Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 03:55
Behavioral task
behavioral1
Sample
18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe
-
Size
189KB
-
MD5
18a9e65fe4d107bfba5bebad8f92ba40
-
SHA1
909299df8c5f36a47ab5362ab12f018e684a46ff
-
SHA256
38fbc084d1e46d1841a19bb2d65675e2ffb9aa02ce628f0b0cf443f9bddc3600
-
SHA512
d1891be864ba0d4b9fc7a038fc35896044ee318d254dc6f963787740f6b05b6a7d1fe5356deda44f051be2a69caef496cdc79a03fa20fa9420a3b36f6dfd7711
-
SSDEEP
3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+J:Ycm4FmowdHoSLEaTBftapTsyFeOJ
Malware Config
Signatures
-
Detect Blackmoon payload 36 IoCs
resource yara_rule behavioral1/memory/1812-0-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/3048-11-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2300-26-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2640-38-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2520-35-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2452-74-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2492-92-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/832-188-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2684-329-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/1976-361-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2960-409-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2552-609-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2872-589-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/1792-569-0x0000000000220000-0x0000000000250000-memory.dmp family_blackmoon behavioral1/memory/2288-518-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/1552-505-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2772-422-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2596-765-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2320-410-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2988-402-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2556-389-0x0000000000220000-0x0000000000250000-memory.dmp family_blackmoon behavioral1/memory/2472-360-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2944-298-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/320-297-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/1800-268-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/1060-257-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/952-243-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/1960-239-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/504-220-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2680-162-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2772-144-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/3028-122-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2964-119-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/1260-101-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/2540-83-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral1/memory/1500-859-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral1/files/0x000c00000001224e-8.dat family_berbew behavioral1/files/0x000d00000001232e-17.dat family_berbew behavioral1/files/0x0008000000014983-28.dat family_berbew behavioral1/files/0x00080000000149ea-37.dat family_berbew behavioral1/files/0x0007000000014b12-44.dat family_berbew behavioral1/files/0x0007000000014c25-54.dat family_berbew behavioral1/files/0x0007000000014e5a-65.dat