Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe
-
Size
55KB
-
MD5
c9916c423e552b6fbeaae00ad2ba9df0
-
SHA1
8d75f5f9038c5a785769d3fa12d257f679d70fce
-
SHA256
d838239b504e4011a99b0090bc1e3bc0bd898767b1fa61fd661147288c194d10
-
SHA512
87f816f3297d653830e88301fcfd31be0de50616e76059f4018ca591d4c126bdb7cc79e5dbe70a44181d34a1f1623adeaff28cd0b7a85d4743b457afe1e22d28
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFk:ymb3NkkiQ3mdBjFIFk
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/2972-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2972-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2196-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2428-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2912-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2912-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2784-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2612-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2096-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2880-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1676-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1800-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1844-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1860-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2104-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2408-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/824-240-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1984-258-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/640-267-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2356-276-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/884-294-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2196 7lfrrxl.exe 2428 hbthtb.exe 2912 fxfrxxx.exe 2740 7rllxrr.exe 2784 vjvpd.exe 2708 fxfrrxl.exe 2532 rlrxllr.exe 2612 nbtthb.exe 2096 jdppp.exe 2832 1djdd.exe 2880 7rlxflx.exe 1676 nhhnbb.exe 1808 9jpvd.exe 1800 vjvpd.exe 1844 llrxffl.exe 1860 lfrfrxx.exe 1060 hbtbhn.exe 376 dvvpd.exe 2104 jdpvj.exe 1728 lrxfflx.exe 2408 hthhbb.exe 2072 5vjpd.exe 336 xlxrrxf.exe 588 5rfxlfr.exe 824 thbhnh.exe 1748 djvpd.exe 1984 lxffrxf.exe 640 bthbhb.exe 2356 hbtbhh.exe 2324 dvpjd.exe 884 lxlrrrr.exe 2976 thnhnn.exe 1736 httbhn.exe 1776 jvjjp.exe 1768 xlrrxxx.exe 2684 xflfrfr.exe 2752 hbbbhn.exe 2800 dpvvd.exe 2652 dppvp.exe 2876 rllrlxl.exe 2700 7lfxffr.exe 2544 bntttt.exe 2532 ntnbnb.exe 1336 jvjpj.exe 1572 xlllrxf.exe 2828 xlrrxxr.exe 2768 bnbhnt.exe 2880 lfxxxrf.exe 1964 5rfrflr.exe 2412 nntthn.exe 1276 3hhthn.exe 1844 ddppd.exe 2836 vppdj.exe 1304 ffflrfl.exe 768 xxrxlrf.exe 2084 ttnbtt.exe 2928 3bthnn.exe 1516 jjdjp.exe 2936 dvvjj.exe 600 xxrxlrf.exe 2072 1rxxrrf.exe 956 btnbtb.exe 856 hbbbhn.exe 344 pvjjp.exe -
