Analysis
-
max time kernel
125s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe
-
Size
63KB
-
MD5
cb6af1535a31d482a7730652dc81a0f0
-
SHA1
676eec737409993f6cdd4d2d70d3e79a0a63c458
-
SHA256
71dd3e830c1a064c1bb39e1c77abb2135d1081cf611d51fd8aa17ba7b3f3b4bc
-
SHA512
6a8530825f329e74fb953eb8ccf3c6740caaac657a1d7128596b29a0eed90153a00e1fb4d64317cc341e9bcc2f4d436d01a6e5ffee888f355816cd862c679e43
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AS:ymb3NkkiQ3mdBjFI46TQS
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/2772-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2940-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2596-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2556-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2564-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2604-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2684-73-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2684-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2388-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1104-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2476-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1812-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1948-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1296-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3056-196-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/440-232-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1336-251-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/964-259-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2328-268-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2136-286-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2940 pxnjl.exe 2596 nnbbrf.exe 2556 tldjtl.exe 2564 jnvpx.exe 2604 plhlr.exe 2684 vrhlfp.exe 2456 bfrjr.exe 2528 rpntntv.exe 2388 tvxdr.exe 1104 fxrhv.exe 2476 dhrlhnb.exe 1812 xvnhlp.exe 1980 vtrddnr.exe 1948 lpbbbvn.exe 1296 fffnp.exe 2740 rlptxpx.exe 2752 jrdxh.exe 2620 xpjphd.exe 3056 hpvftnj.exe 324 lvvvbt.exe 2988 vbbrjdx.exe 2244 rfppbf.exe 440 tvnjjfh.exe 1136 jvbdjnb.exe 1336 tllllj.exe 964 lpbff.exe 2328 jhxjvl.exe 876 phrrhj.exe 2136 nvphhvb.exe 2892 fxjlll.exe 1484 bfptrjv.exe 2488 nrvvfnj.exe 2836 tlbtpjf.exe 2968 npfff.exe 940 hfltj.exe 3020 jfvjrvn.exe 2876 xvdxl.exe 2536 bhvjvpl.exe 2552 ldxtd.exe 1548 hffbvb.exe 2944 jttxxpn.exe 2684 llrjf.exe 2520 vlnttnv.exe 2420 vdvhh.exe 2864 jpjdv.exe 1960 bxdrt.exe 572 nbjtjdf.exe 1644 phdhr.exe 2660 ltvxxl.exe 1928 hnxnd.exe 1996 txdnr.exe 1300 pbxpr.exe 1676 rdnnx.exe 2368 trdndl.exe 1296 xhtjpf.exe 1796 jrxxjrj.exe 1020 rddbfx.exe 2504 ljntf.exe 2448 hnvvn.exe 2812 drbhtd.exe 2992 jtfjb.exe 3032 vbjlff.exe 428 jljtf.exe 2148 fbvxtxj.exe -
