Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe
-
Size
88KB
-
MD5
c8c61f3368a76bce2edb6bb8338bea90
-
SHA1
9d901d6835c44942e9ca75005ca8ac813ede1100
-
SHA256
5a996ff5533414444b99dc48be35fdea81d651d2158535e303a0baccb9bf740d
-
SHA512
cf77725223ba60f2e02f37becfb06b21d3a07167a9131ab500e0b9e6fd3c972338d863c65b53b6e0e3f797de2c4c37d306f2d6ebb36c4f275a238468b771b698
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1grORPfr0k890Ci:ymb3NkkiQ3mdBjFoLk8Pk890Ci
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/1728-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1628-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3032-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2592-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2592-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2512-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2680-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2948-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2880-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2616-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2752-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1248-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2340-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2352-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2380-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2036-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1672-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2216-211-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/780-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/952-229-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/904-247-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2804-309-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1628 ddvpd.exe 3032 dvvjd.exe 2592 9tnhbn.exe 2512 vpvjp.exe 2692 xfrrxrl.exe 2680 ntthtb.exe 2948 btnnbb.exe 2880 dpvpv.exe 2616 xfxrxff.exe 2752 ffrrlfx.exe 1248 hhbbhn.exe 1564 7bnhnn.exe 2340 dvjpv.exe 2352 fxllfxx.exe 2380 3lrxxxf.exe 2036 hbbtbn.exe 1672 pjjdj.exe 2900 pdddd.exe 2244 9frxllx.exe 2216 hnhhnt.exe 780 tnhntb.exe 952 vpvdj.exe 2896 pppdp.exe 904 xrflrlr.exe 448 rfrffll.exe 1012 3bhnth.exe 924 jjdjp.exe 2128 3dppv.exe 1852 9rrrxxl.exe 2196 1hbhnt.exe 2804 5tnthn.exe 1840 jdpvd.exe 1652 rlxxxxl.exe 2524 7rffllr.exe 2968 bbnthn.exe 3032 bthhnt.exe 2664 vpdvp.exe 2704 lxrxlxr.exe 2532 rrlrffl.exe 2708 9jpjp.exe 2404 vvpvp.exe 2392 fxrllrf.exe 1448 rlrxlxf.exe 2444 7tntth.exe 2648 tnttbh.exe 2732 vpdjp.exe 1352 3dpdj.exe 1600 lxlffff.exe 1616 tnhbnn.exe 1564 5hbbhh.exe 624 5dvdd.exe 1340 djvvv.exe 1336 pdpjp.exe 2164 5lxffxl.exe 2492 ffrfrxf.exe 1672 bbhtnb.exe 1896 pjddd.exe 1696 jjdjp.exe 1604 frfxlrr.exe 1400 rxrxllr.exe 1388 1htthh.exe 1720 nnnhnt.exe 3036 vpvvd.exe 2176 dpvdd.exe -
