Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe
-
Size
50KB
-
MD5
cf657dccfa4fe75a606640e5dfb9f990
-
SHA1
56eb715553c3656eca75e42b4c7947f966b4d174
-
SHA256
b657a6cebcece1d6af39e0264a2e0a8ebb5e00b7429620263ac85c9aa8d8a15f
-
SHA512
9fd299dfb7eedf4fb1aed6180df2623cb66ab811ea67263d91d57f307ef1f637aceea83a755f3cd736fdf9ef329f24a6d4d3c477a199aeeab92741c6c7ff6a8b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoYqi:ymb3NkkiQ3mdBjFoxi
Malware Config
Signatures
-
Detect Blackmoon payload 28 IoCs
resource yara_rule behavioral1/memory/3008-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3008-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1932-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2588-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2752-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2484-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2484-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2780-60-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2780-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2764-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2764-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2508-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2324-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1440-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1904-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1708-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2452-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1648-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2016-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2956-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2224-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/684-213-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2432-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1936-249-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2108-285-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1424-294-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2508-2966-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1932 xrlrffl.exe 2588 tththn.exe 2752 vpdjv.exe 2484 9lxlrxl.exe 2780 3nhnnt.exe 2764 jdvvv.exe 2508 lfllxff.exe 2324 hhtbhh.exe 2740 jdvdj.exe 2824 ddppp.exe 1440 xrllrxl.exe 1904 3tbbhn.exe 1708 jdvjj.exe 2452 pjvvp.exe 1648 lfllrxl.exe 2040 tnhhht.exe 2016 tnbbhn.exe 2956 pjdvj.exe 1348 llflxfr.exe 2224 3frxxfl.exe 684 7btbnh.exe 576 nhnthn.exe 2460 ppjdv.exe 2432 lxlfxll.exe 1936 3rlflrx.exe 916 5nbnhn.exe 2328 3dppd.exe 1924 pppdj.exe 2108 9rlfrxl.exe 1424 bthbnn.exe 1868 nhbtbb.exe 2692 pjpjp.exe 1652 fflrfxl.exe 3020 rlxxlrl.exe 2688 xxlxffl.exe 2584 7nhtbh.exe 2768 pjvvd.exe 2788 ppddp.exe 2404 lfxxxxf.exe 2476 xxlfrlr.exe 2544 bnhbbb.exe 2528 tnbbhh.exe 1596 9jpdj.exe 2720 jvjpv.exe 2812 rlxxlrx.exe 2848 1hhnbh.exe 1584 tnbbbb.exe 640 dddpj.exe 2188 vpddd.exe 1316 ffrrlll.exe 1248 fxfrxxl.exe 2180 bbnnth.exe 1224 htnntt.exe 2316 dppjj.exe 2012 dddpv.exe 1908 lrlllrl.exe 2228 bbtntt.exe 1928 ppvjv.exe 788 9dppd.exe 1412 7xfflrx.exe 2456 rlffffr.exe 1140 hbnbbh.exe 1044 tnnnbh.exe 2436 jpddj.exe -
