Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c9accaa70d759226923ca86b40c6d3a0_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
c9accaa70d759226923ca86b40c6d3a0_NeikiAnalytics.exe
-
Size
63KB
-
MD5
c9accaa70d759226923ca86b40c6d3a0
-
SHA1
6e180b1db3f3e9b5726530721f2ea4e43e689310
-
SHA256
2101bf4cc501d70ec02a1bd3834dd5d14d79605369802ca6ff06f5ad63ec4188
-
SHA512
dbeb4e74bbac47974053830749a6e312b1af5c6a92218cb2b3cc9a816c11ad726abcc83dc6256382b135ff4e365db16dba972743a154b5ecb5313d25cee9388d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh12l:ymb3NkkiQ3mdBjFIFdJmm
Malware Config
Signatures
-
Detect Blackmoon payload 19 IoCs
resource yara_rule behavioral1/memory/1700-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2056-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2848-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2632-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2640-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2772-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2992-71-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2968-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1800-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1028-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2844-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2932-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2376-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2328-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2428-245-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1452-281-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2156-290-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2452-299-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2056 9pjpv.exe 2848 dvdjj.exe 2632 7xrrxxl.exe 2772 1hnnnb.exe 2640 lfxxflr.exe 2992 rfrxxxl.exe 2576 lfxxffx.exe 2600 btntnb.exe 2968 pdpjj.exe 2412 9rffllx.exe 1500 lflllrf.exe 1800 hbtbhh.exe 2220 dvdjp.exe 1028 pjpvp.exe 1816 frlrfff.exe 2844 nhnthh.exe 592 nhhhnt.exe 1640 9dvdp.exe 2932 jvppv.exe 2288 ffxfllr.exe 2480 9lfxrlf.exe 2376 nhntnt.exe 2328 dvjpv.exe 852 pdppv.exe 2428 rrlrfxl.exe 772 hhtnnh.exe 916 nntbtt.exe 1540 jdvvj.exe 1452 jdjvp.exe 2156 xxxxxxf.exe 2452 btbbtb.exe 2036 nhbbhh.exe 1448 1vpdd.exe 1580 xflrrxf.exe 2704 fxlxffr.exe 2668 hthntn.exe 2748 hthbtt.exe 2648 7jdvp.exe 2772 pdvvd.exe 2820 rlxxffl.exe 2544 lflrlrx.exe 2524 rrffxfr.exe 2576 btbbhh.exe 2964 jdpdj.exe 820 5pppd.exe 1536 xrfxllr.exe 2508 5hbhnn.exe 1500 nnnthn.exe 272 1pdpp.exe 1692 jvjjv.exe 1656 fxlxlrf.exe 2244 rxrxflr.exe 1256 bbtbnn.exe 604 7dppv.exe 1168 vjdjp.exe 860 fxxflxx.exe 848 ffxfrlx.exe 2308 bbbtnb.exe 2476 hbntbh.exe 2268 vpdjp.exe 2284 vppjj.exe 1492 xrfxlrr.exe 2836 lxllrrr.exe 852 tntbnt.exe -
