Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe
-
Size
460KB
-
MD5
65a69ea99b6fcb709cdf8fe3fcfc05b0
-
SHA1
beab1b00b691cfe6ad8a5b30e5a8853a62822dde
-
SHA256
8656f98bad7224f846a3125e888fcdf0673b2137e9096092cbc72174cc28d1f3
-
SHA512
4f0936e66744f716a791b26f9aa27c4b927b463c746b9a57de0623cae4d5ae6fba1b24400939b51dac006cf62eb440bb4d32a6f952418a4b9fc98d643fd43f4b
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/TJTaYvMmr3C9BRo7tvnJ9Fywhk/Tky:n3C9ytvn8whkbJTaFmr3C9ytvn8whkbB
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/1664-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2780-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2508-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2796-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2564-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2916-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/632-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2700-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2504-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2292-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2120-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/404-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1032-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1468-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2228-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2064-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/604-214-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/600-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1152-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3052-249-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1316-285-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2780 hbbbnt.exe 2508 tbbntn.exe 2796 pjpdj.exe 2564 3btbtb.exe 2540 dpddj.exe 2416 xrllrxl.exe 2916 jvjpv.exe 632 9dvjp.exe 2700 nntbnt.exe 2504 jdddp.exe 2292 lllxlxr.exe 2120 nntbht.exe 404 pppdp.exe 1032 lllrxxl.exe 1468 9vvjd.exe 1260 dddjp.exe 1156 3nbbbt.exe 1952 dvvjv.exe 2228 lrrxrfr.exe 2064 hthhtn.exe 604 jvppj.exe 600 1rllxxl.exe 2848 vdvjv.exe 1152 7rxxxfr.exe 3052 1nhhnt.exe 2044 9djjp.exe 968 hhbhht.exe 724 9rflrxr.exe 1316 nnhbhn.exe 1752 jjjjp.exe 904 bbthbn.exe 2888 hbbhnt.exe 2532 9rlrxfr.exe 3036 btnnbb.exe 2780 ttthnn.exe 2556 ppvpv.exe 2632 lfrffrr.exe 2440 5hbhth.exe 2568 tnhhnt.exe 2428 jdvdp.exe 2456 flfrfrf.exe 2332 tttbnt.exe 2868 pjvvd.exe 2252 ppjvv.exe 632 xxxlxxf.exe 2700 7thhtb.exe 1644 5nhbhb.exe 1616 dpdjj.exe 1572 lfrxrrx.exe 1760 hbnttt.exe 296 bntbht.exe 1544 5ddvp.exe 852 fxrrxfl.exe 1028 nbtthh.exe 2012 dvvdj.exe 1156 lflxfxf.exe 2220 5btnth.exe 2764 5jjpd.exe 1340 llxfllx.exe 792 rrffrlx.exe 1436 tnhbtt.exe 1728 ppjjv.exe 1716 5fllffr.exe 1724 rfxflrx.exe -