resource yara_rule behavioral1/memory/1628-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1628-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1628-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1728-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1628-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3032-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3032-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3032-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2592-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2592-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2512-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2512-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2680-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2948-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2880-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2880-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2880-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2752-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1248-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2340-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2352-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2380-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2036-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1672-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2216-211-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/780-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/952-229-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/904-247-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2804-309-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1728 wrote to memory of 1628 1728 c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe 28 PID 1728 wrote to memory of 1628 1728 c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe 28 PID 1728 wrote to memory of 1628 1728 c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe 28 PID 1728 wrote to memory of 1628 1728 c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe 28 PID 1628 wrote to memory of 3032 1628 ddvpd.exe 29 PID 1628 wrote to memory of 3032 1628 ddvpd.exe 29 PID 1628 wrote to memory of 3032 1628 ddvpd.exe 29 PID 1628 wrote to memory of 3032 1628 ddvpd.exe 29 PID 3032 wrote to memory of 2592 3032 dvvjd.exe 30 PID 3032 wrote to memory of 2592 3032 dvvjd.exe 30 PID 3032 wrote to memory of 2592 3032 dvvjd.exe 30 PID 3032 wrote to memory of 2592 3032 dvvjd.exe 30 PID 2592 wrote to memory of 2512 2592 9tnhbn.exe 31 PID 2592 wrote to memory of 2512 2592 9tnhbn.exe 31 PID 2592 wrote to memory of 2512 2592 9tnhbn.exe 31 PID 2592 wrote to memory of 2512 2592 9tnhbn.exe 31 PID 2512 wrote to memory of 2692 2512 vpvjp.exe 32 PID 2512 wrote to memory of 2692 2512 vpvjp.exe 32 PID 2512 wrote to memory of 2692 2512 vpvjp.exe 32 PID 2512 wrote to memory of 2692 2512 vpvjp.exe 32 PID 2692 wrote to memory of 2680 2692 xfrrxrl.exe 33 PID 2692 wrote to memory of 2680 2692 xfrrxrl.exe 33 PID 2692 wrote to memory of 2680 2692 xfrrxrl.exe 33 PID 2692 wrote to memory of 2680 2692 xfrrxrl.exe 33 PID 2680 wrote to memory of 2948 2680 ntthtb.exe 34 PID 2680 wrote to memory of 2948 2680 ntthtb.exe 34 PID 2680 wrote to memory of 2948 2680 ntthtb.exe 