Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 14:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe
Resource
win7-20240419-en
5 signatures
150 seconds
General
-
Target
afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe
-
Size
361KB
-
MD5
afe28056f55dd4f1e11f35c480fbda80
-
SHA1
a4496308721e9b7e0b063edc1ef2ee360b6ca8a0
-
SHA256
933626561162358c827f5a4f06ce06b7a37418bf0314152aba73d055400f61d0
-
SHA512
535e636f1b11483e0942755a80c4be9b68df533ed6b0bef92c7d2bcfd695d6681cd0afcf3ffab6b4288d9f63e4de8a8ecb8f11340770e09eb72790e7838687ac
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7g:n3C9uYA71kSMu08px7g
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral1/memory/2660-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1784-9-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2660-22-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2096-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2672-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2636-50-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2636-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2616-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2468-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2904-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2528-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1408-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2772-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1248-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1744-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/268-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1968-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1372-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1260-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2372-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1092-213-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/840-222-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1316-240-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2144-249-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2660 llxfxfr.exe 2096 bhhthn.exe 2672 fflrffl.exe 2636 5bttnn.exe 2596 xllrxlr.exe 2616 dpvdd.exe 2468 tnbnbn.exe 2904 vpdvv.exe 2528 ffxlflx.exe 1408 1vdpj.exe 2772 nbnttn.exe 1248 pddjp.exe 1744 7btbhn.exe 268 vpjjd.exe 1968 1fxllrx.exe 1624 5bnhbn.exe 1372 1jjpp.exe 1260 flfxrlf.exe 2372 jpvvd.exe 476 hnhnhh.exe 1092 5fxlxrf.exe 840 bbbnbb.exe 976 5pvdv.exe 1316 flfxxlr.exe 2144 vpddp.exe 1772 nnbhth.exe 2308 vdjjp.exe 656 xrxxxll.exe 2264 jdvvd.exe 2948 xfrrlll.exe 2992 nhnhtb.exe 2072 jvdpj.exe 2156 rrlxlrf.exe 2812 3bhnbb.exe 2092 pjppd.exe 2968 lrxxlff.exe 2608 3hnthn.exe 2704 vvpjp.exe 2828 3rllrrx.exe 2824 7ttnnn.exe 2508 ttbnnt.exe 2592 1jpdp.exe 2496 lffrxxf.exe 2492 fxrrlrl.exe 2120 nnnbnt.exe 2912 pvvvp.exe 2528 vvdjv.exe 2764 lfrrxfr.exe 2804 7btnhn.exe 1740 pvpvj.exe 2260 pvppp.exe 1924 fflrxfr.exe 1928 5hbbth.exe 2792 vjdjd.exe 756 pppvp.exe 1624 rllllrf.exe 2060 bnbtth.exe 2340 1pjjd.exe 2196 rrrfrfx.exe 1456 thhbtb.exe 1340 ddjdj.exe 1780 1xxrfrl.exe 740 5tthnn.exe 752 vvdpv.exe -
