Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe
-
Size
95KB
-
MD5
cd3bfe7e6ed63cc4bfde434ed80c9fc0
-
SHA1
61b1d05f79d37e12066ad7b69f113bf3ea80c5f0
-
SHA256
a975565ec9c53c2896a716d4e048d652384f7d3239cbe1744600be9b4a6ef6e2
-
SHA512
46cf3a0ff41b05503e0c7f559c917fe742fab3f92efb25b0e081ac0a8a33e11084adce249b71628f394c9aa66b4bac07908578b136612ae98d988c2287bf67bf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQL:ymb3NkkiQ3mdBjFIj+qNhvZuHQY0L
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/3068-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3068-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1836-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2256-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2148-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2148-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2732-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2812-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2836-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2276-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2992-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1928-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2968-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1552-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/824-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/760-209-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2112-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/956-273-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2428-281-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2500-299-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1836 xrlrxxl.exe 2256 bbthnb.exe 2148 9rflxxf.exe 2732 nnbhth.exe 2812 jpjdj.exe 2836 lxflfrr.exe 2276 hnhbnb.exe 2544 5vjjp.exe 2992 rrflrxl.exe 1928 xxxfrrf.exe 2968 9tthnt.exe 3012 7jdpp.exe 2416 rrfrxfx.exe 2156 rrxlxxf.exe 1552 nnnbnt.exe 352 bbhhnh.exe 2620 9ddpd.exe 824 xxlxrxr.exe 1316 btnthn.exe 2092 vdpvp.exe 760 1fflxfr.exe 2056 7rxrxrx.exe 2112 nnttbh.exe 1620 3vppj.exe 2628 rrrfflf.exe 1340 xrxxrrr.exe 1032 btntth.exe 956 7htbhh.exe 2428 llfrxfr.exe 2096 7xllrrf.exe 2500 bbtthn.exe 1688 5dpvd.exe 1568 fxxfllx.exe 2420 5nbhth.exe 3040 ttnbth.exe 2848 jjddp.exe 2672 jddpv.exe 2680 xlxflrf.exe 2720 tnhbnb.exe 2824 1hbbhn.exe 2784 jdvjv.exe 2552 vjpvj.exe 2644 rrlrrxl.exe 2592 xrfxffl.exe 2340 1nhnbb.exe 3064 nhbbnt.exe 2876 jdddv.exe 2980 5vpvv.exe 2140 ffrfxxr.exe 1360 ttbnbh.exe 2416 bthttb.exe 1612 ddvjv.exe 1732 vvpvd.exe 2740 5rrxrrf.exe 536 rrlfrlx.exe 1192 fxrxflr.exe 1724 tnbnbn.exe 1184 vpjvj.exe 2240 dvjpv.exe 1220 ffxfrfr.exe 2480 rlxxffx.exe 1668 rllrxlx.exe 2112 bbtnhn.exe 1844 nbbtnn.exe -
