Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe
-
Size
68KB
-
MD5
6683714a352fc3014d40ad9c195378e0
-
SHA1
efd3f33aa44e96c1fe48fe48e6d9b245fd5de89e
-
SHA256
2cbe63d8536a9cf2c5705e8fde81b0a0fb80feefcd125d78c3c50955d05f82c5
-
SHA512
defbada389052128d9cfeda29d5ac1742caf278ea671e125ceaca763d843a9a907dc6cfa08873e2301da7e59a7b464e31fbb162faac187240f18f9ceb7027f6b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89c:ymb3NkkiQ3mdBjFIvl358nLA89c
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/2704-9-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1640-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2156-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1784-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2436-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2288-303-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1592-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1848-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1528-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2184-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2152-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1432-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2232-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2016-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1932-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2508-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2508-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2424-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2652-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2600-41-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2600-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2156-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1640 bnbttn.exe 2156 dvpjj.exe 2600 pdvpd.exe 2652 rlxxfrx.exe 2424 xfrllff.exe 2508 5tntth.exe 1932 bthnth.exe 2016 bbhtbn.exe 2232 1pjpp.exe 1432 pvjpj.exe 1724 5lxllfx.exe 2152 lxlffxf.exe 2184 tnbnnt.exe 1528 hbtbht.exe 1784 tntbht.exe 1252 vpddd.exe 2036 pdjpv.exe 2436 3rfflff.exe 2108 xrxfffx.exe 1848 tntthb.exe 608 hbhttn.exe 1592 tnnbnb.exe 2384 pdppv.exe 704 pjpjj.exe 400 lfrxxlr.exe 300 xlrrxrx.exe 2868 tntnnn.exe 1720 tbhbtt.exe 2936 pdpvp.exe 2168 dvjdd.exe 2288 3vjdd.exe 2012 fxfrxxf.exe 2524 xrxrxrx.exe 2520 xlxxfrx.exe 1976 bntbhb.exe 2900 9hnhhb.exe 2432 dvdjj.exe 1680 5vjvv.exe 2416 7dddp.exe 2456 frxxxxx.exe 1808 5xflllr.exe 1472 rfxffxf.exe 2232 hbnntn.exe 1432 thnbbb.exe 1960 bnbhtt.exe 2584 jpvjp.exe 2316 3djpj.exe 1620 1pjpd.exe 1528 lflflrx.exe 1300 frrlfxl.exe 1252 lxxfrxx.exe 2688 bnbbbt.exe 2208 nbnhnn.exe 2132 htbtnh.exe 2328 bnbbhh.exe 336 dppjp.exe 604 pjpjj.exe 632 rxxrlff.exe 1204 lxxxxrx.exe 2924 9rxxxlr.exe 2960 ffrlllf.exe 788 nbhhbb.exe 816 3bbhhh.exe 1032 dvdvd.exe -
