Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 14:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe
-
Size
68KB
-
MD5
d41c4e24eae97d765853d181e25c8f00
-
SHA1
2efd6c55f871d9cad0dab84efa73d8c7f7a15f28
-
SHA256
bc099c143841699b7e2efc40b044e61df5573bb131aeec3518c66dfe8597c61e
-
SHA512
950108f47bdcbe6de3b6183f1f7f1e439077b3a5515ddbbaa670390342137d7a75b062f8e36ab0139301370f36e8057d1e74bb2532709ff0557235adef35ccf0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbLMJ:ymb3NkkiQ3mdBjFIfvTfCD+Hx
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/2232-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2060-21-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3000-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3000-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2688-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2716-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2528-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2484-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2492-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2332-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2892-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2944-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2064-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1832-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1660-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2428-158-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2028-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/676-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/748-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2224-285-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/612-294-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2060 6462440.exe 3000 jdjjv.exe 2688 9xlxfxl.exe 2716 424402.exe 2528 8868068.exe 2484 08000.exe 2492 xrfxffr.exe 2236 868422.exe 2332 0862068.exe 2892 xlrlrrx.exe 2944 42028.exe 2064 26662.exe 1832 3lrrffr.exe 1660 26840.exe 2428 nhbhhh.exe 2700 ffxxlxl.exe 2028 6080680.exe 2036 046206.exe 676 lxffllf.exe 748 jvvjd.exe 2140 868844.exe 1240 ddjvp.exe 420 04664.exe 1156 o246408.exe 1540 vdpvj.exe 1396 60220.exe 2268 26006.exe 964 080688.exe 2224 60806.exe 612 vdddp.exe 2040 m2400.exe 2196 nhttbb.exe 2736 88246.exe 1596 q68204.exe 2532 pjpdp.exe 2584 nnnntb.exe 2596 k64688.exe 2704 7lxflrx.exe 2712 0680228.exe 2716 ddvdv.exe 2528 s0840.exe 2472 pvpjv.exe 2456 0244484.exe 2240 3thtbb.exe 2620 4220646.exe 1600 tnnbbh.exe 2788 6084402.exe 1508 btnbhb.exe 1204 xlxfllx.exe 1048 5rflxfl.exe 1608 dvjvp.exe 2500 0028642.exe 2752 e68244.exe 1292 pjpjp.exe 1348 llxfllr.exe 2020 u246222.exe 2632 9flxrlf.exe 1256 xrxxflr.exe 1356 k84062.exe 1316 086280.exe 1136 btttbt.exe 1684 vpdvj.exe 2400 tthtth.exe 1088 g6468.exe -
resource yara_rule behavioral1/memory/2232-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2060-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2060-21-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3000-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3000-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2688-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2688-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2484-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2236-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2236-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2332-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2892-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2944-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2064-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1832-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1660-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2428-158-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2028-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/676-194-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/748-203-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2224-285-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/612-294-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2232 