Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
17-05-2024 08:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe
Resource
win7-20240220-en
windows7-x64
5 signatures
150 seconds
General
-
Target
e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe
-
Size
55KB
-
MD5
e3000c3bc8bbfcfb55805798941c7740
-
SHA1
f940b211506f5544ff4596b4d26bc072514a5d2c
-
SHA256
4376142565c00224235cd3b0bb957096e6bd87c393a106f0056d187678f22ced
-
SHA512
23e9f11a69a456f26be6a4831ccf79168558f3e2e45cf8455ae1553f56450ee407baf5b48efb35be27b96f2d1420ac22d5f6da3e1f1a1f31570c1730ed21694c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFt:ymb3NkkiQ3mdBjFIFt
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/2768-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1740-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2480-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2584-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2520-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2692-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2556-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2404-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2440-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1648-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1248-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2168-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/320-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1564-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/812-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2872-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/692-220-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1732-237-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/912-246-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2964-264-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/776-282-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2976-291-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/888-300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1740 3ntttt.exe 2480 1pvvv.exe 2584 ffrxlfl.exe 2520 hbhnnt.exe 2692 hbnntt.exe 2556 pjdjp.exe 2404 1vvpp.exe 2440 rlxxxfl.exe 1648 hbnttt.exe 1248 bthttb.exe 2660 jjjpv.exe 1584 jdjpp.exe 2168 fxrflrf.exe 320 ffflxlf.exe 1564 9bhbth.exe 812 3bnhbh.exe 2036 9vppd.exe 2852 frlfffl.exe 2872 fxfffff.exe 1884 bttbhn.exe 2112 1jvdp.exe 692 7jjdp.exe 1396 xlfrffl.exe 1732 frllrrr.exe 912 bhbhnt.exe 896 1jvvd.exe 2964 ddjpv.exe 1704 xrrrrxf.exe 776 llxffrx.exe 2976 hthbbt.exe 888 dvvvj.exe 2812 jvdvd.exe 2188 fxlxflx.exe 2780 nbnhnn.exe 2600 bthhhb.exe 2616 7vppp.exe 2540 dpdjp.exe 2516 rlfxffx.exe 2504 3xxfrrr.exe 2704 nhtbhh.exe 2460 tthhtb.exe 2384 vpjpv.exe 2452 vpdpv.exe 2140 vdddv.exe 1656 3xlfrfr.exe 2364 fxxfllr.exe 840 1bbhtb.exe 1596 jpdvd.exe 108 jddpj.exe 764 9jvvj.exe 320 rlxfffl.exe 2308 xrxxfxx.exe 1520 tntthn.exe 2028 7tnntb.exe 2848 pdpjj.exe 2760 ddvpd.exe 2128 lllrrff.exe 2120 3fffrfr.exe 788 htnbnn.exe 1100 7pjjj.exe 1028 3lflfxr.exe 1172 xfrrxfr.exe 2672 nbnbbn.exe 1464 tbbtnt.exe -
