Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe
-
Size
366KB
-
MD5
6cf74e51f438bf014b76df10b30d1270
-
SHA1
d0d6e4b8a40ae96d3e406b9063228126fa8fbce3
-
SHA256
5d5fc94712eaef6c6f58f2dd7dac84dee2c3ea1e3e3ae4d2677c36cea88a59e2
-
SHA512
30dbe7370e4257af1295925660e14cd944eef1754c09552bb6016020761889f9803f8b62a9285d5594d0e64d04196b5e43cf14b5b846ea47bfe3483d5ea7dd8f
-
SSDEEP
6144:n3C9BRo7tvnJ99T/KZEL3RUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFh4:n3C9ytvnVXFUXoSWlnwJv90aKToFqwf2
Malware Config
Signatures
-
Detect Blackmoon payload 19 IoCs
resource yara_rule behavioral1/memory/2968-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3028-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1956-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2648-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2652-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2828-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2208-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2568-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2948-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1312-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1624-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1276-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1256-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2248-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2252-181-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2876-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/536-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/560-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1100-262-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3028 jpjjp.exe 1956 pjpjv.exe 2648 rrfrlfr.exe 2724 ntnnth.exe 2652 jdvpd.exe 2828 lflrxxl.exe 2208 pvjjv.exe 2568 rrflxll.exe 2948 dvpdp.exe 1312 llrlxrr.exe 2768 jdvvj.exe 1624 5xlllfx.exe 1980 httntn.exe 1500 nhnhnt.exe 1276 jdvdj.exe 1256 rfrrrxf.exe 2248 9jdpv.exe 2252 7rlrxrl.exe 2876 9ddpp.exe 536 frflfrl.exe 560 hbttbh.exe 1484 jjdpv.exe 1856 ffxxrlf.exe 448 dddvd.exe 1132 ffxrxll.exe 1576 9bnnnn.exe 1100 jdvdp.exe 2504 rxrfxlf.exe 2212 pvvvp.exe 2476 9xxllxr.exe 2096 pjvdj.exe 608 1xlflrx.exe 1660 hbtbnt.exe 1036 djvjj.exe 3016 5flrxlr.exe 1056 bbnbnn.exe 2128 bnbhnh.exe 2988 vjdjp.exe 2752 lrfxrff.exe 2784 1tnbhb.exe 2636 pppvp.exe 2548 flrlrll.exe 2552 hthttt.exe 2540 hbnthn.exe 2932 vvjdp.exe 2576 rrfxrxf.exe 1448 bbtnbh.exe 2764 htttbh.exe 1720 vpdjp.exe 2364 lfflxxf.exe 1868 nnbntb.exe 628 httthh.exe 2424 7djvd.exe 2276 1rlxflr.exe 2284 bhbnbb.exe 2256 bbtbtt.exe 2880 dvpvj.exe 2140 xrrrxxl.exe 2508 tthnbh.exe 540 dvpvj.exe 536 vvpvd.exe 1736 fxxflrf.exe 1816 tnhnhh.exe 1612 dvpvd.exe -
