Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe
-
Size
133KB
-
MD5
d28da18f1f2af127c96a3e675c713f40
-
SHA1
a3ab1845a4e17fa0b990d3d72036e68c99ae4109
-
SHA256
e5f3e9138b9372b522ebc40af47272a29112c15fc7f0b57c050152f021e661f2
-
SHA512
dbfe04154efce30fd1e00e3bc7463e9b25e93f1797316c2f4217fc5c70a5940cfa58c5edc1ede28d5b3437ca07b0c1f82e3e52d3079e17dbe74201c8270ee2f8
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73HUoMsAbrF3BTUwFBE:n3C9BRo7HCsAbhxYx
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral1/memory/1956-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2188-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2092-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2660-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2660-40-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2548-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2548-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2400-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2520-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1092-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2772-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1656-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2460-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/540-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2760-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/744-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1212-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1932-218-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1660-226-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2596-236-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1556-244-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/808-262-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/916-271-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2172-280-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2280-298-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2188 6428000.exe 2092 48068.exe 2660 o468242.exe 2548 tnnntt.exe 2724 3jdjp.exe 1364 64224.exe 2400 9pddd.exe 2520 4648068.exe 1092 m2462.exe 2772 jvdvd.exe 2896 o060662.exe 2628 1fllllf.exe 1656 5pdvv.exe 2460 4288444.exe 1060 xlllfxf.exe 540 6462440.exe 2760 6404040.exe 744 jdjpv.exe 1672 1vpdd.exe 1212 08086.exe 2024 9lxxxff.exe 1932 3rlrffl.exe 1660 rlxflfr.exe 2596 bnhhbh.exe 1556 6822248.exe 1952 7jdjp.exe 808 048448.exe 916 w68840.exe 2172 22628.exe 2876 480860.exe 2280 vppvv.exe 1700 9rflxxx.exe 1568 862222.exe 2484 1flxllr.exe 2092 20266.exe 2660 64622.exe 1776 xrfxxxf.exe 2528 04284.exe 3068 202844.exe 2548 a6402.exe 2564 040682.exe 768 vpdpp.exe 2464 824400.exe 2472 9xrrxfl.exe 1720 24622.exe 2580 tnbtbb.exe 2736 e28404.exe 2896 9thhtt.exe 2964 frrrfff.exe 1344 6024228.exe 1656 tnbbhh.exe 1536 a0228.exe 1084 nbntnn.exe 1648 w46688.exe 600 1dpdp.exe 756 084684.exe 2056 bthnbh.exe 1624 82468.exe 2028 dvdjv.exe 1188 ffrxfxl.exe 1688 7fffrff.exe 1948 8240228.exe 840 9thhbh.exe 1900 8684628.exe -
resource yara_rule behavioral1/memory/1956-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2188-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2092-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2660-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2548-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2548-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2548-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2548-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2400-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2520-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1092-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1656-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2460-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