Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe
-
Size
367KB
-
MD5
672275b905ec734b6d1dcfb2041b5300
-
SHA1
c9c129e5c5a837c5fbaee5a6487e80fe75c3f3d5
-
SHA256
cee68c34d8a7eba7f6d59380d4d3fc312d9316b49d73618ac0045017314a1769
-
SHA512
5b67cf6871840c0d647385738dd623c911a820396b2f6253291f06a23493ff1686d69e5594c5f9da845e58be530ff011d8a7e70e0431e98894e353d4c707d309
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWGIaxJ8TN005pWmjVwdSsyg:n3C9BRo7tvnJ9Fywhk/T7xyTpShZb
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/1288-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2760-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2684-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2992-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2704-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2772-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2692-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2436-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/680-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2404-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1388-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/280-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2656-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1520-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1848-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2064-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2044-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/476-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2320-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1332-245-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2976-282-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2760 rxjpnxd.exe 2992 vltxlj.exe 2684 rhnld.exe 2704 xvbbjhh.exe 2772 jrhlff.exe 2692 jjpph.exe 2436 xdpnltj.exe 680 dfxljn.exe 2404 ntpxfff.exe 1388 xfpxrj.exe 280 dldxnt.exe 2656 vxxhplh.exe 1520 jtjffx.exe 2216 bptjrl.exe 2368 vbrbrn.exe 1848 ntjvthv.exe 2064 pplvp.exe 1640 btdllh.exe 2096 pltlvdb.exe 2044 ddxrvh.exe 2164 xptbpbt.exe 476 rrptb.exe 2320 blnrhl.exe 2112 thppp.exe 1332 pndjnd.exe 1620 nhblf.exe 1772 jhxtp.exe 1664 dpbfhl.exe 2976 hpfxpjl.exe 2328 bjttrp.exe 2820 nrhpdvb.exe 2764 ldnrn.exe 836 jjtvtb.exe 2504 vfvvnff.exe 1576 fdbbrbt.exe 2532 jphbx.exe 2972 llvdtb.exe 2724 xrbnf.exe 2684 hhvdxx.exe 2720 lvdfr.exe 2432 xnhdv.exe 2052 jhndth.exe 2732 fdbnj.exe 2596 djftj.exe 2236 pjjdt.exe 588 nxnrl.exe 2284 tptdrxh.exe 904 vdhrpx.exe 2412 trhdv.exe 2264 dhrjffv.exe 756 dhpbv.exe 1524 xhtpx.exe 2344 vbxxnnp.exe 2116 nfdtfnp.exe 2376 xtfplhj.exe 608 tptrxtx.exe 1644 lpthtvl.exe 1756 lbxppdb.exe 1788 tnrjjjn.exe 2952 dpllbn.exe 2044 jnvlhjr.exe 528 pvlxlxv.exe 2036 rftvpdf.exe 2004 xtrfd.exe -
resource yara_rule behavioral1/memory/1288-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2760-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2684-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2704-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2436-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/680-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2404-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1388-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/280-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2656-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1520-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1848-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2064-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2044-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/476-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2320-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1332-245-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2976-282-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1288 