resource yara_rule behavioral1/memory/2768-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1740-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1740-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2584-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2520-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2520-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2404-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2440-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1648-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1248-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2168-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/320-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1564-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/812-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2872-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/692-220-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1732-237-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/912-246-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2964-264-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/776-282-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2976-291-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/888-300-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2768 wrote to memory of 1740 2768 e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe 28 PID 2768 wrote to memory of 1740 2768 e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe 28 PID 2768 wrote to memory of 1740 2768 e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe 28 PID 2768 wrote to memory of 1740 2768 e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe 28 PID 1740 wrote to memory of 2480 1740 3ntttt.exe 29 PID 1740 wrote to memory of 2480 1740 3ntttt.exe 29 PID 1740 wrote to memory of 2480 1740 3ntttt.exe 29 PID 1740 wrote to memory of 2480 1740 3ntttt.exe 29 PID 2480 wrote to memory of 2584 2480 1pvvv.exe 30 PID 2480 wrote to memory of 2584 2480 1pvvv.exe 30 PID 2480 wrote to memory of 2584 2480 1pvvv.exe 30 PID 2480 wrote to memory of 2584 2480 1pvvv.exe 30 PID 2584 wrote to memory of 2520 2584 ffrxlfl.exe 31 PID 2584 wrote to memory of 2520 2584 ffrxlfl.exe 31 PID 2584 wrote to memory of 2520 2584 ffrxlfl.exe 31 PID 2584 wrote to memory of 2520 2584 ffrxlfl.exe 31 PID 2520 wrote to memory of 2692 2520 hbhnnt.exe 32 PID 2520 wrote to memory of 2692 2520 hbhnnt.exe 32 PID 2520 wrote to memory of 2692 2520 hbhnnt.exe 32 PID 2520 wrote to memory of 2692 2520 hbhnnt.exe 32 PID 2692 wrote to memory of 2556 2692 hbnntt.exe 33 PID 2692 wrote to memory of 2556 2692 hbnntt.exe 33 PID 2692 wrote to memory of 2556 2692 hbnntt.exe 33 PID 2692 wrote to memory of 2556 2692 hbnntt.exe 33 PID 2556 wrote to memory of 2404 2556 pjdjp.exe 34 PID 2556 wrote to memory of 2404 2556 pjdjp.exe 34 PID 2556 wrote to memory of 2404 2556 pjdjp.exe 34 PID 2556 wrote to