family_berbew behavioral1/files/0x0007000000015023-73.dat family_berbew behavioral1/files/0x0006000000015cca-102.dat family_berbew behavioral1/files/0x0006000000015cdb-108.dat family_berbew behavioral1/files/0x0006000000015cec-120.dat family_berbew behavioral1/files/0x0006000000015cf7-129.dat family_berbew behavioral1/files/0x0006000000015d5d-146.dat family_berbew behavioral1/files/0x0006000000015f1b-163.dat family_berbew behavioral1/files/0x0006000000015f9e-169.dat family_berbew behavioral1/files/0x00060000000160f8-186.dat family_berbew behavioral1/files/0x0006000000016411-203.dat family_berbew behavioral1/files/0x0006000000016525-211.dat family_berbew behavioral1/files/0x0006000000016c17-249.dat family_berbew behavioral1/files/0x0006000000016c26-259.dat family_berbew behavioral1/files/0x002c000000014701-283.dat family_berbew behavioral1/memory/2556-389-0x0000000000220000-0x0000000000250000-memory.dmp family_berbew behavioral1/files/0x0006000000016c7a-276.dat family_berbew behavioral1/files/0x0006000000016c2e-267.dat family_berbew behavioral1/files/0x0006000000016a45-241.dat family_berbew behavioral1/files/0x00060000000167ef-232.dat family_berbew behavioral1/files/0x0006000000016597-222.dat family_berbew behavioral1/files/0x0006000000016277-197.dat family_berbew behavioral1/files/0x0006000000016056-180.dat family_berbew behavioral1/files/0x0006000000015d6e-154.dat family_berbew behavioral1/files/0x0006000000015d06-137.dat family_berbew behavioral1/files/0x0006000000015cc1-93.dat family_berbew behavioral1/files/0x0008000000015cad-84.dat family_berbew -
Executes dropped EXE 64 IoCs
pid Process 3048 fxffrrl.exe 2300 bnntnt.exe 2520 3jdjj.exe 2640 lfrxxxf.exe 2536 bhnhht.exe 2700 3thnth.exe 2452 jdjpv.exe 2540 xrlrrxf.exe 2492 nhbtnn.exe 1260 ntbtnb.exe 2800 dvjpv.exe 2964 1xlllrl.exe 3028 hbbhbt.exe 1744 htbhnn.exe 2772 jppdv.exe 2624 lfrfllr.exe 2680 rfllrrx.exe 2820 tbtbnt.exe 2000 bnbhbn.exe 832 vdvvv.exe 1956 pdpvj.exe 2900 xlflxll.exe 1212 bthntt.exe 504 vjvvv.exe 1476 5pdjj.exe 1960 lrxlfrr.exe 952 httbnh.exe 1060 pjjdd.exe 2268 vvvjj.exe 1800 lfrxrxx.exe 1160 btntbb.exe 1804 nhhnbn.exe 320 1xllrxf.exe 2944 nhthtn.exe 3056 nhtbbh.exe 2948 ddvdp.exe 2188 jdvpd.exe 2376 7rllffr.exe 2684 rrlfxfr.exe 2560 ttnhhh.exe 2556 tnhhnn.exe 2456 vvdvp.exe 2472 dddjp.exe 1976 7rfffff.exe 2980 flxffff.exe 1660 hthhtn.exe 2856 3bthtb.exe 2712 vvvdd.exe 2988 7rlrxlx.exe 2960 3frrffr.exe 2320 1nbbnt.exe 2772 nhhhtb.exe 2652 dvpvd.exe 2448 dvjdp.exe 2768 7fflrrx.exe 1408 xfxfrrl.exe 2100 htbthn.exe 1244 bbhhth.exe 2740 jvddj.exe 1956 pjpjv.exe 2724 llxlxlx.exe 776 lxrxxxl.exe 784 rxrflff.exe 1644 tnbnbt.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1812 wrote to memory of 3048 1812 18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe 28 PID 1812 wrote to memory of 3048 1812 18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe 28 PID 1812 wrote to memory of 3048 1812 18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe 28 PID 1812 wrote to memory of 3048 1812 18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe 28 PID 3048 wrote to memory of 2300 3048 fxffrrl.exe 29 PID 3048 wrote to memory of 2300 3048 fxffrrl.exe 29 PID 3048 wrote to memory of 2300 3048 fxffrrl.exe 29 PID 3048 wrote to memory of 2300 3048 fxffrrl.exe 29 PID 2300 wrote to memory of 2520 2300 