resource yara_rule behavioral1/memory/1664-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1664-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2780-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2796-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2796-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2796-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2416-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2416-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2916-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/632-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2700-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2504-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2292-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2120-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/404-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1032-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1468-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2228-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2064-204-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/604-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/600-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1152-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3052-249-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1316-285-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1664 wrote to memory of 2780 1664 65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe 28 PID 1664 wrote to memory of 2780 1664 65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe 28 PID 1664 wrote to memory of 2780 1664 65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe 28 PID 1664 wrote to memory of 2780 1664 65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe 28 PID 2780 wrote to memory of 2508 2780 hbbbnt.exe 29 PID 2780 wrote to memory of 2508 2780 hbbbnt.exe 29 PID 2780 wrote to memory of 2508 2780 hbbbnt.exe 29 PID 2780 wrote to memory of 2508 2780 hbbbnt.exe 29 PID 2508 wrote to memory of 2796 2508 tbbntn.exe 30 PID 2508 wrote to memory of 2796 2508 tbbntn.exe 30 PID 2508 wrote to memory of 2796 2508 tbbntn.exe 30 PID 2508 wrote to memory of 2796 2508 tbbntn.exe 30 PID 2796 wrote to memory of 2564 2796 pjpdj.exe 31 PID 2796 wrote to memory of 2564 2796 pjpdj.exe 31 PID 2796 wrote to memory of 2564 2796 pjpdj.exe 31 PID 2796 wrote to memory of 2564 2796 pjpdj.exe 31 PID 2564 wrote to memory of 2540 2564 3btbtb.exe 32 PID 2564 wrote to memory of 2540 2564 3btbtb.exe 32 PID 2564 wrote to memory of 2540 2564 3btbtb.exe 32 PID 2564 wrote to memory of 2540 2564 3btbtb.exe 32 PID 2540 wrote to memory of 2416 2540 dpddj.exe 33 PID 2540 wrote to memory of 2416 2540 dpddj.exe 33 PID 2540 wrote to memory of 2416 2540 dpddj.exe 33 PID 2540 wrote to memory of 2416 2540 dpddj.exe 33 PID 2416 wrote to memory of 2916 2416 xrllrxl.exe 34 PID 2416 wrote to memory of 2916 2416 xrllrxl.exe 34 PID 2416 wrote to memory of 2916 2416 xrllrxl.exe 34 PID 2416 wrote to memory of 2916 2416 xrllrxl.exe 34 PID 2916 wrote to memory of 632 2916 jvjpv.exe 35 PID 2916 wrote to memory of 632 2916 jvjpv.exe 35 