Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe
-
Size
66KB
-
MD5
6dfa15c8353433d20c88ab5f3d7dd7a0
-
SHA1
163d687fdf21a0b1d74b35400d53ce07b1074e9c
-
SHA256
11785883d002a5742582aac5ca06b2370780a5d57d0612ba04b9449e29b563fb
-
SHA512
7b0bc349d277b6b4d54347c678fccb25c634a9a819cdaee717d9bae101baf983d5418484c09d5d36872814bceedc93eb5f0679df1ba60cceaedec7b4e3093807
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvPrgpX7:ymb3NkkiQ3mdBjF0yMlwrQ
Malware Config
Signatures
-
Detect Blackmoon payload 20 IoCs
resource yara_rule behavioral1/memory/3028-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1768-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2692-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2692-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2516-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2528-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3052-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2408-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1524-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2468-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1856-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2608-158-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/600-212-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1884-230-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2116-248-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1012-257-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2920-266-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2732-276-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2792-293-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1768 thbhhh.exe 2692 tntnnn.exe 2620 rrrxfrf.exe 2516 3xrrfxx.exe 2528 bnbhnt.exe 3052 pjjdj.exe 2408 fxfrflr.exe 2532 xlrrlfl.exe 2204 dvdjv.exe 1524 pdppp.exe 2468 fxrrlxf.exe 1044 9lxlxfr.exe 1856 5bbbhn.exe 1708 dvpdp.exe 2608 vpjvd.exe 2700 lxffrrf.exe 1236 hhntbt.exe 3048 nhhtbn.exe 2088 vvpjv.exe 1616 ddpvj.exe 600 frxxxxf.exe 1180 btnthn.exe 1884 pjdvd.exe 1792 5dvvd.exe 2116 5rxxffl.exe 1012 nbbnbb.exe 2920 vpvvd.exe 2732 rfrxlxx.exe 1944 tnnnbb.exe 2792 tnttbb.exe 1756 vjjvd.exe 2320 rrxrflx.exe 1560 tnttbt.exe 2944 tntbhh.exe 2624 vpppv.exe 2560 jvpdp.exe 2416 rrxrlrr.exe 2688 lxxflrf.exe 2588 1ttbhn.exe 2512 nhtntb.exe 2424 vjppp.exe 1656 7rlrrrx.exe 3032 lxrrflf.exe 2532 bbntbb.exe 1484 7nhttn.exe 2016 5pjjv.exe 1660 dvjpp.exe 1804 rlxxffr.exe 2152 1rxlrrx.exe 2172 1tnhtn.exe 2304 7ttnhb.exe 1540 jvddp.exe 1396 pdjjp.exe 2280 jvjdj.exe 2824 xrffxff.exe 2984 hbnntb.exe 2356 1hbbhb.exe 1176 vppdj.exe 560 xfllrfr.exe 1168 xlrfrfr.exe 2064 bntntt.exe 1884 hbhtbn.exe 1252 pdpdd.exe 1332 vvdpd.exe -