resource yara_rule behavioral1/memory/1700-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2056-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2848-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2632-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2640-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1800-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1028-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2844-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2932-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2376-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2328-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2428-245-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1452-281-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2156-290-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2452-299-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1700 wrote to memory of 2056 1700 c9accaa70d759226923ca86b40c6d3a0_NeikiAnalytics.exe 28 PID 1700 wrote to memory of 2056 1700 c9accaa70d759226923ca86b40c6d3a0_NeikiAnalytics.exe 28 PID 1700 wrote to memory of 2056 1700 c9accaa70d759226923ca86b40c6d3a0_NeikiAnalytics.exe 28 PID 1700 wrote to memory of 2056 1700 c9accaa70d759226923ca86b40c6d3a0_NeikiAnalytics.exe 28 PID 2056 wrote to memory of 2848 2056 9pjpv.exe 29 PID 2056 wrote to memory of 2848 2056 9pjpv.exe 29 PID 2056 wrote to memory of 2848 2056 9pjpv.exe 29 PID 2056 wrote to memory of 2848 2056 9pjpv.exe 29 PID 2848 wrote to memory of 2632 2848 dvdjj.exe 30 PID 2848 wrote to memory of 2632 2848 dvdjj.exe 30 PID 2848 wrote to memory of 2632 2848 dvdjj.exe 30 PID 2848 wrote to memory of 2632 2848 dvdjj.exe 30 PID 2632 wrote to memory of 2772 2632 7xrrxxl.exe 31 PID 2632 wrote to memory of 2772 2632 7xrrxxl.exe 31 PID 2632 wrote to memory of 2772 2632 7xrrxxl.exe 31 PID 2632 wrote to memory of 2772 2632 7xrrxxl.exe 31 PID 2772 wrote to memory of 2640 2772 1hnnnb.exe 32 PID 2772 wrote to memory of 2640 2772 1hnnnb.exe 32 PID 2772 wrote to memory of 2640 2772 1hnnnb.exe 32 PID 2772 wrote to memory of 2640 2772 1hnnnb.exe 32 PID 2640 wrote to memory of 2992 2640 lfxxflr.exe 33 PID 2640 wrote to memory of 2992 2640 lfxxflr.exe 33 PID 2640 wrote to memory of 2992 2640 lfxxflr.exe 33 PID 2640 wrote to memory of 2992 2640 lfxxflr.exe 33 PID 2992 wrote to memory of 2576 2992 rfrxxxl.exe 34 PID 2992 wrote to memory of 2576 2992 rfrxxxl.exe 34 PID 2992 wrote to memory of 2576 2992 rfrxxxl.exe 34 PID 2992 wrote to memory of 2576 2992 rfrxxxl.exe 34 PID 2576 wrote to memory of 2600 2576 lfxxffx.exe 35 PID 2576 wrote to memory of 2600 2576 lfxxffx.exe 35 PID 2576 wrote to memory of 2600 2576 lfxxffx.exe 35 PID 2576 wrote to memory of 2600 2576 lfxxffx.exe 35 PID 2600 wrote to memory of 2968 2600 btntnb.exe 36 PID 2600 wrote to memory of 2968 2600 btntnb.exe 36 PID 2600 wrote to memory of 2968 2600 btntnb.exe 36 PID 2600 wrote to memory of 2968 2600 btntnb.exe 36 PID 2968 wrote to memory of 2412 2968 pdpjj.exe 37 PID 2968 wrote to memory