resource yara_rule behavioral1/memory/2660-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2660-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2660-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1784-9-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2660-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2672-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2468-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2904-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1408-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1248-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1744-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/268-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1968-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1372-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1260-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2372-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1092-213-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/840-222-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1316-240-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2144-249-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1784 wrote to memory of 2660 1784 afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe 28 PID 1784 wrote to memory of 2660 1784 afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe 28 PID 1784 wrote to memory of 2660 1784 afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe 28 PID 1784 wrote to memory of 2660 1784 afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe 28 PID 2660 wrote to memory of 2096 2660 llxfxfr.exe 29 PID 2660 wrote to memory of 2096 2660 llxfxfr.exe 29 PID 2660 wrote to memory of 2096 2660 llxfxfr.exe 29 PID 2660 wrote to memory of 2096 2660 llxfxfr.exe 29 PID 2096 wrote to memory of 2672 2096 bhhthn.exe 30 PID 2096 wrote to memory of 2672 2096 bhhthn.exe 30 PID 2096 wrote to memory of 2672 2096 bhhthn.exe 30 PID 2096 wrote to memory of 2672 2096 bhhthn.exe 30 PID 2672 wrote to memory of 2636 2672 fflrffl.exe 31 PID 2672 wrote to memory of 2636 2672 fflrffl.exe 31 PID 2672 wrote to memory of 2636 2672 fflrffl.exe 31 PID 2672 wrote to memory of 2636 2672 fflrffl.exe 31 PID 2636 wrote to memory of 2596 2636 5bttnn.exe 32 PID 2636 wrote to memory of 2596 2636 5bttnn.exe 32 PID 2636 wrote to memory of 2596 2636 5bttnn.exe 32 PID 2636 wrote to memory of 2596 2636 5bttnn.exe 32 PID 2596 wrote to memory of 2616 2596 xllrxlr.exe 33 PID 2596 wrote to memory of 2616 2596 xllrxlr.exe 33 PID 2596 wrote to memory of 2616 2596 xllrxlr.exe 33 PID 2596 wrote to memory of 2616 2596 xllrxlr.exe 33 PID 2616 wrote to memory of 2468 2616 dpvdd.exe 34 PID 2616 wrote to memory of 2468 2616 dpvdd.exe 34 PID 2616 wrote to memory of 2468 2616 dpvdd.exe 34 PID 2616 wrote to memory of 2468 2616 dpvdd.exe 34 PID 2468 wrote to memory of 