/540-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2760-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/744-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1212-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1932-218-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1660-226-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2596-236-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1556-244-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/808-262-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/916-271-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2172-280-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2280-298-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1956 wrote to memory of 2188 1956 d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe 28 PID 1956 wrote to memory of 2188 1956 d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe 28 PID 1956 wrote to memory of 2188 1956 d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe 28 PID 1956 wrote to memory of 2188 1956 d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe 28 PID 2188 wrote to memory of 2092 2188 6428000.exe 29 PID 2188 wrote to memory of 2092 2188 6428000.exe 29 PID 2188 wrote to memory of 2092 2188 6428000.exe 29 PID 2188 wrote to memory of 2092 2188 6428000.exe 29 PID 2092 wrote to memory of 2660 2092 48068.exe 30 PID 2092 wrote to memory of 2660 2092 48068.exe 30 PID 2092 wrote to memory of 2660 2092 48068.exe 30 PID 2092 wrote to memory of 2660 2092 48068.exe 30 PID 2660 wrote to memory of 2548 2660 o468242.exe 31 PID 2660 wrote to memory of 2548 2660 o468242.exe 31 PID 2660 wrote to memory of 2548 2660 o468242.exe 31 PID 2660 wrote to memory of 2548 2660 o468242.exe 31 PID 2548 wrote to memory of 2724 2548 tnnntt.exe 32 PID 2548 wrote to memory of 2724 2548 tnnntt.exe 32 PID 2548 wrote to memory of 2724 2548 tnnntt.exe 32 PID 2548 wrote to memory of 2724 2548 tnnntt.exe 32 PID 2724 wrote to memory of 1364 2724 3jdjp.exe 33 PID 2724 wrote to memory of 1364 2724 3jdjp.exe 33 PID 2724 wrote to memory of 1364 2724 3jdjp.exe 33 PID 2724 wrote to memory of 1364 2724 3jdjp.exe 33 PID 1364 wrote to memory of 2400 1364 64224.exe 34 PID 1364 wrote to memory of 2400 1364 64224.exe 34 PID 1364 wrote to memory of 2400 1364 64224.exe 34 PID 1364 wrote to memory of 2400 1364 64224.exe 34 PID 2400 wrote to memory of 2520 2400 9pddd.exe 35 PID 2400 wrote to memory of 2520 2400 9pddd.exe 35 PID 2400 wrote to memory of 2520 2400 9pddd.exe 35 PID 2400 wrote to memory of 2520 2400 9pddd.exe 35 PID 2520 wrote to memory of 1092 2520 4648068.exe 36 PID 2520 wrote to memory of 1092 2520 4648068.exe 36 PID 2520 wrote to memory of 1092 2520 4648068.exe 36 PID 2520 wrote to memory of 1092 2520 4648068.exe 36 PID 1092 wrote to memory of 2772 1092 m2462.exe 37 PID 1092 wrote to memory of 2772 1092 m2462.exe 37 PID 1092 wrote to memory of 2772 1092 m2462.exe 37 PID 1092 wrote to memory of 2772 1092 m2462.exe 37 PID 2772 wrote to memory of 2896 2772 jvdvd.exe 38 PID 2772 wrote to memory of 2896 2772 jvdvd.exe 38 PID 2772 wrote to memory of 2896 2772 jvdvd.exe 38 PID 2772 wrote to memory of 2896 2772 jvdvd.exe 38 PID 2896 wrote to memory of 2628 2896 o060662.exe 39 PID 2896 wrote to memory of 2628 2896 o060662.exe 39 PID 2896 wrote to memory of 2628 2896 o060662.exe 39 PID 2896 wrote to memory of 2628 2896 o060662.exe 39 PID 2628 wrote to memory of 1656 2628 1fllllf.exe 40 PID 2628 wrote to memory of 1656 2628 1fllllf.exe 40 PID 2628 wrote to memory of 1656 2628 1fllllf.exe 40 PID 2628 wrote to memory of 1656 2628 1fllllf.exe 40 PID 1656 wrote to memory of 2460 1656 5pdvv.exe 41 PID 1656 wrote to memory of 2460 1656 5pdvv.exe 41 PID 1656 wrote to memory of 2460 1656 5pdvv.exe 41 PID 1656 wrote to memory of 2460 1656 5pdvv.exe 41 PID 2460 wrote to memory of 1060 2460 4288444.exe 42 PID 2460 wrote to memory of 1060 2460 4288444.exe 42 PID 2460 wrote to memory of 1060 2460 4288444.exe 42 PID 2460 wrote to memory of 1060 2460 4288444.exe 42 PID 1060 wrote to memory of 540 1060 xlllfxf.exe 43 PID 1060 wrote to memory of 540 1060 xlllfxf.exe 43 PID 1060 wrote to memory of 540 1060 xlllfxf.exe 43 PID 1060 wrote to memory of 540 1060 xlllfxf.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1956 -
