Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
caf3fd8220d7fd196398eef36ba4d620_NeikiAnalytics.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
caf3fd8220d7fd196398eef36ba4d620_NeikiAnalytics.exe
-
Size
74KB
-
MD5
caf3fd8220d7fd196398eef36ba4d620
-
SHA1
cc518702f549ad574b7ae863bb58ef2eac4675ba
-
SHA256
e15eb17ce9b15f9a929edfcd4d8c3deaf4e8f115c05dedc8d18b464a2ac71fb3
-
SHA512
e7558aca39c689de06ca7745f9e98c7024cfc4a49fb58c547c8540ccf4876c3e3ff3c13c5383ca51d7902f06bd50b67e62854f831c6fe772bd088012d3a43349
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKeWqNSZh:ymb3NkkiQ3mdBjFIjek5E
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/1724-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2312-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2308-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2704-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2836-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2604-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2580-82-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2580-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2436-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2912-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2116-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1640-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1812-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/948-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1492-158-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2812-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2292-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2276-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1244-222-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1296-248-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3008-293-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2312 9dvdj.exe 2308 fxffffl.exe 2244 nthhbb.exe 2704 1pdvd.exe 2836 lrxlxrl.exe 2604 tnttnh.exe 2580 vvpdp.exe 2436 pjpvj.exe 2912 rlrrrlr.exe 2116 bnnhhh.exe 1640 3tnttb.exe 1944 jdppp.exe 1812 3dppp.exe 948 ffxlxff.exe 1492 5tbtbb.exe 1276 hbntbb.exe 1236 pjddj.exe 2812 vjppv.exe 2292 rllxrlx.exe 2276 hbhtth.exe 588 nbnntn.exe 1244 1pjdj.exe 856 jdvdj.exe 920 3lxxflr.exe 1296 xrllxfr.exe 764 ttnbhn.exe 1656 ttnhbb.exe 2880 7pppp.exe 1364 lrllrrf.exe 3008 9rlflrx.exe 896 7tnbhn.exe 1628 jpjvp.exe 1968 pjdjp.exe 1976 7llrflr.exe 2008 llxfrfx.exe 2536 ffxlrxf.exe 2244 bthntn.exe 2688 7vppj.exe 2576 9jpvv.exe 2836 frlrxrr.exe 2780 xxxlxrr.exe 2464 nhtbbb.exe 2484 bthtbh.exe 2916 btbhhh.exe 2496 pjvdd.exe 3064 ppvjv.exe 2404 rlrxxfl.exe 1640 tnhhnn.exe 1920 btntbb.exe 2240 ppjjp.exe 1744 ddjdd.exe 948 9rfrrlr.exe 1452 xrfflfr.exe 1828 1hbtbb.exe 2816 5dvvv.exe 2936 vppdp.exe 2812 3rllxxx.exe 1312 3tnbnb.exe 324 tnhhnn.exe 888 hhtbth.exe 792 vvjvd.exe 2016 3jpjd.exe 1756 fflrrll.exe 2176 xrflxxl.exe -
