Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe
-
Size
128KB
-
MD5
ca626b2ba3f67d205caf14bada317a20
-
SHA1
268bfe8a500a3726cbdcae1d0f1b510f0cf90155
-
SHA256
02350e205f62dad325010719661fde0f308d724dce4d7d839e79000a93821bf4
-
SHA512
024fdebbb908ee10151d9b2ba7d03cbfb04b328b4cee030cacdc523adf8db8dbce385fcd895aa87c41088aee1890a4b738ea6f98f44a6277fd4b7f6dc4dbd13e
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gtF:n3C9BRW0j/uVEZFJv7
Malware Config
Signatures
-
Detect Blackmoon payload 18 IoCs
resource yara_rule behavioral1/memory/2284-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2960-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2588-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2616-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2944-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2440-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1760-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1216-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2336-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1436-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/836-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2348-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2532-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1572-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1948-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1048-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2924-276-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1532-285-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2960 fxffrrf.exe 2564 hhthtb.exe 2588 jpvjj.exe 2616 rlxflfl.exe 2944 ddppp.exe 2440 rlfflrx.exe 2368 hbttht.exe 1760 tnthtb.exe 1216 djjdj.exe 2424 9rlrxlx.exe 2336 hhttbh.exe 840 nbhttt.exe 1736 vpvvd.exe 1436 fxlxxxl.exe 836 ttnthh.exe 2348 bbnbhh.exe 1032 7ddvd.exe 2532 rrrfrfl.exe 1572 hhbntt.exe 1948 nntbnn.exe 264 7vpdj.exe 1408 jdpvd.exe 804 nnbbnt.exe 1048 hhbtth.exe 1756 pjdpp.exe 1820 jdvjp.exe 1604 1tbhtt.exe 2924 nhttnn.exe 1532 pppdp.exe 1432 ffrlrlx.exe 1428 1nhtbn.exe 2272 1djdj.exe 2888 pjdpv.exe 3004 fxrrxxf.exe 1528 lflxflr.exe 2656 1nbbbb.exe 2748 pvvjp.exe 2552 ppjpd.exe 2812 5llffll.exe 2600 xrffrxf.exe 1636 nnbbtn.exe 2512 nhntbn.exe 2900 pjvvj.exe 2368 jdppp.exe 1192 rllfxxf.exe 1360 lflxlrx.exe 2684 nnbbhh.exe 2104 nntbhh.exe 788 3vppj.exe 880 djjjp.exe 2344 5fffxxf.exe 2096 1frflll.exe 2064 hnnbhb.exe 2024 tthtnt.exe 2792 jdjjd.exe 1032 vjvdd.exe 2172 ffrfllx.exe 2832 ffffxlx.exe 1916 3htbbb.exe 724 tnthnn.exe 580 jdppd.exe 1808 djvdp.exe 1112 xlrrxxf.exe 1940 1fxlxfx.exe -
