Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ca9c2ca6092940eabf6996b6b20f3b30_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
ca9c2ca6092940eabf6996b6b20f3b30_NeikiAnalytics.exe
-
Size
54KB
-
MD5
ca9c2ca6092940eabf6996b6b20f3b30
-
SHA1
0e9ed3b75956dd31a6fcf1f98e6f5830184f6818
-
SHA256
9f6fa315f4f7fd6e08217bc787244f6275987ee195073351697ab8870e563f4b
-
SHA512
46c94111e51e252f7cbb2cea3c5a91bb458c3fb3fcdc1c6153052cf72328ce1f5052b1ac4f6ac4f99f8a189de3bc695b52dc76ea7c0044add813633bbd7346e1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFUj:ymb3NkkiQ3mdBjFIFO
Malware Config
Signatures
-
Detect Blackmoon payload 18 IoCs
resource yara_rule behavioral1/memory/2236-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2308-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2816-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2776-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2932-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2572-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2536-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2552-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/940-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2840-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2032-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1280-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1872-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2756-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2480-236-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1904-263-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1744-273-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3000-281-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2308 hxhrvtj.exe 2816 hxfnhx.exe 2776 jbddxp.exe 2932 ptxxx.exe 2572 hprftf.exe 2096 fffjpfl.exe 2536 hjfnr.exe 2500 bdptjt.exe 2668 jnbdjv.exe 2552 vtjdtdx.exe 940 pvddv.exe 2840 xjljjlh.exe 2032 ttjflh.exe 1280 xfnfrn.exe 1732 xplbxx.exe 1872 tjbpb.exe 528 bfxpvvb.exe 540 lxjxd.exe 788 xpjdr.exe 2756 ndxnn.exe 2084 drxbdxf.exe 2692 jjdjv.exe 1600 hrtdr.exe 2480 vhxltnp.exe 1100 hhhln.exe 632 dfrfbb.exe 1904 dhxprhr.exe 1744 llnthr.exe 3000 jhnll.exe 3056 rvnfj.exe 560 fxdhvl.exe 2276 fjhhr.exe 2980 bjpfr.exe 1508 vxjdhr.exe 1628 jphjxjb.exe 2888 ffvhfjx.exe 2820 ldjlt.exe 2340 rpphr.exe 2908 xrrdhbd.exe 3028 vjhvpj.exe 2476 fpxnd.exe 2580 ttlfx.exe 2632 bbjjn.exe 2096 vblpr.exe 2956 lrxvvb.exe 2404 xpvnvnh.exe 2520 vjvhvpx.exe 2380 pdtxn.exe 2456 frfnvlp.exe 2856 vnhtn.exe 1888 bxdphdx.exe 1192 hvbrbv.exe 1876 txrjrt.exe 1292 nxvrfd.exe 1700 jlbvvv.exe 1684 ttnppb.exe 660 ptntxn.exe 1788 vpvhvf.exe 668 tvppbxh.exe 2724 nhjvxv.exe 2092 hjdlbv.exe 2708 jpbrnr.exe 2452 bvdbp.exe 568 bfjjpvj.exe -