resource yara_rule behavioral1/memory/1724-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2312-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2308-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2704-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2836-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2604-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2580-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2436-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2436-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2436-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2436-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2116-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1640-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1812-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/948-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1492-158-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2812-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2292-194-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2276-204-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1244-222-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1296-248-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3008-293-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1724 wrote to memory of 2312 1724 caf3fd8220d7fd196398eef36ba4d620_NeikiAnalytics.exe 28 PID 1724 wrote to memory of 2312 1724 caf3fd8220d7fd196398eef36ba4d620_NeikiAnalytics.exe 28 PID 1724 wrote to memory of 2312 1724 caf3fd8220d7fd196398eef36ba4d620_NeikiAnalytics.exe 28 PID 1724 wrote to memory of 2312 1724 caf3fd8220d7fd196398eef36ba4d620_NeikiAnalytics.exe 28 PID 2312 wrote to memory of 2308 2312 9dvdj.exe 29 PID 2312 wrote to memory of 2308 2312 9dvdj.exe 29 PID 2312 wrote to memory of 2308 2312 9dvdj.exe 29 PID 2312 wrote to memory of 2308 2312 9dvdj.exe 29 PID 2308 wrote to memory of 2244 2308 fxffffl.exe 30 PID 2308 wrote to memory of 2244 2308 fxffffl.exe 30 PID 2308 wrote to memory of 2244 2308 fxffffl.exe 30 PID 2308 wrote to memory of 2244 2308 fxffffl.exe 30 PID 2244 wrote to memory of 2704 2244 nthhbb.exe 31 PID 2244 wrote to memory of 2704 2244 nthhbb.exe 31 PID 2244 wrote to memory of 2704 2244 nthhbb.exe 31 PID 2244 wrote to memory of 2704 2244 nthhbb.exe 31 PID 2704 wrote to memory of 2836 2704 1pdvd.exe 32 PID 2704 wrote to memory of 2836 2704 1pdvd.exe 32 PID 2704 wrote to memory of 2836 2704 1pdvd.exe 32 PID 2704 wrote to memory of 2836 2704 1pdvd.exe 32 PID 2836 wrote to memory of 2604 2836 lrxlxrl.exe 33 PID 2836 wrote to memory of 2604 2836 lrxlxrl.exe 33 PID 2836 wrote to memory of 2604 2836 lrxlxrl.exe 33 PID 2836 wrote to memory of 2604 2836 lrxlxrl.exe 33 PID 2604 wrote to memory of 2580 2604 tnttnh.exe 34 PID 2604 wrote to memory of 2580 2604 tnttnh.exe 34 PID 2604 wrote to memory of 2580 2604 tnttnh.exe 34 PID 2604 wrote to memory of 2580 2604 tnttnh.exe 34 PID 2580 wrote to memory of 2436 2580 vvpdp.exe 35 PID 2580 wrote to memory of 2436 2580 vvpdp.exe 35 PID 2580 wrote to memory of 2436 2580 vvpdp.exe 35 PID 2580 wrote to memory