2904 2468 tnbnbn.exe 35 PID 2468 wrote to memory of 2904 2468 tnbnbn.exe 35 PID 2468 wrote to memory of 2904 2468 tnbnbn.exe 35 PID 2468 wrote to memory of 2904 2468 tnbnbn.exe 35 PID 2904 wrote to memory of 2528 2904 vpdvv.exe 36 PID 2904 wrote to memory of 2528 2904 vpdvv.exe 36 PID 2904 wrote to memory of 2528 2904 vpdvv.exe 36 PID 2904 wrote to memory of 2528 2904 vpdvv.exe 36 PID 2528 wrote to memory of 1408 2528 ffxlflx.exe 37 PID 2528 wrote to memory of 1408 2528 ffxlflx.exe 37 PID 2528 wrote to memory of 1408 2528 ffxlflx.exe 37 PID 2528 wrote to memory of 1408 2528 ffxlflx.exe 37 PID 1408 wrote to memory of 2772 1408 1vdpj.exe 38 PID 1408 wrote to memory of 2772 1408 1vdpj.exe 38 PID 1408 wrote to memory of 2772 1408 1vdpj.exe 38 PID 1408 wrote to memory of 2772 1408 1vdpj.exe 38 PID 2772 wrote to memory of 1248 2772 nbnttn.exe 39 PID 2772 wrote to memory of 1248 2772 nbnttn.exe 39 PID 2772 wrote to memory of 1248 2772 nbnttn.exe 39 PID 2772 wrote to memory of 1248 2772 nbnttn.exe 39 PID 1248 wrote to memory of 1744 1248 pddjp.exe 40 PID 1248 wrote to memory of 1744 1248 pddjp.exe 40 PID 1248 wrote to memory of 1744 1248 pddjp.exe 40 PID 1248 wrote to memory of 1744 1248 pddjp.exe 40 PID 1744 wrote to memory of 268 1744 7btbhn.exe 41 PID 1744 wrote to memory of 268 1744 7btbhn.exe 41 PID 1744 wrote to memory of 268 1744 7btbhn.exe 41 PID 1744 wrote to memory of 268 1744 7btbhn.exe 41 PID 268 wrote to memory of 1968 268 vpjjd.exe 42 PID 268 wrote to memory of 1968 268 vpjjd.exe 42 PID 268 wrote to memory of 1968 268 vpjjd.exe 42 PID 268 wrote to memory of 1968 268 vpjjd.exe 42 PID 1968 wrote to memory of 1624 1968 1fxllrx.exe 43 PID 1968 wrote to memory of 1624 1968 1fxllrx.exe 43 PID 1968 wrote to memory of 1624 1968 1fxllrx.exe 43 PID 1968 wrote to memory of 1624 1968 1fxllrx.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1784 -
\??\c:\llxfxfr.exec:\llxfxfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2660 -
\??\c:\bhhthn.exec:\bhhthn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2096 -
\??\c:\fflrffl.exec:\fflrffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2672 -
\??\c:\5bttnn.exec:\5bttnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2636 -
\??\c:\xllrxlr.exec:\xllrxlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\dpvdd.exec:\dpvdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\tnbnbn.exec:\tnbnbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\vpdvv.exec:\vpdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2904 -
\??\c:\ffxlflx.exec:\ffxlflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\1vdpj.exec:\1vdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1408 -
\??\c:\nbnttn.exec:\nbnttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\pddjp.exec:\pddjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1248 -
\??\c:\7btbhn.exec:\7btbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1744 -
\??\c:\vpjjd.exec:\vpjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:268 -