resource yara_rule behavioral1/memory/3028-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3028-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1768-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3052-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2408-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1524-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2468-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1856-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-158-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/600-212-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1884-230-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2116-248-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1012-257-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2920-266-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2732-276-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2792-293-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3028 wrote to memory of 1768 3028 6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe 28 PID 3028 wrote to memory of 1768 3028 6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe 28 PID 3028 wrote to memory of 1768 3028 6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe 28 PID 3028 wrote to memory of 1768 3028 6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe 28 PID 1768 wrote to memory of 2692 1768 thbhhh.exe 29 PID 1768 wrote to memory of 2692 1768 thbhhh.exe 29 PID 1768 wrote to memory of 2692 1768 thbhhh.exe 29 PID 1768 wrote to memory of 2692 1768 thbhhh.exe 29 PID 2692 wrote to memory of 2620 2692 tntnnn.exe 30 PID 2692 wrote to memory of 2620 2692 tntnnn.exe 30 PID 2692 wrote to memory of 2620 2692 tntnnn.exe 30 PID 2692 wrote to memory of 2620 2692 tntnnn.exe 30 PID 2620 wrote to memory of 2516 2620 rrrxfrf.exe 31 PID 2620 wrote to memory of 2516 2620 rrrxfrf.exe 31 PID 2620 wrote to memory of 2516 2620 rrrxfrf.exe 31 PID 2620 wrote to memory of 2516 2620 rrrxfrf.exe 31 PID 2516 wrote to memory of 2528 2516 3xrrfxx.exe 32 PID 2516 wrote to memory of 2528 2516 3xrrfxx.exe 32 PID 2516 wrote to memory of 2528 2516 3xrrfxx.exe 32 PID 2516 wrote to memory of 2528 2516 3xrrfxx.exe 32 PID 2528 wrote to memory of 3052 2528 bnbhnt.exe 33 PID 2528 wrote to memory of 3052 2528 bnbhnt.exe 33 PID 2528 wrote to memory of 3052 2528 bnbhnt.exe 33 PID 2528 wrote to memory of 3052 2528 bnbhnt.exe 33 PID 3052 wrote to memory of 2408 3052 pjjdj.exe 34 PID 3052 wrote to memory of 2408 3052 pjjdj.exe 34 PID 3052 wrote to memory of 2408 3052 pjjdj.exe 34 PID 3052 wrote to memory of 2408 3052 pjjdj.exe 34 PID 2408 wrote to memory of 2532 2408 fxfrflr.exe 35 PID 2408 wrote to memory of 2532 2408 fxfrflr.exe 35 PID 2408 wrote to memory of 2532 2408 fxfrflr.exe 35 PID 2408 wrote to memory of 2532 2408 fxfrflr.exe 35 PID 2532 wrote to memory of 2204 2532 xlrrlfl.exe 36 PID 2532 wrote to memory of 2204 2532 xlrrlfl.exe 36 PID 2532 wrote to memory of 2204 2532 xlrrlfl.exe 36 PID 2532 wrote to memory of 2204 2532 