤵
- Executes dropped EXE
PID:1796 -
\??\c:\lrhlrt.exec:\lrhlrt.exe58⤵
- Executes dropped EXE
PID:940 -
\??\c:\dnpjd.exec:\dnpjd.exe59⤵
- Executes dropped EXE
PID:2160 -
\??\c:\jtfrth.exec:\jtfrth.exe60⤵
- Executes dropped EXE
PID:2432 -
\??\c:\tbhxvpb.exec:\tbhxvpb.exe61⤵
- Executes dropped EXE
PID:2580 -
\??\c:\fxbpnvl.exec:\fxbpnvl.exe62⤵
- Executes dropped EXE
PID:2156 -
\??\c:\djlvn.exec:\djlvn.exe63⤵
- Executes dropped EXE
PID:2252 -
\??\c:\rtjjjf.exec:\rtjjjf.exe64⤵
- Executes dropped EXE
PID:1100 -
\??\c:\vtdbf.exec:\vtdbf.exe65⤵
- Executes dropped EXE
PID:2576 -
\??\c:\tljthbf.exec:\tljthbf.exe66⤵PID:2848
-
\??\c:\xbjxx.exec:\xbjxx.exe67⤵PID:836
-
\??\c:\flljjj.exec:\flljjj.exe68⤵PID:1160
-
\??\c:\btftvht.exec:\btftvht.exe69⤵PID:1548
-
\??\c:\jjrrbj.exec:\jjrrbj.exe70⤵PID:2208
-
\??\c:\btdnt.exec:\btdnt.exe71⤵PID:1068
-
\??\c:\fhtjhjx.exec:\fhtjhjx.exe72⤵PID:568
-
\??\c:\rjvxr.exec:\rjvxr.exe73⤵PID:864
-
\??\c:\pflvf.exec:\pflvf.exe74⤵PID:584
-
\??\c:\jtbxr.exec:\jtbxr.exe75⤵PID:1536
-
\??\c:\rfpdl.exec:\rfpdl.exe76⤵PID:1736
-
\??\c:\xnnxhh.exec:\xnnxhh.exe77⤵PID:1056
-
\??\c:\jvvtv.exec:\jvvtv.exe78⤵PID:2212
-
\??\c:\pjnbjtf.exec:\pjnbjtf.exe79⤵PID:1324
-
\??\c:\tbljjr.exec:\tbljjr.exe80⤵PID:2520
-
\??\c:\bvxjtx.exec:\bvxjtx.exe81⤵PID:2628
-
\??\c:\fbtlxn.exec:\fbtlxn.exe82⤵PID:2472
-
\??\c:\vrxrr.exec:\vrxrr.exe83⤵PID:2608
-
\??\c:\plvrh.exec:\plvrh.exe84⤵PID:2616
-
\??\c:\xxdfp.exec:\xxdfp.exe85⤵PID:2360
-
\??\c:\vhrdhpd.exec:\vhrdhpd.exe86⤵PID:2692
-
\??\c:\xljth.exec:\xljth.exe87⤵PID:2660
-
\??\c:\vljbvv.exec:\vljbvv.exe88⤵PID:2332
-
\??\c:\xxlhjdj.exec:\xxlhjdj.exe89⤵PID:2452
-
\??\c:\lvffd.exec:\lvffd.exe90⤵PID:2988
-
\??\c:\prrxpl.exec:\prrxpl.exe91⤵PID:528
-
\??\c:\dnlvv.exec:\dnlvv.exe92⤵PID:2312
-
\??\c:\bhnxp.exec:\bhnxp.exe93⤵PID:1848
-
\??\c:\xlhtltn.exec:\xlhtltn.exe94⤵PID:1052
-
\??\c:\jnfdv.exec:\jnfdv.exe95⤵PID:1476
-
\??\c:\fhtjjrp.exec:\fhtjjrp.exe96⤵PID:2004
-
\??\c:\bpvllr.exec:\bpvllr.exe97⤵PID:1168
-
\??\c:\hjdtdl.exec:\hjdtdl.exe98⤵PID:1960
-
\??\c:\jdnjj.exec:\jdnjj.exe99⤵PID:1108
-
\??\c:\fppffb.exec:\fppffb.exe100⤵PID:764
-
\??\c:\rnfvd.exec:\rnfvd.exe101⤵PID:936
-
\??\c:\plbrth.exec:\plbrth.exe102⤵PID:2320
-
\??\c:\nrvbp.exec:\nrvbp.exe103⤵PID:2584
-
\??\c:\blbbv.exec:\blbbv.exe104⤵PID:2960
-
\??\c:\hlnbfdv.exec:\hlnbfdv.exe105⤵PID:1744
-
\??\c:\jhxdbpr.exec:\jhxdbpr.exe106⤵PID:3012
-
\??\c:\ldbbrn.exec:\ldbbrn.exe107⤵PID:2648
-
\??\c:\tfvvjn.exec:\tfvvjn.exe108⤵PID:436
-
\??\c:\ldrfd.exec:\ldrfd.exe109⤵PID:2996
-
\??\c:\lvbdj.exec:\lvbdj.exe110⤵PID:1048
-
\??\c:\dvrbbv.exec:\dvrbbv.exe111⤵PID:1768
-
\??\c:\lpnfpnd.exec:\lpnfpnd.exe112⤵PID:920
-
\??\c:\nfjxb.exec:\nfjxb.exe113⤵PID:2984
-
\??\c:\rltthtr.exec:\rltthtr.exe114⤵PID:1624
-
\??\c:\bphhb.exec:\bphhb.exe115⤵PID:1948
-
\??\c:\rrtfdtr.exec:\rrtfdtr.exe116⤵PID:604
-
\??\c:\nhvrpbl.exec:\nhvrpbl.exe117⤵PID:3004
-
\??\c:\ttjlhfd.exec:\ttjlhfd.exe118⤵PID:3028
-
\??\c:\rhjvf.exec:\rhjvf.exe119⤵PID:2992
-
\??\c:\thbndbn.exec:\thbndbn.exe120⤵PID:2892
-
\??\c:\fjxhr.exec:\fjxhr.exe121⤵PID:1784
-
\??\c:\fjbnb.exec:\fjbnb.exe122⤵PID:1496
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-