\??\c:\1fxllrx.exec:\1fxllrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1968 -
\??\c:\5bnhbn.exec:\5bnhbn.exe17⤵
- Executes dropped EXE
PID:1624 -
\??\c:\1jjpp.exec:\1jjpp.exe18⤵
- Executes dropped EXE
PID:1372 -
\??\c:\flfxrlf.exec:\flfxrlf.exe19⤵
- Executes dropped EXE
PID:1260 -
\??\c:\jpvvd.exec:\jpvvd.exe20⤵
- Executes dropped EXE
PID:2372 -
\??\c:\hnhnhh.exec:\hnhnhh.exe21⤵
- Executes dropped EXE
PID:476 -
\??\c:\5fxlxrf.exec:\5fxlxrf.exe22⤵
- Executes dropped EXE
PID:1092 -
\??\c:\bbbnbb.exec:\bbbnbb.exe23⤵
- Executes dropped EXE
PID:840 -
\??\c:\5pvdv.exec:\5pvdv.exe24⤵
- Executes dropped EXE
PID:976 -
\??\c:\flfxxlr.exec:\flfxxlr.exe25⤵
- Executes dropped EXE
PID:1316 -
\??\c:\vpddp.exec:\vpddp.exe26⤵
- Executes dropped EXE
PID:2144 -
\??\c:\nnbhth.exec:\nnbhth.exe27⤵
- Executes dropped EXE
PID:1772 -
\??\c:\vdjjp.exec:\vdjjp.exe28⤵
- Executes dropped EXE
PID:2308 -
\??\c:\xrxxxll.exec:\xrxxxll.exe29⤵
- Executes dropped EXE
PID:656 -
\??\c:\jdvvd.exec:\jdvvd.exe30⤵
- Executes dropped EXE
PID:2264 -
\??\c:\xfrrlll.exec:\xfrrlll.exe31⤵
- Executes dropped EXE
PID:2948 -
\??\c:\nhnhtb.exec:\nhnhtb.exe32⤵
- Executes dropped EXE
PID:2992 -
\??\c:\jvdpj.exec:\jvdpj.exe33⤵
- Executes dropped EXE
PID:2072 -
\??\c:\rrlxlrf.exec:\rrlxlrf.exe34⤵
- Executes dropped EXE
PID:2156 -
\??\c:\3bhnbb.exec:\3bhnbb.exe35⤵
- Executes dropped EXE
PID:2812 -
\??\c:\pjppd.exec:\pjppd.exe36⤵
- Executes dropped EXE
PID:2092 -
\??\c:\lrxxlff.exec:\lrxxlff.exe37⤵
- Executes dropped EXE
PID:2968 -
\??\c:\3hnthn.exec:\3hnthn.exe38⤵
- Executes dropped EXE
PID:2608 -
\??\c:\vvpjp.exec:\vvpjp.exe39⤵
- Executes dropped EXE
PID:2704 -
\??\c:\3rllrrx.exec:\3rllrrx.exe40⤵
- Executes dropped EXE
PID:2828 -
\??\c:\7ttnnn.exec:\7ttnnn.exe41⤵
- Executes dropped EXE
PID:2824 -
\??\c:\ttbnnt.exec:\ttbnnt.exe42⤵
- Executes dropped EXE
PID:2508 -
\??\c:\1jpdp.exec:\1jpdp.exe43⤵
- Executes dropped EXE
PID:2592 -
\??\c:\lffrxxf.exec:\lffrxxf.exe44⤵
- Executes dropped EXE
PID:2496 -
\??\c:\fxrrlrl.exec:\fxrrlrl.exe45⤵
- Executes dropped EXE
PID:2492 -
\??\c:\nnnbnt.exec:\nnnbnt.exe46⤵
- Executes dropped EXE
PID:2120 -
\??\c:\pvvvp.exec:\pvvvp.exe47⤵
- Executes dropped EXE
PID:2912 -
\??\c:\vvdjv.exec:\vvdjv.exe48⤵
- Executes dropped EXE
PID:2528 -
\??\c:\lfrrxfr.exec:\lfrrxfr.exe49⤵
- Executes dropped EXE
PID:2764 -
\??\c:\7btnhn.exec:\7btnhn.exe50⤵
- Executes dropped EXE
PID:2804 -
\??\c:\pvpvj.exec:\pvpvj.exe51⤵
- Executes dropped EXE
PID:1740 -
\??\c:\pvppp.exec:\pvppp.exe52⤵
- Executes dropped EXE
PID:2260 -
\??\c:\fflrxfr.exec:\fflrxfr.exe53⤵
- Executes dropped EXE
PID:1924 -
\??\c:\5hbbth.exec:\5hbbth.exe54⤵
- Executes dropped EXE
PID:1928 -
\??\c:\vjdjd.exec:\vjdjd.exe55⤵
- Executes dropped EXE
PID:2792 -
\??\c:\pppvp.exec:\pppvp.exe56⤵
- Executes dropped EXE
PID:756 -
\??\c:\rllllrf.exec:\rllllrf.exe57⤵
- Executes dropped EXE
PID:1624 -
\??\c:\bnbtth.exec:\bnbtth.exe58⤵
- Executes dropped EXE
PID:2060 -
\??\c:\1pjjd.exec:\1pjjd.exe59⤵
- Executes dropped EXE
PID:2340 -