memory of 2404 2556 pjdjp.exe 34 PID 2404 wrote to memory of 2440 2404 1vvpp.exe 35 PID 2404 wrote to memory of 2440 2404 1vvpp.exe 35 PID 2404 wrote to memory of 2440 2404 1vvpp.exe 35 PID 2404 wrote to memory of 2440 2404 1vvpp.exe 35 PID 2440 wrote to memory of 1648 2440 rlxxxfl.exe 36 PID 2440 wrote to memory of 1648 2440 rlxxxfl.exe 36 PID 2440 wrote to memory of 1648 2440 rlxxxfl.exe 36 PID 2440 wrote to memory of 1648 2440 rlxxxfl.exe 36 PID 1648 wrote to memory of 1248 1648 hbnttt.exe 37 PID 1648 wrote to memory of 1248 1648 hbnttt.exe 37 PID 1648 wrote to memory of 1248 1648 hbnttt.exe 37 PID 1648 wrote to memory of 1248 1648 hbnttt.exe 37 PID 1248 wrote to memory of 2660 1248 bthttb.exe 38 PID 1248 wrote to memory of 2660 1248 bthttb.exe 38 PID 1248 wrote to memory of 2660 1248 bthttb.exe 38 PID 1248 wrote to memory of 2660 1248 bthttb.exe 38 PID 2660 wrote to memory of 1584 2660 jjjpv.exe 39 PID 2660 wrote to memory of 1584 2660 jjjpv.exe 39 PID 2660 wrote to memory of 1584 2660 jjjpv.exe 39 PID 2660 wrote to memory of 1584 2660 jjjpv.exe 39 PID 1584 wrote to memory of 2168 1584 jdjpp.exe 40 PID 1584 wrote to memory of 2168 1584 jdjpp.exe 40 PID 1584 wrote to memory of 2168 1584 jdjpp.exe 40 PID 1584 wrote to memory of 2168 1584 jdjpp.exe 40 PID 2168 wrote to memory of 320 2168 fxrflrf.exe 41 PID 2168 wrote to memory of 320 2168 fxrflrf.exe 41 PID 2168 wrote to memory of 320 2168 fxrflrf.exe 41 PID 2168 wrote to memory of 320 2168 fxrflrf.exe 41 PID 320 wrote to memory of 1564 320 ffflxlf.exe 42 PID 320 wrote to memory of 1564 320 ffflxlf.exe 42 PID 320 wrote to memory of 1564 320 ffflxlf.exe 42 PID 320 wrote to memory of 1564 320 ffflxlf.exe 42 PID 1564 wrote to memory of 812 1564 9bhbth.exe 43 PID 1564 wrote to memory of 812 1564 9bhbth.exe 43 PID 1564 wrote to memory of 812 1564 9bhbth.exe 43 PID 1564 wrote to memory of 812 1564 9bhbth.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2768 -
\??\c:\3ntttt.exec:\3ntttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1740 -
\??\c:\1pvvv.exec:\1pvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\ffrxlfl.exec:\ffrxlfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\hbhnnt.exec:\hbhnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\hbnntt.exec:\hbnntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\pjdjp.exec:\pjdjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2556 -
\??\c:\1vvpp.exec:\1vvpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\rlxxxfl.exec:\rlxxxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2440 -
\??\c:\hbnttt.exec:\hbnttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1648 -
\??\c:\bthttb.exec:\bthttb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1248 -
\??\c:\jjjpv.exec:\jjjpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2660 -
\??\c:\jdjpp.exec:\jdjpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\fxrflrf.exec:\fxrflrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2168 -