xlrrlfl.exe 36 PID 2204 wrote to memory of 1524 2204 dvdjv.exe 37 PID 2204 wrote to memory of 1524 2204 dvdjv.exe 37 PID 2204 wrote to memory of 1524 2204 dvdjv.exe 37 PID 2204 wrote to memory of 1524 2204 dvdjv.exe 37 PID 1524 wrote to memory of 2468 1524 pdppp.exe 38 PID 1524 wrote to memory of 2468 1524 pdppp.exe 38 PID 1524 wrote to memory of 2468 1524 pdppp.exe 38 PID 1524 wrote to memory of 2468 1524 pdppp.exe 38 PID 2468 wrote to memory of 1044 2468 fxrrlxf.exe 39 PID 2468 wrote to memory of 1044 2468 fxrrlxf.exe 39 PID 2468 wrote to memory of 1044 2468 fxrrlxf.exe 39 PID 2468 wrote to memory of 1044 2468 fxrrlxf.exe 39 PID 1044 wrote to memory of 1856 1044 9lxlxfr.exe 40 PID 1044 wrote to memory of 1856 1044 9lxlxfr.exe 40 PID 1044 wrote to memory of 1856 1044 9lxlxfr.exe 40 PID 1044 wrote to memory of 1856 1044 9lxlxfr.exe 40 PID 1856 wrote to memory of 1708 1856 5bbbhn.exe 41 PID 1856 wrote to memory of 1708 1856 5bbbhn.exe 41 PID 1856 wrote to memory of 1708 1856 5bbbhn.exe 41 PID 1856 wrote to memory of 1708 1856 5bbbhn.exe 41 PID 1708 wrote to memory of 2608 1708 dvpdp.exe 42 PID 1708 wrote to memory of 2608 1708 dvpdp.exe 42 PID 1708 wrote to memory of 2608 1708 dvpdp.exe 42 PID 1708 wrote to memory of 2608 1708 dvpdp.exe 42 PID 2608 wrote to memory of 2700 2608 vpjvd.exe 43 PID 2608 wrote to memory of 2700 2608 vpjvd.exe 43 PID 2608 wrote to memory of 2700 2608 vpjvd.exe 43 PID 2608 wrote to memory of 2700 2608 vpjvd.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\thbhhh.exec:\thbhhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1768 -
\??\c:\tntnnn.exec:\tntnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\rrrxfrf.exec:\rrrxfrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\3xrrfxx.exec:\3xrrfxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516 -
\??\c:\bnbhnt.exec:\bnbhnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\pjjdj.exec:\pjjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3052 -
\??\c:\fxfrflr.exec:\fxfrflr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\xlrrlfl.exec:\xlrrlfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\dvdjv.exec:\dvdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2204 -
\??\c:\pdppp.exec:\pdppp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1524 -
\??\c:\fxrrlxf.exec:\fxrrlxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\9lxlxfr.exec:\9lxlxfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1044 -
\??\c:\5bbbhn.exec:\5bbbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1856 -
\??\c:\dvpdp.exec:\dvpdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1708 -
\??\c:\vpjvd.exec:\vpjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\lxffrrf.exec:\lxffrrf.exe17⤵
- Executes dropped EXE
PID:2700 -
\??\c:\hhntbt.exec:\hhntbt.exe18⤵
- Executes dropped EXE
PID:1236 -
\??\c:\nhhtbn.exec:\nhhtbn.exe19⤵
- Executes dropped EXE