of 2436 2580 vvpdp.exe 35 PID 2436 wrote to memory of 2912 2436 pjpvj.exe 36 PID 2436 wrote to memory of 2912 2436 pjpvj.exe 36 PID 2436 wrote to memory of 2912 2436 pjpvj.exe 36 PID 2436 wrote to memory of 2912 2436 pjpvj.exe 36 PID 2912 wrote to memory of 2116 2912 rlrrrlr.exe 37 PID 2912 wrote to memory of 2116 2912 rlrrrlr.exe 37 PID 2912 wrote to memory of 2116 2912 rlrrrlr.exe 37 PID 2912 wrote to memory of 2116 2912 rlrrrlr.exe 37 PID 2116 wrote to memory of 1640 2116 bnnhhh.exe 38 PID 2116 wrote to memory of 1640 2116 bnnhhh.exe 38 PID 2116 wrote to memory of 1640 2116 bnnhhh.exe 38 PID 2116 wrote to memory of 1640 2116 bnnhhh.exe 38 PID 1640 wrote to memory of 1944 1640 3tnttb.exe 39 PID 1640 wrote to memory of 1944 1640 3tnttb.exe 39 PID 1640 wrote to memory of 1944 1640 3tnttb.exe 39 PID 1640 wrote to memory of 1944 1640 3tnttb.exe 39 PID 1944 wrote to memory of 1812 1944 jdppp.exe 40 PID 1944 wrote to memory of 1812 1944 jdppp.exe 40 PID 1944 wrote to memory of 1812 1944 jdppp.exe 40 PID 1944 wrote to memory of 1812 1944 jdppp.exe 40 PID 1812 wrote to memory of 948 1812 3dppp.exe 41 PID 1812 wrote to memory of 948 1812 3dppp.exe 41 PID 1812 wrote to memory of 948 1812 3dppp.exe 41 PID 1812 wrote to memory of 948 1812 3dppp.exe 41 PID 948 wrote to memory of 1492 948 ffxlxff.exe 42 PID 948 wrote to memory of 1492 948 ffxlxff.exe 42 PID 948 wrote to memory of 1492 948 ffxlxff.exe 42 PID 948 wrote to memory of 1492 948 ffxlxff.exe 42 PID 1492 wrote to memory of 1276 1492 5tbtbb.exe 43 PID 1492 wrote to memory of 1276 1492 5tbtbb.exe 43 PID 1492 wrote to memory of 1276 1492 5tbtbb.exe 43 PID 1492 wrote to memory of 1276 1492 5tbtbb.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\caf3fd8220d7fd196398eef36ba4d620_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\caf3fd8220d7fd196398eef36ba4d620_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
\??\c:\9dvdj.exec:\9dvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312 -
\??\c:\fxffffl.exec:\fxffffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\nthhbb.exec:\nthhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2244 -
\??\c:\1pdvd.exec:\1pdvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\lrxlxrl.exec:\lrxlxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2836 -
\??\c:\tnttnh.exec:\tnttnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2604 -
\??\c:\vvpdp.exec:\vvpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2580 -
\??\c:\pjpvj.exec:\pjpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\rlrrrlr.exec:\rlrrrlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\bnnhhh.exec:\bnnhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2116 -
\??\c:\3tnttb.exec:\3tnttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1640 -
\??\c:\jdppp.exec:\jdppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1944 -
\??\c:\3dppp.exec:\3dppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1812 -
\??\c:\ffxlxff.exec:\ffxlxff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:948 -