\??\c:\ffflxlf.exec:\ffflxlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:320 -
\??\c:\9bhbth.exec:\9bhbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\3bnhbh.exec:\3bnhbh.exe17⤵
- Executes dropped EXE
PID:812 -
\??\c:\9vppd.exec:\9vppd.exe18⤵
- Executes dropped EXE
PID:2036 -
\??\c:\frlfffl.exec:\frlfffl.exe19⤵
- Executes dropped EXE
PID:2852 -
\??\c:\fxfffff.exec:\fxfffff.exe20⤵
- Executes dropped EXE
PID:2872 -
\??\c:\bttbhn.exec:\bttbhn.exe21⤵
- Executes dropped EXE
PID:1884 -
\??\c:\1jvdp.exec:\1jvdp.exe22⤵
- Executes dropped EXE
PID:2112 -
\??\c:\7jjdp.exec:\7jjdp.exe23⤵
- Executes dropped EXE
PID:692 -
\??\c:\xlfrffl.exec:\xlfrffl.exe24⤵
- Executes dropped EXE
PID:1396 -
\??\c:\frllrrr.exec:\frllrrr.exe25⤵
- Executes dropped EXE
PID:1732 -
\??\c:\bhbhnt.exec:\bhbhnt.exe26⤵
- Executes dropped EXE
PID:912 -
\??\c:\1jvvd.exec:\1jvvd.exe27⤵
- Executes dropped EXE
PID:896 -
\??\c:\ddjpv.exec:\ddjpv.exe28⤵
- Executes dropped EXE
PID:2964 -
\??\c:\xrrrrxf.exec:\xrrrrxf.exe29⤵
- Executes dropped EXE
PID:1704 -
\??\c:\llxffrx.exec:\llxffrx.exe30⤵
- Executes dropped EXE
PID:776 -
\??\c:\hthbbt.exec:\hthbbt.exe31⤵
- Executes dropped EXE
PID:2976 -
\??\c:\dvvvj.exec:\dvvvj.exe32⤵
- Executes dropped EXE
PID:888 -
\??\c:\jvdvd.exec:\jvdvd.exe33⤵
- Executes dropped EXE
PID:2812 -
\??\c:\rflrrxl.exec:\rflrrxl.exe34⤵PID:2576
-
\??\c:\fxlxflx.exec:\fxlxflx.exe35⤵
- Executes dropped EXE
PID:2188 -
\??\c:\nbnhnn.exec:\nbnhnn.exe36⤵
- Executes dropped EXE
PID:2780 -
\??\c:\bthhhb.exec:\bthhhb.exe37⤵
- Executes dropped EXE
PID:2600 -
\??\c:\7vppp.exec:\7vppp.exe38⤵
- Executes dropped EXE
PID:2616 -
\??\c:\dpdjp.exec:\dpdjp.exe39⤵
- Executes dropped EXE
PID:2540 -
\??\c:\rlfxffx.exec:\rlfxffx.exe40⤵
- Executes dropped EXE
PID:2516 -
\??\c:\3xxfrrr.exec:\3xxfrrr.exe41⤵
- Executes dropped EXE
PID:2504 -
\??\c:\nhtbhh.exec:\nhtbhh.exe42⤵
- Executes dropped EXE
PID:2704 -
\??\c:\tthhtb.exec:\tthhtb.exe43⤵
- Executes dropped EXE
PID:2460 -
\??\c:\vpjpv.exec:\vpjpv.exe44⤵
- Executes dropped EXE
PID:2384 -
\??\c:\vpdpv.exec:\vpdpv.exe45⤵
- Executes dropped EXE
PID:2452 -
\??\c:\vdddv.exec:\vdddv.exe46⤵
- Executes dropped EXE
PID:2140 -
\??\c:\3xlfrfr.exec:\3xlfrfr.exe47⤵
- Executes dropped EXE
PID:1656 -
\??\c:\fxxfllr.exec:\fxxfllr.exe48⤵
- Executes dropped EXE
PID:2364 -
\??\c:\1bbhtb.exec:\1bbhtb.exe49⤵
- Executes dropped EXE
PID:840 -
\??\c:\jpdvd.exec:\jpdvd.exe50⤵
- Executes dropped EXE
PID:1596 -
\??\c:\jddpj.exec:\jddpj.exe51⤵
- Executes dropped EXE
PID:108 -
\??\c:\9jvvj.exec:\9jvvj.exe52⤵
- Executes dropped EXE
PID:764 -
\??\c:\rlxfffl.exec:\rlxfffl.exe53⤵
- Executes dropped EXE
PID:320 -
\??\c:\xrxxfxx.exec:\xrxxfxx.exe54⤵
- Executes dropped EXE
PID:2308 -
\??\c:\tntthn.exec:\tntthn.exe55⤵
- Executes dropped EXE
PID:1520 -
\??\c:\7tnntb.exec:\7tnntb.exe56⤵
- Executes dropped EXE
PID:2028 -
\??\c:\pdpjj.exec:\pdpjj.exe57⤵
- Executes dropped EXE
PID:2848 -
\??\c:\ddvpd.exec:\ddvpd.exe58⤵
- Executes dropped EXE
PID:2760 -
\??\c:\lllrrff.exec:\lllrrff.exe59⤵
- Executes dropped EXE
PID:2128 -