resource yara_rule behavioral1/memory/3008-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1932-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2588-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2752-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2484-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2484-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2780-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2324-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2324-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2324-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2324-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1440-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1904-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1708-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2452-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1648-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2016-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2956-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2224-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/684-213-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2432-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1936-249-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2108-285-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1424-294-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-2966-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3008 wrote to memory of 1932 3008 cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe 28 PID 3008 wrote to memory of 1932 3008 cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe 28 PID 3008 wrote to memory of 1932 3008 cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe 28 PID 3008 wrote to memory of 1932 3008 cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe 28 PID 1932 wrote to memory of 2588 1932 xrlrffl.exe 29 PID 1932 wrote to memory of 2588 1932 xrlrffl.exe 29 PID 1932 wrote to memory of 2588 1932 xrlrffl.exe 29 PID 1932 wrote to memory of 2588 1932 xrlrffl.exe 29 PID 2588 wrote to memory of 2752 2588 tththn.exe 30 PID 2588 wrote to memory of 2752 2588 tththn.exe 30 PID 2588 wrote to memory of 2752 2588 tththn.exe 30 PID 2588 wrote to memory of 2752 2588 tththn.exe 30 PID 2752 wrote to memory of 2484 2752 vpdjv.exe 31 PID 2752 wrote to memory of 2484 2752 vpdjv.exe 31 PID 2752 wrote to memory of 2484 2752 vpdjv.exe 31 PID 2752 wrote to memory of 2484 2752 vpdjv.exe 31 PID 2484 wrote to memory of 2780 2484 9lxlrxl.exe 32 PID 2484 wrote to memory of 2780 2484 9lxlrxl.exe 32 PID 2484 wrote to memory of 2780 2484 9lxlrxl.exe 32 PID 2484 wrote to memory of 2780 2484 9lxlrxl.exe 32 PID 2780 wrote to memory of 2764 2780 3nhnnt.exe 33 PID 2780 wrote to memory of 2764 2780 3nhnnt.exe 33 PID 2780 wrote to memory of 2764 2780 3nhnnt.exe 33 PID 2780 wrote to memory of 2764 2780 3nhnnt.exe 33 PID 2764 wrote to memory of 