resource yara_rule behavioral1/memory/2704-9-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1640-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2156-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1784-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2436-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2288-303-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1592-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1848-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1528-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2184-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2152-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1432-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2232-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2016-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1932-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2652-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2600-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2156-23-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2704 wrote to memory of 1640 2704 6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe 154 PID 2704 wrote to memory of 1640 2704 6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe 154 PID 2704 wrote to memory of 1640 2704 6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe 154 PID 2704 wrote to memory of 1640 2704 6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe 154 PID 1640 wrote to memory of 2156 1640 bnbttn.exe 263 PID 1640 wrote to memory of 2156 1640 bnbttn.exe 263 PID 1640 wrote to memory of 2156 1640 bnbttn.exe 263 PID 1640 wrote to memory of 2156 1640 bnbttn.exe 263 PID 2156 wrote to memory of 2600 2156 dvpjj.exe 184 PID 2156 wrote to memory of 2600 2156 dvpjj.exe 184 PID 2156 wrote to memory of 2600 2156 dvpjj.exe 184 PID 2156 wrote to memory of 2600 2156 dvpjj.exe 184 PID 2600 wrote to memory of 2652 2600 pdvpd.exe 31 PID 2600 wrote to memory of 2652 2600 pdvpd.exe 31 PID 2600 wrote to memory of 2652 2600 pdvpd.exe 31 PID 2600 wrote to memory of 2652 2600 pdvpd.exe 31 PID 2652 wrote to memory of 2424 2652 rlxxfrx.exe 32 PID 2652 wrote to memory of 2424 2652 rlxxfrx.exe 32 PID 2652 wrote to memory of 2424 2652 rlxxfrx.exe 32 PID 2652 wrote to memory of 2424 2652 rlxxfrx.exe 32 PID 2424 wrote to memory of 2508 2424 xfrllff.exe 106 PID 2424 wrote to memory of 2508 2424 xfrllff.exe 106 PID 2424 wrote to memory of 2508 2424 xfrllff.exe 106 PID 2424 wrote to memory of 2508 2424 xfrllff.exe 106 PID 2508 wrote to memory of 1932 2508 5tntth.exe 34 PID 2508 wrote to memory of 1932 2508 5tntth.exe 34 PID 2508 wrote to memory of 1932 2508 5tntth.exe 34 PID 2508 wrote to memory of 1932 2508 5tntth.exe 34 PID 1932 wrote to memory of 2016 1932 bthnth.exe 35 PID 1932 wrote to memory of 2016 1932 bthnth.exe 35 PID 1932 wrote to memory of 2016 1932 bthnth.exe 35 PID 1932 wrote to memory of 2016 1932 bthnth.exe 35 PID 2016 wrote to memory of 2232 2016 bbhtbn.exe 36 PID 2016 wrote to memory of 2232 2016 bbhtbn.exe 36 PID 2016 wrote