wrote to memory of 2760 1288 672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe 28 PID 1288 wrote to memory of 2760 1288 672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe 28 PID 1288 wrote to memory of 2760 1288 672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe 28 PID 1288 wrote to memory of 2760 1288 672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe 28 PID 2760 wrote to memory of 2992 2760 rxjpnxd.exe 29 PID 2760 wrote to memory of 2992 2760 rxjpnxd.exe 29 PID 2760 wrote to memory of 2992 2760 rxjpnxd.exe 29 PID 2760 wrote to memory of 2992 2760 rxjpnxd.exe 29 PID 2992 wrote to memory of 2684 2992 vltxlj.exe 30 PID 2992 wrote to memory of 2684 2992 vltxlj.exe 30 PID 2992 wrote to memory of 2684 2992 vltxlj.exe 30 PID 2992 wrote to memory of 2684 2992 vltxlj.exe 30 PID 2684 wrote to memory of 2704 2684 rhnld.exe 31 PID 2684 wrote to memory of 2704 2684 rhnld.exe 31 PID 2684 wrote to memory of 2704 2684 rhnld.exe 31 PID 2684 wrote to memory of 2704 2684 rhnld.exe 31 PID 2704 wrote to memory of 2772 2704 xvbbjhh.exe 32 PID 2704 wrote to memory of 2772 2704 xvbbjhh.exe 32 PID 2704 wrote to memory of 2772 2704 xvbbjhh.exe 32 PID 2704 wrote to memory of 2772 2704 xvbbjhh.exe 32 PID 2772 wrote to memory of 2692 2772 jrhlff.exe 33 PID 2772 wrote to memory of 2692 2772 jrhlff.exe 33 PID 2772 wrote to memory of 2692 2772 jrhlff.exe 33 PID 2772 wrote to memory of 2692 2772 jrhlff.exe 33 PID 2692 wrote to memory of 2436 2692 jjpph.exe 34 PID 2692 wrote to memory of 2436 2692 jjpph.exe 34 PID 2692 wrote to memory of 2436 2692 jjpph.exe 34 PID 2692 wrote to memory of 2436 2692 jjpph.exe 34 PID 2436 wrote to memory of 680 2436 xdpnltj.exe 35 PID 2436 wrote to memory of 680 2436 xdpnltj.exe 35 PID 2436 wrote to memory of 680 2436 xdpnltj.exe 35 PID 2436 wrote to memory of 680 2436 xdpnltj.exe 35 PID 680 wrote to memory of 2404 680 dfxljn.exe 36 PID 680 wrote to memory of 2404 680 dfxljn.exe 36 PID 680 wrote to memory of 2404 680 dfxljn.exe 36 PID 680 wrote to memory of 2404 680 dfxljn.exe 36 PID 2404 wrote to memory of 1388 2404 ntpxfff.exe 37 PID 2404 wrote to memory of 1388 2404 ntpxfff.exe 37 PID 2404 wrote to memory of 1388 2404 ntpxfff.exe 37 PID 2404 wrote to memory of 1388 2404 ntpxfff.exe 37 PID 1388 wrote to memory of 280 1388 xfpxrj.exe 38 PID 1388 wrote to memory of 280 1388 xfpxrj.exe 38 PID 1388 wrote to memory of 280 1388 xfpxrj.exe 38 PID 1388 wrote to memory of 280 1388 xfpxrj.exe 38 PID 280 wrote to memory of 2656 280 dldxnt.exe 39 PID 280 wrote to memory of 2656 280 dldxnt.exe 39 PID 280 wrote to memory of 2656 280 dldxnt.exe 39 PID 280 wrote to memory of 2656 280 dldxnt.exe 39 PID 2656 wrote to memory of 1520 2656 vxxhplh.exe 40 PID 2656 wrote to memory of 1520 2656 vxxhplh.exe 40 PID 2656 wrote to memory of 1520 2656 vxxhplh.exe 40 PID 2656 wrote to memory of 1520 2656 vxxhplh.exe 40 PID 1520 wrote to memory of 2216 1520 jtjffx.exe 41 PID 1520 wrote to memory of 2216 1520 jtjffx.exe 41 PID 1520 wrote to memory of 2216 1520 jtjffx.exe 41 PID 1520 wrote to memory of 2216 1520 jtjffx.exe 41 PID 2216 wrote to memory of 2368 2216 bptjrl.exe 42 PID 2216 wrote to memory of 2368 2216 bptjrl.exe 42 PID 2216 wrote to memory of 2368 2216 bptjrl.exe 42 PID 2216 wrote to memory of 2368 2216 bptjrl.exe 42 PID 2368 wrote to memory of 1848 2368 vbrbrn.exe 43 PID 2368 wrote to memory of 1848 2368 vbrbrn.exe 43 PID 2368 wrote to memory of 1848 2368 vbrbrn.exe 43 PID 2368 wrote to memory of 1848 2368 vbrbrn.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1288 -