resource yara_rule behavioral1/memory/2772-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2940-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2596-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2596-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2604-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2684-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2388-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1104-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2476-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1812-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1948-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1296-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3056-196-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/440-232-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1336-251-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/964-259-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2328-268-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2136-286-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2772 wrote to memory of 2940 2772 cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe 28 PID 2772 wrote to memory of 2940 2772 cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe 28 PID 2772 wrote to memory of 2940 2772 cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe 28 PID 2772 wrote to memory of 2940 2772 cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe 28 PID 2940 wrote to memory of 2596 2940 pxnjl.exe 29 PID 2940 wrote to memory of 2596 2940 pxnjl.exe 29 PID 2940 wrote to memory of 2596 2940 pxnjl.exe 29 PID 2940 wrote to memory of 2596 2940 pxnjl.exe 29 PID 2596 wrote to memory of 2556 2596 nnbbrf.exe 30 PID 2596 wrote to memory of 2556 2596 nnbbrf.exe 30 PID 2596 wrote to memory of 2556 2596 nnbbrf.exe 30 PID 2596 wrote to memory of 2556 2596 nnbbrf.exe 30 PID 2556 wrote to memory of 2564 2556 tldjtl.exe 31 PID 2556 wrote to memory of 2564 2556 tldjtl.exe 31 PID 2556 wrote to memory of 2564 2556 tldjtl.exe 31 PID 2556 wrote to memory of 2564 2556 tldjtl.exe 31 PID 2564 wrote to memory of 2604 2564 jnvpx.exe 32 PID 2564 wrote to memory of 2604 2564 jnvpx.exe 32 PID 2564 wrote to memory of 2604 2564 jnvpx.exe 32 PID 2564 wrote to memory of 2604 2564 jnvpx.exe 32 PID 2604 wrote to memory of 2684 2604 plhlr.exe 33 PID 2604 wrote to memory of 2684 2604 plhlr.exe 33 PID 2604 wrote to memory of 2684 2604 plhlr.exe 33 PID 2604 wrote to memory of 2684 2604 plhlr.exe 33 PID 2684 wrote to memory of 2456 2684 vrhlfp.exe 34 PID 2684 wrote to memory of 2456 2684 vrhlfp.exe 34 PID 2684 wrote to memory of 2456 2684 vrhlfp.exe 34 PID 2684 wrote to memory of 2456 2684 vrhlfp.exe 34 PID 2456 wrote to memory of 2528 2456 bfrjr.exe 35 PID 2456 wrote to memory of 2528 2456 bfrjr.exe 35 PID 2456 wrote to memory of 2528 2456 bfrjr.exe 35 PID 2456 wrote to memory of 2528 2456 bfrjr.exe 35 PID 2528 wrote to memory of 2388 2528 rpntntv.exe 36 PID 2528 wrote to memory of 2388 2528 rpntntv.exe 36 PID 2528 wrote to