resource yara_rule behavioral1/memory/2236-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2308-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2816-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2776-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2932-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2572-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2572-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2572-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2572-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2552-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/940-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2840-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2032-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1280-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1872-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2756-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-236-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1904-263-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1744-273-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3000-281-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2236 wrote to memory of 2308 2236 ca9c2ca6092940eabf6996b6b20f3b30_NeikiAnalytics.exe 28 PID 2236 wrote to memory of 2308 2236 ca9c2ca6092940eabf6996b6b20f3b30_NeikiAnalytics.exe 28 PID 2236 wrote to memory of 2308 2236 ca9c2ca6092940eabf6996b6b20f3b30_NeikiAnalytics.exe 28 PID 2236 wrote to memory of 2308 2236 ca9c2ca6092940eabf6996b6b20f3b30_NeikiAnalytics.exe 28 PID 2308 wrote to memory of 2816 2308 hxhrvtj.exe 29 PID 2308 wrote to memory of 2816 2308 hxhrvtj.exe 29 PID 2308 wrote to memory of 2816 2308 hxhrvtj.exe 29 PID 2308 wrote to memory of 2816 2308 hxhrvtj.exe 29 PID 2816 wrote to memory of 2776 2816 hxfnhx.exe 30 PID 2816 wrote to memory of 2776 2816 hxfnhx.exe 30 PID 2816 wrote to memory of 2776 2816 hxfnhx.exe 30 PID 2816 wrote to memory of 2776 2816 hxfnhx.exe 30 PID 2776 wrote to memory of 2932 2776 jbddxp.exe 31 PID 2776 wrote to memory of 2932 2776 jbddxp.exe 31 PID 2776 wrote to memory of 2932 2776 jbddxp.exe 31 PID 2776 wrote to memory of 2932 2776 jbddxp.exe 31 PID 2932 wrote to memory of 2572 2932 ptxxx.exe 32 PID 2932 wrote to memory of 2572 2932 ptxxx.exe 32 PID 2932 wrote to memory of 2572 2932 ptxxx.exe 32 PID 2932 wrote to memory of 2572 2932 ptxxx.exe 32 PID 2572 wrote to memory of 2096 2572 hprftf.exe 33 PID 2572 wrote to memory of 2096 2572 hprftf.exe 33 PID 2572 wrote to memory of 2096 2572 hprftf.exe 33 PID 2572 wrote to memory of 2096 2572 hprftf.exe 33 PID 2096 wrote to memory of 2536 2096 fffjpfl.exe 34 PID 2096 wrote to memory of 2536 2096 fffjpfl.exe 34 PID 2096 wrote to memory of 2536 2096 fffjpfl.exe 34 PID 2096 wrote to memory of 2536 2096 fffjpfl.exe 34 PID 2536 wrote to memory of 2500 2536 hjfnr.exe 35 PID 2536 wrote to memory of 2500 2536 hjfnr.exe 35 PID 2536 wrote to memory of 2500 2536 hjfnr.exe 35 PID 2536 wrote to memory of 2500 2536 hjfnr.exe 35 PID 2500 wrote to memory of 2668 2500 bdptjt.exe 36 PID 2500 wrote to memory of 2668 2500 bdptjt.exe 36 PID 2500 