2508 2764 jdvvv.exe 34 PID 2764 wrote to memory of 2508 2764 jdvvv.exe 34 PID 2764 wrote to memory of 2508 2764 jdvvv.exe 34 PID 2764 wrote to memory of 2508 2764 jdvvv.exe 34 PID 2508 wrote to memory of 2324 2508 lfllxff.exe 35 PID 2508 wrote to memory of 2324 2508 lfllxff.exe 35 PID 2508 wrote to memory of 2324 2508 lfllxff.exe 35 PID 2508 wrote to memory of 2324 2508 lfllxff.exe 35 PID 2324 wrote to memory of 2740 2324 hhtbhh.exe 36 PID 2324 wrote to memory of 2740 2324 hhtbhh.exe 36 PID 2324 wrote to memory of 2740 2324 hhtbhh.exe 36 PID 2324 wrote to memory of 2740 2324 hhtbhh.exe 36 PID 2740 wrote to memory of 2824 2740 jdvdj.exe 37 PID 2740 wrote to memory of 2824 2740 jdvdj.exe 37 PID 2740 wrote to memory of 2824 2740 jdvdj.exe 37 PID 2740 wrote to memory of 2824 2740 jdvdj.exe 37 PID 2824 wrote to memory of 1440 2824 ddppp.exe 38 PID 2824 wrote to memory of 1440 2824 ddppp.exe 38 PID 2824 wrote to memory of 1440 2824 ddppp.exe 38 PID 2824 wrote to memory of 1440 2824 ddppp.exe 38 PID 1440 wrote to memory of 1904 1440 xrllrxl.exe 39 PID 1440 wrote to memory of 1904 1440 xrllrxl.exe 39 PID 1440 wrote to memory of 1904 1440 xrllrxl.exe 39 PID 1440 wrote to memory of 1904 1440 xrllrxl.exe 39 PID 1904 wrote to memory of 1708 1904 3tbbhn.exe 40 PID 1904 wrote to memory of 1708 1904 3tbbhn.exe 40 PID 1904 wrote to memory of 1708 1904 3tbbhn.exe 40 PID 1904 wrote to memory of 1708 1904 3tbbhn.exe 40 PID 1708 wrote to memory of 2452 1708 jdvjj.exe 41 PID 1708 wrote to memory of 2452 1708 jdvjj.exe 41 PID 1708 wrote to memory of 2452 1708 jdvjj.exe 41 PID 1708 wrote to memory of 2452 1708 jdvjj.exe 41 PID 2452 wrote to memory of 1648 2452 pjvvp.exe 42 PID 2452 wrote to memory of 1648 2452 pjvvp.exe 42 PID 2452 wrote to memory of 1648 2452 pjvvp.exe 42 PID 2452 wrote to memory of 1648 2452 pjvvp.exe 42 PID 1648 wrote to memory of 2040 1648 lfllrxl.exe 43 PID 1648 wrote to memory of 2040 1648 lfllrxl.exe 43 PID 1648 wrote to memory of 2040 1648 lfllrxl.exe 43 PID 1648 wrote to memory of 2040 1648 lfllrxl.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
\??\c:\xrlrffl.exec:\xrlrffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1932 -
\??\c:\tththn.exec:\tththn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2588 -
\??\c:\vpdjv.exec:\vpdjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\9lxlrxl.exec:\9lxlrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\3nhnnt.exec:\3nhnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\jdvvv.exec:\jdvvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\lfllxff.exec:\lfllxff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\hhtbhh.exec:\hhtbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2324 -
\??\c:\jdvdj.exec:\jdvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\ddppp.exec:\ddppp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2824 -
\??\c:\xrllrxl.exec:\xrllrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1440 -
\??\c:\3tbbhn.exec:\3tbbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1904 -