wrote to memory of 2060 2232 d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe 28 PID 2232 wrote to memory of 2060 2232 d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe 28 PID 2232 wrote to memory of 2060 2232 d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe 28 PID 2232 wrote to memory of 2060 2232 d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe 28 PID 2060 wrote to memory of 3000 2060 6462440.exe 29 PID 2060 wrote to memory of 3000 2060 6462440.exe 29 PID 2060 wrote to memory of 3000 2060 6462440.exe 29 PID 2060 wrote to memory of 3000 2060 6462440.exe 29 PID 3000 wrote to memory of 2688 3000 jdjjv.exe 30 PID 3000 wrote to memory of 2688 3000 jdjjv.exe 30 PID 3000 wrote to memory of 2688 3000 jdjjv.exe 30 PID 3000 wrote to memory of 2688 3000 jdjjv.exe 30 PID 2688 wrote to memory of 2716 2688 9xlxfxl.exe 31 PID 2688 wrote to memory of 2716 2688 9xlxfxl.exe 31 PID 2688 wrote to memory of 2716 2688 9xlxfxl.exe 31 PID 2688 wrote to memory of 2716 2688 9xlxfxl.exe 31 PID 2716 wrote to memory of 2528 2716 424402.exe 32 PID 2716 wrote to memory of 2528 2716 424402.exe 32 PID 2716 wrote to memory of 2528 2716 424402.exe 32 PID 2716 wrote to memory of 2528 2716 424402.exe 32 PID 2528 wrote to memory of 2484 2528 8868068.exe 33 PID 2528 wrote to memory of 2484 2528 8868068.exe 33 PID 2528 wrote to memory of 2484 2528 8868068.exe 33 PID 2528 wrote to memory of 2484 2528 8868068.exe 33 PID 2484 wrote to memory of 2492 2484 08000.exe 34 PID 2484 wrote to memory of 2492 2484 08000.exe 34 PID 2484 wrote to memory of 2492 2484 08000.exe 34 PID 2484 wrote to memory of 2492 2484 08000.exe 34 PID 2492 wrote to memory of 2236 2492 xrfxffr.exe 35 PID 2492 wrote to memory of 2236 2492 xrfxffr.exe 35 PID 2492 wrote to memory of 2236 2492 xrfxffr.exe 35 PID 2492 wrote to memory of 2236 2492 xrfxffr.exe 35 PID 2236 wrote to memory of 2332 2236 868422.exe 36 PID 2236 wrote to memory of 2332 2236 868422.exe 36 PID 2236 wrote to memory of 2332 2236 868422.exe 36 PID 2236 wrote to memory of 2332 2236 868422.exe 36 PID 2332 wrote to memory of 2892 2332 0862068.exe 37 PID 2332 wrote to memory of 2892 2332 0862068.exe 37 PID 2332 wrote to memory of 2892 2332 0862068.exe 37 PID 2332 wrote to memory of 2892 2332 0862068.exe 37 PID 2892 wrote to memory of 2944 2892 xlrlrrx.exe 38 PID 2892 wrote to memory of 2944 2892 xlrlrrx.exe 38 PID 2892 wrote to memory of 2944 2892 xlrlrrx.exe 38 PID 2892 wrote to memory of 2944 2892 xlrlrrx.exe 38 PID 2944 wrote to memory of 2064 2944 42028.exe 39 PID 2944 wrote to memory of 2064 2944 42028.exe 39 PID 2944 wrote to memory of 2064 2944 42028.exe 39 PID 2944 wrote to memory of 2064 2944 42028.exe 39 PID 2064 wrote to memory of 1832 2064 26662.exe 40 PID 2064 wrote to memory of 1832 2064 26662.exe 40 PID 2064 wrote to memory of 1832 2064 26662.exe 40 PID 2064 wrote to memory of 1832 2064 26662.exe 40 PID 1832 wrote to memory of 1660 1832 3lrrffr.exe 41 PID 1832 wrote to memory of 1660 1832 3lrrffr.exe 41 PID 1832 wrote to memory of 1660 1832 3lrrffr.exe 41 PID 1832 wrote to memory of 1660 1832 3lrrffr.exe 41 PID 1660 wrote to memory of 2428 1660 26840.exe 42 PID 1660 wrote to memory of 2428 1660 26840.exe 42 PID 1660 wrote to memory of 2428 1660 26840.exe 42 PID 1660 wrote to memory of 2428 1660 26840.exe 42 PID 2428 wrote to memory of 2700 2428 nhbhhh.exe 43 PID 2428 wrote to memory of 2700 2428 nhbhhh.exe 43 PID 2428 wrote to memory of 2700 2428 nhbhhh.exe 43 PID 2428 wrote to memory of 2700 2428 nhbhhh.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2232 -