\??\c:\3fffrfr.exec:\3fffrfr.exe60⤵
- Executes dropped EXE
PID:2120 -
\??\c:\htnbnn.exec:\htnbnn.exe61⤵
- Executes dropped EXE
PID:788 -
\??\c:\7pjjj.exec:\7pjjj.exe62⤵
- Executes dropped EXE
PID:1100 -
\??\c:\3lflfxr.exec:\3lflfxr.exe63⤵
- Executes dropped EXE
PID:1028 -
\??\c:\xfrrxfr.exec:\xfrrxfr.exe64⤵
- Executes dropped EXE
PID:1172 -
\??\c:\nbnbbn.exec:\nbnbbn.exe65⤵
- Executes dropped EXE
PID:2672 -
\??\c:\tbbtnt.exec:\tbbtnt.exe66⤵
- Executes dropped EXE
PID:1464 -
\??\c:\jdvjp.exec:\jdvjp.exe67⤵PID:1676
-
\??\c:\1jdpd.exec:\1jdpd.exe68⤵PID:1852
-
\??\c:\1vppv.exec:\1vppv.exe69⤵PID:1692
-
\??\c:\xrrflxl.exec:\xrrflxl.exe70⤵PID:984
-
\??\c:\xfxxrfl.exec:\xfxxrfl.exe71⤵PID:2084
-
\??\c:\ttbbnt.exec:\ttbbnt.exe72⤵PID:992
-
\??\c:\5tnhhh.exec:\5tnhhh.exe73⤵PID:2192
-
\??\c:\5jjvp.exec:\5jjvp.exe74⤵PID:2088
-
\??\c:\vvpvv.exec:\vvpvv.exe75⤵PID:1588
-
\??\c:\lxrrflr.exec:\lxrrflr.exe76⤵PID:2468
-
\??\c:\lfxlxrx.exec:\lfxlxrx.exe77⤵PID:2188
-
\??\c:\hhthtt.exec:\hhthtt.exe78⤵PID:2780
-
\??\c:\btbhbh.exec:\btbhbh.exe79⤵PID:2196
-
\??\c:\vvdjv.exec:\vvdjv.exe80⤵PID:2592
-
\??\c:\1vpvv.exec:\1vpvv.exe81⤵PID:2776
-
\??\c:\llxxflx.exec:\llxxflx.exe82⤵PID:2516
-
\??\c:\llfxrxr.exec:\llfxrxr.exe83⤵PID:2392
-
\??\c:\flfrllr.exec:\flfrllr.exe84⤵PID:2412
-
\??\c:\hhhhtb.exec:\hhhhtb.exe85⤵PID:2464
-
\??\c:\hhhbhn.exec:\hhhbhn.exe86⤵PID:2408
-
\??\c:\9vjjp.exec:\9vjjp.exe87⤵PID:2860
-
\??\c:\ddvdp.exec:\ddvdp.exe88⤵PID:1264
-
\??\c:\fflrffl.exec:\fflrffl.exe89⤵PID:2488
-
\??\c:\fflrxfr.exec:\fflrxfr.exe90⤵PID:2156
-
\??\c:\bththt.exec:\bththt.exe91⤵PID:840
-
\??\c:\7pvdd.exec:\7pvdd.exe92⤵PID:2136
-
\??\c:\3jvjj.exec:\3jvjj.exe93⤵PID:1016
-
\??\c:\rxflxfl.exec:\rxflxfl.exe94⤵PID:356
-
\??\c:\xlxxffx.exec:\xlxxffx.exe95⤵PID:1564
-
\??\c:\1tthnt.exec:\1tthnt.exe96⤵PID:2308
-
\??\c:\hbtbtn.exec:\hbtbtn.exe97⤵PID:2044
-
\??\c:\dvpvj.exec:\dvpvj.exe98⤵PID:2740
-
\??\c:\jdvvp.exec:\jdvvp.exe99⤵PID:1968
-
\??\c:\xlxfllr.exec:\xlxfllr.exe100⤵PID:2852
-
\??\c:\xxfxrxl.exec:\xxfxrxl.exe101⤵PID:268
-
\??\c:\bbnbhn.exec:\bbnbhn.exe102⤵PID:3024
-
\??\c:\ttnbnb.exec:\ttnbnb.exe103⤵PID:680
-
\??\c:\7vvjp.exec:\7vvjp.exe104⤵PID:692
-
\??\c:\pjpdp.exec:\pjpdp.exe105⤵PID:2340
-
\??\c:\jdjpj.exec:\jdjpj.exe106⤵PID:1784
-
\??\c:\ffrxflx.exec:\ffrxflx.exe107⤵PID:292
-
\??\c:\3xrfrrf.exec:\3xrfrrf.exe108⤵PID:1320
-
\??\c:\bbnbht.exec:\bbnbht.exe109⤵PID:3028
-
\??\c:\ttbbnt.exec:\ttbbnt.exe110⤵PID:2260
-
\??\c:\djdjj.exec:\djdjj.exe111⤵PID:2116
-
\??\c:\5vjjv.exec:\5vjjv.exe112⤵PID:2240
-
\??\c:\vdjjd.exec:\vdjjd.exe113⤵PID:2356
-
\??\c:\rlrrxfx.exec:\rlrrxfx.exe114⤵PID:1428
-
\??\c:\5rxflxr.exec:\5rxflxr.exe115⤵PID:1848
-
\??\c:\nnbhtb.exec:\nnbhtb.exe116⤵PID:620
-
\??\c:\pjdvd.exec:\pjdvd.exe117⤵PID:1528
-
\??\c:\jjjdv.exec:\jjjdv.exe118⤵PID:2532
-
\??\c:\jdjvp.exec:\jdjvp.exe119⤵PID:2612
-
\??\c:\lfrxllf.exec:\lfrxllf.exe120⤵PID:2932
-
\??\c:\lfxflll.exec:\lfxflll.exe121⤵PID:2536
-
\??\c:\hbthtb.exec:\hbthtb.exe122⤵PID:2616
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-