to memory of 2232 2016 bbhtbn.exe 36 PID 2016 wrote to memory of 2232 2016 bbhtbn.exe 36 PID 2232 wrote to memory of 1432 2232 1pjpp.exe 37 PID 2232 wrote to memory of 1432 2232 1pjpp.exe 37 PID 2232 wrote to memory of 1432 2232 1pjpp.exe 37 PID 2232 wrote to memory of 1432 2232 1pjpp.exe 37 PID 1432 wrote to memory of 1724 1432 pvjpj.exe 38 PID 1432 wrote to memory of 1724 1432 pvjpj.exe 38 PID 1432 wrote to memory of 1724 1432 pvjpj.exe 38 PID 1432 wrote to memory of 1724 1432 pvjpj.exe 38 PID 1724 wrote to memory of 2152 1724 5lxllfx.exe 39 PID 1724 wrote to memory of 2152 1724 5lxllfx.exe 39 PID 1724 wrote to memory of 2152 1724 5lxllfx.exe 39 PID 1724 wrote to memory of 2152 1724 5lxllfx.exe 39 PID 2152 wrote to memory of 2184 2152 lxlffxf.exe 40 PID 2152 wrote to memory of 2184 2152 lxlffxf.exe 40 PID 2152 wrote to memory of 2184 2152 lxlffxf.exe 40 PID 2152 wrote to memory of 2184 2152 lxlffxf.exe 40 PID 2184 wrote to memory of 1528 2184 tnbnnt.exe 76 PID 2184 wrote to memory of 1528 2184 tnbnnt.exe 76 PID 2184 wrote to memory of 1528 2184 tnbnnt.exe 76 PID 2184 wrote to memory of 1528 2184 tnbnnt.exe 76 PID 1528 wrote to memory of 1784 1528 hbtbht.exe 42 PID 1528 wrote to memory of 1784 1528 hbtbht.exe 42 PID 1528 wrote to memory of 1784 1528 hbtbht.exe 42 PID 1528 wrote to memory of 1784 1528 hbtbht.exe 42 PID 1784 wrote to memory of 1252 1784 tntbht.exe 43 PID 1784 wrote to memory of 1252 1784 tntbht.exe 43 PID 1784 wrote to memory of 1252 1784 tntbht.exe 43 PID 1784 wrote to memory of 1252 1784 tntbht.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6683714a352fc3014d40ad9c195378e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\bnbttn.exec:\bnbttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1640 -
\??\c:\dvpjj.exec:\dvpjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2156 -
\??\c:\pdvpd.exec:\pdvpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\rlxxfrx.exec:\rlxxfrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\xfrllff.exec:\xfrllff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\5tntth.exec:\5tntth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\bthnth.exec:\bthnth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1932 -
\??\c:\bbhtbn.exec:\bbhtbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2016 -
\??\c:\1pjpp.exec:\1pjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2232 -
\??\c:\pvjpj.exec:\pvjpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1432 -
\??\c:\5lxllfx.exec:\5lxllfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1724 -
\??\c:\lxlffxf.exec:\lxlffxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2152 -
\??\c:\tnbnnt.exec:\tnbnnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\hbtbht.exec:\hbtbht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1528 -
\??\c:\tntbht.exec:\tntbht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1784 -
\??\c:\vpddd.exec:\vpddd.exe17⤵
- Executes dropped EXE