34 PID 2680 wrote to memory of 2948 2680 ntthtb.exe 34 PID 2948 wrote to memory of 2880 2948 btnnbb.exe 35 PID 2948 wrote to memory of 2880 2948 btnnbb.exe 35 PID 2948 wrote to memory of 2880 2948 btnnbb.exe 35 PID 2948 wrote to memory of 2880 2948 btnnbb.exe 35 PID 2880 wrote to memory of 2616 2880 dpvpv.exe 36 PID 2880 wrote to memory of 2616 2880 dpvpv.exe 36 PID 2880 wrote to memory of 2616 2880 dpvpv.exe 36 PID 2880 wrote to memory of 2616 2880 dpvpv.exe 36 PID 2616 wrote to memory of 2752 2616 xfxrxff.exe 37 PID 2616 wrote to memory of 2752 2616 xfxrxff.exe 37 PID 2616 wrote to memory of 2752 2616 xfxrxff.exe 37 PID 2616 wrote to memory of 2752 2616 xfxrxff.exe 37 PID 2752 wrote to memory of 1248 2752 ffrrlfx.exe 38 PID 2752 wrote to memory of 1248 2752 ffrrlfx.exe 38 PID 2752 wrote to memory of 1248 2752 ffrrlfx.exe 38 PID 2752 wrote to memory of 1248 2752 ffrrlfx.exe 38 PID 1248 wrote to memory of 1564 1248 hhbbhn.exe 39 PID 1248 wrote to memory of 1564 1248 hhbbhn.exe 39 PID 1248 wrote to memory of 1564 1248 hhbbhn.exe 39 PID 1248 wrote to memory of 1564 1248 hhbbhn.exe 39 PID 1564 wrote to memory of 2340 1564 7bnhnn.exe 40 PID 1564 wrote to memory of 2340 1564 7bnhnn.exe 40 PID 1564 wrote to memory of 2340 1564 7bnhnn.exe 40 PID 1564 wrote to memory of 2340 1564 7bnhnn.exe 40 PID 2340 wrote to memory of 2352 2340 dvjpv.exe 41 PID 2340 wrote to memory of 2352 2340 dvjpv.exe 41 PID 2340 wrote to memory of 2352 2340 dvjpv.exe 41 PID 2340 wrote to memory of 2352 2340 dvjpv.exe 41 PID 2352 wrote to memory of 2380 2352 fxllfxx.exe 42 PID 2352 wrote to memory of 2380 2352 fxllfxx.exe 42 PID 2352 wrote to memory of 2380 2352 fxllfxx.exe 42 PID 2352 wrote to memory of 2380 2352 fxllfxx.exe 42 PID 2380 wrote to memory of 2036 2380 3lrxxxf.exe 43 PID 2380 wrote to memory of 2036 2380 3lrxxxf.exe 43 PID 2380 wrote to memory of 2036 2380 3lrxxxf.exe 43 PID 2380 wrote to memory of 2036 2380 3lrxxxf.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c8c61f3368a76bce2edb6bb8338bea90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1728 -
\??\c:\ddvpd.exec:\ddvpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1628 -
\??\c:\dvvjd.exec:\dvvjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\9tnhbn.exec:\9tnhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2592 -
\??\c:\vpvjp.exec:\vpvjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2512 -
\??\c:\xfrrxrl.exec:\xfrrxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\ntthtb.exec:\ntthtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2680 -
\??\c:\btnnbb.exec:\btnnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2948 -
\??\c:\dpvpv.exec:\dpvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2880 -
\??\c:\xfxrxff.exec:\xfxrxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\ffrrlfx.exec:\ffrrlfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\hhbbhn.exec:\hhbbhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1248 -
\??\c:\7bnhnn.exec:\7bnhnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\dvjpv.exec:\dvjpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2340 -