resource yara_rule behavioral1/memory/2972-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2196-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2196-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2428-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2784-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2612-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2880-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1676-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1800-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1844-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1860-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2104-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2408-204-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/824-240-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1984-258-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/640-267-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2356-276-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/884-294-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2972 wrote to memory of 2196 2972 c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe 28 PID 2972 wrote to memory of 2196 2972 c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe 28 PID 2972 wrote to memory of 2196 2972 c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe 28 PID 2972 wrote to memory of 2196 2972 c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe 28 PID 2196 wrote to memory of 2428 2196 7lfrrxl.exe 29 PID 2196 wrote to memory of 2428 2196 7lfrrxl.exe 29 PID 2196 wrote to memory of 2428 2196 7lfrrxl.exe 29 PID 2196 wrote to memory of 2428 2196 7lfrrxl.exe 29 PID 2428 wrote to memory of 2912 2428 hbthtb.exe 30 PID 2428 wrote to memory of 2912 2428 hbthtb.exe 30 PID 2428 wrote to memory of 2912 2428 hbthtb.exe 30 PID 2428 wrote to memory of 2912 2428 hbthtb.exe 30 PID 2912 wrote to memory of 2740 2912 fxfrxxx.exe 31 PID 2912 wrote to memory of 2740 2912 fxfrxxx.exe 31 PID 2912 wrote to memory of 2740 2912 fxfrxxx.exe 31 PID 2912 wrote to memory of 2740 2912 fxfrxxx.exe 31 PID 2740 wrote to memory of 2784 2740 7rllxrr.exe 32 PID 2740 wrote to memory of 2784 2740 7rllxrr.exe 32 PID 2740 wrote to memory of 2784 2740 7rllxrr.exe 32 PID 2740 wrote to memory of 2784 2740 7rllxrr.exe 32 PID 2784 wrote to memory of 2708 2784 vjvpd.exe 33 PID 2784 wrote to memory of 2708 2784 vjvpd.exe 33 PID 2784 wrote to memory of 2708 2784 vjvpd.exe 33 PID 2784 wrote to memory of 2708 2784 vjvpd.exe 33 PID 2708 wrote to memory of 2532 2708 fxfrrxl.exe 34 PID 2708 wrote to memory of 2532 2708 fxfrrxl.exe 34 PID 2708 wrote to memory of 2532 2708 fxfrrxl.exe 34 PID 2708 wrote to memory of 2532 2708 fxfrrxl.exe 34 PID 2532 wrote to memory of 2612 2532 rlrxllr.exe 35 PID 2532 wrote to memory of 2612 2532 rlrxllr.exe 35 PID 2532 wrote to memory of 2612 2532 rlrxllr.exe 35 PID 2532 wrote to memory of 2612 2532 rlrxllr.exe 35 PID 2612 wrote to memory of 2096 2612 nbtthb.exe 36 PID 2612 wrote to memory of 2096 2612 nbtthb.exe 