resource yara_rule behavioral1/memory/2968-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3028-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1956-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2648-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2652-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2828-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2208-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2568-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2568-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2568-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2948-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1312-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1624-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1276-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1256-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2248-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2252-181-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2876-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/536-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/560-208-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1100-262-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2968 wrote to memory of 3028 2968 6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe 28 PID 2968 wrote to memory of 3028 2968 6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe 28 PID 2968 wrote to memory of 3028 2968 6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe 28 PID 2968 wrote to memory of 3028 2968 6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe 28 PID 3028 wrote to memory of 1956 3028 jpjjp.exe 29 PID 3028 wrote to memory of 1956 3028 jpjjp.exe 29 PID 3028 wrote to memory of 1956 3028 jpjjp.exe 29 PID 3028 wrote to memory of 1956 3028 jpjjp.exe 29 PID 1956 wrote to memory of 2648 1956 pjpjv.exe 30 PID 1956 wrote to memory of 2648 1956 pjpjv.exe 30 PID 1956 wrote to memory of 2648 1956 pjpjv.exe 30 PID 1956 wrote to memory of 2648 1956 pjpjv.exe 30 PID 2648 wrote to memory of 2724 2648 rrfrlfr.exe 31 PID 2648 wrote to memory of 2724 2648 rrfrlfr.exe 31 PID 2648 wrote to memory of 2724 2648 rrfrlfr.exe 31 PID 2648 wrote to memory of 2724 2648 rrfrlfr.exe 31 PID 2724 wrote to memory of 2652 2724 ntnnth.exe 32 PID 2724 wrote to memory of 2652 2724 ntnnth.exe 32 PID 2724 wrote to memory of 2652 2724 ntnnth.exe 32 PID 2724 wrote to memory of 2652 2724 ntnnth.exe 32 PID 2652 wrote to memory of 2828 2652 jdvpd.exe 33 PID 2652 wrote to memory of 2828 2652 jdvpd.exe 33 PID 2652 wrote to memory of 2828 2652 jdvpd.exe 33 PID 2652 wrote to memory of 2828 2652 jdvpd.exe 33 PID 2828 wrote to memory of 2208 2828 lflrxxl.exe 34 PID 2828 wrote to memory of 2208 2828 lflrxxl.exe 34 PID 2828 wrote to memory of 2208 2828 lflrxxl.exe 34 PID 2828 wrote to memory of 2208 2828 lflrxxl.exe 34 PID 2208 wrote to memory of 2568 2208 pvjjv.exe 35 PID 2208 wrote to memory of 2568 2208 pvjjv.exe 35 PID 2208 wrote to memory of 2568 2208 pvjjv.exe 35 PID 2208 wrote to memory of 2568 2208 pvjjv.exe 35 PID 2568 wrote to memory of 2948 2568 rrflxll.exe 