\??\c:\fxllfxx.exec:\fxllfxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2352 -
\??\c:\3lrxxxf.exec:\3lrxxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\hbbtbn.exec:\hbbtbn.exe17⤵
- Executes dropped EXE
PID:2036 -
\??\c:\pjjdj.exec:\pjjdj.exe18⤵
- Executes dropped EXE
PID:1672 -
\??\c:\pdddd.exec:\pdddd.exe19⤵
- Executes dropped EXE
PID:2900 -
\??\c:\9frxllx.exec:\9frxllx.exe20⤵
- Executes dropped EXE
PID:2244 -
\??\c:\hnhhnt.exec:\hnhhnt.exe21⤵
- Executes dropped EXE
PID:2216 -
\??\c:\tnhntb.exec:\tnhntb.exe22⤵
- Executes dropped EXE
PID:780 -
\??\c:\vpvdj.exec:\vpvdj.exe23⤵
- Executes dropped EXE
PID:952 -
\??\c:\pppdp.exec:\pppdp.exe24⤵
- Executes dropped EXE
PID:2896 -
\??\c:\xrflrlr.exec:\xrflrlr.exe25⤵
- Executes dropped EXE
PID:904 -
\??\c:\rfrffll.exec:\rfrffll.exe26⤵
- Executes dropped EXE
PID:448 -
\??\c:\3bhnth.exec:\3bhnth.exe27⤵
- Executes dropped EXE
PID:1012 -
\??\c:\jjdjp.exec:\jjdjp.exe28⤵
- Executes dropped EXE
PID:924 -
\??\c:\3dppv.exec:\3dppv.exe29⤵
- Executes dropped EXE
PID:2128 -
\??\c:\9rrrxxl.exec:\9rrrxxl.exe30⤵
- Executes dropped EXE
PID:1852 -
\??\c:\1hbhnt.exec:\1hbhnt.exe31⤵
- Executes dropped EXE
PID:2196 -
\??\c:\5tnthn.exec:\5tnthn.exe32⤵
- Executes dropped EXE
PID:2804 -
\??\c:\jdpvd.exec:\jdpvd.exe33⤵
- Executes dropped EXE
PID:1840 -
\??\c:\rlxxxxl.exec:\rlxxxxl.exe34⤵
- Executes dropped EXE
PID:1652 -
\??\c:\7rffllr.exec:\7rffllr.exe35⤵
- Executes dropped EXE
PID:2524 -
\??\c:\bbnthn.exec:\bbnthn.exe36⤵
- Executes dropped EXE
PID:2968 -
\??\c:\bthhnt.exec:\bthhnt.exe37⤵
- Executes dropped EXE
PID:3032 -
\??\c:\vpdvp.exec:\vpdvp.exe38⤵
- Executes dropped EXE
PID:2664 -
\??\c:\lxrxlxr.exec:\lxrxlxr.exe39⤵
- Executes dropped EXE
PID:2704 -
\??\c:\rrlrffl.exec:\rrlrffl.exe40⤵
- Executes dropped EXE
PID:2532 -
\??\c:\9jpjp.exec:\9jpjp.exe41⤵
- Executes dropped EXE
PID:2708 -
\??\c:\vvpvp.exec:\vvpvp.exe42⤵
- Executes dropped EXE
PID:2404 -
\??\c:\fxrllrf.exec:\fxrllrf.exe43⤵
- Executes dropped EXE
PID:2392 -
\??\c:\rlrxlxf.exec:\rlrxlxf.exe44⤵
- Executes dropped EXE
PID:1448 -
\??\c:\7tntth.exec:\7tntth.exe45⤵
- Executes dropped EXE
PID:2444 -
\??\c:\tnttbh.exec:\tnttbh.exe46⤵
- Executes dropped EXE
PID:2648 -
\??\c:\vpdjp.exec:\vpdjp.exe47⤵
- Executes dropped EXE
PID:2732 -
\??\c:\3dpdj.exec:\3dpdj.exe48⤵
- Executes dropped EXE
PID:1352 -
\??\c:\lxlffff.exec:\lxlffff.exe49⤵
- Executes dropped EXE
PID:1600 -
\??\c:\tnhbnn.exec:\tnhbnn.exe50⤵
- Executes dropped EXE
PID:1616 -
\??\c:\5hbbhh.exec:\5hbbhh.exe51⤵
- Executes dropped EXE
PID:1564 -
\??\c:\5dvdd.exec:\5dvdd.exe52⤵
- Executes dropped EXE
PID:624 -
\??\c:\djvvv.exec:\djvvv.exe53⤵
- Executes dropped EXE
PID:1340 -
\??\c:\pdpjp.exec:\pdpjp.exe54⤵
- Executes dropped EXE
PID:1336 -
\??\c:\5lxffxl.exec:\5lxffxl.exe55⤵
- Executes dropped EXE
PID:2164 -
\??\c:\ffrfrxf.exec:\ffrfrxf.exe56⤵
- Executes dropped EXE
PID:2492 -
\??\c:\bbhtnb.exec:\bbhtnb.exe57⤵
- Executes dropped EXE
PID:1672 -
\??\c:\pjddd.exec:\pjddd.exe58⤵
- Executes dropped EXE
PID:1896 -
\??\c:\jjdjp.exec:\jjdjp.exe59⤵