wrote to memory of 2668 2500 bdptjt.exe 36 PID 2500 wrote to memory of 2668 2500 bdptjt.exe 36 PID 2668 wrote to memory of 2552 2668 jnbdjv.exe 37 PID 2668 wrote to memory of 2552 2668 jnbdjv.exe 37 PID 2668 wrote to memory of 2552 2668 jnbdjv.exe 37 PID 2668 wrote to memory of 2552 2668 jnbdjv.exe 37 PID 2552 wrote to memory of 940 2552 vtjdtdx.exe 38 PID 2552 wrote to memory of 940 2552 vtjdtdx.exe 38 PID 2552 wrote to memory of 940 2552 vtjdtdx.exe 38 PID 2552 wrote to memory of 940 2552 vtjdtdx.exe 38 PID 940 wrote to memory of 2840 940 pvddv.exe 39 PID 940 wrote to memory of 2840 940 pvddv.exe 39 PID 940 wrote to memory of 2840 940 pvddv.exe 39 PID 940 wrote to memory of 2840 940 pvddv.exe 39 PID 2840 wrote to memory of 2032 2840 xjljjlh.exe 40 PID 2840 wrote to memory of 2032 2840 xjljjlh.exe 40 PID 2840 wrote to memory of 2032 2840 xjljjlh.exe 40 PID 2840 wrote to memory of 2032 2840 xjljjlh.exe 40 PID 2032 wrote to memory of 1280 2032 ttjflh.exe 41 PID 2032 wrote to memory of 1280 2032 ttjflh.exe 41 PID 2032 wrote to memory of 1280 2032 ttjflh.exe 41 PID 2032 wrote to memory of 1280 2032 ttjflh.exe 41 PID 1280 wrote to memory of 1732 1280 xfnfrn.exe 42 PID 1280 wrote to memory of 1732 1280 xfnfrn.exe 42 PID 1280 wrote to memory of 1732 1280 xfnfrn.exe 42 PID 1280 wrote to memory of 1732 1280 xfnfrn.exe 42 PID 1732 wrote to memory of 1872 1732 xplbxx.exe 43 PID 1732 wrote to memory of 1872 1732 xplbxx.exe 43 PID 1732 wrote to memory of 1872 1732 xplbxx.exe 43 PID 1732 wrote to memory of 1872 1732 xplbxx.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca9c2ca6092940eabf6996b6b20f3b30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ca9c2ca6092940eabf6996b6b20f3b30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2236 -
\??\c:\hxhrvtj.exec:\hxhrvtj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\hxfnhx.exec:\hxfnhx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\jbddxp.exec:\jbddxp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2776 -
\??\c:\ptxxx.exec:\ptxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\hprftf.exec:\hprftf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2572 -
\??\c:\fffjpfl.exec:\fffjpfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2096 -
\??\c:\hjfnr.exec:\hjfnr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\bdptjt.exec:\bdptjt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\jnbdjv.exec:\jnbdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2668 -
\??\c:\vtjdtdx.exec:\vtjdtdx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\pvddv.exec:\pvddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:940 -
\??\c:\xjljjlh.exec:\xjljjlh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2840 -
\??\c:\ttjflh.exec:\ttjflh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2032 -
\??\c:\xfnfrn.exec:\xfnfrn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1280 -
\??\c:\xplbxx.exec:\xplbxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1732 -