\??\c:\rrrfrfx.exec:\rrrfrfx.exe60⤵
- Executes dropped EXE
PID:2196 -
\??\c:\thhbtb.exec:\thhbtb.exe61⤵
- Executes dropped EXE
PID:1456 -
\??\c:\ddjdj.exec:\ddjdj.exe62⤵
- Executes dropped EXE
PID:1340 -
\??\c:\1xxrfrl.exec:\1xxrfrl.exe63⤵
- Executes dropped EXE
PID:1780 -
\??\c:\5tthnn.exec:\5tthnn.exe64⤵
- Executes dropped EXE
PID:740 -
\??\c:\vvdpv.exec:\vvdpv.exe65⤵
- Executes dropped EXE
PID:752 -
\??\c:\ttnnnn.exec:\ttnnnn.exe66⤵PID:3064
-
\??\c:\pvdjj.exec:\pvdjj.exe67⤵PID:1756
-
\??\c:\rrfrrlf.exec:\rrfrrlf.exe68⤵PID:1368
-
\??\c:\tnnbnh.exec:\tnnbnh.exe69⤵PID:944
-
\??\c:\ddpvv.exec:\ddpvv.exe70⤵PID:688
-
\??\c:\llflffr.exec:\llflffr.exe71⤵PID:1028
-
\??\c:\bbbhbn.exec:\bbbhbn.exe72⤵PID:1496
-
\??\c:\hnhtht.exec:\hnhtht.exe73⤵PID:1640
-
\??\c:\vpddj.exec:\vpddj.exe74⤵PID:2952
-
\??\c:\fxlrlfr.exec:\fxlrlfr.exe75⤵PID:2992
-
\??\c:\bnnnnn.exec:\bnnnnn.exe76⤵PID:2268
-
\??\c:\ddjdd.exec:\ddjdd.exe77⤵PID:1628
-
\??\c:\dvddv.exec:\dvddv.exe78⤵PID:3004
-
\??\c:\lxrfxfx.exec:\lxrfxfx.exe79⤵PID:2984
-
\??\c:\3ntbhn.exec:\3ntbhn.exe80⤵PID:2620
-
\??\c:\pjvdp.exec:\pjvdp.exe81⤵PID:2096
-
\??\c:\5fxxflx.exec:\5fxxflx.exe82⤵PID:2676
-
\??\c:\xxrrflr.exec:\xxrrflr.exe83⤵PID:3028
-
\??\c:\hthtnb.exec:\hthtnb.exe84⤵PID:2636
-
\??\c:\pjddp.exec:\pjddp.exe85⤵PID:2640
-
\??\c:\xrfxlrf.exec:\xrfxlrf.exe86⤵PID:2480
-
\??\c:\ffxrllr.exec:\ffxrllr.exe87⤵PID:2552
-
\??\c:\bthnhn.exec:\bthnhn.exe88⤵PID:2996
-
\??\c:\ppppj.exec:\ppppj.exe89⤵PID:760
-
\??\c:\llffllr.exec:\llffllr.exe90⤵PID:1140
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe91⤵PID:2712
-
\??\c:\nbbtbb.exec:\nbbtbb.exe92⤵PID:2796
-
\??\c:\tbhhbh.exec:\tbhhbh.exe93⤵PID:1256
-
\??\c:\5vddp.exec:\5vddp.exe94⤵PID:1644
-
\??\c:\xfrllxr.exec:\xfrllxr.exe95⤵PID:344
-
\??\c:\9lxfrxl.exec:\9lxfrxl.exe96⤵PID:1844
-
\??\c:\9nbhtb.exec:\9nbhtb.exe97⤵PID:1532
-
\??\c:\bthtbb.exec:\bthtbb.exe98⤵PID:1516
-
\??\c:\1vvvj.exec:\1vvvj.exe99⤵PID:2520
-
\??\c:\1xrrxfl.exec:\1xrrxfl.exe100⤵PID:1288
-
\??\c:\nnbbnn.exec:\nnbbnn.exe101⤵PID:2180
-
\??\c:\5ntttt.exec:\5ntttt.exe102⤵PID:1232
-
\??\c:\dpdjd.exec:\dpdjd.exe103⤵PID:2372
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe104⤵PID:476
-
\??\c:\tnbttb.exec:\tnbttb.exe105⤵PID:1876
-
\??\c:\bnbtbh.exec:\bnbtbh.exe106⤵PID:2472
-
\??\c:\vjjjd.exec:\vjjjd.exe107⤵PID:604
-
\??\c:\lffxrxl.exec:\lffxrxl.exe108⤵PID:2440
-
\??\c:\5nhtbb.exec:\5nhtbb.exe109⤵PID:1660
-
\??\c:\dpvvv.exec:\dpvvv.exe110⤵PID:1328
-
\??\c:\5pjvv.exec:\5pjvv.exe111⤵PID:1268
-
\??\c:\ffrfrxl.exec:\ffrfrxl.exe112⤵PID:896
-
\??\c:\bttbth.exec:\bttbth.exe113⤵PID:3040
-
\??\c:\ddjjd.exec:\ddjjd.exe114⤵PID:2172
-
\??\c:\vpdvp.exec:\vpdvp.exe115⤵PID:2864
-
\??\c:\fxxrflr.exec:\fxxrflr.exe116⤵PID:1688
-
\??\c:\7thhtb.exec:\7thhtb.exe117⤵PID:2252
-
\??\c:\3pjpv.exec:\3pjpv.exe118⤵PID:2016
-
\??\c:\jjjdd.exec:\jjjdd.exe119⤵PID:1704
-
\??\c:\lrfrfrx.exec:\lrfrfrx.exe120⤵PID:3012
-
\??\c:\nhbhnt.exec:\nhbhnt.exe121⤵PID:3020
-
\??\c:\vvpdv.exec:\vvpdv.exe122⤵PID:2092
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-