resource yara_rule behavioral1/memory/3068-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1836-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2256-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2256-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2256-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2256-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2148-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2148-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2148-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2732-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2812-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2836-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2276-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1928-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1552-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/824-183-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/760-209-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2112-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/956-273-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2428-281-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2500-299-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3068 wrote to memory of 1836 3068 cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe 28 PID 3068 wrote to memory of 1836 3068 cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe 28 PID 3068 wrote to memory of 1836 3068 cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe 28 PID 3068 wrote to memory of 1836 3068 cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe 28 PID 1836 wrote to memory of 2256 1836 xrlrxxl.exe 29 PID 1836 wrote to memory of 2256 1836 xrlrxxl.exe 29 PID 1836 wrote to memory of 2256 1836 xrlrxxl.exe 29 PID 1836 wrote to memory of 2256 1836 xrlrxxl.exe 29 PID 2256 wrote to memory of 2148 2256 bbthnb.exe 30 PID 2256 wrote to memory of 2148 2256 bbthnb.exe 30 PID 2256 wrote to memory of 2148 2256 bbthnb.exe 30 PID 2256 wrote to memory of 2148 2256 bbthnb.exe 30 PID 2148 wrote to memory of 2732 2148 9rflxxf.exe 31 PID 2148 wrote to memory of 2732 2148 9rflxxf.exe 31 PID 2148 wrote to memory of 2732 2148 9rflxxf.exe 31 PID 2148 wrote to memory of 2732 2148 9rflxxf.exe 31 PID 2732 wrote to memory of 2812 2732 nnbhth.exe 32 PID 2732 wrote to memory of 2812 2732 nnbhth.exe 32 PID 2732 wrote to memory of 2812 2732 nnbhth.exe 32 PID 2732 wrote to memory of 2812 2732 nnbhth.exe 32 PID 2812 wrote to memory of 2836 2812 jpjdj.exe 33 PID 2812 wrote to memory of 2836 2812 jpjdj.exe 33 PID 2812 wrote to memory of 2836 2812 jpjdj.exe 33 PID 2812 wrote to memory of 2836 2812 jpjdj.exe 33 PID 2836 wrote to memory of 2276 2836 lxflfrr.exe 34 PID 2836 wrote to memory of 2276 2836 lxflfrr.exe 34 PID 2836 wrote to memory of 2276 2836 lxflfrr.exe 34 PID 2836 wrote to memory of 2276 2836 lxflfrr.exe 34 PID 2276 wrote to memory of 2544 2276 hnhbnb.exe 35 PID 2276 wrote to memory of 2544 2276 hnhbnb.exe 35 PID 2276 wrote to memory of 2544 2276 hnhbnb.exe 35 PID 2276 wrote to memory of 2544 2276 hnhbnb.exe 35 PID 2544 wrote to memory of 2992 2544 5vjjp.exe 