PID:3048 -
\??\c:\vvpjv.exec:\vvpjv.exe20⤵
- Executes dropped EXE
PID:2088 -
\??\c:\ddpvj.exec:\ddpvj.exe21⤵
- Executes dropped EXE
PID:1616 -
\??\c:\frxxxxf.exec:\frxxxxf.exe22⤵
- Executes dropped EXE
PID:600 -
\??\c:\btnthn.exec:\btnthn.exe23⤵
- Executes dropped EXE
PID:1180 -
\??\c:\pjdvd.exec:\pjdvd.exe24⤵
- Executes dropped EXE
PID:1884 -
\??\c:\5dvvd.exec:\5dvvd.exe25⤵
- Executes dropped EXE
PID:1792 -
\??\c:\5rxxffl.exec:\5rxxffl.exe26⤵
- Executes dropped EXE
PID:2116 -
\??\c:\nbbnbb.exec:\nbbnbb.exe27⤵
- Executes dropped EXE
PID:1012 -
\??\c:\vpvvd.exec:\vpvvd.exe28⤵
- Executes dropped EXE
PID:2920 -
\??\c:\rfrxlxx.exec:\rfrxlxx.exe29⤵
- Executes dropped EXE
PID:2732 -
\??\c:\tnnnbb.exec:\tnnnbb.exe30⤵
- Executes dropped EXE
PID:1944 -
\??\c:\tnttbb.exec:\tnttbb.exe31⤵
- Executes dropped EXE
PID:2792 -
\??\c:\vjjvd.exec:\vjjvd.exe32⤵
- Executes dropped EXE
PID:1756 -
\??\c:\rrxrflx.exec:\rrxrflx.exe33⤵
- Executes dropped EXE
PID:2320 -
\??\c:\tnttbt.exec:\tnttbt.exe34⤵
- Executes dropped EXE
PID:1560 -
\??\c:\tntbhh.exec:\tntbhh.exe35⤵
- Executes dropped EXE
PID:2944 -
\??\c:\vpppv.exec:\vpppv.exe36⤵
- Executes dropped EXE
PID:2624 -
\??\c:\jvpdp.exec:\jvpdp.exe37⤵
- Executes dropped EXE
PID:2560 -
\??\c:\rrxrlrr.exec:\rrxrlrr.exe38⤵
- Executes dropped EXE
PID:2416 -
\??\c:\lxxflrf.exec:\lxxflrf.exe39⤵
- Executes dropped EXE
PID:2688 -
\??\c:\1ttbhn.exec:\1ttbhn.exe40⤵
- Executes dropped EXE
PID:2588 -
\??\c:\nhtntb.exec:\nhtntb.exe41⤵
- Executes dropped EXE
PID:2512 -
\??\c:\vjppp.exec:\vjppp.exe42⤵
- Executes dropped EXE
PID:2424 -
\??\c:\7rlrrrx.exec:\7rlrrrx.exe43⤵
- Executes dropped EXE
PID:1656 -
\??\c:\lxrrflf.exec:\lxrrflf.exe44⤵
- Executes dropped EXE
PID:3032 -
\??\c:\bbntbb.exec:\bbntbb.exe45⤵
- Executes dropped EXE
PID:2532 -
\??\c:\7nhttn.exec:\7nhttn.exe46⤵
- Executes dropped EXE
PID:1484 -
\??\c:\5pjjv.exec:\5pjjv.exe47⤵
- Executes dropped EXE
PID:2016 -
\??\c:\dvjpp.exec:\dvjpp.exe48⤵
- Executes dropped EXE
PID:1660 -
\??\c:\rlxxffr.exec:\rlxxffr.exe49⤵
- Executes dropped EXE
PID:1804 -
\??\c:\1rxlrrx.exec:\1rxlrrx.exe50⤵
- Executes dropped EXE
PID:2152 -
\??\c:\1tnhtn.exec:\1tnhtn.exe51⤵
- Executes dropped EXE
PID:2172 -
\??\c:\7ttnhb.exec:\7ttnhb.exe52⤵
- Executes dropped EXE
PID:2304 -
\??\c:\jvddp.exec:\jvddp.exe53⤵
- Executes dropped EXE
PID:1540 -
\??\c:\pdjjp.exec:\pdjjp.exe54⤵
- Executes dropped EXE
PID:1396 -
\??\c:\jvjdj.exec:\jvjdj.exe55⤵
- Executes dropped EXE
PID:2280 -
\??\c:\xrffxff.exec:\xrffxff.exe56⤵
- Executes dropped EXE
PID:2824 -
\??\c:\hbnntb.exec:\hbnntb.exe57⤵
- Executes dropped EXE
PID:2984 -
\??\c:\1hbbhb.exec:\1hbbhb.exe58⤵
- Executes dropped EXE
PID:2356 -
\??\c:\vppdj.exec:\vppdj.exe59⤵
- Executes dropped EXE
PID:1176 -
\??\c:\xfllrfr.exec:\xfllrfr.exe60⤵
- Executes dropped EXE
PID:560 -
\??\c:\xlrfrfr.exec:\xlrfrfr.exe61⤵
- Executes dropped EXE
PID:1168 -