\??\c:\6428000.exec:\6428000.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2188 -
\??\c:\48068.exec:\48068.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2092 -
\??\c:\o468242.exec:\o468242.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2660 -
\??\c:\tnnntt.exec:\tnnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\3jdjp.exec:\3jdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\64224.exec:\64224.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1364 -
\??\c:\9pddd.exec:\9pddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400 -
\??\c:\4648068.exec:\4648068.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\m2462.exec:\m2462.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1092 -
\??\c:\jvdvd.exec:\jvdvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\o060662.exec:\o060662.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\1fllllf.exec:\1fllllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\5pdvv.exec:\5pdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1656 -
\??\c:\4288444.exec:\4288444.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\xlllfxf.exec:\xlllfxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1060 -
\??\c:\6462440.exec:\6462440.exe17⤵
- Executes dropped EXE
PID:540 -
\??\c:\6404040.exec:\6404040.exe18⤵
- Executes dropped EXE
PID:2760 -
\??\c:\jdjpv.exec:\jdjpv.exe19⤵
- Executes dropped EXE
PID:744 -
\??\c:\1vpdd.exec:\1vpdd.exe20⤵
- Executes dropped EXE
PID:1672 -
\??\c:\08086.exec:\08086.exe21⤵
- Executes dropped EXE
PID:1212 -
\??\c:\9lxxxff.exec:\9lxxxff.exe22⤵
- Executes dropped EXE
PID:2024 -
\??\c:\3rlrffl.exec:\3rlrffl.exe23⤵
- Executes dropped EXE
PID:1932 -
\??\c:\rlxflfr.exec:\rlxflfr.exe24⤵
- Executes dropped EXE
PID:1660 -
\??\c:\bnhhbh.exec:\bnhhbh.exe25⤵
- Executes dropped EXE
PID:2596 -
\??\c:\6822248.exec:\6822248.exe26⤵
- Executes dropped EXE
PID:1556 -
\??\c:\7jdjp.exec:\7jdjp.exe27⤵
- Executes dropped EXE
PID:1952 -
\??\c:\048448.exec:\048448.exe28⤵
- Executes dropped EXE
PID:808 -
\??\c:\w68840.exec:\w68840.exe29⤵
- Executes dropped EXE
PID:916 -
\??\c:\22628.exec:\22628.exe30⤵
- Executes dropped EXE
PID:2172 -
\??\c:\480860.exec:\480860.exe31⤵
- Executes dropped EXE
PID:2876 -
\??\c:\vppvv.exec:\vppvv.exe32⤵
- Executes dropped EXE
PID:2280 -
\??\c:\9rflxxx.exec:\9rflxxx.exe33⤵
- Executes dropped EXE
PID:1700 -
\??\c:\862222.exec:\862222.exe34⤵
- Executes dropped EXE
PID:1568 -
\??\c:\1flxllr.exec:\1flxllr.exe35⤵
- Executes dropped EXE
PID:2484 -
\??\c:\20266.exec:\20266.exe36⤵
- Executes dropped EXE
PID:2092 -
\??\c:\64622.exec:\64622.exe37⤵
- Executes dropped EXE
PID:2660 -
\??\c:\xrfxxxf.exec:\xrfxxxf.exe38⤵
- Executes dropped EXE
PID:1776 -
\??\c:\04284.exec:\04284.exe39⤵
- Executes dropped EXE
PID:2528 -
\??\c:\202844.exec:\202844.exe40⤵
- Executes dropped EXE
PID:3068 -
\??\c:\a6402.exec:\a6402.exe41⤵
- Executes dropped EXE
PID:2548 -
\??\c:\040682.exec:\040682.exe42⤵
- Executes dropped EXE
PID:2564 -
\??\c:\vpdpp.exec:\vpdpp.exe43⤵
- Executes dropped EXE
PID:768 -
\??\c:\824400.exec:\824400.exe44⤵
- Executes dropped EXE
PID:2464 -
\??\c:\9xrrxfl.exec:\9xrrxfl.exe45⤵
- Executes dropped EXE
PID:2472 -
\??\c:\24622.exec:\24622.exe46⤵
- Executes dropped EXE
PID:1720 -
\??\c:\tnbtbb.exec:\tnbtbb.exe47⤵
- Executes dropped EXE
PID:2580 -