- Executes dropped EXE
PID:1696 -
\??\c:\frfxlrr.exec:\frfxlrr.exe60⤵
- Executes dropped EXE
PID:1604 -
\??\c:\rxrxllr.exec:\rxrxllr.exe61⤵
- Executes dropped EXE
PID:1400 -
\??\c:\1htthh.exec:\1htthh.exe62⤵
- Executes dropped EXE
PID:1388 -
\??\c:\nnnhnt.exec:\nnnhnt.exe63⤵
- Executes dropped EXE
PID:1720 -
\??\c:\vpvvd.exec:\vpvvd.exe64⤵
- Executes dropped EXE
PID:3036 -
\??\c:\dpvdd.exec:\dpvdd.exe65⤵
- Executes dropped EXE
PID:2176 -
\??\c:\lffflfl.exec:\lffflfl.exe66⤵PID:772
-
\??\c:\bnbbhb.exec:\bnbbhb.exe67⤵PID:1460
-
\??\c:\htbbhn.exec:\htbbhn.exe68⤵PID:348
-
\??\c:\7jjpv.exec:\7jjpv.exe69⤵PID:2344
-
\??\c:\ddppv.exec:\ddppv.exe70⤵PID:1668
-
\??\c:\3rrfflf.exec:\3rrfflf.exe71⤵PID:2100
-
\??\c:\rlxlxfl.exec:\rlxlxfl.exe72⤵PID:3000
-
\??\c:\3xlfxxf.exec:\3xlfxxf.exe73⤵PID:1420
-
\??\c:\bnbhth.exec:\bnbhth.exe74⤵PID:2060
-
\??\c:\bbnbnt.exec:\bbnbnt.exe75⤵PID:2480
-
\??\c:\jdvdd.exec:\jdvdd.exe76⤵PID:2712
-
\??\c:\pdppd.exec:\pdppd.exe77⤵PID:2596
-
\??\c:\xxllxfl.exec:\xxllxfl.exe78⤵PID:2604
-
\??\c:\7lllrrf.exec:\7lllrrf.exe79⤵PID:2668
-
\??\c:\tnnbnt.exec:\tnnbnt.exe80⤵PID:3032
-
\??\c:\hhnhhn.exec:\hhnhhn.exe81⤵PID:2400
-
\??\c:\ttnttt.exec:\ttnttt.exe82⤵PID:2656
-
\??\c:\3pdvd.exec:\3pdvd.exe83⤵PID:2936
-
\??\c:\vppjv.exec:\vppjv.exe84⤵PID:2468
-
\??\c:\lxffxfl.exec:\lxffxfl.exe85⤵PID:2456
-
\??\c:\xrllrxl.exec:\xrllrxl.exe86⤵PID:2948
-
\??\c:\xrllflx.exec:\xrllflx.exe87⤵PID:1448
-
\??\c:\tthntt.exec:\tthntt.exe88⤵PID:2496
-
\??\c:\bntbbt.exec:\bntbbt.exe89⤵PID:2852
-
\??\c:\dvpjv.exec:\dvpjv.exe90⤵PID:2752
-
\??\c:\pjddj.exec:\pjddj.exe91⤵PID:1576
-
\??\c:\rrxlxrx.exec:\rrxlxrx.exe92⤵PID:1600
-
\??\c:\7frxfxf.exec:\7frxfxf.exe93⤵PID:1440
-
\??\c:\5xrxrfr.exec:\5xrxrfr.exe94⤵PID:2904
-
\??\c:\bhnhhh.exec:\bhnhhh.exe95⤵PID:2352
-
\??\c:\bhnhhb.exec:\bhnhhb.exe96⤵PID:2044
-
\??\c:\3vppv.exec:\3vppv.exe97⤵PID:2024
-
\??\c:\dvddj.exec:\dvddj.exe98⤵PID:1236
-
\??\c:\rxlxxxr.exec:\rxlxxxr.exe99⤵PID:2200
-
\??\c:\9xflrrl.exec:\9xflrrl.exe100⤵PID:1824
-
\??\c:\3lrxfll.exec:\3lrxfll.exe101⤵PID:2240
-
\??\c:\hbthbh.exec:\hbthbh.exe102⤵PID:572
-
\??\c:\tnbtbb.exec:\tnbtbb.exe103⤵PID:536
-
\??\c:\5jdpd.exec:\5jdpd.exe104⤵PID:1400
-
\??\c:\pdpjp.exec:\pdpjp.exe105⤵PID:1976
-
\??\c:\xrrrxfl.exec:\xrrrxfl.exe106⤵PID:2888
-
\??\c:\xxxxxrx.exec:\xxxxxrx.exe107⤵PID:1140
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe108⤵PID:2176
-
\??\c:\hntnnh.exec:\hntnnh.exe109⤵PID:940
-
\??\c:\htbbnh.exec:\htbbnh.exe110⤵PID:1588
-
\??\c:\9vjjj.exec:\9vjjj.exe111⤵PID:924
-
\??\c:\pjvjj.exec:\pjvjj.exe112⤵PID:3060
-
\??\c:\rrfxlrx.exec:\rrfxlrx.exe113⤵PID:568
-
\??\c:\1rlrfxr.exec:\1rlrfxr.exe114⤵PID:1776
-
\??\c:\7btttn.exec:\7btttn.exe115⤵PID:2140
-
\??\c:\5tnnnn.exec:\5tnnnn.exe116⤵PID:1420
-
\??\c:\1dpvd.exec:\1dpvd.exe117⤵PID:1840
-
\??\c:\7dpvd.exec:\7dpvd.exe118⤵PID:1500
-
\??\c:\5frxffl.exec:\5frxffl.exe119⤵PID:1856
-
\??\c:\lxfrxxf.exec:\lxfrxxf.exe120⤵PID:2600
-
\??\c:\hbhtnh.exec:\hbhtnh.exe121⤵PID:2660
-
\??\c:\btbbnn.exec:\btbbnn.exe122⤵PID:2668
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-