36 PID 2612 wrote to memory of 2096 2612 nbtthb.exe 36 PID 2612 wrote to memory of 2096 2612 nbtthb.exe 36 PID 2096 wrote to memory of 2832 2096 jdppp.exe 37 PID 2096 wrote to memory of 2832 2096 jdppp.exe 37 PID 2096 wrote to memory of 2832 2096 jdppp.exe 37 PID 2096 wrote to memory of 2832 2096 jdppp.exe 37 PID 2832 wrote to memory of 2880 2832 1djdd.exe 38 PID 2832 wrote to memory of 2880 2832 1djdd.exe 38 PID 2832 wrote to memory of 2880 2832 1djdd.exe 38 PID 2832 wrote to memory of 2880 2832 1djdd.exe 38 PID 2880 wrote to memory of 1676 2880 7rlxflx.exe 39 PID 2880 wrote to memory of 1676 2880 7rlxflx.exe 39 PID 2880 wrote to memory of 1676 2880 7rlxflx.exe 39 PID 2880 wrote to memory of 1676 2880 7rlxflx.exe 39 PID 1676 wrote to memory of 1808 1676 nhhnbb.exe 40 PID 1676 wrote to memory of 1808 1676 nhhnbb.exe 40 PID 1676 wrote to memory of 1808 1676 nhhnbb.exe 40 PID 1676 wrote to memory of 1808 1676 nhhnbb.exe 40 PID 1808 wrote to memory of 1800 1808 9jpvd.exe 41 PID 1808 wrote to memory of 1800 1808 9jpvd.exe 41 PID 1808 wrote to memory of 1800 1808 9jpvd.exe 41 PID 1808 wrote to memory of 1800 1808 9jpvd.exe 41 PID 1800 wrote to memory of 1844 1800 vjvpd.exe 42 PID 1800 wrote to memory of 1844 1800 vjvpd.exe 42 PID 1800 wrote to memory of 1844 1800 vjvpd.exe 42 PID 1800 wrote to memory of 1844 1800 vjvpd.exe 42 PID 1844 wrote to memory of 1860 1844 llrxffl.exe 43 PID 1844 wrote to memory of 1860 1844 llrxffl.exe 43 PID 1844 wrote to memory of 1860 1844 llrxffl.exe 43 PID 1844 wrote to memory of 1860 1844 llrxffl.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2972 -
\??\c:\7lfrrxl.exec:\7lfrrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2196 -
\??\c:\hbthtb.exec:\hbthtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428 -
\??\c:\fxfrxxx.exec:\fxfrxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\7rllxrr.exec:\7rllxrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\vjvpd.exec:\vjvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\fxfrrxl.exec:\fxfrrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2708 -
\??\c:\rlrxllr.exec:\rlrxllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\nbtthb.exec:\nbtthb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2612 -
\??\c:\jdppp.exec:\jdppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2096 -
\??\c:\1djdd.exec:\1djdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2832 -
\??\c:\7rlxflx.exec:\7rlxflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2880 -
\??\c:\nhhnbb.exec:\nhhnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1676 -
\??\c:\9jpvd.exec:\9jpvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1808 -
\??\c:\vjvpd.exec:\vjvpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\llrxffl.exec:\llrxffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1844 -
\??\c:\lfrfrxx.exec:\lfrfrxx.exe17⤵
- Executes dropped EXE
PID:1860 -
\??\c:\hbtbhn.exec:\hbtbhn.exe18⤵