\??\c:\tjbpb.exec:\tjbpb.exe17⤵
- Executes dropped EXE
PID:1872 -
\??\c:\bfxpvvb.exec:\bfxpvvb.exe18⤵
- Executes dropped EXE
PID:528 -
\??\c:\lxjxd.exec:\lxjxd.exe19⤵
- Executes dropped EXE
PID:540 -
\??\c:\xpjdr.exec:\xpjdr.exe20⤵
- Executes dropped EXE
PID:788 -
\??\c:\ndxnn.exec:\ndxnn.exe21⤵
- Executes dropped EXE
PID:2756 -
\??\c:\drxbdxf.exec:\drxbdxf.exe22⤵
- Executes dropped EXE
PID:2084 -
\??\c:\jjdjv.exec:\jjdjv.exe23⤵
- Executes dropped EXE
PID:2692 -
\??\c:\hrtdr.exec:\hrtdr.exe24⤵
- Executes dropped EXE
PID:1600 -
\??\c:\vhxltnp.exec:\vhxltnp.exe25⤵
- Executes dropped EXE
PID:2480 -
\??\c:\hhhln.exec:\hhhln.exe26⤵
- Executes dropped EXE
PID:1100 -
\??\c:\dfrfbb.exec:\dfrfbb.exe27⤵
- Executes dropped EXE
PID:632 -
\??\c:\dhxprhr.exec:\dhxprhr.exe28⤵
- Executes dropped EXE
PID:1904 -
\??\c:\llnthr.exec:\llnthr.exe29⤵
- Executes dropped EXE
PID:1744 -
\??\c:\jhnll.exec:\jhnll.exe30⤵
- Executes dropped EXE
PID:3000 -
\??\c:\rvnfj.exec:\rvnfj.exe31⤵
- Executes dropped EXE
PID:3056 -
\??\c:\fxdhvl.exec:\fxdhvl.exe32⤵
- Executes dropped EXE
PID:560 -
\??\c:\fjhhr.exec:\fjhhr.exe33⤵
- Executes dropped EXE
PID:2276 -
\??\c:\bjpfr.exec:\bjpfr.exe34⤵
- Executes dropped EXE
PID:2980 -
\??\c:\vxjdhr.exec:\vxjdhr.exe35⤵
- Executes dropped EXE
PID:1508 -
\??\c:\jphjxjb.exec:\jphjxjb.exe36⤵
- Executes dropped EXE
PID:1628 -
\??\c:\ffvhfjx.exec:\ffvhfjx.exe37⤵
- Executes dropped EXE
PID:2888 -
\??\c:\ldjlt.exec:\ldjlt.exe38⤵
- Executes dropped EXE
PID:2820 -
\??\c:\rpphr.exec:\rpphr.exe39⤵
- Executes dropped EXE
PID:2340 -
\??\c:\xrrdhbd.exec:\xrrdhbd.exe40⤵
- Executes dropped EXE
PID:2908 -
\??\c:\vjhvpj.exec:\vjhvpj.exe41⤵
- Executes dropped EXE
PID:3028 -
\??\c:\fpxnd.exec:\fpxnd.exe42⤵
- Executes dropped EXE
PID:2476 -
\??\c:\ttlfx.exec:\ttlfx.exe43⤵
- Executes dropped EXE
PID:2580 -
\??\c:\bbjjn.exec:\bbjjn.exe44⤵
- Executes dropped EXE
PID:2632 -
\??\c:\vblpr.exec:\vblpr.exe45⤵
- Executes dropped EXE
PID:2096 -
\??\c:\lrxvvb.exec:\lrxvvb.exe46⤵
- Executes dropped EXE
PID:2956 -
\??\c:\xpvnvnh.exec:\xpvnvnh.exe47⤵
- Executes dropped EXE
PID:2404 -
\??\c:\vjvhvpx.exec:\vjvhvpx.exe48⤵
- Executes dropped EXE
PID:2520 -
\??\c:\pdtxn.exec:\pdtxn.exe49⤵
- Executes dropped EXE
PID:2380 -
\??\c:\frfnvlp.exec:\frfnvlp.exe50⤵
- Executes dropped EXE
PID:2456 -
\??\c:\vnhtn.exec:\vnhtn.exe51⤵
- Executes dropped EXE
PID:2856 -
\??\c:\bxdphdx.exec:\bxdphdx.exe52⤵
- Executes dropped EXE
PID:1888 -
\??\c:\hvbrbv.exec:\hvbrbv.exe53⤵
- Executes dropped EXE
PID:1192 -
\??\c:\txrjrt.exec:\txrjrt.exe54⤵
- Executes dropped EXE
PID:1876 -
\??\c:\nxvrfd.exec:\nxvrfd.exe55⤵
- Executes dropped EXE
PID:1292 -
\??\c:\jlbvvv.exec:\jlbvvv.exe56⤵
- Executes dropped EXE
PID:1700 -
\??\c:\ttnppb.exec:\ttnppb.exe57⤵
- Executes dropped EXE
PID:1684 -
\??\c:\ptntxn.exec:\ptntxn.exe58⤵
- Executes dropped EXE
PID:660 -
\??\c:\vpvhvf.exec:\vpvhvf.exe59⤵
- Executes dropped EXE
PID:1788 -
\??\c:\tvppbxh.exec:\tvppbxh.exe60⤵