resource yara_rule behavioral1/memory/2284-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2960-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2960-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2960-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2284-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2960-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2588-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2588-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2588-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2944-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2440-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1760-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1216-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2336-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1436-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/836-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2348-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1572-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1948-204-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1048-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2924-276-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1532-285-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2284 wrote to memory of 2960 2284 ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe 28 PID 2284 wrote to memory of 2960 2284 ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe 28 PID 2284 wrote to memory of 2960 2284 ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe 28 PID 2284 wrote to memory of 2960 2284 ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe 28 PID 2960 wrote to memory of 2564 2960 fxffrrf.exe 29 PID 2960 wrote to memory of 2564 2960 fxffrrf.exe 29 PID 2960 wrote to memory of 2564 2960 fxffrrf.exe 29 PID 2960 wrote to memory of 2564 2960 fxffrrf.exe 29 PID 2564 wrote to memory of 2588 2564 hhthtb.exe 30 PID 2564 wrote to memory of 2588 2564 hhthtb.exe 30 PID 2564 wrote to memory of 2588 2564 hhthtb.exe 30 PID 2564 wrote to memory of 2588 2564 hhthtb.exe 30 PID 2588 wrote to memory of 2616 2588 jpvjj.exe 31 PID 2588 wrote to memory of 2616 2588 jpvjj.exe 31 PID 2588 wrote to memory of 2616 2588 jpvjj.exe 31 PID 2588 wrote to memory of 2616 2588 jpvjj.exe 31 PID 2616 wrote to memory of 2944 2616 rlxflfl.exe 32 PID 2616 wrote to memory of 2944 2616 rlxflfl.exe 32 PID 2616 wrote to memory of 2944 2616 rlxflfl.exe 32 PID 2616 wrote to memory of 2944 2616 rlxflfl.exe 32 PID 2944 wrote to memory of 2440 2944 ddppp.exe 33 PID 2944 wrote to memory of 2440 2944 ddppp.exe 33 PID 2944 wrote to memory of 2440 2944 ddppp.exe 33 PID 2944 wrote to memory of 2440 2944 ddppp.exe 33 PID 2440 wrote to memory of 2368 2440 rlfflrx.exe 34 PID 2440 wrote to memory of 2368 2440 rlfflrx.exe 34 PID 2440 wrote to memory of 2368 2440 rlfflrx.exe 34 PID 2440 wrote to memory of 2368 2440 rlfflrx.exe 34 PID 2368 wrote to memory of 1760 2368 hbttht.exe 35 PID 2368 wrote to memory of 1760 2368 hbttht.exe 35 PID 2368 wrote to memory of 1760 2368 hbttht.exe 35 PID 2368 wrote to memory of 1760 2368 hbttht.exe 35 PID 1760 wrote to memory of 1216 1760 tnthtb.exe 36 PID 1760 wrote to memory