\??\c:\5tbtbb.exec:\5tbtbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1492 -
\??\c:\hbntbb.exec:\hbntbb.exe17⤵
- Executes dropped EXE
PID:1276 -
\??\c:\pjddj.exec:\pjddj.exe18⤵
- Executes dropped EXE
PID:1236 -
\??\c:\vjppv.exec:\vjppv.exe19⤵
- Executes dropped EXE
PID:2812 -
\??\c:\rllxrlx.exec:\rllxrlx.exe20⤵
- Executes dropped EXE
PID:2292 -
\??\c:\hbhtth.exec:\hbhtth.exe21⤵
- Executes dropped EXE
PID:2276 -
\??\c:\nbnntn.exec:\nbnntn.exe22⤵
- Executes dropped EXE
PID:588 -
\??\c:\1pjdj.exec:\1pjdj.exe23⤵
- Executes dropped EXE
PID:1244 -
\??\c:\jdvdj.exec:\jdvdj.exe24⤵
- Executes dropped EXE
PID:856 -
\??\c:\3lxxflr.exec:\3lxxflr.exe25⤵
- Executes dropped EXE
PID:920 -
\??\c:\xrllxfr.exec:\xrllxfr.exe26⤵
- Executes dropped EXE
PID:1296 -
\??\c:\ttnbhn.exec:\ttnbhn.exe27⤵
- Executes dropped EXE
PID:764 -
\??\c:\ttnhbb.exec:\ttnhbb.exe28⤵
- Executes dropped EXE
PID:1656 -
\??\c:\7pppp.exec:\7pppp.exe29⤵
- Executes dropped EXE
PID:2880 -
\??\c:\lrllrrf.exec:\lrllrrf.exe30⤵
- Executes dropped EXE
PID:1364 -
\??\c:\9rlflrx.exec:\9rlflrx.exe31⤵
- Executes dropped EXE
PID:3008 -
\??\c:\7tnbhn.exec:\7tnbhn.exe32⤵
- Executes dropped EXE
PID:896 -
\??\c:\jpjvp.exec:\jpjvp.exe33⤵
- Executes dropped EXE
PID:1628 -
\??\c:\pjdjp.exec:\pjdjp.exe34⤵
- Executes dropped EXE
PID:1968 -
\??\c:\7llrflr.exec:\7llrflr.exe35⤵
- Executes dropped EXE
PID:1976 -
\??\c:\llxfrfx.exec:\llxfrfx.exe36⤵
- Executes dropped EXE
PID:2008 -
\??\c:\ffxlrxf.exec:\ffxlrxf.exe37⤵
- Executes dropped EXE
PID:2536 -
\??\c:\bthntn.exec:\bthntn.exe38⤵
- Executes dropped EXE
PID:2244 -
\??\c:\7vppj.exec:\7vppj.exe39⤵
- Executes dropped EXE
PID:2688 -
\??\c:\9jpvv.exec:\9jpvv.exe40⤵
- Executes dropped EXE
PID:2576 -
\??\c:\frlrxrr.exec:\frlrxrr.exe41⤵
- Executes dropped EXE
PID:2836 -
\??\c:\xxxlxrr.exec:\xxxlxrr.exe42⤵
- Executes dropped EXE
PID:2780 -
\??\c:\nhtbbb.exec:\nhtbbb.exe43⤵
- Executes dropped EXE
PID:2464 -
\??\c:\bthtbh.exec:\bthtbh.exe44⤵
- Executes dropped EXE
PID:2484 -
\??\c:\btbhhh.exec:\btbhhh.exe45⤵
- Executes dropped EXE
PID:2916 -
\??\c:\pjvdd.exec:\pjvdd.exe46⤵
- Executes dropped EXE
PID:2496 -
\??\c:\ppvjv.exec:\ppvjv.exe47⤵
- Executes dropped EXE
PID:3064 -
\??\c:\rlrxxfl.exec:\rlrxxfl.exe48⤵
- Executes dropped EXE
PID:2404 -
\??\c:\tnhhnn.exec:\tnhhnn.exe49⤵
- Executes dropped EXE
PID:1640 -
\??\c:\btntbb.exec:\btntbb.exe50⤵
- Executes dropped EXE
PID:1920 -
\??\c:\ppjjp.exec:\ppjjp.exe51⤵
- Executes dropped EXE
PID:2240 -
\??\c:\ddjdd.exec:\ddjdd.exe52⤵
- Executes dropped EXE
PID:1744 -
\??\c:\9rfrrlr.exec:\9rfrrlr.exe53⤵
- Executes dropped EXE
PID:948 -
\??\c:\xrfflfr.exec:\xrfflfr.exe54⤵
- Executes dropped EXE
PID:1452 -
\??\c:\1hbtbb.exec:\1hbtbb.exe55⤵
- Executes dropped EXE
PID:1828 -
\??\c:\5dvvv.exec:\5dvvv.exe56⤵
- Executes dropped EXE
PID:2816 -
\??\c:\vppdp.exec:\vppdp.exe57⤵
- Executes dropped EXE
PID:2936 -
\??\c:\3rllxxx.exec:\3rllxxx.exe58⤵
- Executes dropped EXE
PID:2812 -
\??\c:\3tnbnb.exec:\3tnbnb.exe59⤵
- Executes dropped EXE
PID:1312 -