of 2412 2968 pdpjj.exe 37 PID 2968 wrote to memory of 2412 2968 pdpjj.exe 37 PID 2968 wrote to memory of 2412 2968 pdpjj.exe 37 PID 2412 wrote to memory of 1500 2412 9rffllx.exe 38 PID 2412 wrote to memory of 1500 2412 9rffllx.exe 38 PID 2412 wrote to memory of 1500 2412 9rffllx.exe 38 PID 2412 wrote to memory of 1500 2412 9rffllx.exe 38 PID 1500 wrote to memory of 1800 1500 lflllrf.exe 39 PID 1500 wrote to memory of 1800 1500 lflllrf.exe 39 PID 1500 wrote to memory of 1800 1500 lflllrf.exe 39 PID 1500 wrote to memory of 1800 1500 lflllrf.exe 39 PID 1800 wrote to memory of 2220 1800 hbtbhh.exe 40 PID 1800 wrote to memory of 2220 1800 hbtbhh.exe 40 PID 1800 wrote to memory of 2220 1800 hbtbhh.exe 40 PID 1800 wrote to memory of 2220 1800 hbtbhh.exe 40 PID 2220 wrote to memory of 1028 2220 dvdjp.exe 41 PID 2220 wrote to memory of 1028 2220 dvdjp.exe 41 PID 2220 wrote to memory of 1028 2220 dvdjp.exe 41 PID 2220 wrote to memory of 1028 2220 dvdjp.exe 41 PID 1028 wrote to memory of 1816 1028 pjpvp.exe 42 PID 1028 wrote to memory of 1816 1028 pjpvp.exe 42 PID 1028 wrote to memory of 1816 1028 pjpvp.exe 42 PID 1028 wrote to memory of 1816 1028 pjpvp.exe 42 PID 1816 wrote to memory of 2844 1816 frlrfff.exe 43 PID 1816 wrote to memory of 2844 1816 frlrfff.exe 43 PID 1816 wrote to memory of 2844 1816 frlrfff.exe 43 PID 1816 wrote to memory of 2844 1816 frlrfff.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9accaa70d759226923ca86b40c6d3a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c9accaa70d759226923ca86b40c6d3a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1700 -
\??\c:\9pjpv.exec:\9pjpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2056 -
\??\c:\dvdjj.exec:\dvdjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2848 -
\??\c:\7xrrxxl.exec:\7xrrxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\1hnnnb.exec:\1hnnnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\lfxxflr.exec:\lfxxflr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2640 -
\??\c:\rfrxxxl.exec:\rfrxxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2992 -
\??\c:\lfxxffx.exec:\lfxxffx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\btntnb.exec:\btntnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\pdpjj.exec:\pdpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\9rffllx.exec:\9rffllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\lflllrf.exec:\lflllrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1500 -
\??\c:\hbtbhh.exec:\hbtbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\dvdjp.exec:\dvdjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\pjpvp.exec:\pjpvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1028 -
\??\c:\frlrfff.exec:\frlrfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1816 -
\??\c:\nhnthh.exec:\nhnthh.exe17⤵
- Executes dropped EXE
PID:2844 -
\??\c:\nhhhnt.exec:\nhhhnt.exe18⤵
- Executes dropped EXE
PID:592 -