PID 2916 wrote to memory of 632 2916 jvjpv.exe 35 PID 2916 wrote to memory of 632 2916 jvjpv.exe 35 PID 632 wrote to memory of 2700 632 9dvjp.exe 36 PID 632 wrote to memory of 2700 632 9dvjp.exe 36 PID 632 wrote to memory of 2700 632 9dvjp.exe 36 PID 632 wrote to memory of 2700 632 9dvjp.exe 36 PID 2700 wrote to memory of 2504 2700 nntbnt.exe 37 PID 2700 wrote to memory of 2504 2700 nntbnt.exe 37 PID 2700 wrote to memory of 2504 2700 nntbnt.exe 37 PID 2700 wrote to memory of 2504 2700 nntbnt.exe 37 PID 2504 wrote to memory of 2292 2504 jdddp.exe 38 PID 2504 wrote to memory of 2292 2504 jdddp.exe 38 PID 2504 wrote to memory of 2292 2504 jdddp.exe 38 PID 2504 wrote to memory of 2292 2504 jdddp.exe 38 PID 2292 wrote to memory of 2120 2292 lllxlxr.exe 39 PID 2292 wrote to memory of 2120 2292 lllxlxr.exe 39 PID 2292 wrote to memory of 2120 2292 lllxlxr.exe 39 PID 2292 wrote to memory of 2120 2292 lllxlxr.exe 39 PID 2120 wrote to memory of 404 2120 nntbht.exe 40 PID 2120 wrote to memory of 404 2120 nntbht.exe 40 PID 2120 wrote to memory of 404 2120 nntbht.exe 40 PID 2120 wrote to memory of 404 2120 nntbht.exe 40 PID 404 wrote to memory of 1032 404 pppdp.exe 41 PID 404 wrote to memory of 1032 404 pppdp.exe 41 PID 404 wrote to memory of 1032 404 pppdp.exe 41 PID 404 wrote to memory of 1032 404 pppdp.exe 41 PID 1032 wrote to memory of 1468 1032 lllrxxl.exe 42 PID 1032 wrote to memory of 1468 1032 lllrxxl.exe 42 PID 1032 wrote to memory of 1468 1032 lllrxxl.exe 42 PID 1032 wrote to memory of 1468 1032 lllrxxl.exe 42 PID 1468 wrote to memory of 1260 1468 9vvjd.exe 43 PID 1468 wrote to memory of 1260 1468 9vvjd.exe 43 PID 1468 wrote to memory of 1260 1468 9vvjd.exe 43 PID 1468 wrote to memory of 1260 1468 9vvjd.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1664 -
\??\c:\hbbbnt.exec:\hbbbnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\tbbntn.exec:\tbbntn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\pjpdj.exec:\pjpdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2796 -
\??\c:\3btbtb.exec:\3btbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\dpddj.exec:\dpddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2540 -
\??\c:\xrllrxl.exec:\xrllrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\jvjpv.exec:\jvjpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2916 -
\??\c:\9dvjp.exec:\9dvjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:632 -
\??\c:\nntbnt.exec:\nntbnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\jdddp.exec:\jdddp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2504 -
\??\c:\lllxlxr.exec:\lllxlxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2292 -
\??\c:\nntbht.exec:\nntbht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2120 -
\??\c:\pppdp.exec:\pppdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:404 -
\??\c:\lllrxxl.exec:\lllrxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1032 -
\??\c:\9vvjd.exec:\9vvjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1468 -