memory of 2388 2528 rpntntv.exe 36 PID 2528 wrote to memory of 2388 2528 rpntntv.exe 36 PID 2388 wrote to memory of 1104 2388 tvxdr.exe 37 PID 2388 wrote to memory of 1104 2388 tvxdr.exe 37 PID 2388 wrote to memory of 1104 2388 tvxdr.exe 37 PID 2388 wrote to memory of 1104 2388 tvxdr.exe 37 PID 1104 wrote to memory of 2476 1104 fxrhv.exe 38 PID 1104 wrote to memory of 2476 1104 fxrhv.exe 38 PID 1104 wrote to memory of 2476 1104 fxrhv.exe 38 PID 1104 wrote to memory of 2476 1104 fxrhv.exe 38 PID 2476 wrote to memory of 1812 2476 dhrlhnb.exe 39 PID 2476 wrote to memory of 1812 2476 dhrlhnb.exe 39 PID 2476 wrote to memory of 1812 2476 dhrlhnb.exe 39 PID 2476 wrote to memory of 1812 2476 dhrlhnb.exe 39 PID 1812 wrote to memory of 1980 1812 xvnhlp.exe 40 PID 1812 wrote to memory of 1980 1812 xvnhlp.exe 40 PID 1812 wrote to memory of 1980 1812 xvnhlp.exe 40 PID 1812 wrote to memory of 1980 1812 xvnhlp.exe 40 PID 1980 wrote to memory of 1948 1980 vtrddnr.exe 41 PID 1980 wrote to memory of 1948 1980 vtrddnr.exe 41 PID 1980 wrote to memory of 1948 1980 vtrddnr.exe 41 PID 1980 wrote to memory of 1948 1980 vtrddnr.exe 41 PID 1948 wrote to memory of 1296 1948 lpbbbvn.exe 42 PID 1948 wrote to memory of 1296 1948 lpbbbvn.exe 42 PID 1948 wrote to memory of 1296 1948 lpbbbvn.exe 42 PID 1948 wrote to memory of 1296 1948 lpbbbvn.exe 42 PID 1296 wrote to memory of 2740 1296 fffnp.exe 43 PID 1296 wrote to memory of 2740 1296 fffnp.exe 43 PID 1296 wrote to memory of 2740 1296 fffnp.exe 43 PID 1296 wrote to memory of 2740 1296 fffnp.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\pxnjl.exec:\pxnjl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2940 -
\??\c:\nnbbrf.exec:\nnbbrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\tldjtl.exec:\tldjtl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2556 -
\??\c:\jnvpx.exec:\jnvpx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\plhlr.exec:\plhlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2604 -
\??\c:\vrhlfp.exec:\vrhlfp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2684 -
\??\c:\bfrjr.exec:\bfrjr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\rpntntv.exec:\rpntntv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\tvxdr.exec:\tvxdr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\fxrhv.exec:\fxrhv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1104 -
\??\c:\dhrlhnb.exec:\dhrlhnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\xvnhlp.exec:\xvnhlp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1812 -
\??\c:\vtrddnr.exec:\vtrddnr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1980 -
\??\c:\lpbbbvn.exec:\lpbbbvn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1948 -
\??\c:\fffnp.exec:\fffnp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1296 -
\??\c:\rlptxpx.exec:\rlptxpx.exe17⤵
- Executes dropped EXE
PID:2740 -
\??\c:\jrdxh.exec:\jrdxh.exe18⤵