PID:1252 -
\??\c:\pdjpv.exec:\pdjpv.exe18⤵
- Executes dropped EXE
PID:2036 -
\??\c:\3rfflff.exec:\3rfflff.exe19⤵
- Executes dropped EXE
PID:2436 -
\??\c:\xrxfffx.exec:\xrxfffx.exe20⤵
- Executes dropped EXE
PID:2108 -
\??\c:\tntthb.exec:\tntthb.exe21⤵
- Executes dropped EXE
PID:1848 -
\??\c:\hbhttn.exec:\hbhttn.exe22⤵
- Executes dropped EXE
PID:608 -
\??\c:\tnnbnb.exec:\tnnbnb.exe23⤵
- Executes dropped EXE
PID:1592 -
\??\c:\pdppv.exec:\pdppv.exe24⤵
- Executes dropped EXE
PID:2384 -
\??\c:\pjpjj.exec:\pjpjj.exe25⤵
- Executes dropped EXE
PID:704 -
\??\c:\lfrxxlr.exec:\lfrxxlr.exe26⤵
- Executes dropped EXE
PID:400 -
\??\c:\xlrrxrx.exec:\xlrrxrx.exe27⤵
- Executes dropped EXE
PID:300 -
\??\c:\tntnnn.exec:\tntnnn.exe28⤵
- Executes dropped EXE
PID:2868 -
\??\c:\tbhbtt.exec:\tbhbtt.exe29⤵
- Executes dropped EXE
PID:1720 -
\??\c:\pdpvp.exec:\pdpvp.exe30⤵
- Executes dropped EXE
PID:2936 -
\??\c:\dvjdd.exec:\dvjdd.exe31⤵
- Executes dropped EXE
PID:2168 -
\??\c:\3vjdd.exec:\3vjdd.exe32⤵
- Executes dropped EXE
PID:2288 -
\??\c:\fxfrxxf.exec:\fxfrxxf.exe33⤵
- Executes dropped EXE
PID:2012 -
\??\c:\xrxrxrx.exec:\xrxrxrx.exe34⤵
- Executes dropped EXE
PID:2524 -
\??\c:\xlxxfrx.exec:\xlxxfrx.exe35⤵
- Executes dropped EXE
PID:2520 -
\??\c:\bntbhb.exec:\bntbhb.exe36⤵
- Executes dropped EXE
PID:1976 -
\??\c:\9hnhhb.exec:\9hnhhb.exe37⤵
- Executes dropped EXE
PID:2900 -
\??\c:\dvdjj.exec:\dvdjj.exe38⤵
- Executes dropped EXE
PID:2432 -
\??\c:\5vjvv.exec:\5vjvv.exe39⤵
- Executes dropped EXE
PID:1680 -
\??\c:\7dddp.exec:\7dddp.exe40⤵
- Executes dropped EXE
PID:2416 -
\??\c:\frxxxxx.exec:\frxxxxx.exe41⤵
- Executes dropped EXE
PID:2456 -
\??\c:\5xflllr.exec:\5xflllr.exe42⤵
- Executes dropped EXE
PID:1808 -
\??\c:\rfxffxf.exec:\rfxffxf.exe43⤵
- Executes dropped EXE
PID:1472 -
\??\c:\hbnntn.exec:\hbnntn.exe44⤵
- Executes dropped EXE
PID:2232 -
\??\c:\thnbbb.exec:\thnbbb.exe45⤵
- Executes dropped EXE
PID:1432 -
\??\c:\bnbhtt.exec:\bnbhtt.exe46⤵
- Executes dropped EXE
PID:1960 -
\??\c:\jpvjp.exec:\jpvjp.exe47⤵
- Executes dropped EXE
PID:2584 -
\??\c:\3djpj.exec:\3djpj.exe48⤵
- Executes dropped EXE
PID:2316 -
\??\c:\1pjpd.exec:\1pjpd.exe49⤵
- Executes dropped EXE
PID:1620 -
\??\c:\lflflrx.exec:\lflflrx.exe50⤵
- Executes dropped EXE
PID:1528 -
\??\c:\frrlfxl.exec:\frrlfxl.exe51⤵
- Executes dropped EXE
PID:1300 -
\??\c:\lxxfrxx.exec:\lxxfrxx.exe52⤵
- Executes dropped EXE
PID:1252 -
\??\c:\bnbbbt.exec:\bnbbbt.exe53⤵
- Executes dropped EXE
PID:2688 -
\??\c:\nbnhnn.exec:\nbnhnn.exe54⤵
- Executes dropped EXE
PID:2208 -
\??\c:\htbtnh.exec:\htbtnh.exe55⤵
- Executes dropped EXE
PID:2132 -
\??\c:\bnbbhh.exec:\bnbbhh.exe56⤵
- Executes dropped EXE
PID:2328 -
\??\c:\dppjp.exec:\dppjp.exe57⤵
- Executes dropped EXE
PID:336 -
\??\c:\pjpjj.exec:\pjpjj.exe58⤵
- Executes dropped EXE
PID:604 -
\??\c:\rxxrlff.exec:\rxxrlff.exe59⤵
- Executes dropped EXE
PID:632 -
\??\c:\lxxxxrx.exec:\lxxxxrx.exe60⤵
- Executes dropped EXE
PID:1204 -