\??\c:\dddjp.exec:\dddjp.exe17⤵
- Executes dropped EXE
PID:1260 -
\??\c:\3nbbbt.exec:\3nbbbt.exe18⤵
- Executes dropped EXE
PID:1156 -
\??\c:\dvvjv.exec:\dvvjv.exe19⤵
- Executes dropped EXE
PID:1952 -
\??\c:\lrrxrfr.exec:\lrrxrfr.exe20⤵
- Executes dropped EXE
PID:2228 -
\??\c:\hthhtn.exec:\hthhtn.exe21⤵
- Executes dropped EXE
PID:2064 -
\??\c:\jvppj.exec:\jvppj.exe22⤵
- Executes dropped EXE
PID:604 -
\??\c:\1rllxxl.exec:\1rllxxl.exe23⤵
- Executes dropped EXE
PID:600 -
\??\c:\vdvjv.exec:\vdvjv.exe24⤵
- Executes dropped EXE
PID:2848 -
\??\c:\7rxxxfr.exec:\7rxxxfr.exe25⤵
- Executes dropped EXE
PID:1152 -
\??\c:\1nhhnt.exec:\1nhhnt.exe26⤵
- Executes dropped EXE
PID:3052 -
\??\c:\9djjp.exec:\9djjp.exe27⤵
- Executes dropped EXE
PID:2044 -
\??\c:\hhbhht.exec:\hhbhht.exe28⤵
- Executes dropped EXE
PID:968 -
\??\c:\9rflrxr.exec:\9rflrxr.exe29⤵
- Executes dropped EXE
PID:724 -
\??\c:\nnhbhn.exec:\nnhbhn.exe30⤵
- Executes dropped EXE
PID:1316 -
\??\c:\jjjjp.exec:\jjjjp.exe31⤵
- Executes dropped EXE
PID:1752 -
\??\c:\bbthbn.exec:\bbthbn.exe32⤵
- Executes dropped EXE
PID:904 -
\??\c:\hbbhnt.exec:\hbbhnt.exe33⤵
- Executes dropped EXE
PID:2888 -
\??\c:\9rlrxfr.exec:\9rlrxfr.exe34⤵
- Executes dropped EXE
PID:2532 -
\??\c:\btnnbb.exec:\btnnbb.exe35⤵
- Executes dropped EXE
PID:3036 -
\??\c:\ttthnn.exec:\ttthnn.exe36⤵
- Executes dropped EXE
PID:2780 -
\??\c:\ppvpv.exec:\ppvpv.exe37⤵
- Executes dropped EXE
PID:2556 -
\??\c:\lfrffrr.exec:\lfrffrr.exe38⤵
- Executes dropped EXE
PID:2632 -
\??\c:\5hbhth.exec:\5hbhth.exe39⤵
- Executes dropped EXE
PID:2440 -
\??\c:\tnhhnt.exec:\tnhhnt.exe40⤵
- Executes dropped EXE
PID:2568 -
\??\c:\jdvdp.exec:\jdvdp.exe41⤵
- Executes dropped EXE
PID:2428 -
\??\c:\flfrfrf.exec:\flfrfrf.exe42⤵
- Executes dropped EXE
PID:2456 -
\??\c:\tttbnt.exec:\tttbnt.exe43⤵
- Executes dropped EXE
PID:2332 -
\??\c:\pjvvd.exec:\pjvvd.exe44⤵
- Executes dropped EXE
PID:2868 -
\??\c:\ppjvv.exec:\ppjvv.exe45⤵
- Executes dropped EXE
PID:2252 -
\??\c:\xxxlxxf.exec:\xxxlxxf.exe46⤵
- Executes dropped EXE
PID:632 -
\??\c:\7thhtb.exec:\7thhtb.exe47⤵
- Executes dropped EXE
PID:2700 -
\??\c:\5nhbhb.exec:\5nhbhb.exe48⤵
- Executes dropped EXE
PID:1644 -
\??\c:\dpdjj.exec:\dpdjj.exe49⤵
- Executes dropped EXE
PID:1616 -
\??\c:\lfrxrrx.exec:\lfrxrrx.exe50⤵
- Executes dropped EXE
PID:1572 -
\??\c:\hbnttt.exec:\hbnttt.exe51⤵
- Executes dropped EXE
PID:1760 -
\??\c:\bntbht.exec:\bntbht.exe52⤵
- Executes dropped EXE
PID:296 -
\??\c:\5ddvp.exec:\5ddvp.exe53⤵
- Executes dropped EXE
PID:1544 -
\??\c:\fxrrxfl.exec:\fxrrxfl.exe54⤵
- Executes dropped EXE
PID:852 -
\??\c:\nbtthh.exec:\nbtthh.exe55⤵
- Executes dropped EXE
PID:1028 -
\??\c:\dvvdj.exec:\dvvdj.exe56⤵
- Executes dropped EXE
PID:2012 -
\??\c:\lflxfxf.exec:\lflxfxf.exe57⤵
- Executes dropped EXE
PID:1156 -
\??\c:\5btnth.exec:\5btnth.exe58⤵
- Executes dropped EXE
PID:2220 -
\??\c:\5jjpd.exec:\5jjpd.exe59⤵
- Executes dropped EXE
PID:2764 -
\??\c:\llxfllx.exec:\llxfllx.exe60⤵
- Executes dropped EXE
