Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe
-
Size
277KB
-
MD5
d1ee59a92917dd10adf2589ac66a12d0
-
SHA1
1e843e956d1360f249380b3550be08a348ec4f42
-
SHA256
04ee4cd7e7574936b9aea6ee2cdd1fbcbb2fc1b0a9e4e2c2e43ef1450e88a9fc
-
SHA512
622793da1593174234ac95d253edfc5826ffff8f4d54ba0e30ad039fdbe6c570c07c77dbeb358e516cd1c8590bf7be22072f0c41fd47f0fe1d9448f19c2b111c
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7Vveme:n3C9uYA71kSMuk
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral1/memory/2916-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2500-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1032-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2524-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2652-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2748-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2804-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2584-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2452-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2644-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1676-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2844-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2752-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1636-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2776-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1252-181-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2120-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1916-209-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1760-217-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/776-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/584-235-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2908-262-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/380-271-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1740-289-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2500 jjjdv.exe 1032 rflrlll.exe 2524 1nhhnn.exe 2652 vpjdv.exe 2748 9rxxlxf.exe 2804 vpdpv.exe 2584 3dvjv.exe 2452 ffrrllr.exe 2644 htnthn.exe 1676 dpddd.exe 2844 3flfxxf.exe 2960 bthntb.exe 2752 pjvvd.exe 1580 xlrxllx.exe 1636 7thntt.exe 2664 vpjpv.exe 2776 lfrrrfl.exe 1252 hbnthn.exe 1096 nhbnhh.exe 2120 vdjdv.exe 1916 3xrrflx.exe 1760 7ttttt.exe 776 jpvjp.exe 584 xrrrfff.exe 1800 hbthht.exe 1668 bhhtnb.exe 2908 rxfxrrx.exe 380 ttbbtb.exe 1316 1tbbhn.exe 1740 jdvjv.exe 1684 frxfllr.exe 812 thnhtt.exe 2216 jvdpd.exe 3032 1frrxxl.exe 1232 7xflrxx.exe 1600 btbhnn.exe 2568 7djjd.exe 2660 ddvvj.exe 2872 lxxxxxx.exe 2580 rfrxffl.exe 3064 bthtnn.exe 1712 pjjdv.exe 2444 vpjpp.exe 804 xlrxxxr.exe 1592 1hntbt.exe 3012 nhtbhh.exe 2824 1pppv.exe 2964 lxlxfxf.exe 2844 frxflrx.exe 2616 bhbhhh.exe 1952 bbnbnh.exe 1772 3vjvd.exe 1632 7frxxxf.exe 1628 frfxfff.exe 2756 hbbhbb.exe 2516 hhbhhn.exe 1276 9dpdd.exe 1392 lfrrffr.exe 2404 7flrrfl.exe 3068 hbnnbb.exe 1916 nhtbnn.exe 752 jpdpp.exe 540 7llrrrx.exe 908 rxfflfl.exe -