36 PID 2568 wrote to memory of 2948 2568 rrflxll.exe 36 PID 2568 wrote to memory of 2948 2568 rrflxll.exe 36 PID 2568 wrote to memory of 2948 2568 rrflxll.exe 36 PID 2948 wrote to memory of 1312 2948 dvpdp.exe 37 PID 2948 wrote to memory of 1312 2948 dvpdp.exe 37 PID 2948 wrote to memory of 1312 2948 dvpdp.exe 37 PID 2948 wrote to memory of 1312 2948 dvpdp.exe 37 PID 1312 wrote to memory of 2768 1312 llrlxrr.exe 38 PID 1312 wrote to memory of 2768 1312 llrlxrr.exe 38 PID 1312 wrote to memory of 2768 1312 llrlxrr.exe 38 PID 1312 wrote to memory of 2768 1312 llrlxrr.exe 38 PID 2768 wrote to memory of 1624 2768 jdvvj.exe 39 PID 2768 wrote to memory of 1624 2768 jdvvj.exe 39 PID 2768 wrote to memory of 1624 2768 jdvvj.exe 39 PID 2768 wrote to memory of 1624 2768 jdvvj.exe 39 PID 1624 wrote to memory of 1980 1624 5xlllfx.exe 40 PID 1624 wrote to memory of 1980 1624 5xlllfx.exe 40 PID 1624 wrote to memory of 1980 1624 5xlllfx.exe 40 PID 1624 wrote to memory of 1980 1624 5xlllfx.exe 40 PID 1980 wrote to memory of 1500 1980 httntn.exe 41 PID 1980 wrote to memory of 1500 1980 httntn.exe 41 PID 1980 wrote to memory of 1500 1980 httntn.exe 41 PID 1980 wrote to memory of 1500 1980 httntn.exe 41 PID 1500 wrote to memory of 1276 1500 nhnhnt.exe 42 PID 1500 wrote to memory of 1276 1500 nhnhnt.exe 42 PID 1500 wrote to memory of 1276 1500 nhnhnt.exe 42 PID 1500 wrote to memory of 1276 1500 nhnhnt.exe 42 PID 1276 wrote to memory of 1256 1276 jdvdj.exe 43 PID 1276 wrote to memory of 1256 1276 jdvdj.exe 43 PID 1276 wrote to memory of 1256 1276 jdvdj.exe 43 PID 1276 wrote to memory of 1256 1276 jdvdj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\jpjjp.exec:\jpjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\pjpjv.exec:\pjpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1956 -
\??\c:\rrfrlfr.exec:\rrfrlfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\ntnnth.exec:\ntnnth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\jdvpd.exec:\jdvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\lflrxxl.exec:\lflrxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2828 -
\??\c:\pvjjv.exec:\pvjjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2208 -
\??\c:\rrflxll.exec:\rrflxll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\dvpdp.exec:\dvpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2948 -
\??\c:\llrlxrr.exec:\llrlxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1312 -
\??\c:\jdvvj.exec:\jdvvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2768 -
\??\c:\5xlllfx.exec:\5xlllfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1624 -
\??\c:\httntn.exec:\httntn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1980 -
\??\c:\nhnhnt.exec:\nhnhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1500 -
\??\c:\jdvdj.exec:\jdvdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1276 -
\??\c:\rfrrrxf.exec:\rfrrrxf.exe17⤵
- Executes dropped EXE
PID:1256 -