\??\c:\6462440.exec:\6462440.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2060 -
\??\c:\jdjjv.exec:\jdjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3000 -
\??\c:\9xlxfxl.exec:\9xlxfxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\424402.exec:\424402.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\8868068.exec:\8868068.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\08000.exec:\08000.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\xrfxffr.exec:\xrfxffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\868422.exec:\868422.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2236 -
\??\c:\0862068.exec:\0862068.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2332 -
\??\c:\xlrlrrx.exec:\xlrlrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\42028.exec:\42028.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2944 -
\??\c:\26662.exec:\26662.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2064 -
\??\c:\3lrrffr.exec:\3lrrffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1832 -
\??\c:\26840.exec:\26840.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1660 -
\??\c:\nhbhhh.exec:\nhbhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428 -
\??\c:\ffxxlxl.exec:\ffxxlxl.exe17⤵
- Executes dropped EXE
PID:2700 -
\??\c:\6080680.exec:\6080680.exe18⤵
- Executes dropped EXE
PID:2028 -
\??\c:\046206.exec:\046206.exe19⤵
- Executes dropped EXE
PID:2036 -
\??\c:\lxffllf.exec:\lxffllf.exe20⤵
- Executes dropped EXE
PID:676 -
\??\c:\jvvjd.exec:\jvvjd.exe21⤵
- Executes dropped EXE
PID:748 -
\??\c:\868844.exec:\868844.exe22⤵
- Executes dropped EXE
PID:2140 -
\??\c:\ddjvp.exec:\ddjvp.exe23⤵
- Executes dropped EXE
PID:1240 -
\??\c:\04664.exec:\04664.exe24⤵
- Executes dropped EXE
PID:420 -
\??\c:\o246408.exec:\o246408.exe25⤵
- Executes dropped EXE
PID:1156 -
\??\c:\vdpvj.exec:\vdpvj.exe26⤵
- Executes dropped EXE
PID:1540 -
\??\c:\60220.exec:\60220.exe27⤵
- Executes dropped EXE
PID:1396 -
\??\c:\26006.exec:\26006.exe28⤵
- Executes dropped EXE
PID:2268 -
\??\c:\080688.exec:\080688.exe29⤵
- Executes dropped EXE
PID:964 -
\??\c:\60806.exec:\60806.exe30⤵
- Executes dropped EXE
PID:2224 -
\??\c:\vdddp.exec:\vdddp.exe31⤵
- Executes dropped EXE
PID:612 -
\??\c:\m2400.exec:\m2400.exe32⤵
- Executes dropped EXE
PID:2040 -
\??\c:\nhttbb.exec:\nhttbb.exe33⤵
- Executes dropped EXE
PID:2196 -
\??\c:\88246.exec:\88246.exe34⤵
- Executes dropped EXE
PID:2736 -
\??\c:\q68204.exec:\q68204.exe35⤵
- Executes dropped EXE
PID:1596 -
\??\c:\pjpdp.exec:\pjpdp.exe36⤵
- Executes dropped EXE
PID:2532 -
\??\c:\nnnntb.exec:\nnnntb.exe37⤵
- Executes dropped EXE
PID:2584 -
\??\c:\k64688.exec:\k64688.exe38⤵
- Executes dropped EXE
PID:2596 -
\??\c:\7lxflrx.exec:\7lxflrx.exe39⤵
- Executes dropped EXE
PID:2704 -
\??\c:\0680228.exec:\0680228.exe40⤵
- Executes dropped EXE
PID:2712 -
\??\c:\ddvdv.exec:\ddvdv.exe41⤵
- Executes dropped EXE
PID:2716 -
\??\c:\s0840.exec:\s0840.exe42⤵
- Executes dropped EXE
PID:2528 -
\??\c:\pvpjv.exec:\pvpjv.exe43⤵
- Executes dropped EXE
PID:2472 -
\??\c:\0244484.exec:\0244484.exe44⤵
- Executes dropped EXE
PID:2456 -
\??\c:\3thtbb.exec:\3thtbb.exe45⤵
- Executes dropped EXE
PID:2240 -
\??\c:\4220646.exec:\4220646.exe46⤵
- Executes dropped EXE
PID:2620 -
\??\c:\tnnbbh.exec:\tnnbbh.exe47⤵
- Executes dropped EXE
PID:1600 -
\??\c:\6084402.exec:\6084402.exe48⤵
- Executes dropped EXE
PID:2788 -
\??\c:\btnbhb.exec:\btnbhb.exe49⤵