- Executes dropped EXE
PID:2752 -
\??\c:\xpjphd.exec:\xpjphd.exe19⤵
- Executes dropped EXE
PID:2620 -
\??\c:\hpvftnj.exec:\hpvftnj.exe20⤵
- Executes dropped EXE
PID:3056 -
\??\c:\lvvvbt.exec:\lvvvbt.exe21⤵
- Executes dropped EXE
PID:324 -
\??\c:\vbbrjdx.exec:\vbbrjdx.exe22⤵
- Executes dropped EXE
PID:2988 -
\??\c:\rfppbf.exec:\rfppbf.exe23⤵
- Executes dropped EXE
PID:2244 -
\??\c:\tvnjjfh.exec:\tvnjjfh.exe24⤵
- Executes dropped EXE
PID:440 -
\??\c:\jvbdjnb.exec:\jvbdjnb.exe25⤵
- Executes dropped EXE
PID:1136 -
\??\c:\tllllj.exec:\tllllj.exe26⤵
- Executes dropped EXE
PID:1336 -
\??\c:\lpbff.exec:\lpbff.exe27⤵
- Executes dropped EXE
PID:964 -
\??\c:\jhxjvl.exec:\jhxjvl.exe28⤵
- Executes dropped EXE
PID:2328 -
\??\c:\phrrhj.exec:\phrrhj.exe29⤵
- Executes dropped EXE
PID:876 -
\??\c:\nvphhvb.exec:\nvphhvb.exe30⤵
- Executes dropped EXE
PID:2136 -
\??\c:\fxjlll.exec:\fxjlll.exe31⤵
- Executes dropped EXE
PID:2892 -
\??\c:\bfptrjv.exec:\bfptrjv.exe32⤵
- Executes dropped EXE
PID:1484 -
\??\c:\nrvvfnj.exec:\nrvvfnj.exe33⤵
- Executes dropped EXE
PID:2488 -
\??\c:\tlbtpjf.exec:\tlbtpjf.exe34⤵
- Executes dropped EXE
PID:2836 -
\??\c:\npfff.exec:\npfff.exe35⤵
- Executes dropped EXE
PID:2968 -
\??\c:\hfltj.exec:\hfltj.exe36⤵
- Executes dropped EXE
PID:940 -
\??\c:\jfvjrvn.exec:\jfvjrvn.exe37⤵
- Executes dropped EXE
PID:3020 -
\??\c:\xvdxl.exec:\xvdxl.exe38⤵
- Executes dropped EXE
PID:2876 -
\??\c:\bhvjvpl.exec:\bhvjvpl.exe39⤵
- Executes dropped EXE
PID:2536 -
\??\c:\ldxtd.exec:\ldxtd.exe40⤵
- Executes dropped EXE
PID:2552 -
\??\c:\hffbvb.exec:\hffbvb.exe41⤵
- Executes dropped EXE
PID:1548 -
\??\c:\jttxxpn.exec:\jttxxpn.exe42⤵
- Executes dropped EXE
PID:2944 -
\??\c:\llrjf.exec:\llrjf.exe43⤵
- Executes dropped EXE
PID:2684 -
\??\c:\vlnttnv.exec:\vlnttnv.exe44⤵
- Executes dropped EXE
PID:2520 -
\??\c:\vdvhh.exec:\vdvhh.exe45⤵
- Executes dropped EXE
PID:2420 -
\??\c:\jpjdv.exec:\jpjdv.exe46⤵
- Executes dropped EXE
PID:2864 -
\??\c:\bxdrt.exec:\bxdrt.exe47⤵
- Executes dropped EXE
PID:1960 -
\??\c:\nbjtjdf.exec:\nbjtjdf.exe48⤵
- Executes dropped EXE
PID:572 -
\??\c:\phdhr.exec:\phdhr.exe49⤵
- Executes dropped EXE
PID:1644 -
\??\c:\ltvxxl.exec:\ltvxxl.exe50⤵
- Executes dropped EXE
PID:2660 -
\??\c:\hnxnd.exec:\hnxnd.exe51⤵
- Executes dropped EXE
PID:1928 -
\??\c:\txdnr.exec:\txdnr.exe52⤵
- Executes dropped EXE
PID:1996 -
\??\c:\pbxpr.exec:\pbxpr.exe53⤵
- Executes dropped EXE
PID:1300 -
\??\c:\rdnnx.exec:\rdnnx.exe54⤵
- Executes dropped EXE
PID:1676 -
\??\c:\trdndl.exec:\trdndl.exe55⤵
- Executes dropped EXE
PID:2368 -
\??\c:\xhtjpf.exec:\xhtjpf.exe56⤵
- Executes dropped EXE
PID:1296 -
\??\c:\jrxxjrj.exec:\jrxxjrj.exe57⤵
- Executes dropped EXE
PID:1796 -
\??\c:\rddbfx.exec:\rddbfx.exe58⤵
- Executes dropped EXE
PID:1020 -
\??\c:\ljntf.exec:\ljntf.exe59⤵
- Executes dropped EXE
PID:2504 -
\??\c:\hnvvn.exec:\hnvvn.exe60⤵
- Executes dropped EXE
PID:2448 -
\??\c:\drbhtd.exec:\drbhtd.exe61⤵