bnntnt.exe 30 PID 2300 wrote to memory of 2520 2300 bnntnt.exe 30 PID 2300 wrote to memory of 2520 2300 bnntnt.exe 30 PID 2300 wrote to memory of 2520 2300 bnntnt.exe 30 PID 2520 wrote to memory of 2640 2520 3jdjj.exe 31 PID 2520 wrote to memory of 2640 2520 3jdjj.exe 31 PID 2520 wrote to memory of 2640 2520 3jdjj.exe 31 PID 2520 wrote to memory of 2640 2520 3jdjj.exe 31 PID 2640 wrote to memory of 2536 2640 lfrxxxf.exe 32 PID 2640 wrote to memory of 2536 2640 lfrxxxf.exe 32 PID 2640 wrote to memory of 2536 2640 lfrxxxf.exe 32 PID 2640 wrote to memory of 2536 2640 lfrxxxf.exe 32 PID 2536 wrote to memory of 2700 2536 bhnhht.exe 33 PID 2536 wrote to memory of 2700 2536 bhnhht.exe 33 PID 2536 wrote to memory of 2700 2536 bhnhht.exe 33 PID 2536 wrote to memory of 2700 2536 bhnhht.exe 33 PID 2700 wrote to memory of 2452 2700 3thnth.exe 34 PID 2700 wrote to memory of 2452 2700 3thnth.exe 34 PID 2700 wrote to memory of 2452 2700 3thnth.exe 34 PID 2700 wrote to memory of 2452 2700 3thnth.exe 34 PID 2452 wrote to memory of 2540 2452 jdjpv.exe 35 PID 2452 wrote to memory of 2540 2452 jdjpv.exe 35 PID 2452 wrote to memory of 2540 2452 jdjpv.exe 35 PID 2452 wrote to memory of 2540 2452 jdjpv.exe 35 PID 2540 wrote to memory of 2492 2540 xrlrrxf.exe 36 PID 2540 wrote to memory of 2492 2540 xrlrrxf.exe 36 PID 2540 wrote to memory of 2492 2540 xrlrrxf.exe 36 PID 2540 wrote to memory of 2492 2540 xrlrrxf.exe 36 PID 2492 wrote to memory of 1260 2492 nhbtnn.exe 37 PID 2492 wrote to memory of 1260 2492 nhbtnn.exe 37 PID 2492 wrote to memory of 1260 2492 nhbtnn.exe 37 PID 2492 wrote to memory of 1260 2492 nhbtnn.exe 37 PID 1260 wrote to memory of 2800 1260 ntbtnb.exe 38 PID 1260 wrote to memory of 2800 1260 ntbtnb.exe 38 PID 1260 wrote to memory of 2800 1260 ntbtnb.exe 38 PID 1260 wrote to memory of 2800 1260 ntbtnb.exe 38 PID 2800 wrote to memory of 2964 2800 dvjpv.exe 39 PID 2800 wrote to memory of 2964 2800 dvjpv.exe 39 PID 2800 wrote to memory of 2964 2800 dvjpv.exe 39 PID 2800 wrote to memory of 2964 2800 dvjpv.exe 39 PID 2964 wrote to memory of 3028 2964 1xlllrl.exe 40 PID 2964 wrote to memory of 3028 2964 1xlllrl.exe 40 PID 2964 wrote to memory of 3028 2964 1xlllrl.exe 40 PID 2964 wrote to memory of 3028 2964 1xlllrl.exe 40 PID 3028 wrote to memory of 1744 3028 hbbhbt.exe 41 PID 3028 wrote to memory of 1744 3028 hbbhbt.exe 41 PID 3028 wrote to memory of 1744 3028 hbbhbt.exe 41 PID 3028 wrote to memory of 1744 3028 hbbhbt.exe 41 PID 1744 wrote to memory of 2772 1744 htbhnn.exe 42 PID 1744 wrote to memory of 2772 1744 htbhnn.exe 42 PID 1744 wrote to memory of 2772 1744 htbhnn.exe 42 PID 1744 wrote to memory of 2772 1744 htbhnn.exe 42 PID 2772 wrote to memory of 2624 2772 jppdv.exe 43 PID 2772 wrote to memory of 2624 2772 jppdv.exe 43 PID 2772 wrote to memory of 2624 2772 jppdv.exe 43 PID 2772 wrote to memory of 2624 2772 jppdv.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1812 -
\??\c:\fxffrrl.exec:\fxffrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3048 -
\??\c:\bnntnt.exec:\bnntnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2300 -
\??\c:\3jdjj.exec:\3jdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\lfrxxxf.exec:\lfrxxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2640 -