resource yara_rule behavioral1/memory/2916-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2500-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1032-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2652-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2652-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2652-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2748-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2804-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2584-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2452-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2644-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1676-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2844-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2752-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1636-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2776-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1252-181-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2120-199-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1916-209-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1760-217-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/776-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/584-235-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2908-262-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/380-271-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1740-289-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2500 2916 d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe 28 PID 2916 wrote to memory of 2500 2916 d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe 28 PID 2916 wrote to memory of 2500 2916 d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe 28 PID 2916 wrote to memory of 2500 2916 d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe 28 PID 2500 wrote to memory of 1032 2500 jjjdv.exe 29 PID 2500 wrote to memory of 1032 2500 jjjdv.exe 29 PID 2500 wrote to memory of 1032 2500 jjjdv.exe 29 PID 2500 wrote to memory of 1032 2500 jjjdv.exe 29 PID 1032 wrote to memory of 2524 1032 rflrlll.exe 30 PID 1032 wrote to memory of 2524 1032 rflrlll.exe 30 PID 1032 wrote to memory of 2524 1032 rflrlll.exe 30 PID 1032 wrote to memory of 2524 1032 rflrlll.exe 30 PID 2524 wrote to memory of 2652 2524 1nhhnn.exe 31 PID 2524 wrote to memory of 2652 2524 1nhhnn.exe 31 PID 2524 wrote to memory of 2652 2524 1nhhnn.exe 31 PID 2524 wrote to memory of 2652 2524 1nhhnn.exe 31 PID 2652 wrote to memory of 2748 2652 vpjdv.exe 32 PID 2652 wrote to memory of 2748 2652 vpjdv.exe 32 PID 2652 wrote to memory of 2748 2652 vpjdv.exe 32 PID 2652 wrote to memory of 2748 2652 vpjdv.exe 32 PID 2748 wrote to memory of 2804 2748 9rxxlxf.exe 33 PID 2748 wrote to memory of 2804 2748 9rxxlxf.exe 33 PID 2748 wrote to memory of 2804 2748 9rxxlxf.exe 33 PID 2748 wrote to memory of 2804 2748 9rxxlxf.exe 33 PID 2804 wrote to memory of 2584 2804 vpdpv.exe 34 PID 2804 wrote to memory of 2584 2804 vpdpv.exe 34 PID 2804 wrote to memory of 2584 2804 vpdpv.exe 34 PID 2804 wrote to memory of 