\??\c:\bntntt.exec:\bntntt.exe62⤵
- Executes dropped EXE
PID:2064 -
\??\c:\hbhtbn.exec:\hbhtbn.exe63⤵
- Executes dropped EXE
PID:1884 -
\??\c:\pdpdd.exec:\pdpdd.exe64⤵
- Executes dropped EXE
PID:1252 -
\??\c:\vvdpd.exec:\vvdpd.exe65⤵
- Executes dropped EXE
PID:1332 -
\??\c:\5frxxrl.exec:\5frxxrl.exe66⤵PID:1748
-
\??\c:\bthhtn.exec:\bthhtn.exe67⤵PID:2104
-
\??\c:\hhnbbh.exec:\hhnbbh.exe68⤵PID:2920
-
\??\c:\9jvpd.exec:\9jvpd.exe69⤵PID:3044
-
\??\c:\xfrxffr.exec:\xfrxffr.exe70⤵PID:2876
-
\??\c:\xrrfxfr.exec:\xrrfxfr.exe71⤵PID:1960
-
\??\c:\3hbbbb.exec:\3hbbbb.exe72⤵PID:1744
-
\??\c:\htbhtt.exec:\htbhtt.exe73⤵PID:1208
-
\??\c:\1pdjj.exec:\1pdjj.exe74⤵PID:1556
-
\??\c:\jvpjj.exec:\jvpjj.exe75⤵PID:2504
-
\??\c:\xlrrxrx.exec:\xlrrxrx.exe76⤵PID:2592
-
\??\c:\xrflrrf.exec:\xrflrrf.exe77⤵PID:2692
-
\??\c:\thnbhh.exec:\thnbhh.exe78⤵PID:2620
-
\??\c:\3nnhbb.exec:\3nnhbb.exe79⤵PID:2616
-
\??\c:\vvpdj.exec:\vvpdj.exe80⤵PID:2444
-
\??\c:\3rllrxf.exec:\3rllrxf.exe81⤵PID:2524
-
\??\c:\ffrfrfx.exec:\ffrfrfx.exe82⤵PID:2648
-
\??\c:\btbhtt.exec:\btbhtt.exe83⤵PID:2584
-
\??\c:\5dpdd.exec:\5dpdd.exe84⤵PID:2864
-
\??\c:\jdppd.exec:\jdppd.exe85⤵PID:2300
-
\??\c:\5lxlrlf.exec:\5lxlrlf.exe86⤵PID:2832
-
\??\c:\rxllffl.exec:\rxllffl.exe87⤵PID:1592
-
\??\c:\9nbbtt.exec:\9nbbtt.exe88⤵PID:1900
-
\??\c:\nbnnnh.exec:\nbnnnh.exe89⤵PID:1040
-
\??\c:\vjpjp.exec:\vjpjp.exe90⤵PID:1044
-
\??\c:\3vppp.exec:\3vppp.exe91⤵PID:1892
-
\??\c:\xrrlxxf.exec:\xrrlxxf.exe92⤵PID:500
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe93⤵PID:1708
-
\??\c:\5ththh.exec:\5ththh.exe94⤵PID:852
-
\??\c:\7vjjp.exec:\7vjjp.exe95⤵PID:1276
-
\??\c:\jpvdd.exec:\jpvdd.exe96⤵PID:2352
-
\??\c:\3rflrlx.exec:\3rflrlx.exe97⤵PID:2076
-
\??\c:\fllllll.exec:\fllllll.exe98⤵PID:2040
-
\??\c:\thtnnn.exec:\thtnnn.exe99⤵PID:2124
-
\??\c:\nbnnhn.exec:\nbnnhn.exe100⤵PID:488
-
\??\c:\ddpvj.exec:\ddpvj.exe101⤵PID:608
-
\??\c:\7xxrxfl.exec:\7xxrxfl.exe102⤵PID:1444
-
\??\c:\xrflrxf.exec:\xrflrxf.exe103⤵PID:2596
-
\??\c:\bbhbht.exec:\bbhbht.exe104⤵PID:2704
-
\??\c:\nnnbnb.exec:\nnnbnb.exe105⤵PID:2972
-
\??\c:\djjvp.exec:\djjvp.exe106⤵PID:1980
-
\??\c:\1pdvj.exec:\1pdvj.exe107⤵PID:2140
-
\??\c:\3fllrrx.exec:\3fllrrx.exe108⤵PID:2096
-
\??\c:\9bnhtt.exec:\9bnhtt.exe109⤵PID:2800
-
\??\c:\nttbth.exec:\nttbth.exe110⤵PID:2952
-
\??\c:\9jppv.exec:\9jppv.exe111⤵PID:1468
-
\??\c:\lfrlrlr.exec:\lfrlrlr.exe112⤵PID:2192
-
\??\c:\9rrfffr.exec:\9rrfffr.exe113⤵PID:2100
-
\??\c:\nbtnnt.exec:\nbtnnt.exe114⤵PID:972
-
\??\c:\hnbnbt.exec:\hnbnbt.exe115⤵PID:1768
-
\??\c:\jvpvd.exec:\jvpvd.exe116⤵PID:2828
-
\??\c:\jjddj.exec:\jjddj.exe117⤵PID:2904
-
\??\c:\lxrlrlf.exec:\lxrlrlf.exe118⤵PID:2556
-
\??\c:\5nbhnh.exec:\5nbhnh.exe119⤵PID:2736
-
\??\c:\9dppp.exec:\9dppp.exe120⤵PID:2676
-
\??\c:\jdddj.exec:\jdddj.exe121⤵PID:2572
-
\??\c:\xrxxrfx.exec:\xrxxrfx.exe122⤵PID:2672
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-