\??\c:\9dvdp.exec:\9dvdp.exe19⤵
- Executes dropped EXE
PID:1640 -
\??\c:\jvppv.exec:\jvppv.exe20⤵
- Executes dropped EXE
PID:2932 -
\??\c:\ffxfllr.exec:\ffxfllr.exe21⤵
- Executes dropped EXE
PID:2288 -
\??\c:\9lfxrlf.exec:\9lfxrlf.exe22⤵
- Executes dropped EXE
PID:2480 -
\??\c:\nhntnt.exec:\nhntnt.exe23⤵
- Executes dropped EXE
PID:2376 -
\??\c:\dvjpv.exec:\dvjpv.exe24⤵
- Executes dropped EXE
PID:2328 -
\??\c:\pdppv.exec:\pdppv.exe25⤵
- Executes dropped EXE
PID:852 -
\??\c:\rrlrfxl.exec:\rrlrfxl.exe26⤵
- Executes dropped EXE
PID:2428 -
\??\c:\hhtnnh.exec:\hhtnnh.exe27⤵
- Executes dropped EXE
PID:772 -
\??\c:\nntbtt.exec:\nntbtt.exe28⤵
- Executes dropped EXE
PID:916 -
\??\c:\jdvvj.exec:\jdvvj.exe29⤵
- Executes dropped EXE
PID:1540 -
\??\c:\jdjvp.exec:\jdjvp.exe30⤵
- Executes dropped EXE
PID:1452 -
\??\c:\xxxxxxf.exec:\xxxxxxf.exe31⤵
- Executes dropped EXE
PID:2156 -
\??\c:\btbbtb.exec:\btbbtb.exe32⤵
- Executes dropped EXE
PID:2452 -
\??\c:\nhbbhh.exec:\nhbbhh.exe33⤵
- Executes dropped EXE
PID:2036 -
\??\c:\1vpdd.exec:\1vpdd.exe34⤵
- Executes dropped EXE
PID:1448 -
\??\c:\xflrrxf.exec:\xflrrxf.exe35⤵
- Executes dropped EXE
PID:1580 -
\??\c:\fxlxffr.exec:\fxlxffr.exe36⤵
- Executes dropped EXE
PID:2704 -
\??\c:\hthntn.exec:\hthntn.exe37⤵
- Executes dropped EXE
PID:2668 -
\??\c:\hthbtt.exec:\hthbtt.exe38⤵
- Executes dropped EXE
PID:2748 -
\??\c:\7jdvp.exec:\7jdvp.exe39⤵
- Executes dropped EXE
PID:2648 -
\??\c:\pdvvd.exec:\pdvvd.exe40⤵
- Executes dropped EXE
PID:2772 -
\??\c:\rlxxffl.exec:\rlxxffl.exe41⤵
- Executes dropped EXE
PID:2820 -
\??\c:\lflrlrx.exec:\lflrlrx.exe42⤵
- Executes dropped EXE
PID:2544 -
\??\c:\rrffxfr.exec:\rrffxfr.exe43⤵
- Executes dropped EXE
PID:2524 -
\??\c:\btbbhh.exec:\btbbhh.exe44⤵
- Executes dropped EXE
PID:2576 -
\??\c:\jdpdj.exec:\jdpdj.exe45⤵
- Executes dropped EXE
PID:2964 -
\??\c:\5pppd.exec:\5pppd.exe46⤵
- Executes dropped EXE
PID:820 -
\??\c:\xrfxllr.exec:\xrfxllr.exe47⤵
- Executes dropped EXE
PID:1536 -
\??\c:\5hbhnn.exec:\5hbhnn.exe48⤵
- Executes dropped EXE
PID:2508 -
\??\c:\nnnthn.exec:\nnnthn.exe49⤵
- Executes dropped EXE
PID:1500 -
\??\c:\1pdpp.exec:\1pdpp.exe50⤵
- Executes dropped EXE
PID:272 -
\??\c:\jvjjv.exec:\jvjjv.exe51⤵
- Executes dropped EXE
PID:1692 -
\??\c:\fxlxlrf.exec:\fxlxlrf.exe52⤵
- Executes dropped EXE
PID:1656 -
\??\c:\rxrxflr.exec:\rxrxflr.exe53⤵
- Executes dropped EXE
PID:2244 -
\??\c:\bbtbnn.exec:\bbtbnn.exe54⤵
- Executes dropped EXE
PID:1256 -
\??\c:\7dppv.exec:\7dppv.exe55⤵
- Executes dropped EXE
PID:604 -
\??\c:\vjdjp.exec:\vjdjp.exe56⤵
- Executes dropped EXE
PID:1168 -
\??\c:\fxxflxx.exec:\fxxflxx.exe57⤵
- Executes dropped EXE
PID:860 -
\??\c:\ffxfrlx.exec:\ffxfrlx.exe58⤵
- Executes dropped EXE
PID:848 -
\??\c:\bbbtnb.exec:\bbbtnb.exe59⤵
- Executes dropped EXE
PID:2308 -
\??\c:\hbntbh.exec:\hbntbh.exe60⤵
- Executes dropped EXE
PID:2476 -
\??\c:\vpdjp.exec:\vpdjp.exe61⤵
- Executes dropped EXE