\??\c:\jdvjj.exec:\jdvjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1708 -
\??\c:\pjvvp.exec:\pjvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\lfllrxl.exec:\lfllrxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1648 -
\??\c:\tnhhht.exec:\tnhhht.exe17⤵
- Executes dropped EXE
PID:2040 -
\??\c:\tnbbhn.exec:\tnbbhn.exe18⤵
- Executes dropped EXE
PID:2016 -
\??\c:\pjdvj.exec:\pjdvj.exe19⤵
- Executes dropped EXE
PID:2956 -
\??\c:\llflxfr.exec:\llflxfr.exe20⤵
- Executes dropped EXE
PID:1348 -
\??\c:\3frxxfl.exec:\3frxxfl.exe21⤵
- Executes dropped EXE
PID:2224 -
\??\c:\7btbnh.exec:\7btbnh.exe22⤵
- Executes dropped EXE
PID:684 -
\??\c:\nhnthn.exec:\nhnthn.exe23⤵
- Executes dropped EXE
PID:576 -
\??\c:\ppjdv.exec:\ppjdv.exe24⤵
- Executes dropped EXE
PID:2460 -
\??\c:\lxlfxll.exec:\lxlfxll.exe25⤵
- Executes dropped EXE
PID:2432 -
\??\c:\3rlflrx.exec:\3rlflrx.exe26⤵
- Executes dropped EXE
PID:1936 -
\??\c:\5nbnhn.exec:\5nbnhn.exe27⤵
- Executes dropped EXE
PID:916 -
\??\c:\3dppd.exec:\3dppd.exe28⤵
- Executes dropped EXE
PID:2328 -
\??\c:\pppdj.exec:\pppdj.exe29⤵
- Executes dropped EXE
PID:1924 -
\??\c:\9rlfrxl.exec:\9rlfrxl.exe30⤵
- Executes dropped EXE
PID:2108 -
\??\c:\bthbnn.exec:\bthbnn.exe31⤵
- Executes dropped EXE
PID:1424 -
\??\c:\nhbtbb.exec:\nhbtbb.exe32⤵
- Executes dropped EXE
PID:1868 -
\??\c:\pjpjp.exec:\pjpjp.exe33⤵
- Executes dropped EXE
PID:2692 -
\??\c:\fflrfxl.exec:\fflrfxl.exe34⤵
- Executes dropped EXE
PID:1652 -
\??\c:\rlxxlrl.exec:\rlxxlrl.exe35⤵
- Executes dropped EXE
PID:3020 -
\??\c:\xxlxffl.exec:\xxlxffl.exe36⤵
- Executes dropped EXE
PID:2688 -
\??\c:\7nhtbh.exec:\7nhtbh.exe37⤵
- Executes dropped EXE
PID:2584 -
\??\c:\pjvvd.exec:\pjvvd.exe38⤵
- Executes dropped EXE
PID:2768 -
\??\c:\ppddp.exec:\ppddp.exe39⤵
- Executes dropped EXE
PID:2788 -
\??\c:\lfxxxxf.exec:\lfxxxxf.exe40⤵
- Executes dropped EXE
PID:2404 -
\??\c:\xxlfrlr.exec:\xxlfrlr.exe41⤵
- Executes dropped EXE
PID:2476 -
\??\c:\bnhbbb.exec:\bnhbbb.exe42⤵
- Executes dropped EXE
PID:2544 -
\??\c:\tnbbhh.exec:\tnbbhh.exe43⤵
- Executes dropped EXE
PID:2528 -
\??\c:\9jpdj.exec:\9jpdj.exe44⤵
- Executes dropped EXE
PID:1596 -
\??\c:\jvjpv.exec:\jvjpv.exe45⤵
- Executes dropped EXE
PID:2720 -
\??\c:\rlxxlrx.exec:\rlxxlrx.exe46⤵
- Executes dropped EXE
PID:2812 -
\??\c:\1hhnbh.exec:\1hhnbh.exe47⤵
- Executes dropped EXE
PID:2848 -
\??\c:\tnbbbb.exec:\tnbbbb.exe48⤵
- Executes dropped EXE
PID:1584 -
\??\c:\dddpj.exec:\dddpj.exe49⤵
- Executes dropped EXE
PID:640 -
\??\c:\vpddd.exec:\vpddd.exe50⤵
- Executes dropped EXE
PID:2188 -
\??\c:\ffrrlll.exec:\ffrrlll.exe51⤵
- Executes dropped EXE
PID:1316 -
\??\c:\fxfrxxl.exec:\fxfrxxl.exe52⤵
- Executes dropped EXE
PID:1248 -
\??\c:\bbnnth.exec:\bbnnth.exe53⤵
- Executes dropped EXE
PID:2180 -
\??\c:\htnntt.exec:\htnntt.exe54⤵
- Executes dropped EXE
PID:1224 -
\??\c:\dppjj.exec:\dppjj.exe55⤵
- Executes dropped EXE
PID:2316 -
\??\c:\dddpv.exec:\dddpv.exe56⤵
- Executes dropped EXE
PID:2012 -
\??\c:\lrlllrl.exec:\lrlllrl.exe57⤵
- Executes dropped EXE
PID:1908 -
\??\c:\bbtntt.exec:\bbtntt.exe58⤵
- Executes dropped EXE