\??\c:\bhnhht.exec:\bhnhht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\3thnth.exec:\3thnth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\jdjpv.exec:\jdjpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\xrlrrxf.exec:\xrlrrxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2540 -
\??\c:\nhbtnn.exec:\nhbtnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\ntbtnb.exec:\ntbtnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1260 -
\??\c:\dvjpv.exec:\dvjpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2800 -
\??\c:\1xlllrl.exec:\1xlllrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2964 -
\??\c:\hbbhbt.exec:\hbbhbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\htbhnn.exec:\htbhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1744 -
\??\c:\jppdv.exec:\jppdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\lfrfllr.exec:\lfrfllr.exe17⤵
- Executes dropped EXE
PID:2624 -
\??\c:\rfllrrx.exec:\rfllrrx.exe18⤵
- Executes dropped EXE
PID:2680 -
\??\c:\tbtbnt.exec:\tbtbnt.exe19⤵
- Executes dropped EXE
PID:2820 -
\??\c:\bnbhbn.exec:\bnbhbn.exe20⤵
- Executes dropped EXE
PID:2000 -
\??\c:\vdvvv.exec:\vdvvv.exe21⤵
- Executes dropped EXE
PID:832 -
\??\c:\pdpvj.exec:\pdpvj.exe22⤵
- Executes dropped EXE
PID:1956 -
\??\c:\xlflxll.exec:\xlflxll.exe23⤵
- Executes dropped EXE
PID:2900 -
\??\c:\bthntt.exec:\bthntt.exe24⤵
- Executes dropped EXE
PID:1212 -
\??\c:\vjvvv.exec:\vjvvv.exe25⤵
- Executes dropped EXE
PID:504 -
\??\c:\5pdjj.exec:\5pdjj.exe26⤵
- Executes dropped EXE
PID:1476 -
\??\c:\lrxlfrr.exec:\lrxlfrr.exe27⤵
- Executes dropped EXE
PID:1960 -
\??\c:\httbnh.exec:\httbnh.exe28⤵
- Executes dropped EXE
PID:952 -
\??\c:\pjjdd.exec:\pjjdd.exe29⤵
- Executes dropped EXE
PID:1060 -
\??\c:\vvvjj.exec:\vvvjj.exe30⤵
- Executes dropped EXE
PID:2268 -
\??\c:\lfrxrxx.exec:\lfrxrxx.exe31⤵
- Executes dropped EXE
PID:1800 -
\??\c:\btntbb.exec:\btntbb.exe32⤵
- Executes dropped EXE
PID:1160 -
\??\c:\nhhnbn.exec:\nhhnbn.exe33⤵
- Executes dropped EXE
PID:1804 -
\??\c:\1xllrxf.exec:\1xllrxf.exe34⤵
- Executes dropped EXE
PID:320 -
\??\c:\nhthtn.exec:\nhthtn.exe35⤵
- Executes dropped EXE
PID:2944 -
\??\c:\nhtbbh.exec:\nhtbbh.exe36⤵
- Executes dropped EXE
PID:3056 -
\??\c:\ddvdp.exec:\ddvdp.exe37⤵
- Executes dropped EXE
PID:2948 -
\??\c:\jdvpd.exec:\jdvpd.exe38⤵
- Executes dropped EXE
PID:2188 -
\??\c:\7rllffr.exec:\7rllffr.exe39⤵
- Executes dropped EXE
PID:2376 -
\??\c:\rrlfxfr.exec:\rrlfxfr.exe40⤵
- Executes dropped EXE
PID:2684 -
\??\c:\ttnhhh.exec:\ttnhhh.exe41⤵
- Executes dropped EXE
PID:2560 -
\??\c:\tnhhnn.exec:\tnhhnn.exe42⤵
- Executes dropped EXE
PID:2556 -
\??\c:\vvdvp.exec:\vvdvp.exe43⤵
- Executes dropped EXE
PID:2456 -
\??\c:\dddjp.exec:\dddjp.exe44⤵
- Executes dropped EXE
PID:2472 -
\??\c:\7rfffff.exec:\7rfffff.exe45⤵
- Executes dropped EXE
PID:1976 -
\??\c:\flxffff.exec:\flxffff.exe46⤵
- Executes dropped EXE
PID:2980 -
\??\c:\hthhtn.exec:\hthhtn.exe47⤵
- Executes dropped EXE
PID:1660 -
\??\c:\3bthtb.exec:\3bthtb.exe48⤵
- Executes dropped EXE
PID:2856 -
\??\c:\vvvdd.exec:\vvvdd.exe49⤵
- Executes dropped EXE
PID:2712 -
\??\c:\7rlrxlx.exec:\7rlrxlx.exe50⤵
- Executes dropped EXE
PID:2988 -
\??\c:\3frrffr.exec:\3frrffr.exe51⤵
- Executes dropped EXE
PID:2960 -
\??\c:\1nbbnt.exec:\1nbbnt.exe52⤵
- Executes dropped EXE
PID:2320 -
\??\c:\nhhhtb.exec:\nhhhtb.exe53⤵
- Executes dropped EXE
PID:2772 -
\??\c:\dvpvd.exec:\dvpvd.exe54⤵
- Executes dropped EXE
PID:2652 -