\??\c:\9jdpv.exec:\9jdpv.exe18⤵
- Executes dropped EXE
PID:2248 -
\??\c:\7rlrxrl.exec:\7rlrxrl.exe19⤵
- Executes dropped EXE
PID:2252 -
\??\c:\9ddpp.exec:\9ddpp.exe20⤵
- Executes dropped EXE
PID:2876 -
\??\c:\frflfrl.exec:\frflfrl.exe21⤵
- Executes dropped EXE
PID:536 -
\??\c:\hbttbh.exec:\hbttbh.exe22⤵
- Executes dropped EXE
PID:560 -
\??\c:\jjdpv.exec:\jjdpv.exe23⤵
- Executes dropped EXE
PID:1484 -
\??\c:\ffxxrlf.exec:\ffxxrlf.exe24⤵
- Executes dropped EXE
PID:1856 -
\??\c:\dddvd.exec:\dddvd.exe25⤵
- Executes dropped EXE
PID:448 -
\??\c:\ffxrxll.exec:\ffxrxll.exe26⤵
- Executes dropped EXE
PID:1132 -
\??\c:\9bnnnn.exec:\9bnnnn.exe27⤵
- Executes dropped EXE
PID:1576 -
\??\c:\jdvdp.exec:\jdvdp.exe28⤵
- Executes dropped EXE
PID:1100 -
\??\c:\rxrfxlf.exec:\rxrfxlf.exe29⤵
- Executes dropped EXE
PID:2504 -
\??\c:\pvvvp.exec:\pvvvp.exe30⤵
- Executes dropped EXE
PID:2212 -
\??\c:\9xxllxr.exec:\9xxllxr.exe31⤵
- Executes dropped EXE
PID:2476 -
\??\c:\pjvdj.exec:\pjvdj.exe32⤵
- Executes dropped EXE
PID:2096 -
\??\c:\1xlflrx.exec:\1xlflrx.exe33⤵
- Executes dropped EXE
PID:608 -
\??\c:\hbtbnt.exec:\hbtbnt.exe34⤵
- Executes dropped EXE
PID:1660 -
\??\c:\djvjj.exec:\djvjj.exe35⤵
- Executes dropped EXE
PID:1036 -
\??\c:\5flrxlr.exec:\5flrxlr.exe36⤵
- Executes dropped EXE
PID:3016 -
\??\c:\bbnbnn.exec:\bbnbnn.exe37⤵
- Executes dropped EXE
PID:1056 -
\??\c:\bnbhnh.exec:\bnbhnh.exe38⤵
- Executes dropped EXE
PID:2128 -
\??\c:\vjdjp.exec:\vjdjp.exe39⤵
- Executes dropped EXE
PID:2988 -
\??\c:\lrfxrff.exec:\lrfxrff.exe40⤵
- Executes dropped EXE
PID:2752 -
\??\c:\1tnbhb.exec:\1tnbhb.exe41⤵
- Executes dropped EXE
PID:2784 -
\??\c:\pppvp.exec:\pppvp.exe42⤵
- Executes dropped EXE
PID:2636 -
\??\c:\flrlrll.exec:\flrlrll.exe43⤵
- Executes dropped EXE
PID:2548 -
\??\c:\hthttt.exec:\hthttt.exe44⤵
- Executes dropped EXE
PID:2552 -
\??\c:\hbnthn.exec:\hbnthn.exe45⤵
- Executes dropped EXE
PID:2540 -
\??\c:\vvjdp.exec:\vvjdp.exe46⤵
- Executes dropped EXE
PID:2932 -
\??\c:\rrfxrxf.exec:\rrfxrxf.exe47⤵
- Executes dropped EXE
PID:2576 -
\??\c:\bbtnbh.exec:\bbtnbh.exe48⤵
- Executes dropped EXE
PID:1448 -
\??\c:\htttbh.exec:\htttbh.exe49⤵
- Executes dropped EXE
PID:2764 -
\??\c:\vpdjp.exec:\vpdjp.exe50⤵
- Executes dropped EXE
PID:1720 -
\??\c:\lfflxxf.exec:\lfflxxf.exe51⤵
- Executes dropped EXE
PID:2364 -
\??\c:\nnbntb.exec:\nnbntb.exe52⤵
- Executes dropped EXE
PID:1868 -
\??\c:\httthh.exec:\httthh.exe53⤵
- Executes dropped EXE
PID:628 -
\??\c:\7djvd.exec:\7djvd.exe54⤵
- Executes dropped EXE
PID:2424 -
\??\c:\1rlxflr.exec:\1rlxflr.exe55⤵
- Executes dropped EXE
PID:2276 -
\??\c:\bhbnbb.exec:\bhbnbb.exe56⤵
- Executes dropped EXE
PID:2284 -
\??\c:\bbtbtt.exec:\bbtbtt.exe57⤵
- Executes dropped EXE
PID:2256 -
\??\c:\dvpvj.exec:\dvpvj.exe58⤵
- Executes dropped EXE
PID:2880 -
\??\c:\xrrrxxl.exec:\xrrrxxl.exe59⤵
- Executes dropped EXE
PID:2140 -
\??\c:\tthnbh.exec:\tthnbh.exe60⤵
- Executes dropped EXE
PID:2508 -
\??\c:\dvpvj.exec:\dvpvj.exe61⤵