36 PID 2544 wrote to memory of 2992 2544 5vjjp.exe 36 PID 2544 wrote to memory of 2992 2544 5vjjp.exe 36 PID 2544 wrote to memory of 2992 2544 5vjjp.exe 36 PID 2992 wrote to memory of 1928 2992 rrflrxl.exe 37 PID 2992 wrote to memory of 1928 2992 rrflrxl.exe 37 PID 2992 wrote to memory of 1928 2992 rrflrxl.exe 37 PID 2992 wrote to memory of 1928 2992 rrflrxl.exe 37 PID 1928 wrote to memory of 2968 1928 xxxfrrf.exe 38 PID 1928 wrote to memory of 2968 1928 xxxfrrf.exe 38 PID 1928 wrote to memory of 2968 1928 xxxfrrf.exe 38 PID 1928 wrote to memory of 2968 1928 xxxfrrf.exe 38 PID 2968 wrote to memory of 3012 2968 9tthnt.exe 39 PID 2968 wrote to memory of 3012 2968 9tthnt.exe 39 PID 2968 wrote to memory of 3012 2968 9tthnt.exe 39 PID 2968 wrote to memory of 3012 2968 9tthnt.exe 39 PID 3012 wrote to memory of 2416 3012 7jdpp.exe 40 PID 3012 wrote to memory of 2416 3012 7jdpp.exe 40 PID 3012 wrote to memory of 2416 3012 7jdpp.exe 40 PID 3012 wrote to memory of 2416 3012 7jdpp.exe 40 PID 2416 wrote to memory of 2156 2416 rrfrxfx.exe 41 PID 2416 wrote to memory of 2156 2416 rrfrxfx.exe 41 PID 2416 wrote to memory of 2156 2416 rrfrxfx.exe 41 PID 2416 wrote to memory of 2156 2416 rrfrxfx.exe 41 PID 2156 wrote to memory of 1552 2156 rrxlxxf.exe 42 PID 2156 wrote to memory of 1552 2156 rrxlxxf.exe 42 PID 2156 wrote to memory of 1552 2156 rrxlxxf.exe 42 PID 2156 wrote to memory of 1552 2156 rrxlxxf.exe 42 PID 1552 wrote to memory of 352 1552 nnnbnt.exe 43 PID 1552 wrote to memory of 352 1552 nnnbnt.exe 43 PID 1552 wrote to memory of 352 1552 nnnbnt.exe 43 PID 1552 wrote to memory of 352 1552 nnnbnt.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3068 -
\??\c:\xrlrxxl.exec:\xrlrxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1836 -
\??\c:\bbthnb.exec:\bbthnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2256 -
\??\c:\9rflxxf.exec:\9rflxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2148 -
\??\c:\nnbhth.exec:\nnbhth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\jpjdj.exec:\jpjdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2812 -
\??\c:\lxflfrr.exec:\lxflfrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2836 -
\??\c:\hnhbnb.exec:\hnhbnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2276 -
\??\c:\5vjjp.exec:\5vjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\rrflrxl.exec:\rrflrxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2992 -
\??\c:\xxxfrrf.exec:\xxxfrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1928 -
\??\c:\9tthnt.exec:\9tthnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\7jdpp.exec:\7jdpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3012 -
\??\c:\rrfrxfx.exec:\rrfrxfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\rrxlxxf.exec:\rrxlxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2156 -
\??\c:\nnnbnt.exec:\nnnbnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1552 -
\??\c:\bbhhnh.exec:\bbhhnh.exe17⤵