2584 2804 vpdpv.exe 34 PID 2584 wrote to memory of 2452 2584 3dvjv.exe 35 PID 2584 wrote to memory of 2452 2584 3dvjv.exe 35 PID 2584 wrote to memory of 2452 2584 3dvjv.exe 35 PID 2584 wrote to memory of 2452 2584 3dvjv.exe 35 PID 2452 wrote to memory of 2644 2452 ffrrllr.exe 36 PID 2452 wrote to memory of 2644 2452 ffrrllr.exe 36 PID 2452 wrote to memory of 2644 2452 ffrrllr.exe 36 PID 2452 wrote to memory of 2644 2452 ffrrllr.exe 36 PID 2644 wrote to memory of 1676 2644 htnthn.exe 37 PID 2644 wrote to memory of 1676 2644 htnthn.exe 37 PID 2644 wrote to memory of 1676 2644 htnthn.exe 37 PID 2644 wrote to memory of 1676 2644 htnthn.exe 37 PID 1676 wrote to memory of 2844 1676 dpddd.exe 38 PID 1676 wrote to memory of 2844 1676 dpddd.exe 38 PID 1676 wrote to memory of 2844 1676 dpddd.exe 38 PID 1676 wrote to memory of 2844 1676 dpddd.exe 38 PID 2844 wrote to memory of 2960 2844 3flfxxf.exe 39 PID 2844 wrote to memory of 2960 2844 3flfxxf.exe 39 PID 2844 wrote to memory of 2960 2844 3flfxxf.exe 39 PID 2844 wrote to memory of 2960 2844 3flfxxf.exe 39 PID 2960 wrote to memory of 2752 2960 bthntb.exe 40 PID 2960 wrote to memory of 2752 2960 bthntb.exe 40 PID 2960 wrote to memory of 2752 2960 bthntb.exe 40 PID 2960 wrote to memory of 2752 2960 bthntb.exe 40 PID 2752 wrote to memory of 1580 2752 pjvvd.exe 41 PID 2752 wrote to memory of 1580 2752 pjvvd.exe 41 PID 2752 wrote to memory of 1580 2752 pjvvd.exe 41 PID 2752 wrote to memory of 1580 2752 pjvvd.exe 41 PID 1580 wrote to memory of 1636 1580 xlrxllx.exe 42 PID 1580 wrote to memory of 1636 1580 xlrxllx.exe 42 PID 1580 wrote to memory of 1636 1580 xlrxllx.exe 42 PID 1580 wrote to memory of 1636 1580 xlrxllx.exe 42 PID 1636 wrote to memory of 2664 1636 7thntt.exe 43 PID 1636 wrote to memory of 2664 1636 7thntt.exe 43 PID 1636 wrote to memory of 2664 1636 7thntt.exe 43 PID 1636 wrote to memory of 2664 1636 7thntt.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2916 -
\??\c:\jjjdv.exec:\jjjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\rflrlll.exec:\rflrlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1032 -
\??\c:\1nhhnn.exec:\1nhhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\vpjdv.exec:\vpjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\9rxxlxf.exec:\9rxxlxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\vpdpv.exec:\vpdpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2804 -
\??\c:\3dvjv.exec:\3dvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\ffrrllr.exec:\ffrrllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\htnthn.exec:\htnthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2644 -
\??\c:\dpddd.exec:\dpddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1676 -
\??\c:\3flfxxf.exec:\3flfxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2844 -
\??\c:\bthntb.exec:\bthntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2960 -
\??\c:\pjvvd.exec:\pjvvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\xlrxllx.exec:\xlrxllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1580 -