\??\c:\tnhhnn.exec:\tnhhnn.exe60⤵
- Executes dropped EXE
PID:324 -
\??\c:\hhtbth.exec:\hhtbth.exe61⤵
- Executes dropped EXE
PID:888 -
\??\c:\vvjvd.exec:\vvjvd.exe62⤵
- Executes dropped EXE
PID:792 -
\??\c:\3jpjd.exec:\3jpjd.exe63⤵
- Executes dropped EXE
PID:2016 -
\??\c:\fflrrll.exec:\fflrrll.exe64⤵
- Executes dropped EXE
PID:1756 -
\??\c:\xrflxxl.exec:\xrflxxl.exe65⤵
- Executes dropped EXE
PID:2176 -
\??\c:\tnbnnt.exec:\tnbnnt.exe66⤵PID:1296
-
\??\c:\3tnbht.exec:\3tnbht.exe67⤵PID:992
-
\??\c:\1pppd.exec:\1pppd.exe68⤵PID:2300
-
\??\c:\vpddj.exec:\vpddj.exe69⤵PID:2872
-
\??\c:\3fxfllr.exec:\3fxfllr.exe70⤵PID:2876
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe71⤵PID:3040
-
\??\c:\1bhnnh.exec:\1bhnnh.exe72⤵PID:1136
-
\??\c:\hhtbbn.exec:\hhtbbn.exe73⤵PID:2980
-
\??\c:\3pjpv.exec:\3pjpv.exe74⤵PID:2092
-
\??\c:\3pjvd.exec:\3pjvd.exe75⤵PID:1604
-
\??\c:\jvpdj.exec:\jvpdj.exe76⤵PID:1104
-
\??\c:\3ffrxfr.exec:\3ffrxfr.exe77⤵PID:1992
-
\??\c:\xrlrrll.exec:\xrlrrll.exe78⤵PID:2784
-
\??\c:\htbnnt.exec:\htbnnt.exe79⤵PID:2728
-
\??\c:\nttbbh.exec:\nttbbh.exe80⤵PID:2568
-
\??\c:\pjjjp.exec:\pjjjp.exe81⤵PID:2248
-
\??\c:\7pddj.exec:\7pddj.exe82⤵PID:2752
-
\??\c:\lxlllrr.exec:\lxlllrr.exe83⤵PID:2756
-
\??\c:\hhbhnt.exec:\hhbhnt.exe84⤵PID:2444
-
\??\c:\bthhbb.exec:\bthhbb.exe85⤵PID:2504
-
\??\c:\7jddj.exec:\7jddj.exe86⤵PID:2520
-
\??\c:\3jppd.exec:\3jppd.exe87⤵PID:2928
-
\??\c:\7xxxrlx.exec:\7xxxrlx.exe88⤵PID:1540
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe89⤵PID:2356
-
\??\c:\rrrxlrf.exec:\rrrxlrf.exe90⤵PID:320
-
\??\c:\nhthtb.exec:\nhthtb.exe91⤵PID:1944
-
\??\c:\ttnthb.exec:\ttnthb.exe92⤵PID:2328
-
\??\c:\vvjpj.exec:\vvjpj.exe93⤵PID:2680
-
\??\c:\pdpjd.exec:\pdpjd.exe94⤵PID:2532
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe95⤵PID:1272
-
\??\c:\9fxfllr.exec:\9fxfllr.exe96⤵PID:640
-
\??\c:\nbntnt.exec:\nbntnt.exe97⤵PID:1236
-
\??\c:\bnhttt.exec:\bnhttt.exe98⤵PID:1284
-
\??\c:\5nhnht.exec:\5nhnht.exe99⤵PID:2084
-
\??\c:\pvdpv.exec:\pvdpv.exe100⤵PID:1876
-
\??\c:\jdpvj.exec:\jdpvj.exe101⤵PID:1496
-
\??\c:\lxrllrr.exec:\lxrllrr.exe102⤵PID:1652
-
\??\c:\lrfxffx.exec:\lrfxffx.exe103⤵PID:240
-
\??\c:\9hbbhh.exec:\9hbbhh.exe104⤵PID:592
-
\??\c:\hbnntt.exec:\hbnntt.exe105⤵PID:392
-
\??\c:\pdpdd.exec:\pdpdd.exe106⤵PID:2156
-
\??\c:\dvvdv.exec:\dvvdv.exe107⤵PID:1760
-
\??\c:\fxrrlll.exec:\fxrrlll.exe108⤵PID:1228
-
\??\c:\3rlllrr.exec:\3rlllrr.exe109⤵PID:620
-
\??\c:\rlxfrll.exec:\rlxfrll.exe110⤵PID:788
-
\??\c:\bthhtt.exec:\bthhtt.exe111⤵PID:2344
-
\??\c:\1thnnt.exec:\1thnnt.exe112⤵PID:2880
-
\??\c:\5vppj.exec:\5vppj.exe113⤵PID:1364
-
\??\c:\jjvdv.exec:\jjvdv.exe114⤵PID:1136
-
\??\c:\rxlxfff.exec:\rxlxfff.exe115⤵PID:2760
-
\??\c:\lxlxffr.exec:\lxlxffr.exe116⤵PID:1720
-
\??\c:\5bnthn.exec:\5bnthn.exe117⤵PID:1116
-
\??\c:\hbbbbh.exec:\hbbbbh.exe118⤵PID:1976
-
\??\c:\9thnnt.exec:\9thnnt.exe119⤵PID:2008
-
\??\c:\pjvdj.exec:\pjvdj.exe120⤵PID:2396
-
\??\c:\pjvvp.exec:\pjvvp.exe121⤵PID:2244
-
\??\c:\dpvpp.exec:\dpvpp.exe122⤵PID:2552
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-