of 1216 1760 tnthtb.exe 36 PID 1760 wrote to memory of 1216 1760 tnthtb.exe 36 PID 1760 wrote to memory of 1216 1760 tnthtb.exe 36 PID 1216 wrote to memory of 2424 1216 djjdj.exe 37 PID 1216 wrote to memory of 2424 1216 djjdj.exe 37 PID 1216 wrote to memory of 2424 1216 djjdj.exe 37 PID 1216 wrote to memory of 2424 1216 djjdj.exe 37 PID 2424 wrote to memory of 2336 2424 9rlrxlx.exe 38 PID 2424 wrote to memory of 2336 2424 9rlrxlx.exe 38 PID 2424 wrote to memory of 2336 2424 9rlrxlx.exe 38 PID 2424 wrote to memory of 2336 2424 9rlrxlx.exe 38 PID 2336 wrote to memory of 840 2336 hhttbh.exe 39 PID 2336 wrote to memory of 840 2336 hhttbh.exe 39 PID 2336 wrote to memory of 840 2336 hhttbh.exe 39 PID 2336 wrote to memory of 840 2336 hhttbh.exe 39 PID 840 wrote to memory of 1736 840 nbhttt.exe 40 PID 840 wrote to memory of 1736 840 nbhttt.exe 40 PID 840 wrote to memory of 1736 840 nbhttt.exe 40 PID 840 wrote to memory of 1736 840 nbhttt.exe 40 PID 1736 wrote to memory of 1436 1736 vpvvd.exe 41 PID 1736 wrote to memory of 1436 1736 vpvvd.exe 41 PID 1736 wrote to memory of 1436 1736 vpvvd.exe 41 PID 1736 wrote to memory of 1436 1736 vpvvd.exe 41 PID 1436 wrote to memory of 836 1436 fxlxxxl.exe 42 PID 1436 wrote to memory of 836 1436 fxlxxxl.exe 42 PID 1436 wrote to memory of 836 1436 fxlxxxl.exe 42 PID 1436 wrote to memory of 836 1436 fxlxxxl.exe 42 PID 836 wrote to memory of 2348 836 ttnthh.exe 43 PID 836 wrote to memory of 2348 836 ttnthh.exe 43 PID 836 wrote to memory of 2348 836 ttnthh.exe 43 PID 836 wrote to memory of 2348 836 ttnthh.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\fxffrrf.exec:\fxffrrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2960 -
\??\c:\hhthtb.exec:\hhthtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\jpvjj.exec:\jpvjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2588 -
\??\c:\rlxflfl.exec:\rlxflfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\ddppp.exec:\ddppp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2944 -
\??\c:\rlfflrx.exec:\rlfflrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2440 -
\??\c:\hbttht.exec:\hbttht.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2368 -
\??\c:\tnthtb.exec:\tnthtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1760 -
\??\c:\djjdj.exec:\djjdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1216 -
\??\c:\9rlrxlx.exec:\9rlrxlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\hhttbh.exec:\hhttbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2336 -
\??\c:\nbhttt.exec:\nbhttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:840 -
\??\c:\vpvvd.exec:\vpvvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1736 -
\??\c:\fxlxxxl.exec:\fxlxxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1436 -
\??\c:\ttnthh.exec:\ttnthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:836 -
\??\c:\bbnbhh.exec:\bbnbhh.exe17⤵
- Executes dropped EXE
PID:2348 -