- Executes dropped EXE
PID:1508 -
\??\c:\xlxfllx.exec:\xlxfllx.exe50⤵
- Executes dropped EXE
PID:1204 -
\??\c:\5rflxfl.exec:\5rflxfl.exe51⤵
- Executes dropped EXE
PID:1048 -
\??\c:\dvjvp.exec:\dvjvp.exe52⤵
- Executes dropped EXE
PID:1608 -
\??\c:\0028642.exec:\0028642.exe53⤵
- Executes dropped EXE
PID:2500 -
\??\c:\e68244.exec:\e68244.exe54⤵
- Executes dropped EXE
PID:2752 -
\??\c:\pjpjp.exec:\pjpjp.exe55⤵
- Executes dropped EXE
PID:1292 -
\??\c:\llxfllr.exec:\llxfllr.exe56⤵
- Executes dropped EXE
PID:1348 -
\??\c:\u246222.exec:\u246222.exe57⤵
- Executes dropped EXE
PID:2020 -
\??\c:\9flxrlf.exec:\9flxrlf.exe58⤵
- Executes dropped EXE
PID:2632 -
\??\c:\xrxxflr.exec:\xrxxflr.exe59⤵
- Executes dropped EXE
PID:1256 -
\??\c:\k84062.exec:\k84062.exe60⤵
- Executes dropped EXE
PID:1356 -
\??\c:\086280.exec:\086280.exe61⤵
- Executes dropped EXE
PID:1316 -
\??\c:\btttbt.exec:\btttbt.exe62⤵
- Executes dropped EXE
PID:1136 -
\??\c:\vpdvj.exec:\vpdvj.exe63⤵
- Executes dropped EXE
PID:1684 -
\??\c:\tthtth.exec:\tthtth.exe64⤵
- Executes dropped EXE
PID:2400 -
\??\c:\g6468.exec:\g6468.exe65⤵
- Executes dropped EXE
PID:1088 -
\??\c:\jvdjj.exec:\jvdjj.exe66⤵PID:1156
-
\??\c:\048440.exec:\048440.exe67⤵PID:1524
-
\??\c:\48662.exec:\48662.exe68⤵PID:1036
-
\??\c:\424084.exec:\424084.exe69⤵PID:556
-
\??\c:\82686.exec:\82686.exe70⤵PID:704
-
\??\c:\3vjdp.exec:\3vjdp.exe71⤵PID:1144
-
\??\c:\3jdjp.exec:\3jdjp.exe72⤵PID:2412
-
\??\c:\04240.exec:\04240.exe73⤵PID:1720
-
\??\c:\204824.exec:\204824.exe74⤵PID:3064
-
\??\c:\tnhtbh.exec:\tnhtbh.exe75⤵PID:1032
-
\??\c:\40082.exec:\40082.exe76⤵PID:2804
-
\??\c:\k82400.exec:\k82400.exe77⤵PID:2736
-
\??\c:\48840.exec:\48840.exe78⤵PID:1596
-
\??\c:\e08866.exec:\e08866.exe79⤵PID:2532
-
\??\c:\22624.exec:\22624.exe80⤵PID:2584
-
\??\c:\q64088.exec:\q64088.exe81⤵PID:2596
-
\??\c:\0484226.exec:\0484226.exe82⤵PID:2704
-
\??\c:\8206880.exec:\8206880.exe83⤵PID:2244
-
\??\c:\i244662.exec:\i244662.exe84⤵PID:2716
-
\??\c:\nnhthh.exec:\nnhthh.exe85⤵PID:2528
-
\??\c:\80600.exec:\80600.exe86⤵PID:2472
-
\??\c:\86464.exec:\86464.exe87⤵PID:2456
-
\??\c:\040600.exec:\040600.exe88⤵PID:2240
-
\??\c:\k08466.exec:\k08466.exe89⤵PID:2924
-
\??\c:\k20628.exec:\k20628.exe90⤵PID:1600
-
\??\c:\6088440.exec:\6088440.exe91⤵PID:2788
-
\??\c:\xrffrxl.exec:\xrffrxl.exe92⤵PID:1508
-
\??\c:\lflfrxf.exec:\lflfrxf.exe93⤵PID:1204
-
\??\c:\7jvvj.exec:\7jvvj.exe94⤵PID:1048
-
\??\c:\jvvdj.exec:\jvvdj.exe95⤵PID:1608
-
\??\c:\42440.exec:\42440.exe96⤵PID:2500
-
\??\c:\frxfrlr.exec:\frxfrlr.exe97⤵PID:1312
-
\??\c:\26884.exec:\26884.exe98⤵PID:1292
-
\??\c:\240824.exec:\240824.exe99⤵PID:1992
-
\??\c:\nhtbtn.exec:\nhtbtn.exe100⤵PID:2020
-
\??\c:\60846.exec:\60846.exe101⤵PID:2632
-
\??\c:\nthnbb.exec:\nthnbb.exe102⤵PID:1256
-
\??\c:\028248.exec:\028248.exe103⤵PID:1356
-
\??\c:\424084.exec:\424084.exe104⤵PID:1316
-
\??\c:\fffrllf.exec:\fffrllf.exe105⤵PID:448
-
\??\c:\0468402.exec:\0468402.exe106⤵PID:1684
-
\??\c:\tntbth.exec:\tntbth.exe107⤵PID:2400
-
\??\c:\w68686.exec:\w68686.exe108⤵PID:1088
-
\??\c:\1bnnbh.exec:\1bnnbh.exe109⤵PID:1156
-
\??\c:\llfrlfl.exec:\llfrlfl.exe110⤵PID:1524
-
\??\c:\3fxlrrr.exec:\3fxlrrr.exe111⤵PID:620
-
\??\c:\m0806.exec:\m0806.exe112⤵PID:556
-
\??\c:\xlxfllr.exec:\xlxfllr.exe113⤵PID:704
-
\??\c:\5fxfflx.exec:\5fxfflx.exe114⤵PID:964
-
\??\c:\802686.exec:\802686.exe115⤵PID:892
-
\??\c:\lfrrlrf.exec:\lfrrlrf.exe116⤵PID:1720
-
\??\c:\rrfxlfx.exec:\rrfxlfx.exe117⤵PID:2232
-
\??\c:\5dvvj.exec:\5dvvj.exe118⤵PID:1032
-
\??\c:\hhttht.exec:\hhttht.exe119⤵PID:1592
-
\??\c:\hthhht.exec:\hthhht.exe120⤵PID:2736
-
\??\c:\jvjvd.exec:\jvjvd.exe121⤵PID:1596
-
\??\c:\jpdjp.exec:\jpdjp.exe122⤵PID:2532
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-