\??\c:\dvjdp.exec:\dvjdp.exe55⤵
- Executes dropped EXE
PID:2448 -
\??\c:\7fflrrx.exec:\7fflrrx.exe56⤵
- Executes dropped EXE
PID:2768 -
\??\c:\xfxfrrl.exec:\xfxfrrl.exe57⤵
- Executes dropped EXE
PID:1408 -
\??\c:\htbthn.exec:\htbthn.exe58⤵
- Executes dropped EXE
PID:2100 -
\??\c:\bbhhth.exec:\bbhhth.exe59⤵
- Executes dropped EXE
PID:1244 -
\??\c:\jvddj.exec:\jvddj.exe60⤵
- Executes dropped EXE
PID:2740 -
\??\c:\pjpjv.exec:\pjpjv.exe61⤵
- Executes dropped EXE
PID:1956 -
\??\c:\llxlxlx.exec:\llxlxlx.exe62⤵
- Executes dropped EXE
PID:2724 -
\??\c:\lxrxxxl.exec:\lxrxxxl.exe63⤵
- Executes dropped EXE
PID:776 -
\??\c:\rxrflff.exec:\rxrflff.exe64⤵
- Executes dropped EXE
PID:784 -
\??\c:\tnbnbt.exec:\tnbnbt.exe65⤵
- Executes dropped EXE
PID:1644 -
\??\c:\jdjvd.exec:\jdjvd.exe66⤵PID:1668
-
\??\c:\5jvdj.exec:\5jvdj.exe67⤵PID:1552
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe68⤵PID:2288
-
\??\c:\xlxxrrf.exec:\xlxxrrf.exe69⤵PID:1792
-
\??\c:\bthbnb.exec:\bthbnb.exe70⤵PID:2112
-
\??\c:\tnnbbt.exec:\tnnbbt.exe71⤵PID:1756
-
\??\c:\pjvvd.exec:\pjvvd.exe72⤵PID:1256
-
\??\c:\5pdjp.exec:\5pdjp.exe73⤵PID:1160
-
\??\c:\fxlfffr.exec:\fxlfffr.exe74⤵PID:1852
-
\??\c:\fxrxxxr.exec:\fxrxxxr.exe75⤵PID:2228
-
\??\c:\bnnhnh.exec:\bnnhnh.exe76⤵PID:1812
-
\??\c:\nnhthn.exec:\nnhthn.exe77⤵PID:2876
-
\??\c:\pjjjj.exec:\pjjjj.exe78⤵PID:1708
-
\??\c:\vjjpv.exec:\vjjpv.exe79⤵PID:2872
-
\??\c:\llxlxfr.exec:\llxlxfr.exe80⤵PID:1396
-
\??\c:\tnbtbb.exec:\tnbtbb.exe81⤵PID:2632
-
\??\c:\hthhbb.exec:\hthhbb.exe82⤵PID:2552
-
\??\c:\ppvdj.exec:\ppvdj.exe83⤵PID:2684
-
\??\c:\pppvd.exec:\pppvd.exe84⤵PID:2544
-
\??\c:\xrlfflr.exec:\xrlfflr.exe85⤵PID:2564
-
\??\c:\rfrxxrl.exec:\rfrxxrl.exe86⤵PID:2432
-
\??\c:\hhbhhh.exec:\hhbhhh.exe87⤵PID:596
-
\??\c:\hthbnb.exec:\hthbnb.exe88⤵PID:1976
-
\??\c:\vjjdv.exec:\vjjdv.exe89⤵PID:2992
-
\??\c:\dvpvd.exec:\dvpvd.exe90⤵PID:2380
-
\??\c:\5rfxllr.exec:\5rfxllr.exe91⤵PID:2460
-
\??\c:\htnhhn.exec:\htnhhn.exe92⤵PID:3024
-
\??\c:\1tttnb.exec:\1tttnb.exe93⤵PID:2604
-
\??\c:\ppddv.exec:\ppddv.exe94⤵PID:1560
-
\??\c:\1pdpd.exec:\1pdpd.exe95⤵PID:1440
-
\??\c:\ffxfrrx.exec:\ffxfrrx.exe96⤵PID:2744
-
\??\c:\lffrlxf.exec:\lffrlxf.exe97⤵PID:2104
-
\??\c:\1btbnn.exec:\1btbnn.exe98⤵PID:1628
-
\??\c:\1tbhhn.exec:\1tbhhn.exe99⤵PID:1200
-
\??\c:\jvjpp.exec:\jvjpp.exe100⤵PID:2768
-
\??\c:\1jvvv.exec:\1jvvv.exe101⤵PID:1408
-
\??\c:\3lxrffr.exec:\3lxrffr.exe102⤵PID:2100
-
\??\c:\1xlrrll.exec:\1xlrrll.exe103⤵PID:2908
-
\??\c:\tnnhtb.exec:\tnnhtb.exe104⤵PID:2740
-
\??\c:\ttthht.exec:\ttthht.exe105⤵PID:1956
-
\??\c:\pddvd.exec:\pddvd.exe106⤵PID:1212
-
\??\c:\5vjvp.exec:\5vjvp.exe107⤵PID:2784
-
\??\c:\xfxfflx.exec:\xfxfflx.exe108⤵PID:2596
-
\??\c:\9xflflr.exec:\9xflflr.exe109⤵PID:584
-
\??\c:\bnnnhb.exec:\bnnnhb.exe110⤵PID:1748
-
\??\c:\9ddvd.exec:\9ddvd.exe111⤵PID:1668
-
\??\c:\1jvjv.exec:\1jvjv.exe112⤵PID:1552
-
\??\c:\vpddj.exec:\vpddj.exe113⤵PID:1060
-
\??\c:\xrfxxlx.exec:\xrfxxlx.exe114⤵PID:2224
-
\??\c:\fxfrlxr.exec:\fxfrlxr.exe115⤵PID:656
-
\??\c:\bnbbbt.exec:\bnbbbt.exe116⤵PID:2204
-
\??\c:\vvvpv.exec:\vvvpv.exe117⤵PID:2776
-
\??\c:\tnttbb.exec:\tnttbb.exe118⤵PID:1908
-
\??\c:\jvjvv.exec:\jvjvv.exe119⤵PID:1304
-
\??\c:\pvvdj.exec:\pvvdj.exe120⤵PID:2952
-
\??\c:\xxfxxll.exec:\xxfxxll.exe121⤵PID:2488
-
\??\c:\pdpdj.exec:\pdpdj.exe122⤵PID:3060
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-