- Executes dropped EXE
PID:1060 -
\??\c:\dvvpd.exec:\dvvpd.exe19⤵
- Executes dropped EXE
PID:376 -
\??\c:\jdpvj.exec:\jdpvj.exe20⤵
- Executes dropped EXE
PID:2104 -
\??\c:\lrxfflx.exec:\lrxfflx.exe21⤵
- Executes dropped EXE
PID:1728 -
\??\c:\hthhbb.exec:\hthhbb.exe22⤵
- Executes dropped EXE
PID:2408 -
\??\c:\5vjpd.exec:\5vjpd.exe23⤵
- Executes dropped EXE
PID:2072 -
\??\c:\xlxrrxf.exec:\xlxrrxf.exe24⤵
- Executes dropped EXE
PID:336 -
\??\c:\5rfxlfr.exec:\5rfxlfr.exe25⤵
- Executes dropped EXE
PID:588 -
\??\c:\thbhnh.exec:\thbhnh.exe26⤵
- Executes dropped EXE
PID:824 -
\??\c:\djvpd.exec:\djvpd.exe27⤵
- Executes dropped EXE
PID:1748 -
\??\c:\lxffrxf.exec:\lxffrxf.exe28⤵
- Executes dropped EXE
PID:1984 -
\??\c:\bthbhb.exec:\bthbhb.exe29⤵
- Executes dropped EXE
PID:640 -
\??\c:\hbtbhh.exec:\hbtbhh.exe30⤵
- Executes dropped EXE
PID:2356 -
\??\c:\dvpjd.exec:\dvpjd.exe31⤵
- Executes dropped EXE
PID:2324 -
\??\c:\lxlrrrr.exec:\lxlrrrr.exe32⤵
- Executes dropped EXE
PID:884 -
\??\c:\thnhnn.exec:\thnhnn.exe33⤵
- Executes dropped EXE
PID:2976 -
\??\c:\httbhn.exec:\httbhn.exe34⤵
- Executes dropped EXE
PID:1736 -
\??\c:\jvjjp.exec:\jvjjp.exe35⤵
- Executes dropped EXE
PID:1776 -
\??\c:\xlrrxxx.exec:\xlrrxxx.exe36⤵
- Executes dropped EXE
PID:1768 -
\??\c:\xflfrfr.exec:\xflfrfr.exe37⤵
- Executes dropped EXE
PID:2684 -
\??\c:\hbbbhn.exec:\hbbbhn.exe38⤵
- Executes dropped EXE
PID:2752 -
\??\c:\dpvvd.exec:\dpvvd.exe39⤵
- Executes dropped EXE
PID:2800 -
\??\c:\dppvp.exec:\dppvp.exe40⤵
- Executes dropped EXE
PID:2652 -
\??\c:\rllrlxl.exec:\rllrlxl.exe41⤵
- Executes dropped EXE
PID:2876 -
\??\c:\7lfxffr.exec:\7lfxffr.exe42⤵
- Executes dropped EXE
PID:2700 -
\??\c:\bntttt.exec:\bntttt.exe43⤵
- Executes dropped EXE
PID:2544 -
\??\c:\ntnbnb.exec:\ntnbnb.exe44⤵
- Executes dropped EXE
PID:2532 -
\??\c:\jvjpj.exec:\jvjpj.exe45⤵
- Executes dropped EXE
PID:1336 -
\??\c:\xlllrxf.exec:\xlllrxf.exe46⤵
- Executes dropped EXE
PID:1572 -
\??\c:\xlrrxxr.exec:\xlrrxxr.exe47⤵
- Executes dropped EXE
PID:2828 -
\??\c:\bnbhnt.exec:\bnbhnt.exe48⤵
- Executes dropped EXE
PID:2768 -
\??\c:\lfxxxrf.exec:\lfxxxrf.exe49⤵
- Executes dropped EXE
PID:2880 -
\??\c:\5rfrflr.exec:\5rfrflr.exe50⤵
- Executes dropped EXE
PID:1964 -
\??\c:\nntthn.exec:\nntthn.exe51⤵
- Executes dropped EXE
PID:2412 -
\??\c:\3hhthn.exec:\3hhthn.exe52⤵
- Executes dropped EXE
PID:1276 -
\??\c:\ddppd.exec:\ddppd.exe53⤵
- Executes dropped EXE
PID:1844 -
\??\c:\vppdj.exec:\vppdj.exe54⤵
- Executes dropped EXE
PID:2836 -
\??\c:\ffflrfl.exec:\ffflrfl.exe55⤵
- Executes dropped EXE
PID:1304 -
\??\c:\xxrxlrf.exec:\xxrxlrf.exe56⤵
- Executes dropped EXE
PID:768 -
\??\c:\ttnbtt.exec:\ttnbtt.exe57⤵
- Executes dropped EXE
PID:2084 -
\??\c:\3bthnn.exec:\3bthnn.exe58⤵
- Executes dropped EXE
PID:2928 -
\??\c:\jjdjp.exec:\jjdjp.exe59⤵
- Executes dropped EXE
PID:1516 -
\??\c:\dvvjj.exec:\dvvjj.exe60⤵
- Executes dropped EXE
PID:2936 -