\??\c:\e28404.exec:\e28404.exe48⤵
- Executes dropped EXE
PID:2736 -
\??\c:\9thhtt.exec:\9thhtt.exe49⤵
- Executes dropped EXE
PID:2896 -
\??\c:\frrrfff.exec:\frrrfff.exe50⤵
- Executes dropped EXE
PID:2964 -
\??\c:\6024228.exec:\6024228.exe51⤵
- Executes dropped EXE
PID:1344 -
\??\c:\tnbbhh.exec:\tnbbhh.exe52⤵
- Executes dropped EXE
PID:1656 -
\??\c:\a0228.exec:\a0228.exe53⤵
- Executes dropped EXE
PID:1536 -
\??\c:\nbntnn.exec:\nbntnn.exe54⤵
- Executes dropped EXE
PID:1084 -
\??\c:\w46688.exec:\w46688.exe55⤵
- Executes dropped EXE
PID:1648 -
\??\c:\1dpdp.exec:\1dpdp.exe56⤵
- Executes dropped EXE
PID:600 -
\??\c:\084684.exec:\084684.exe57⤵
- Executes dropped EXE
PID:756 -
\??\c:\bthnbh.exec:\bthnbh.exe58⤵
- Executes dropped EXE
PID:2056 -
\??\c:\82468.exec:\82468.exe59⤵
- Executes dropped EXE
PID:1624 -
\??\c:\dvdjv.exec:\dvdjv.exe60⤵
- Executes dropped EXE
PID:2028 -
\??\c:\ffrxfxl.exec:\ffrxfxl.exe61⤵
- Executes dropped EXE
PID:1188 -
\??\c:\7fffrff.exec:\7fffrff.exe62⤵
- Executes dropped EXE
PID:1688 -
\??\c:\8240228.exec:\8240228.exe63⤵
- Executes dropped EXE
PID:1948 -
\??\c:\9thhbh.exec:\9thhbh.exe64⤵
- Executes dropped EXE
PID:840 -
\??\c:\8684628.exec:\8684628.exe65⤵
- Executes dropped EXE
PID:1900 -
\??\c:\nbtbnt.exec:\nbtbnt.exe66⤵PID:2596
-
\??\c:\bnbbhh.exec:\bnbbhh.exe67⤵PID:2012
-
\??\c:\dpjpp.exec:\dpjpp.exe68⤵PID:892
-
\??\c:\xfrfxxf.exec:\xfrfxxf.exe69⤵PID:948
-
\??\c:\264628.exec:\264628.exe70⤵PID:1676
-
\??\c:\7frflrx.exec:\7frflrx.exe71⤵PID:772
-
\??\c:\tntttt.exec:\tntttt.exe72⤵PID:1884
-
\??\c:\64066.exec:\64066.exe73⤵PID:988
-
\??\c:\xrlxffl.exec:\xrlxffl.exe74⤵PID:1680
-
\??\c:\82406.exec:\82406.exe75⤵PID:1592
-
\??\c:\680804.exec:\680804.exe76⤵PID:1600
-
\??\c:\0266882.exec:\0266882.exe77⤵PID:1924
-
\??\c:\646684.exec:\646684.exe78⤵PID:3064
-
\??\c:\jdjjd.exec:\jdjjd.exe79⤵PID:2672
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe80⤵PID:2408
-
\??\c:\vjdjv.exec:\vjdjv.exe81⤵PID:2556
-
\??\c:\60228.exec:\60228.exe82⤵PID:2600
-
\??\c:\4468404.exec:\4468404.exe83⤵PID:2724
-
\??\c:\m2406.exec:\m2406.exe84⤵PID:2768
-
\??\c:\llflfrl.exec:\llflfrl.exe85⤵PID:2412
-
\??\c:\4806262.exec:\4806262.exe86⤵PID:2404
-
\??\c:\s0464.exec:\s0464.exe87⤵PID:2452
-
\??\c:\82440.exec:\82440.exe88⤵PID:2944
-
\??\c:\u646842.exec:\u646842.exe89⤵PID:2916
-
\??\c:\bthhnt.exec:\bthhnt.exe90⤵PID:2948
-
\??\c:\a8486.exec:\a8486.exe91⤵PID:3008
-
\??\c:\4888808.exec:\4888808.exe92⤵PID:632
-
\??\c:\68468.exec:\68468.exe93⤵PID:276
-
\??\c:\hhhbtb.exec:\hhhbtb.exe94⤵PID:1056
-
\??\c:\080680.exec:\080680.exe95⤵PID:1380
-
\??\c:\jdvpv.exec:\jdvpv.exe96⤵PID:484
-
\??\c:\084082.exec:\084082.exe97⤵PID:540
-
\??\c:\fxllrxf.exec:\fxllrxf.exe98⤵PID:640
-
\??\c:\xlxxffl.exec:\xlxxffl.exe99⤵PID:328
-
\??\c:\q28466.exec:\q28466.exe100⤵PID:1480
-
\??\c:\rlxxfrf.exec:\rlxxfrf.exe101⤵PID:1260
-
\??\c:\3pjjp.exec:\3pjjp.exe102⤵PID:1764
-
\??\c:\64000.exec:\64000.exe103⤵PID:1984
-
\??\c:\m0468.exec:\m0468.exe104⤵PID:2496
-
\??\c:\lxrxlfr.exec:\lxrxlfr.exe105⤵PID:2348
-
\??\c:\w68004.exec:\w68004.exe106⤵PID:3028
-
\??\c:\2028628.exec:\2028628.exe107⤵PID:2644
-
\??\c:\llxfrxf.exec:\llxfrxf.exe108⤵PID:3056
-
\??\c:\g2402.exec:\g2402.exe109⤵PID:1428
-
\??\c:\08602.exec:\08602.exe110⤵PID:1356
-
\??\c:\86880.exec:\86880.exe111⤵PID:800
-
\??\c:\e86026.exec:\e86026.exe112⤵PID:2176
-
\??\c:\vpdjv.exec:\vpdjv.exe113⤵PID:2488
-
\??\c:\i084228.exec:\i084228.exe114⤵PID:2864
-
\??\c:\606844.exec:\606844.exe115⤵PID:1740
-
\??\c:\tnbnnb.exec:\tnbnnb.exe116⤵PID:3000
-
\??\c:\048840.exec:\048840.exe117⤵PID:2376
-
\??\c:\xrfrrxl.exec:\xrfrrxl.exe118⤵PID:2732
-
\??\c:\9vjjp.exec:\9vjjp.exe119⤵PID:2160
-
\??\c:\pjvdj.exec:\pjvdj.exe120⤵PID:2664
-
\??\c:\3lflrfl.exec:\3lflrfl.exe121⤵PID:2660
-
\??\c:\20662.exec:\20662.exe122⤵PID:2720
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-