\??\c:\7thntt.exec:\7thntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1636 -
\??\c:\vpjpv.exec:\vpjpv.exe17⤵
- Executes dropped EXE
PID:2664 -
\??\c:\lfrrrfl.exec:\lfrrrfl.exe18⤵
- Executes dropped EXE
PID:2776 -
\??\c:\hbnthn.exec:\hbnthn.exe19⤵
- Executes dropped EXE
PID:1252 -
\??\c:\nhbnhh.exec:\nhbnhh.exe20⤵
- Executes dropped EXE
PID:1096 -
\??\c:\vdjdv.exec:\vdjdv.exe21⤵
- Executes dropped EXE
PID:2120 -
\??\c:\3xrrflx.exec:\3xrrflx.exe22⤵
- Executes dropped EXE
PID:1916 -
\??\c:\7ttttt.exec:\7ttttt.exe23⤵
- Executes dropped EXE
PID:1760 -
\??\c:\jpvjp.exec:\jpvjp.exe24⤵
- Executes dropped EXE
PID:776 -
\??\c:\xrrrfff.exec:\xrrrfff.exe25⤵
- Executes dropped EXE
PID:584 -
\??\c:\hbthht.exec:\hbthht.exe26⤵
- Executes dropped EXE
PID:1800 -
\??\c:\bhhtnb.exec:\bhhtnb.exe27⤵
- Executes dropped EXE
PID:1668 -
\??\c:\rxfxrrx.exec:\rxfxrrx.exe28⤵
- Executes dropped EXE
PID:2908 -
\??\c:\ttbbtb.exec:\ttbbtb.exe29⤵
- Executes dropped EXE
PID:380 -
\??\c:\1tbbhn.exec:\1tbbhn.exe30⤵
- Executes dropped EXE
PID:1316 -
\??\c:\jdvjv.exec:\jdvjv.exe31⤵
- Executes dropped EXE
PID:1740 -
\??\c:\frxfllr.exec:\frxfllr.exe32⤵
- Executes dropped EXE
PID:1684 -
\??\c:\thnhtt.exec:\thnhtt.exe33⤵
- Executes dropped EXE
PID:812 -
\??\c:\jvdpd.exec:\jvdpd.exe34⤵
- Executes dropped EXE
PID:2216 -
\??\c:\1frrxxl.exec:\1frrxxl.exe35⤵
- Executes dropped EXE
PID:3032 -
\??\c:\7xflrxx.exec:\7xflrxx.exe36⤵
- Executes dropped EXE
PID:1232 -
\??\c:\btbhnn.exec:\btbhnn.exe37⤵
- Executes dropped EXE
PID:1600 -
\??\c:\7djjd.exec:\7djjd.exe38⤵
- Executes dropped EXE
PID:2568 -
\??\c:\ddvvj.exec:\ddvvj.exe39⤵
- Executes dropped EXE
PID:2660 -
\??\c:\lxxxxxx.exec:\lxxxxxx.exe40⤵
- Executes dropped EXE
PID:2872 -
\??\c:\rfrxffl.exec:\rfrxffl.exe41⤵
- Executes dropped EXE
PID:2580 -
\??\c:\bthtnn.exec:\bthtnn.exe42⤵
- Executes dropped EXE
PID:3064 -
\??\c:\pjjdv.exec:\pjjdv.exe43⤵
- Executes dropped EXE
PID:1712 -
\??\c:\vpjpp.exec:\vpjpp.exe44⤵
- Executes dropped EXE
PID:2444 -
\??\c:\xlrxxxr.exec:\xlrxxxr.exe45⤵
- Executes dropped EXE
PID:804 -
\??\c:\1hntbt.exec:\1hntbt.exe46⤵
- Executes dropped EXE
PID:1592 -
\??\c:\nhtbhh.exec:\nhtbhh.exe47⤵
- Executes dropped EXE
PID:3012 -
\??\c:\1pppv.exec:\1pppv.exe48⤵
- Executes dropped EXE
PID:2824 -
\??\c:\lxlxfxf.exec:\lxlxfxf.exe49⤵
- Executes dropped EXE
PID:2964 -
\??\c:\frxflrx.exec:\frxflrx.exe50⤵
- Executes dropped EXE
PID:2844 -
\??\c:\bhbhhh.exec:\bhbhhh.exe51⤵
- Executes dropped EXE
PID:2616 -
\??\c:\bbnbnh.exec:\bbnbnh.exe52⤵
- Executes dropped EXE
PID:1952 -
\??\c:\3vjvd.exec:\3vjvd.exe53⤵
- Executes dropped EXE
PID:1772 -
\??\c:\7frxxxf.exec:\7frxxxf.exe54⤵
- Executes dropped EXE
PID:1632 -
\??\c:\frfxfff.exec:\frfxfff.exe55⤵
- Executes dropped EXE
PID:1628 -
\??\c:\hbbhbb.exec:\hbbhbb.exe56⤵
- Executes dropped EXE
PID:2756 -
\??\c:\hhbhhn.exec:\hhbhhn.exe57⤵
- Executes dropped EXE
PID:2516 -
\??\c:\9dpdd.exec:\9dpdd.exe58⤵
- Executes dropped EXE
PID:1276 -
\??\c:\lfrrffr.exec:\lfrrffr.exe59⤵
- Executes dropped EXE
PID:1392 -