- Executes dropped EXE
PID:668 -
\??\c:\nhjvxv.exec:\nhjvxv.exe61⤵
- Executes dropped EXE
PID:2724 -
\??\c:\hjdlbv.exec:\hjdlbv.exe62⤵
- Executes dropped EXE
PID:2092 -
\??\c:\jpbrnr.exec:\jpbrnr.exe63⤵
- Executes dropped EXE
PID:2708 -
\??\c:\bvdbp.exec:\bvdbp.exe64⤵
- Executes dropped EXE
PID:2452 -
\??\c:\bfjjpvj.exec:\bfjjpvj.exe65⤵
- Executes dropped EXE
PID:568 -
\??\c:\dvxtrhj.exec:\dvxtrhj.exe66⤵PID:1320
-
\??\c:\vxdrtb.exec:\vxdrtb.exe67⤵PID:1304
-
\??\c:\xnxpjhb.exec:\xnxpjhb.exe68⤵PID:1100
-
\??\c:\hbnnj.exec:\hbnnj.exe69⤵PID:2736
-
\??\c:\hhbvdhx.exec:\hhbvdhx.exe70⤵PID:1748
-
\??\c:\bvhjr.exec:\bvhjr.exe71⤵PID:864
-
\??\c:\djfflfv.exec:\djfflfv.exe72⤵PID:2156
-
\??\c:\fvbdtnh.exec:\fvbdtnh.exe73⤵PID:2992
-
\??\c:\nftnl.exec:\nftnl.exe74⤵PID:3048
-
\??\c:\nrvhxhx.exec:\nrvhxhx.exe75⤵PID:2976
-
\??\c:\fxpnpx.exec:\fxpnpx.exe76⤵PID:2252
-
\??\c:\ntjvnfj.exec:\ntjvnfj.exe77⤵PID:2076
-
\??\c:\nxlddhh.exec:\nxlddhh.exe78⤵PID:2204
-
\??\c:\djnxh.exec:\djnxh.exe79⤵PID:2040
-
\??\c:\nhdnlpj.exec:\nhdnlpj.exe80⤵PID:2884
-
\??\c:\thxxbnx.exec:\thxxbnx.exe81⤵PID:1832
-
\??\c:\xfldl.exec:\xfldl.exe82⤵PID:2912
-
\??\c:\jdjvh.exec:\jdjvh.exe83⤵PID:3016
-
\??\c:\bbndnh.exec:\bbndnh.exe84⤵PID:2928
-
\??\c:\pdtrd.exec:\pdtrd.exe85⤵PID:2572
-
\??\c:\xfdddlh.exec:\xfdddlh.exe86⤵PID:2936
-
\??\c:\vffxp.exec:\vffxp.exe87⤵PID:2772
-
\??\c:\pdxvr.exec:\pdxvr.exe88⤵PID:2508
-
\??\c:\vxbbvv.exec:\vxbbvv.exe89⤵PID:2640
-
\??\c:\bptxt.exec:\bptxt.exe90⤵PID:2732
-
\??\c:\ffvlpf.exec:\ffvlpf.exe91⤵PID:2604
-
\??\c:\pjxxhjr.exec:\pjxxhjr.exe92⤵PID:2396
-
\??\c:\drfvj.exec:\drfvj.exe93⤵PID:2844
-
\??\c:\xhvvxxl.exec:\xhvvxxl.exe94⤵PID:1412
-
\??\c:\ltltn.exec:\ltltn.exe95⤵PID:1264
-
\??\c:\jjxvtt.exec:\jjxvtt.exe96⤵PID:2016
-
\??\c:\fhrbnn.exec:\fhrbnn.exe97⤵PID:2280
-
\??\c:\dhllt.exec:\dhllt.exe98⤵PID:1348
-
\??\c:\dbltn.exec:\dbltn.exe99⤵PID:2036
-
\??\c:\jllltfb.exec:\jllltfb.exe100⤵PID:268
-
\??\c:\jjrpp.exec:\jjrpp.exe101⤵PID:1784
-
\??\c:\pxvtp.exec:\pxvtp.exe102⤵PID:540
-
\??\c:\pbdjr.exec:\pbdjr.exe103⤵PID:2348
-
\??\c:\pnpnp.exec:\pnpnp.exe104⤵PID:2472
-
\??\c:\hfddtf.exec:\hfddtf.exe105⤵PID:2720
-
\??\c:\rtbrt.exec:\rtbrt.exe106⤵PID:1104
-
\??\c:\rftlpjj.exec:\rftlpjj.exe107⤵PID:2664
-
\??\c:\prntdvt.exec:\prntdvt.exe108⤵PID:440
-
\??\c:\xdhjf.exec:\xdhjf.exe109⤵PID:1132
-
\??\c:\dtvlb.exec:\dtvlb.exe110⤵PID:1596
-
\??\c:\dhljxrp.exec:\dhljxrp.exe111⤵PID:972
-
\??\c:\hpthjp.exec:\hpthjp.exe112⤵PID:1844
-
\??\c:\fddxd.exec:\fddxd.exe113⤵PID:2192
-
\??\c:\txntl.exec:\txntl.exe114⤵PID:832
-
\??\c:\bvjpf.exec:\bvjpf.exe115⤵PID:1744
-
\??\c:\nvtvvd.exec:\nvtvvd.exe116⤵PID:2972
-
\??\c:\lfrvrvx.exec:\lfrvrvx.exe117⤵PID:1712
-
\??\c:\fhvfhd.exec:\fhvfhd.exe118⤵PID:860
-
\??\c:\bpjhd.exec:\bpjhd.exe119⤵PID:872
-
\??\c:\vhfbbpx.exec:\vhfbbpx.exe120⤵PID:2116
-
\??\c:\hjfdhnn.exec:\hjfdhnn.exe121⤵PID:2264
-
\??\c:\rbdtrd.exec:\rbdtrd.exe122⤵PID:2300
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-