- Executes dropped EXE
PID:540 -
\??\c:\vvpvd.exec:\vvpvd.exe62⤵
- Executes dropped EXE
PID:536 -
\??\c:\fxxflrf.exec:\fxxflrf.exe63⤵
- Executes dropped EXE
PID:1736 -
\??\c:\tnhnhh.exec:\tnhnhh.exe64⤵
- Executes dropped EXE
PID:1816 -
\??\c:\dvpvd.exec:\dvpvd.exe65⤵
- Executes dropped EXE
PID:1612 -
\??\c:\vvvjv.exec:\vvvjv.exe66⤵PID:2396
-
\??\c:\lllffxx.exec:\lllffxx.exe67⤵PID:1988
-
\??\c:\hbbbhh.exec:\hbbbhh.exe68⤵PID:1520
-
\??\c:\pjvjv.exec:\pjvjv.exe69⤵PID:1592
-
\??\c:\rlxxlxr.exec:\rlxxlxr.exe70⤵PID:2408
-
\??\c:\hhbthh.exec:\hhbthh.exe71⤵PID:916
-
\??\c:\nnbhtt.exec:\nnbhtt.exe72⤵PID:2996
-
\??\c:\vjvpj.exec:\vjvpj.exe73⤵PID:1756
-
\??\c:\llfrrfx.exec:\llfrrfx.exe74⤵PID:2856
-
\??\c:\7nnntt.exec:\7nnntt.exe75⤵PID:2016
-
\??\c:\hbtbht.exec:\hbtbht.exe76⤵PID:1600
-
\??\c:\dvpjv.exec:\dvpjv.exe77⤵PID:1180
-
\??\c:\5llrxfl.exec:\5llrxfl.exe78⤵PID:1688
-
\??\c:\nhbbbb.exec:\nhbbbb.exe79⤵PID:1036
-
\??\c:\ntbtbt.exec:\ntbtbt.exe80⤵PID:2132
-
\??\c:\vvpdd.exec:\vvpdd.exe81⤵PID:1056
-
\??\c:\fxffffx.exec:\fxffffx.exe82⤵PID:2128
-
\??\c:\thtbbh.exec:\thtbbh.exe83⤵PID:2868
-
\??\c:\tnbbnt.exec:\tnbbnt.exe84⤵PID:2744
-
\??\c:\7jvpd.exec:\7jvpd.exe85⤵PID:2784
-
\??\c:\3ffrfrf.exec:\3ffrfrf.exe86⤵PID:2656
-
\??\c:\hhtbhn.exec:\hhtbhn.exe87⤵PID:2548
-
\??\c:\dvjjp.exec:\dvjjp.exe88⤵PID:2828
-
\??\c:\jvdjj.exec:\jvdjj.exe89⤵PID:2544
-
\??\c:\9xflfxf.exec:\9xflfxf.exe90⤵PID:1652
-
\??\c:\tthhtb.exec:\tthhtb.exe91⤵PID:2948
-
\??\c:\vvvdp.exec:\vvvdp.exe92⤵PID:2712
-
\??\c:\5pvdd.exec:\5pvdd.exe93⤵PID:2764
-
\??\c:\9rfrxrf.exec:\9rfrxrf.exe94⤵PID:2336
-
\??\c:\7htbnt.exec:\7htbnt.exe95⤵PID:2364
-
\??\c:\7hhnht.exec:\7hhnht.exe96⤵PID:2028
-
\??\c:\lrrxflx.exec:\lrrxflx.exe97⤵PID:628
-
\??\c:\7rrlrrf.exec:\7rrlrrf.exe98⤵PID:848
-
\??\c:\xrlxfrl.exec:\xrlxfrl.exe99⤵PID:340
-
\??\c:\tbbnbn.exec:\tbbnbn.exe100⤵PID:1256
-
\??\c:\pjjpj.exec:\pjjpj.exe101⤵PID:2256
-
\??\c:\rxlxrfx.exec:\rxlxrfx.exe102⤵PID:2264
-
\??\c:\nhhhnn.exec:\nhhhnn.exe103⤵PID:2140
-
\??\c:\thbnbh.exec:\thbnbh.exe104⤵PID:324
-
\??\c:\vpjjv.exec:\vpjjv.exe105⤵PID:540
-
\??\c:\3frflxl.exec:\3frflxl.exe106⤵PID:1852
-
\??\c:\hhbnbn.exec:\hhbnbn.exe107⤵PID:1708
-
\??\c:\hnhbbt.exec:\hnhbbt.exe108⤵PID:2872
-
\??\c:\dddpj.exec:\dddpj.exe109⤵PID:1612
-
\??\c:\1frrxfl.exec:\1frrxfl.exe110⤵PID:1752
-
\??\c:\1tnbhn.exec:\1tnbhn.exe111⤵PID:1988
-
\??\c:\jdpvd.exec:\jdpvd.exe112⤵PID:1540
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe113⤵PID:1592
-
\??\c:\nhthnt.exec:\nhthnt.exe114⤵PID:2408
-
\??\c:\bbbbht.exec:\bbbbht.exe115⤵PID:916
-
\??\c:\dppdv.exec:\dppdv.exe116⤵PID:2084
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe117⤵PID:2608
-
\??\c:\nhhbtn.exec:\nhhbtn.exe118⤵PID:2820
-
\??\c:\hbtbtt.exec:\hbtbtt.exe119⤵PID:900
-
\??\c:\jvvjj.exec:\jvvjj.exe120⤵PID:1584
-
\??\c:\vdppd.exec:\vdppd.exe121⤵PID:3044
-
\??\c:\xxrxxrf.exec:\xxrxxrf.exe122⤵PID:2136
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-