- Executes dropped EXE
PID:352 -
\??\c:\9ddpd.exec:\9ddpd.exe18⤵
- Executes dropped EXE
PID:2620 -
\??\c:\xxlxrxr.exec:\xxlxrxr.exe19⤵
- Executes dropped EXE
PID:824 -
\??\c:\btnthn.exec:\btnthn.exe20⤵
- Executes dropped EXE
PID:1316 -
\??\c:\vdpvp.exec:\vdpvp.exe21⤵
- Executes dropped EXE
PID:2092 -
\??\c:\1fflxfr.exec:\1fflxfr.exe22⤵
- Executes dropped EXE
PID:760 -
\??\c:\7rxrxrx.exec:\7rxrxrx.exe23⤵
- Executes dropped EXE
PID:2056 -
\??\c:\nnttbh.exec:\nnttbh.exe24⤵
- Executes dropped EXE
PID:2112 -
\??\c:\3vppj.exec:\3vppj.exe25⤵
- Executes dropped EXE
PID:1620 -
\??\c:\rrrfflf.exec:\rrrfflf.exe26⤵
- Executes dropped EXE
PID:2628 -
\??\c:\xrxxrrr.exec:\xrxxrrr.exe27⤵
- Executes dropped EXE
PID:1340 -
\??\c:\btntth.exec:\btntth.exe28⤵
- Executes dropped EXE
PID:1032 -
\??\c:\7htbhh.exec:\7htbhh.exe29⤵
- Executes dropped EXE
PID:956 -
\??\c:\llfrxfr.exec:\llfrxfr.exe30⤵
- Executes dropped EXE
PID:2428 -
\??\c:\7xllrrf.exec:\7xllrrf.exe31⤵
- Executes dropped EXE
PID:2096 -
\??\c:\bbtthn.exec:\bbtthn.exe32⤵
- Executes dropped EXE
PID:2500 -
\??\c:\5dpvd.exec:\5dpvd.exe33⤵
- Executes dropped EXE
PID:1688 -
\??\c:\fxxfllx.exec:\fxxfllx.exe34⤵
- Executes dropped EXE
PID:1568 -
\??\c:\5nbhth.exec:\5nbhth.exe35⤵
- Executes dropped EXE
PID:2420 -
\??\c:\ttnbth.exec:\ttnbth.exe36⤵
- Executes dropped EXE
PID:3040 -
\??\c:\jjddp.exec:\jjddp.exe37⤵
- Executes dropped EXE
PID:2848 -
\??\c:\jddpv.exec:\jddpv.exe38⤵
- Executes dropped EXE
PID:2672 -
\??\c:\xlxflrf.exec:\xlxflrf.exe39⤵
- Executes dropped EXE
PID:2680 -
\??\c:\tnhbnb.exec:\tnhbnb.exe40⤵
- Executes dropped EXE
PID:2720 -
\??\c:\1hbbhn.exec:\1hbbhn.exe41⤵
- Executes dropped EXE
PID:2824 -
\??\c:\jdvjv.exec:\jdvjv.exe42⤵
- Executes dropped EXE
PID:2784 -
\??\c:\vjpvj.exec:\vjpvj.exe43⤵
- Executes dropped EXE
PID:2552 -
\??\c:\rrlrrxl.exec:\rrlrrxl.exe44⤵
- Executes dropped EXE
PID:2644 -
\??\c:\xrfxffl.exec:\xrfxffl.exe45⤵
- Executes dropped EXE
PID:2592 -
\??\c:\1nhnbb.exec:\1nhnbb.exe46⤵
- Executes dropped EXE
PID:2340 -
\??\c:\nhbbnt.exec:\nhbbnt.exe47⤵
- Executes dropped EXE
PID:3064 -
\??\c:\jdddv.exec:\jdddv.exe48⤵
- Executes dropped EXE
PID:2876 -
\??\c:\5vpvv.exec:\5vpvv.exe49⤵
- Executes dropped EXE
PID:2980 -
\??\c:\ffrfxxr.exec:\ffrfxxr.exe50⤵
- Executes dropped EXE
PID:2140 -
\??\c:\ttbnbh.exec:\ttbnbh.exe51⤵
- Executes dropped EXE
PID:1360 -
\??\c:\bthttb.exec:\bthttb.exe52⤵
- Executes dropped EXE
PID:2416 -
\??\c:\ddvjv.exec:\ddvjv.exe53⤵
- Executes dropped EXE
PID:1612 -
\??\c:\vvpvd.exec:\vvpvd.exe54⤵
- Executes dropped EXE
PID:1732 -
\??\c:\5rrxrrf.exec:\5rrxrrf.exe55⤵
- Executes dropped EXE
PID:2740 -
\??\c:\rrlfrlx.exec:\rrlfrlx.exe56⤵
- Executes dropped EXE
PID:536 -
\??\c:\fxrxflr.exec:\fxrxflr.exe57⤵
- Executes dropped EXE
PID:1192 -
\??\c:\tnbnbn.exec:\tnbnbn.exe58⤵
- Executes dropped EXE
PID:1724 -
\??\c:\vpjvj.exec:\vpjvj.exe59⤵
- Executes dropped EXE
PID:1184 -
\??\c:\dvjpv.exec:\dvjpv.exe60⤵
- Executes dropped EXE
PID:2240 -