\??\c:\7ddvd.exec:\7ddvd.exe18⤵
- Executes dropped EXE
PID:1032 -
\??\c:\rrrfrfl.exec:\rrrfrfl.exe19⤵
- Executes dropped EXE
PID:2532 -
\??\c:\hhbntt.exec:\hhbntt.exe20⤵
- Executes dropped EXE
PID:1572 -
\??\c:\nntbnn.exec:\nntbnn.exe21⤵
- Executes dropped EXE
PID:1948 -
\??\c:\7vpdj.exec:\7vpdj.exe22⤵
- Executes dropped EXE
PID:264 -
\??\c:\jdpvd.exec:\jdpvd.exe23⤵
- Executes dropped EXE
PID:1408 -
\??\c:\nnbbnt.exec:\nnbbnt.exe24⤵
- Executes dropped EXE
PID:804 -
\??\c:\hhbtth.exec:\hhbtth.exe25⤵
- Executes dropped EXE
PID:1048 -
\??\c:\pjdpp.exec:\pjdpp.exe26⤵
- Executes dropped EXE
PID:1756 -
\??\c:\jdvjp.exec:\jdvjp.exe27⤵
- Executes dropped EXE
PID:1820 -
\??\c:\1tbhtt.exec:\1tbhtt.exe28⤵
- Executes dropped EXE
PID:1604 -
\??\c:\nhttnn.exec:\nhttnn.exe29⤵
- Executes dropped EXE
PID:2924 -
\??\c:\pppdp.exec:\pppdp.exe30⤵
- Executes dropped EXE
PID:1532 -
\??\c:\ffrlrlx.exec:\ffrlrlx.exe31⤵
- Executes dropped EXE
PID:1432 -
\??\c:\1nhtbn.exec:\1nhtbn.exe32⤵
- Executes dropped EXE
PID:1428 -
\??\c:\1djdj.exec:\1djdj.exe33⤵
- Executes dropped EXE
PID:2272 -
\??\c:\pjdpv.exec:\pjdpv.exe34⤵
- Executes dropped EXE
PID:2888 -
\??\c:\fxrrxxf.exec:\fxrrxxf.exe35⤵
- Executes dropped EXE
PID:3004 -
\??\c:\lflxflr.exec:\lflxflr.exe36⤵
- Executes dropped EXE
PID:1528 -
\??\c:\1nbbbb.exec:\1nbbbb.exe37⤵
- Executes dropped EXE
PID:2656 -
\??\c:\pvvjp.exec:\pvvjp.exe38⤵
- Executes dropped EXE
PID:2748 -
\??\c:\ppjpd.exec:\ppjpd.exe39⤵
- Executes dropped EXE
PID:2552 -
\??\c:\5llffll.exec:\5llffll.exe40⤵
- Executes dropped EXE
PID:2812 -
\??\c:\xrffrxf.exec:\xrffrxf.exe41⤵
- Executes dropped EXE
PID:2600 -
\??\c:\nnbbtn.exec:\nnbbtn.exe42⤵
- Executes dropped EXE
PID:1636 -
\??\c:\nhntbn.exec:\nhntbn.exe43⤵
- Executes dropped EXE
PID:2512 -
\??\c:\pjvvj.exec:\pjvvj.exe44⤵
- Executes dropped EXE
PID:2900 -
\??\c:\jdppp.exec:\jdppp.exe45⤵
- Executes dropped EXE
PID:2368 -
\??\c:\rllfxxf.exec:\rllfxxf.exe46⤵
- Executes dropped EXE
PID:1192 -
\??\c:\lflxlrx.exec:\lflxlrx.exe47⤵
- Executes dropped EXE
PID:1360 -
\??\c:\nnbbhh.exec:\nnbbhh.exe48⤵
- Executes dropped EXE
PID:2684 -
\??\c:\nntbhh.exec:\nntbhh.exe49⤵
- Executes dropped EXE
PID:2104 -
\??\c:\3vppj.exec:\3vppj.exe50⤵
- Executes dropped EXE
PID:788 -
\??\c:\djjjp.exec:\djjjp.exe51⤵
- Executes dropped EXE
PID:880 -
\??\c:\5fffxxf.exec:\5fffxxf.exe52⤵
- Executes dropped EXE
PID:2344 -
\??\c:\1frflll.exec:\1frflll.exe53⤵
- Executes dropped EXE
PID:2096 -
\??\c:\hnnbhb.exec:\hnnbhb.exe54⤵
- Executes dropped EXE
PID:2064 -
\??\c:\tthtnt.exec:\tthtnt.exe55⤵
- Executes dropped EXE
PID:2024 -
\??\c:\jdjjd.exec:\jdjjd.exe56⤵
- Executes dropped EXE
PID:2792 -
\??\c:\vjvdd.exec:\vjvdd.exe57⤵
- Executes dropped EXE
PID:1032 -
\??\c:\ffrfllx.exec:\ffrfllx.exe58⤵
- Executes dropped EXE
PID:2172 -
\??\c:\ffffxlx.exec:\ffffxlx.exe59⤵
- Executes dropped EXE
PID:2832 -
\??\c:\3htbbb.exec:\3htbbb.exe60⤵
- Executes dropped EXE
PID:1916 -
\??\c:\tnthnn.exec:\tnthnn.exe61⤵