PID:2268 -
\??\c:\vppjj.exec:\vppjj.exe62⤵
- Executes dropped EXE
PID:2284 -
\??\c:\xrfxlrr.exec:\xrfxlrr.exe63⤵
- Executes dropped EXE
PID:1492 -
\??\c:\lxllrrr.exec:\lxllrrr.exe64⤵
- Executes dropped EXE
PID:2836 -
\??\c:\tntbnt.exec:\tntbnt.exe65⤵
- Executes dropped EXE
PID:852 -
\??\c:\bthntn.exec:\bthntn.exe66⤵PID:1368
-
\??\c:\5pdvj.exec:\5pdvj.exe67⤵PID:1064
-
\??\c:\vpvjd.exec:\vpvjd.exe68⤵PID:2060
-
\??\c:\5lxrrfr.exec:\5lxrrfr.exe69⤵PID:2392
-
\??\c:\3frxllr.exec:\3frxllr.exe70⤵PID:2372
-
\??\c:\nhtnnn.exec:\nhtnnn.exe71⤵PID:1516
-
\??\c:\tnhtth.exec:\tnhtth.exe72⤵PID:2908
-
\??\c:\ddppv.exec:\ddppv.exe73⤵PID:2000
-
\??\c:\7vvpv.exec:\7vvpv.exe74⤵PID:1828
-
\??\c:\7xffrrf.exec:\7xffrrf.exe75⤵PID:1932
-
\??\c:\rlfllfr.exec:\rlfllfr.exe76⤵PID:2056
-
\??\c:\1hthbb.exec:\1hthbb.exe77⤵PID:1580
-
\??\c:\btnhnn.exec:\btnhnn.exe78⤵PID:2728
-
\??\c:\vdpvv.exec:\vdpvv.exe79⤵PID:2668
-
\??\c:\9vjpv.exec:\9vjpv.exe80⤵PID:2748
-
\??\c:\lfrxffl.exec:\lfrxffl.exe81⤵PID:2648
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe82⤵PID:1680
-
\??\c:\nbnnnt.exec:\nbnnnt.exe83⤵PID:2636
-
\??\c:\thtbbt.exec:\thtbbt.exe84⤵PID:2552
-
\??\c:\pjdvd.exec:\pjdvd.exe85⤵PID:2524
-
\??\c:\pjpjj.exec:\pjpjj.exe86⤵PID:1724
-
\??\c:\rxlrxxl.exec:\rxlrxxl.exe87⤵PID:2964
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe88⤵PID:1552
-
\??\c:\3hbhbt.exec:\3hbhbt.exe89⤵PID:1536
-
\??\c:\nbtbbt.exec:\nbtbbt.exe90⤵PID:2508
-
\??\c:\3dppp.exec:\3dppp.exe91⤵PID:1500
-
\??\c:\jvjpv.exec:\jvjpv.exe92⤵PID:1652
-
\??\c:\frrrrll.exec:\frrrrll.exe93⤵PID:1792
-
\??\c:\9xrfllx.exec:\9xrfllx.exe94⤵PID:2236
-
\??\c:\bthttt.exec:\bthttt.exe95⤵PID:2244
-
\??\c:\nhnbbh.exec:\nhnbbh.exe96⤵PID:708
-
\??\c:\1vjjj.exec:\1vjjj.exe97⤵PID:604
-
\??\c:\pjdvv.exec:\pjdvv.exe98⤵PID:1168
-
\??\c:\1flrxxl.exec:\1flrxxl.exe99⤵PID:860
-
\??\c:\rlrrflx.exec:\rlrrflx.exe100⤵PID:1716
-
\??\c:\bntttn.exec:\bntttn.exe101⤵PID:2308
-
\??\c:\5bbhhh.exec:\5bbhhh.exe102⤵PID:2484
-
\??\c:\7vdvd.exec:\7vdvd.exe103⤵PID:2320
-
\??\c:\9dvjp.exec:\9dvjp.exe104⤵PID:572
-
\??\c:\xllxlxl.exec:\xllxlxl.exe105⤵PID:1492
-
\??\c:\9btnbh.exec:\9btnbh.exe106⤵PID:2088
-
\??\c:\3hbtbh.exec:\3hbtbh.exe107⤵PID:852
-
\??\c:\dpddv.exec:\dpddv.exe108⤵PID:236
-
\??\c:\pdvjj.exec:\pdvjj.exe109⤵PID:1064
-
\??\c:\vjddv.exec:\vjddv.exe110⤵PID:1712
-
\??\c:\1xlrxxf.exec:\1xlrxxf.exe111⤵PID:2392
-
\??\c:\xlllxrx.exec:\xlllxrx.exe112⤵PID:1720
-
\??\c:\bbbbhb.exec:\bbbbhb.exe113⤵PID:1516
-
\??\c:\thntbn.exec:\thntbn.exe114⤵PID:2908
-
\??\c:\pjvpv.exec:\pjvpv.exe115⤵PID:2000
-
\??\c:\lxfffll.exec:\lxfffll.exe116⤵PID:2036
-
\??\c:\rfrxxrf.exec:\rfrxxrf.exe117⤵PID:1932
-
\??\c:\tttbnt.exec:\tttbnt.exe118⤵PID:2396
-
\??\c:\hbhbnt.exec:\hbhbnt.exe119⤵PID:1580
-
\??\c:\dpdjv.exec:\dpdjv.exe120⤵PID:2652
-
\??\c:\5dvdd.exec:\5dvdd.exe121⤵PID:2668
-
\??\c:\rlflllr.exec:\rlflllr.exe122⤵PID:2780
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-