PID:2228 -
\??\c:\ppvjv.exec:\ppvjv.exe59⤵
- Executes dropped EXE
PID:1928 -
\??\c:\9dppd.exec:\9dppd.exe60⤵
- Executes dropped EXE
PID:788 -
\??\c:\7xfflrx.exec:\7xfflrx.exe61⤵
- Executes dropped EXE
PID:1412 -
\??\c:\rlffffr.exec:\rlffffr.exe62⤵
- Executes dropped EXE
PID:2456 -
\??\c:\hbnbbh.exec:\hbnbbh.exe63⤵
- Executes dropped EXE
PID:1140 -
\??\c:\tnnnbh.exec:\tnnnbh.exe64⤵
- Executes dropped EXE
PID:1044 -
\??\c:\jpddj.exec:\jpddj.exe65⤵
- Executes dropped EXE
PID:2436 -
\??\c:\ppdpp.exec:\ppdpp.exe66⤵PID:2112
-
\??\c:\rlrxlrf.exec:\rlrxlrf.exe67⤵PID:3048
-
\??\c:\7ffxllr.exec:\7ffxllr.exe68⤵PID:2564
-
\??\c:\7bthbn.exec:\7bthbn.exe69⤵PID:876
-
\??\c:\hntnnh.exec:\hntnnh.exe70⤵PID:2340
-
\??\c:\1jvdj.exec:\1jvdj.exe71⤵PID:904
-
\??\c:\dvjjp.exec:\dvjjp.exe72⤵PID:2852
-
\??\c:\5llfllx.exec:\5llfllx.exe73⤵PID:276
-
\??\c:\rrfrflx.exec:\rrfrflx.exe74⤵PID:1520
-
\??\c:\tnhhnn.exec:\tnhhnn.exe75⤵PID:2268
-
\??\c:\vjdvd.exec:\vjdvd.exe76⤵PID:2608
-
\??\c:\pjppv.exec:\pjppv.exe77⤵PID:2252
-
\??\c:\5lxfllr.exec:\5lxfllr.exe78⤵PID:2612
-
\??\c:\xxffxfr.exec:\xxffxfr.exe79⤵PID:2512
-
\??\c:\tnbhht.exec:\tnbhht.exe80⤵PID:2844
-
\??\c:\7bhnbb.exec:\7bhnbb.exe81⤵PID:2524
-
\??\c:\1jvdj.exec:\1jvdj.exe82⤵PID:2492
-
\??\c:\jvjdj.exec:\jvjdj.exe83⤵PID:2764
-
\??\c:\ffflrxl.exec:\ffflrxl.exe84⤵PID:2996
-
\??\c:\llflxfl.exec:\llflxfl.exe85⤵PID:2324
-
\??\c:\bbnttb.exec:\bbnttb.exe86⤵PID:1508
-
\??\c:\7nhhbb.exec:\7nhhbb.exe87⤵PID:2740
-
\??\c:\ddpjv.exec:\ddpjv.exe88⤵PID:2812
-
\??\c:\jdjdd.exec:\jdjdd.exe89⤵PID:1864
-
\??\c:\lfflrrf.exec:\lfflrrf.exe90⤵PID:1124
-
\??\c:\lfffflr.exec:\lfffflr.exe91⤵PID:1472
-
\??\c:\nnbnbh.exec:\nnbnbh.exe92⤵PID:1504
-
\??\c:\hbttnn.exec:\hbttnn.exe93⤵PID:2452
-
\??\c:\7nbhhh.exec:\7nbhhh.exe94⤵PID:1248
-
\??\c:\dvpvd.exec:\dvpvd.exe95⤵PID:2192
-
\??\c:\3vvvj.exec:\3vvvj.exe96⤵PID:2232
-
\??\c:\5rrfrxl.exec:\5rrfrxl.exe97⤵PID:2948
-
\??\c:\9fxlrrx.exec:\9fxlrrx.exe98⤵PID:1920
-
\??\c:\nhnhnb.exec:\nhnhnb.exe99⤵PID:2424
-
\??\c:\hhnttt.exec:\hhnttt.exe100⤵PID:584
-
\??\c:\ppjjp.exec:\ppjjp.exe101⤵PID:600
-
\??\c:\dvpjv.exec:\dvpjv.exe102⤵PID:1400
-
\??\c:\7llxlrf.exec:\7llxlrf.exe103⤵PID:1788
-
\??\c:\xxlrfll.exec:\xxlrfll.exe104⤵PID:2460
-
\??\c:\nbtbnt.exec:\nbtbnt.exe105⤵PID:648
-
\??\c:\nbnttt.exec:\nbnttt.exe106⤵PID:380
-
\??\c:\vvpvp.exec:\vvpvp.exe107⤵PID:1936
-
\??\c:\vpdpv.exec:\vpdpv.exe108⤵PID:2860
-
\??\c:\fxxxlrf.exec:\fxxxlrf.exe109⤵PID:2328
-
\??\c:\3rlrffr.exec:\3rlrffr.exe110⤵PID:1676
-
\??\c:\3nhhhn.exec:\3nhhhn.exe111⤵PID:2244
-
\??\c:\hbnnbh.exec:\hbnnbh.exe112⤵PID:892
-
\??\c:\jddjj.exec:\jddjj.exe113⤵PID:1960
-
\??\c:\jdppp.exec:\jdppp.exe114⤵PID:2572
-
\??\c:\vppjp.exec:\vppjp.exe115⤵PID:1500
-
\??\c:\ffffrrf.exec:\ffffrrf.exe116⤵PID:1652
-
\??\c:\xrxxllf.exec:\xrxxllf.exe117⤵PID:2684
-
\??\c:\9ttbnn.exec:\9ttbnn.exe118⤵PID:2636
-
\??\c:\thnhtb.exec:\thnhtb.exe119⤵PID:2752
-
\??\c:\9pjpv.exec:\9pjpv.exe120⤵PID:2768
-
\??\c:\vpddd.exec:\vpddd.exe121⤵PID:2504
-
\??\c:\xrflxxl.exec:\xrflxxl.exe122⤵PID:2532
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-