\??\c:\xxrxlrf.exec:\xxrxlrf.exe61⤵
- Executes dropped EXE
PID:600 -
\??\c:\1rxxrrf.exec:\1rxxrrf.exe62⤵
- Executes dropped EXE
PID:2072 -
\??\c:\btnbtb.exec:\btnbtb.exe63⤵
- Executes dropped EXE
PID:956 -
\??\c:\hbbbhn.exec:\hbbbhn.exe64⤵
- Executes dropped EXE
PID:856 -
\??\c:\pvjjp.exec:\pvjjp.exe65⤵
- Executes dropped EXE
PID:344 -
\??\c:\xxflfrf.exec:\xxflfrf.exe66⤵PID:1716
-
\??\c:\lfrlxxx.exec:\lfrlxxx.exe67⤵PID:924
-
\??\c:\tnhthn.exec:\tnhthn.exe68⤵PID:1988
-
\??\c:\btnnth.exec:\btnnth.exe69⤵PID:1708
-
\??\c:\jpdvj.exec:\jpdvj.exe70⤵PID:2480
-
\??\c:\fflxflx.exec:\fflxflx.exe71⤵PID:1524
-
\??\c:\5xrfxfr.exec:\5xrfxfr.exe72⤵PID:2044
-
\??\c:\btbhtb.exec:\btbhtb.exe73⤵PID:884
-
\??\c:\nhtbnt.exec:\nhtbnt.exe74⤵PID:1616
-
\??\c:\jpjpd.exec:\jpjpd.exe75⤵PID:2136
-
\??\c:\ppvvv.exec:\ppvvv.exe76⤵PID:1156
-
\??\c:\rrfrflr.exec:\rrfrflr.exe77⤵PID:2640
-
\??\c:\1llxlrf.exec:\1llxlrf.exe78⤵PID:2676
-
\??\c:\bbbtnb.exec:\bbbtnb.exe79⤵PID:1540
-
\??\c:\3jvvp.exec:\3jvvp.exe80⤵PID:2724
-
\??\c:\pjjpd.exec:\pjjpd.exe81⤵PID:2236
-
\??\c:\3fxllrf.exec:\3fxllrf.exe82⤵PID:2908
-
\??\c:\rlxlrxx.exec:\rlxlrxx.exe83⤵PID:2860
-
\??\c:\3nthtb.exec:\3nthtb.exe84⤵PID:2608
-
\??\c:\7bhhth.exec:\7bhhth.exe85⤵PID:3056
-
\??\c:\5jdpv.exec:\5jdpv.exe86⤵PID:2332
-
\??\c:\xlxxflf.exec:\xlxxflf.exe87⤵PID:2720
-
\??\c:\xrlxlfx.exec:\xrlxlfx.exe88⤵PID:3000
-
\??\c:\ttnnbn.exec:\ttnnbn.exe89⤵PID:2508
-
\??\c:\9btbhb.exec:\9btbhb.exe90⤵PID:1936
-
\??\c:\djjjd.exec:\djjjd.exe91⤵PID:1720
-
\??\c:\5pjjp.exec:\5pjjp.exe92⤵PID:1052
-
\??\c:\xxrfrrr.exec:\xxrfrrr.exe93⤵PID:1944
-
\??\c:\tntbhn.exec:\tntbhn.exe94⤵PID:1836
-
\??\c:\vvvpj.exec:\vvvpj.exe95⤵PID:316
-
\??\c:\vpdpd.exec:\vpdpd.exe96⤵PID:1060
-
\??\c:\fxflrxx.exec:\fxflrxx.exe97⤵PID:2076
-
\??\c:\tnnbhn.exec:\tnnbhn.exe98⤵PID:1160
-
\??\c:\bnntnb.exec:\bnntnb.exe99⤵PID:2852
-
\??\c:\7pjjj.exec:\7pjjj.exe100⤵PID:2116
-
\??\c:\vvpdj.exec:\vvpdj.exe101⤵PID:592
-
\??\c:\rflrrxf.exec:\rflrrxf.exe102⤵PID:1268
-
\??\c:\lxrxfff.exec:\lxrxfff.exe103⤵PID:1508
-
\??\c:\thhbht.exec:\thhbht.exe104⤵PID:1872
-
\??\c:\hhnbtb.exec:\hhnbtb.exe105⤵PID:1812
-
\??\c:\jjvdd.exec:\jjvdd.exe106⤵PID:1356
-
\??\c:\dvdjd.exec:\dvdjd.exe107⤵PID:1044
-
\??\c:\xlxrrxf.exec:\xlxrrxf.exe108⤵PID:2216
-
\??\c:\hbnhnn.exec:\hbnhnn.exe109⤵PID:1332
-
\??\c:\nbttnh.exec:\nbttnh.exe110⤵PID:1464
-
\??\c:\ppvdv.exec:\ppvdv.exe111⤵PID:1520
-
\??\c:\pdpdj.exec:\pdpdj.exe112⤵PID:2844
-
\??\c:\xrrflrr.exec:\xrrflrr.exe113⤵PID:672
-
\??\c:\btthnb.exec:\btthnb.exe114⤵PID:1592
-
\??\c:\hbhbnb.exec:\hbhbnb.exe115⤵PID:1612
-
\??\c:\jdvpv.exec:\jdvpv.exe116⤵PID:1608
-
\??\c:\7jvdv.exec:\7jvdv.exe117⤵PID:2444
-
\??\c:\rrxlxfl.exec:\rrxlxfl.exe118⤵PID:2128
-
\??\c:\lfrrxfr.exec:\lfrrxfr.exe119⤵PID:2640
-
\??\c:\bthnbh.exec:\bthnbh.exe120⤵PID:2788
-
\??\c:\dvppv.exec:\dvppv.exe121⤵PID:2812
-
\??\c:\jpdjp.exec:\jpdjp.exe122⤵PID:2556
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-