\??\c:\7flrrfl.exec:\7flrrfl.exe60⤵
- Executes dropped EXE
PID:2404 -
\??\c:\hbnnbb.exec:\hbnnbb.exe61⤵
- Executes dropped EXE
PID:3068 -
\??\c:\nhtbnn.exec:\nhtbnn.exe62⤵
- Executes dropped EXE
PID:1916 -
\??\c:\jpdpp.exec:\jpdpp.exe63⤵
- Executes dropped EXE
PID:752 -
\??\c:\7llrrrx.exec:\7llrrrx.exe64⤵
- Executes dropped EXE
PID:540 -
\??\c:\rxfflfl.exec:\rxfflfl.exe65⤵
- Executes dropped EXE
PID:908 -
\??\c:\5bbhnt.exec:\5bbhnt.exe66⤵PID:584
-
\??\c:\nhnnnh.exec:\nhnnnh.exe67⤵PID:1144
-
\??\c:\vjddp.exec:\vjddp.exe68⤵PID:568
-
\??\c:\jdvvj.exec:\jdvvj.exe69⤵PID:1616
-
\??\c:\5lxfllr.exec:\5lxfllr.exe70⤵PID:932
-
\??\c:\fxffrrf.exec:\fxffrrf.exe71⤵PID:1196
-
\??\c:\nhhbbb.exec:\nhhbbb.exe72⤵PID:1316
-
\??\c:\bntttb.exec:\bntttb.exe73⤵PID:608
-
\??\c:\7vvvd.exec:\7vvvd.exe74⤵PID:404
-
\??\c:\ppvdv.exec:\ppvdv.exe75⤵PID:2340
-
\??\c:\1xlxffl.exec:\1xlxffl.exe76⤵PID:768
-
\??\c:\fxrrxrx.exec:\fxrrxrx.exe77⤵PID:2216
-
\??\c:\rfrrfll.exec:\rfrrfll.exe78⤵PID:2064
-
\??\c:\hbbttt.exec:\hbbttt.exe79⤵PID:2004
-
\??\c:\tnttnh.exec:\tnttnh.exe80⤵PID:1600
-
\??\c:\jdppv.exec:\jdppv.exe81⤵PID:1728
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe82⤵PID:2660
-
\??\c:\rffrfrf.exec:\rffrfrf.exe83⤵PID:2712
-
\??\c:\thtnhh.exec:\thtnhh.exe84⤵PID:2736
-
\??\c:\1thhbh.exec:\1thhbh.exe85⤵PID:3064
-
\??\c:\5jvdp.exec:\5jvdp.exe86⤵PID:2588
-
\??\c:\3ddvp.exec:\3ddvp.exe87⤵PID:2444
-
\??\c:\llxrrxl.exec:\llxrrxl.exe88⤵PID:804
-
\??\c:\lxfrxll.exec:\lxfrxll.exe89⤵PID:1592
-
\??\c:\9bbnht.exec:\9bbnht.exe90⤵PID:3012
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe91⤵PID:2824
-
\??\c:\ththnh.exec:\ththnh.exe92⤵PID:2836
-
\??\c:\7djjj.exec:\7djjj.exe93⤵PID:2844
-
\??\c:\dvjjd.exec:\dvjjd.exe94⤵PID:1784
-
\??\c:\rxxxlfx.exec:\rxxxlfx.exe95⤵PID:1952
-
\??\c:\hhtttt.exec:\hhtttt.exe96⤵PID:1672
-
\??\c:\5tbhhn.exec:\5tbhhn.exe97⤵PID:1776
-
\??\c:\7rfxffl.exec:\7rfxffl.exe98⤵PID:1628
-
\??\c:\7nntbb.exec:\7nntbb.exe99⤵PID:2812
-
\??\c:\nbnbnt.exec:\nbnbnt.exe100⤵PID:1252
-
\??\c:\vpdpj.exec:\vpdpj.exe101⤵PID:1276
-
\??\c:\frfrxfl.exec:\frfrxfl.exe102⤵PID:1912
-
\??\c:\lfllrlx.exec:\lfllrlx.exe103⤵PID:1264
-
\??\c:\htbbbb.exec:\htbbbb.exe104⤵PID:2044
-
\??\c:\1nbtbb.exec:\1nbtbb.exe105⤵PID:1916
-
\??\c:\jdpdp.exec:\jdpdp.exe106⤵PID:488
-
\??\c:\vvvpd.exec:\vvvpd.exe107⤵PID:540
-
\??\c:\5lxrlxr.exec:\5lxrlxr.exe108⤵PID:1756
-
\??\c:\hbnbtb.exec:\hbnbtb.exe109⤵PID:2084
-
\??\c:\bbthhh.exec:\bbthhh.exe110⤵PID:1368
-
\??\c:\pjdvj.exec:\pjdvj.exe111⤵PID:568
-
\??\c:\vpvdd.exec:\vpvdd.exe112⤵PID:1028
-
\??\c:\lfxlxlf.exec:\lfxlxlf.exe113⤵PID:932
-
\??\c:\lrrfrlr.exec:\lrrfrlr.exe114⤵PID:1196
-
\??\c:\bhnnbb.exec:\bhnnbb.exe115⤵PID:1504
-
\??\c:\thnttt.exec:\thnttt.exe116⤵PID:2864
-
\??\c:\dvjjj.exec:\dvjjj.exe117⤵PID:404
-
\??\c:\5djpd.exec:\5djpd.exe118⤵PID:2380
-
\??\c:\rllrlxx.exec:\rllrlxx.exe119⤵PID:2932
-
\??\c:\llfrfrf.exec:\llfrfrf.exe120⤵PID:1596
-
\??\c:\bnbtbb.exec:\bnbtbb.exe121⤵PID:2548
-
\??\c:\dvjvj.exec:\dvjvj.exe122⤵PID:2004
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-