PID:1340 -
\??\c:\rrffrlx.exec:\rrffrlx.exe61⤵
- Executes dropped EXE
PID:792 -
\??\c:\tnhbtt.exec:\tnhbtt.exe62⤵
- Executes dropped EXE
PID:1436 -
\??\c:\ppjjv.exec:\ppjjv.exe63⤵
- Executes dropped EXE
PID:1728 -
\??\c:\5fllffr.exec:\5fllffr.exe64⤵
- Executes dropped EXE
PID:1716 -
\??\c:\rfxflrx.exec:\rfxflrx.exe65⤵
- Executes dropped EXE
PID:1724 -
\??\c:\nnbbhn.exec:\nnbbhn.exe66⤵PID:2276
-
\??\c:\5pjpj.exec:\5pjpj.exe67⤵PID:2364
-
\??\c:\lfllxfr.exec:\lfllxfr.exe68⤵PID:1164
-
\??\c:\7btntt.exec:\7btntt.exe69⤵PID:3020
-
\??\c:\nbntbh.exec:\nbntbh.exe70⤵PID:1784
-
\??\c:\vpppp.exec:\vpppp.exe71⤵PID:2096
-
\??\c:\xxrfxlr.exec:\xxrfxlr.exe72⤵PID:1736
-
\??\c:\9nhtbh.exec:\9nhtbh.exe73⤵PID:576
-
\??\c:\ddddj.exec:\ddddj.exe74⤵PID:2832
-
\??\c:\xfffrrx.exec:\xfffrrx.exe75⤵PID:1940
-
\??\c:\xfxfrxf.exec:\xfxfrxf.exe76⤵PID:2888
-
\??\c:\nhtbhh.exec:\nhtbhh.exe77⤵PID:1508
-
\??\c:\dvvdp.exec:\dvvdp.exe78⤵PID:3036
-
\??\c:\7fxflrx.exec:\7fxflrx.exe79⤵PID:2780
-
\??\c:\1htbbh.exec:\1htbbh.exe80⤵PID:2556
-
\??\c:\pjdjv.exec:\pjdjv.exe81⤵PID:2244
-
\??\c:\1ddjv.exec:\1ddjv.exe82⤵PID:2440
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe83⤵PID:2716
-
\??\c:\hbtthn.exec:\hbtthn.exe84⤵PID:2428
-
\??\c:\vpvpp.exec:\vpvpp.exe85⤵PID:1992
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe86⤵PID:2332
-
\??\c:\bthhtb.exec:\bthhtb.exe87⤵PID:2868
-
\??\c:\bbtbnh.exec:\bbtbnh.exe88⤵PID:2252
-
\??\c:\jvvvv.exec:\jvvvv.exe89⤵PID:2760
-
\??\c:\ffrxffx.exec:\ffrxffx.exe90⤵PID:2700
-
\??\c:\rlflffr.exec:\rlflffr.exe91⤵PID:1744
-
\??\c:\nhtttt.exec:\nhtttt.exe92⤵PID:680
-
\??\c:\jdvdp.exec:\jdvdp.exe93⤵PID:2340
-
\??\c:\dpdpv.exec:\dpdpv.exe94⤵PID:1760
-
\??\c:\rrrrlrf.exec:\rrrrlrf.exe95⤵PID:1640
-
\??\c:\nhhbhh.exec:\nhhbhh.exe96⤵PID:1544
-
\??\c:\hbtnbb.exec:\hbtnbb.exe97⤵PID:856
-
\??\c:\jvjvp.exec:\jvjvp.exe98⤵PID:1028
-
\??\c:\ffxrxxr.exec:\ffxrxxr.exe99⤵PID:2232
-
\??\c:\bnbbhh.exec:\bnbbhh.exe100⤵PID:1156
-
\??\c:\1ntttt.exec:\1ntttt.exe101⤵PID:2140
-
\??\c:\vvvdd.exec:\vvvdd.exe102⤵PID:2764
-
\??\c:\rrxflrx.exec:\rrxflrx.exe103⤵PID:1340
-
\??\c:\lfllrrx.exec:\lfllrrx.exe104⤵PID:792
-
\??\c:\hhbbhn.exec:\hhbbhn.exe105⤵PID:600
-
\??\c:\9vjjp.exec:\9vjjp.exe106⤵PID:1080
-
\??\c:\rrflrxl.exec:\rrflrxl.exe107⤵PID:2932
-
\??\c:\xxlrflf.exec:\xxlrflf.exe108⤵PID:1236
-
\??\c:\hbtbnb.exec:\hbtbnb.exe109⤵PID:2276
-
\??\c:\9djpv.exec:\9djpv.exe110⤵PID:2364
-
\??\c:\pppvp.exec:\pppvp.exe111⤵PID:952
-
\??\c:\xrrxlrx.exec:\xrrxlrx.exe112⤵PID:3020
-
\??\c:\nhntnt.exec:\nhntnt.exe113⤵PID:1784
-
\??\c:\btttbh.exec:\btttbh.exe114⤵PID:2096
-
\??\c:\1pvvd.exec:\1pvvd.exe115⤵PID:816
-
\??\c:\xrfxfrl.exec:\xrfxfrl.exe116⤵PID:576
-
\??\c:\xrflrfl.exec:\xrflrfl.exe117⤵PID:2008
-
\??\c:\hnhhtt.exec:\hnhhtt.exe118⤵PID:1540
-
\??\c:\3hbhht.exec:\3hbhht.exe119⤵PID:2560
-
\??\c:\dddjj.exec:\dddjj.exe120⤵PID:2636
-
\??\c:\frrrxfl.exec:\frrrxfl.exe121⤵PID:2628
-
\??\c:\jvpdp.exec:\jvpdp.exe122⤵PID:2712
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-