\??\c:\9rxxxlr.exec:\9rxxxlr.exe61⤵
- Executes dropped EXE
PID:2924 -
\??\c:\ffrlllf.exec:\ffrlllf.exe62⤵
- Executes dropped EXE
PID:2960 -
\??\c:\nbhhbb.exec:\nbhhbb.exe63⤵
- Executes dropped EXE
PID:788 -
\??\c:\3bbhhh.exec:\3bbhhh.exe64⤵
- Executes dropped EXE
PID:816 -
\??\c:\dvdvd.exec:\dvdvd.exe65⤵
- Executes dropped EXE
PID:1032 -
\??\c:\jdpjv.exec:\jdpjv.exe66⤵PID:3068
-
\??\c:\vpdjp.exec:\vpdjp.exe67⤵PID:328
-
\??\c:\5frrxxl.exec:\5frrxxl.exe68⤵PID:3004
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe69⤵PID:1440
-
\??\c:\1btbht.exec:\1btbht.exe70⤵PID:2332
-
\??\c:\1btbtt.exec:\1btbtt.exe71⤵PID:2704
-
\??\c:\ttntht.exec:\ttntht.exe72⤵PID:2088
-
\??\c:\jjvdj.exec:\jjvdj.exe73⤵PID:2528
-
\??\c:\5pvdd.exec:\5pvdd.exe74⤵PID:3000
-
\??\c:\9dvpp.exec:\9dvpp.exe75⤵PID:2628
-
\??\c:\lfxxflr.exec:\lfxxflr.exe76⤵PID:2712
-
\??\c:\xrlrffx.exec:\xrlrffx.exe77⤵PID:2900
-
\??\c:\fxffxxx.exec:\fxffxxx.exe78⤵PID:2568
-
\??\c:\tnbbtt.exec:\tnbbtt.exe79⤵PID:2000
-
\??\c:\nhbbhh.exec:\nhbbhh.exe80⤵PID:2508
-
\??\c:\btbbbh.exec:\btbbbh.exe81⤵PID:2784
-
\??\c:\ddvvj.exec:\ddvvj.exe82⤵PID:1652
-
\??\c:\3jppp.exec:\3jppp.exe83⤵PID:1808
-
\??\c:\xrllrrx.exec:\xrllrrx.exe84⤵PID:2636
-
\??\c:\fxfrxlx.exec:\fxfrxlx.exe85⤵PID:2136
-
\??\c:\fxxlxxf.exec:\fxxlxxf.exe86⤵PID:968
-
\??\c:\hthhhh.exec:\hthhhh.exe87⤵PID:1724
-
\??\c:\1nbbnh.exec:\1nbbnh.exe88⤵PID:2200
-
\??\c:\ttttnt.exec:\ttttnt.exe89⤵PID:2192
-
\??\c:\pjdpp.exec:\pjdpp.exe90⤵PID:1596
-
\??\c:\9vdvd.exec:\9vdvd.exe91⤵PID:1284
-
\??\c:\dvdpv.exec:\dvdpv.exe92⤵PID:2040
-
\??\c:\rllrllf.exec:\rllrllf.exe93⤵PID:2564
-
\??\c:\1xrfxlx.exec:\1xrfxlx.exe94⤵PID:2272
-
\??\c:\rlrxrrx.exec:\rlrxrrx.exe95⤵PID:2732
-
\??\c:\7nbhnn.exec:\7nbhnn.exe96⤵PID:380
-
\??\c:\hhnhhb.exec:\hhnhhb.exe97⤵PID:568
-
\??\c:\3tnbtt.exec:\3tnbtt.exe98⤵PID:796
-
\??\c:\dvpjp.exec:\dvpjp.exe99⤵PID:700
-
\??\c:\9vjpv.exec:\9vjpv.exe100⤵PID:1896
-
\??\c:\vpdpv.exec:\vpdpv.exe101⤵PID:1524
-
\??\c:\9flxxxx.exec:\9flxxxx.exe102⤵PID:880
-
\??\c:\llflxfl.exec:\llflxfl.exe103⤵PID:2920
-
\??\c:\rlrxfll.exec:\rlrxfll.exe104⤵PID:2960
-
\??\c:\tntnnn.exec:\tntnnn.exe105⤵PID:788
-
\??\c:\nhnttt.exec:\nhnttt.exe106⤵PID:816
-
\??\c:\bbtbnt.exec:\bbtbnt.exe107⤵PID:1032
-
\??\c:\xlfxffl.exec:\xlfxffl.exe108⤵PID:3068
-
\??\c:\bntttn.exec:\bntttn.exe109⤵PID:328
-
\??\c:\hbnnnb.exec:\hbnnnb.exe110⤵PID:3004
-
\??\c:\nhttbt.exec:\nhttbt.exe111⤵PID:1440
-
\??\c:\vpdjd.exec:\vpdjd.exe112⤵PID:1920
-
\??\c:\dpdjd.exec:\dpdjd.exe113⤵PID:2704
-
\??\c:\5jvpj.exec:\5jvpj.exe114⤵PID:2360
-
\??\c:\lflfffl.exec:\lflfffl.exe115⤵PID:2604
-
\??\c:\fxffffr.exec:\fxffffr.exe116⤵PID:1648
-
\??\c:\lxfxxrf.exec:\lxfxxrf.exe117⤵PID:2628
-
\??\c:\7llllfl.exec:\7llllfl.exe118⤵PID:2672
-
\??\c:\1bhtbh.exec:\1bhtbh.exe119⤵PID:2432
-
\??\c:\7nhtnt.exec:\7nhtnt.exe120⤵PID:2396
-
\??\c:\nhttnt.exec:\nhttnt.exe121⤵PID:2428
-
\??\c:\vjjpv.exec:\vjjpv.exe122⤵PID:2788
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-