- Executes dropped EXE
PID:724 -
\??\c:\jdppd.exec:\jdppd.exe62⤵
- Executes dropped EXE
PID:580 -
\??\c:\djvdp.exec:\djvdp.exe63⤵
- Executes dropped EXE
PID:1808 -
\??\c:\xlrrxxf.exec:\xlrrxxf.exe64⤵
- Executes dropped EXE
PID:1112 -
\??\c:\1fxlxfx.exec:\1fxlxfx.exe65⤵
- Executes dropped EXE
PID:1940 -
\??\c:\tnhthn.exec:\tnhthn.exe66⤵PID:2168
-
\??\c:\7jvpj.exec:\7jvpj.exe67⤵PID:2276
-
\??\c:\9jddj.exec:\9jddj.exe68⤵PID:1600
-
\??\c:\xrllllx.exec:\xrllllx.exe69⤵PID:1824
-
\??\c:\fxflllr.exec:\fxflllr.exe70⤵PID:1656
-
\??\c:\9bhbnn.exec:\9bhbnn.exe71⤵PID:604
-
\??\c:\hbnntt.exec:\hbnntt.exe72⤵PID:2116
-
\??\c:\pjdjj.exec:\pjdjj.exe73⤵PID:876
-
\??\c:\xrllfrr.exec:\xrllfrr.exe74⤵PID:2964
-
\??\c:\lfrxllr.exec:\lfrxllr.exe75⤵PID:1612
-
\??\c:\nntbbb.exec:\nntbbb.exe76⤵PID:2304
-
\??\c:\3hbttb.exec:\3hbttb.exe77⤵PID:2640
-
\??\c:\vjppd.exec:\vjppd.exe78⤵PID:1524
-
\??\c:\jdpvv.exec:\jdpvv.exe79⤵PID:2316
-
\??\c:\llllrxl.exec:\llllrxl.exe80⤵PID:2540
-
\??\c:\9lrlllx.exec:\9lrlllx.exe81⤵PID:2728
-
\??\c:\7nbbhh.exec:\7nbbhh.exe82⤵PID:2460
-
\??\c:\7hbnhh.exec:\7hbnhh.exe83⤵PID:2492
-
\??\c:\7dpvv.exec:\7dpvv.exe84⤵PID:2468
-
\??\c:\rlrlxxl.exec:\rlrlxxl.exe85⤵PID:2432
-
\??\c:\5fxxllr.exec:\5fxxllr.exe86⤵PID:1720
-
\??\c:\tnttbb.exec:\tnttbb.exe87⤵PID:848
-
\??\c:\tnnbnh.exec:\tnnbnh.exe88⤵PID:2412
-
\??\c:\vpvvj.exec:\vpvvj.exe89⤵PID:1216
-
\??\c:\dpddd.exec:\dpddd.exe90⤵PID:2680
-
\??\c:\ffxfrxx.exec:\ffxfrxx.exe91⤵PID:1764
-
\??\c:\fxrxffr.exec:\fxrxffr.exe92⤵PID:1028
-
\??\c:\nnhtbh.exec:\nnhtbh.exe93⤵PID:788
-
\??\c:\pjvjv.exec:\pjvjv.exe94⤵PID:2340
-
\??\c:\3dvdp.exec:\3dvdp.exe95⤵PID:1664
-
\??\c:\xrxxflx.exec:\xrxxflx.exe96⤵PID:836
-
\??\c:\9rllxlr.exec:\9rllxlr.exe97⤵PID:2020
-
\??\c:\nhtbhh.exec:\nhtbhh.exe98⤵PID:2056
-
\??\c:\3nhtbb.exec:\3nhtbb.exe99⤵PID:2784
-
\??\c:\dvvdj.exec:\dvvdj.exe100⤵PID:2532
-
\??\c:\3pdvv.exec:\3pdvv.exe101⤵PID:2696
-
\??\c:\xxxxffr.exec:\xxxxffr.exe102⤵PID:664
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe103⤵PID:1396
-
\??\c:\tnthht.exec:\tnthht.exe104⤵PID:1392
-
\??\c:\1btbbn.exec:\1btbbn.exe105⤵PID:1712
-
\??\c:\3pvvv.exec:\3pvvv.exe106⤵PID:1688
-
\??\c:\jdjpd.exec:\jdjpd.exe107⤵PID:448
-
\??\c:\ffffrxr.exec:\ffffrxr.exe108⤵PID:296
-
\??\c:\frffrxf.exec:\frffrxf.exe109⤵PID:1932
-
\??\c:\hbbbtb.exec:\hbbbtb.exe110⤵PID:2400
-
\??\c:\5tbntt.exec:\5tbntt.exe111⤵PID:2956
-
\??\c:\jdvvd.exec:\jdvvd.exe112⤵PID:1984
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe113⤵PID:1784
-
\??\c:\5xlffff.exec:\5xlffff.exe114⤵PID:984
-
\??\c:\tnthhn.exec:\tnthhn.exe115⤵PID:1496
-
\??\c:\tnntbh.exec:\tnntbh.exe116⤵PID:1428
-
\??\c:\vpddd.exec:\vpddd.exe117⤵PID:1900
-
\??\c:\jjvpp.exec:\jjvpp.exe118⤵PID:2528
-
\??\c:\rxxfrlr.exec:\rxxfrlr.exe119⤵PID:2968
-
\??\c:\7htntt.exec:\7htntt.exe120⤵PID:2664
-
\??\c:\htnbth.exec:\htnbth.exe121⤵PID:2584
-
\??\c:\dvvvd.exec:\dvvvd.exe122⤵PID:2988
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-