- Executes dropped EXE
PID:2812 -
\??\c:\jtfjb.exec:\jtfjb.exe62⤵
- Executes dropped EXE
PID:2992 -
\??\c:\vbjlff.exec:\vbjlff.exe63⤵
- Executes dropped EXE
PID:3032 -
\??\c:\jljtf.exec:\jljtf.exe64⤵
- Executes dropped EXE
PID:428 -
\??\c:\fbvxtxj.exec:\fbvxtxj.exe65⤵
- Executes dropped EXE
PID:2148 -
\??\c:\hhjpbh.exec:\hhjpbh.exe66⤵PID:1764
-
\??\c:\tbhvnp.exec:\tbhvnp.exe67⤵PID:1352
-
\??\c:\pfndfp.exec:\pfndfp.exe68⤵PID:1556
-
\??\c:\bvflhph.exec:\bvflhph.exe69⤵PID:2040
-
\??\c:\nndnrbd.exec:\nndnrbd.exe70⤵PID:1504
-
\??\c:\ndnlf.exec:\ndnlf.exe71⤵PID:1708
-
\??\c:\xdppf.exec:\xdppf.exe72⤵PID:1684
-
\??\c:\tnfjnhv.exec:\tnfjnhv.exe73⤵PID:2136
-
\??\c:\ffdpfbt.exec:\ffdpfbt.exe74⤵PID:1716
-
\??\c:\lhjvjvx.exec:\lhjvjvx.exe75⤵PID:2996
-
\??\c:\bpxxx.exec:\bpxxx.exe76⤵PID:2840
-
\??\c:\lxvdpjj.exec:\lxvdpjj.exe77⤵PID:2268
-
\??\c:\ttlxj.exec:\ttlxj.exe78⤵PID:1568
-
\??\c:\bhtnx.exec:\bhtnx.exe79⤵PID:2980
-
\??\c:\pxllrpj.exec:\pxllrpj.exe80⤵PID:1636
-
\??\c:\lttrl.exec:\lttrl.exe81⤵PID:2672
-
\??\c:\hhptf.exec:\hhptf.exe82⤵PID:2788
-
\??\c:\xhvjjvv.exec:\xhvjjvv.exe83⤵PID:2072
-
\??\c:\ftrlhv.exec:\ftrlhv.exe84⤵PID:2612
-
\??\c:\vtnndrr.exec:\vtnndrr.exe85⤵PID:2604
-
\??\c:\npthtx.exec:\npthtx.exe86⤵PID:2756
-
\??\c:\vjpdntp.exec:\vjpdntp.exe87⤵PID:2428
-
\??\c:\dxxttb.exec:\dxxttb.exe88⤵PID:2868
-
\??\c:\pnpfp.exec:\pnpfp.exe89⤵PID:580
-
\??\c:\rrljjxr.exec:\rrljjxr.exe90⤵PID:2304
-
\??\c:\frvhnff.exec:\frvhnff.exe91⤵PID:1848
-
\??\c:\ntbflv.exec:\ntbflv.exe92⤵PID:2344
-
\??\c:\nhlrl.exec:\nhlrl.exe93⤵PID:2632
-
\??\c:\rlnlh.exec:\rlnlh.exe94⤵PID:2736
-
\??\c:\lnjnv.exec:\lnjnv.exe95⤵PID:2216
-
\??\c:\jndbldp.exec:\jndbldp.exe96⤵PID:2376
-
\??\c:\lljnffh.exec:\lljnffh.exe97⤵PID:1728
-
\??\c:\jtjnpdb.exec:\jtjnpdb.exe98⤵PID:1944
-
\??\c:\tjvvr.exec:\tjvvr.exe99⤵PID:1820
-
\??\c:\fxnllfl.exec:\fxnllfl.exe100⤵PID:2240
-
\??\c:\blhvhf.exec:\blhvhf.exe101⤵PID:1740
-
\??\c:\dlvfb.exec:\dlvfb.exe102⤵PID:932
-
\??\c:\bvntjl.exec:\bvntjl.exe103⤵PID:2116
-
\??\c:\prxpfn.exec:\prxpfn.exe104⤵PID:2248
-
\??\c:\ddjfb.exec:\ddjfb.exe105⤵PID:1512
-
\??\c:\bndfvf.exec:\bndfvf.exe106⤵PID:924
-
\??\c:\nlpxdf.exec:\nlpxdf.exe107⤵PID:1132
-
\??\c:\pxvtb.exec:\pxvtb.exe108⤵PID:1256
-
\??\c:\nddjd.exec:\nddjd.exe109⤵PID:1196
-
\??\c:\dttbxp.exec:\dttbxp.exe110⤵PID:1756
-
\??\c:\drblxxx.exec:\drblxxx.exe111⤵PID:1128
-
\??\c:\vdptxxt.exec:\vdptxxt.exe112⤵PID:2032
-
\??\c:\dfbdf.exec:\dfbdf.exe113⤵PID:1316
-
\??\c:\nlbrtxb.exec:\nlbrtxb.exe114⤵PID:1720
-
\??\c:\njrtt.exec:\njrtt.exe115⤵PID:2896
-
\??\c:\hhtdp.exec:\hhtdp.exe116⤵PID:1816
-
\??\c:\rdpdjf.exec:\rdpdjf.exe117⤵PID:1012
-
\??\c:\thvnb.exec:\thvnb.exe118⤵PID:2848
-
\??\c:\txjxllt.exec:\txjxllt.exe119⤵PID:1224
-
\??\c:\dfbnb.exec:\dfbnb.exe120⤵PID:2272
-
\??\c:\lbxlp.exec:\lbxlp.exe121⤵PID:2924
-
\??\c:\pplnp.exec:\pplnp.exe122⤵PID:1688
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-