\??\c:\ffxfrfr.exec:\ffxfrfr.exe61⤵
- Executes dropped EXE
PID:1220 -
\??\c:\rlxxffx.exec:\rlxxffx.exe62⤵
- Executes dropped EXE
PID:2480 -
\??\c:\rllrxlx.exec:\rllrxlx.exe63⤵
- Executes dropped EXE
PID:1668 -
\??\c:\bbtnhn.exec:\bbtnhn.exe64⤵
- Executes dropped EXE
PID:2112 -
\??\c:\nbbtnn.exec:\nbbtnn.exe65⤵
- Executes dropped EXE
PID:1844 -
\??\c:\ppjdp.exec:\ppjdp.exe66⤵PID:1912
-
\??\c:\ddppd.exec:\ddppd.exe67⤵PID:2628
-
\??\c:\ffrfffl.exec:\ffrfffl.exe68⤵PID:1820
-
\??\c:\ffrflxf.exec:\ffrflxf.exe69⤵PID:696
-
\??\c:\hbhhtt.exec:\hbhhtt.exe70⤵PID:1644
-
\??\c:\nbnnnn.exec:\nbnnnn.exe71⤵PID:1444
-
\??\c:\vvdpj.exec:\vvdpj.exe72⤵PID:2932
-
\??\c:\vvpvp.exec:\vvpvp.exe73⤵PID:868
-
\??\c:\xxxfrrf.exec:\xxxfrrf.exe74⤵PID:1720
-
\??\c:\lfrxxfr.exec:\lfrxxfr.exe75⤵PID:2184
-
\??\c:\bbthbb.exec:\bbthbb.exe76⤵PID:2464
-
\??\c:\nntnbn.exec:\nntnbn.exe77⤵PID:1568
-
\??\c:\pjvjv.exec:\pjvjv.exe78⤵PID:1544
-
\??\c:\ddvdp.exec:\ddvdp.exe79⤵PID:2272
-
\??\c:\rfxlfrx.exec:\rfxlfrx.exe80⤵PID:2724
-
\??\c:\rlflxfl.exec:\rlflxfl.exe81⤵PID:2796
-
\??\c:\bbtbnt.exec:\bbtbnt.exe82⤵PID:2728
-
\??\c:\5hnhhb.exec:\5hnhhb.exe83⤵PID:2720
-
\??\c:\7jdjd.exec:\7jdjd.exe84⤵PID:2860
-
\??\c:\vdjdd.exec:\vdjdd.exe85⤵PID:888
-
\??\c:\fxffxfl.exec:\fxffxfl.exe86⤵PID:2276
-
\??\c:\hhtbhh.exec:\hhtbhh.exe87⤵PID:3000
-
\??\c:\ttbbnt.exec:\ttbbnt.exe88⤵PID:3048
-
\??\c:\9tbttb.exec:\9tbttb.exe89⤵PID:2852
-
\??\c:\jdpvd.exec:\jdpvd.exe90⤵PID:3016
-
\??\c:\fxllffl.exec:\fxllffl.exe91⤵PID:2968
-
\??\c:\rrfxflr.exec:\rrfxflr.exe92⤵PID:1288
-
\??\c:\1tnhhn.exec:\1tnhhn.exe93⤵PID:1736
-
\??\c:\hbthtb.exec:\hbthtb.exe94⤵PID:1652
-
\??\c:\jdpjp.exec:\jdpjp.exe95⤵PID:1108
-
\??\c:\vvpdj.exec:\vvpdj.exe96⤵PID:2516
-
\??\c:\rfrfrrr.exec:\rfrfrrr.exe97⤵PID:380
-
\??\c:\llflrrx.exec:\llflrrx.exe98⤵PID:1680
-
\??\c:\7bbhnt.exec:\7bbhnt.exe99⤵PID:1300
-
\??\c:\3nnnbn.exec:\3nnnbn.exe100⤵PID:484
-
\??\c:\3dppp.exec:\3dppp.exe101⤵PID:1260
-
\??\c:\1jjpp.exec:\1jjpp.exe102⤵PID:2780
-
\??\c:\xxrxrrf.exec:\xxrxrrf.exe103⤵PID:292
-
\??\c:\tnbntb.exec:\tnbntb.exe104⤵PID:2508
-
\??\c:\tntbhh.exec:\tntbhh.exe105⤵PID:1248
-
\??\c:\ppjpd.exec:\ppjpd.exe106⤵PID:644
-
\??\c:\pjdjp.exec:\pjdjp.exe107⤵PID:1620
-
\??\c:\rffflrx.exec:\rffflrx.exe108⤵PID:1856
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe109⤵PID:1780
-
\??\c:\1bttnb.exec:\1bttnb.exe110⤵PID:1820
-
\??\c:\nntthn.exec:\nntthn.exe111⤵PID:2392
-
\??\c:\pvjdv.exec:\pvjdv.exe112⤵PID:956
-
\??\c:\7djpd.exec:\7djpd.exe113⤵PID:2428
-
\??\c:\llflrrf.exec:\llflrrf.exe114⤵PID:2432
-
\??\c:\5frlxfr.exec:\5frlxfr.exe115⤵PID:2120
-
\??\c:\1hbntb.exec:\1hbntb.exe116⤵PID:2124
-
\??\c:\btnntn.exec:\btnntn.exe117⤵PID:1836
-
\??\c:\7dvvp.exec:\7dvvp.exe118⤵PID:1272
-
\??\c:\3xrrfll.exec:\3xrrfll.exe119⤵PID:2420
-
\??\c:\nhnntb.exec:\nhnntb.exe120⤵PID:2144
-
\??\c:\ttnttt.exec:\ttnttt.exe121⤵PID:2256
-
\??\c:\9vvdp.exec:\9vvdp.exe122⤵PID:2284
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-