\??\c:\rxjpnxd.exec:\rxjpnxd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760 -
\??\c:\vltxlj.exec:\vltxlj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2992 -
\??\c:\rhnld.exec:\rhnld.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2684 -
\??\c:\xvbbjhh.exec:\xvbbjhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\jrhlff.exec:\jrhlff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\jjpph.exec:\jjpph.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\xdpnltj.exec:\xdpnltj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\dfxljn.exec:\dfxljn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:680 -
\??\c:\ntpxfff.exec:\ntpxfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\xfpxrj.exec:\xfpxrj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1388 -
\??\c:\dldxnt.exec:\dldxnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:280 -
\??\c:\vxxhplh.exec:\vxxhplh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2656 -
\??\c:\jtjffx.exec:\jtjffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1520 -
\??\c:\bptjrl.exec:\bptjrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2216 -
\??\c:\vbrbrn.exec:\vbrbrn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2368 -
\??\c:\ntjvthv.exec:\ntjvthv.exe17⤵
- Executes dropped EXE
PID:1848 -
\??\c:\pplvp.exec:\pplvp.exe18⤵
- Executes dropped EXE
PID:2064 -
\??\c:\btdllh.exec:\btdllh.exe19⤵
- Executes dropped EXE
PID:1640 -
\??\c:\pltlvdb.exec:\pltlvdb.exe20⤵
- Executes dropped EXE
PID:2096 -
\??\c:\ddxrvh.exec:\ddxrvh.exe21⤵
- Executes dropped EXE
PID:2044 -
\??\c:\xptbpbt.exec:\xptbpbt.exe22⤵
- Executes dropped EXE
PID:2164 -
\??\c:\rrptb.exec:\rrptb.exe23⤵
- Executes dropped EXE
PID:476 -
\??\c:\blnrhl.exec:\blnrhl.exe24⤵
- Executes dropped EXE
PID:2320 -
\??\c:\thppp.exec:\thppp.exe25⤵
- Executes dropped EXE
PID:2112 -
\??\c:\pndjnd.exec:\pndjnd.exe26⤵
- Executes dropped EXE
PID:1332 -
\??\c:\nhblf.exec:\nhblf.exe27⤵
- Executes dropped EXE
PID:1620 -
\??\c:\jhxtp.exec:\jhxtp.exe28⤵
- Executes dropped EXE
PID:1772 -
\??\c:\dpbfhl.exec:\dpbfhl.exe29⤵
- Executes dropped EXE
PID:1664 -
\??\c:\hpfxpjl.exec:\hpfxpjl.exe30⤵
- Executes dropped EXE
PID:2976 -
\??\c:\bjttrp.exec:\bjttrp.exe31⤵
- Executes dropped EXE
PID:2328 -
\??\c:\nrhpdvb.exec:\nrhpdvb.exe32⤵
- Executes dropped EXE
PID:2820 -
\??\c:\ldnrn.exec:\ldnrn.exe33⤵
- Executes dropped EXE
PID:2764 -
\??\c:\jjtvtb.exec:\jjtvtb.exe34⤵
- Executes dropped EXE
PID:836 -
\??\c:\vfvvnff.exec:\vfvvnff.exe35⤵
- Executes dropped EXE
PID:2504 -
\??\c:\fdbbrbt.exec:\fdbbrbt.exe36⤵
- Executes dropped EXE
PID:1576 -
\??\c:\jphbx.exec:\jphbx.exe37⤵
- Executes dropped EXE
PID:2532 -
\??\c:\llvdtb.exec:\llvdtb.exe38⤵
- Executes dropped EXE
PID:2972 -
\??\c:\xrbnf.exec:\xrbnf.exe39⤵
- Executes dropped EXE
PID:2724 -
\??\c:\hhvdxx.exec:\hhvdxx.exe40⤵
- Executes dropped EXE
PID:2684 -
\??\c:\lvdfr.exec:\lvdfr.exe41⤵
- Executes dropped EXE
PID:2720 -
\??\c:\xnhdv.exec:\xnhdv.exe42⤵
- Executes dropped EXE
PID:2432 -
\??\c:\jhndth.exec:\jhndth.exe43⤵
- Executes dropped EXE
PID:2052 -
\??\c:\fdbnj.exec:\fdbnj.exe44⤵
- Executes dropped EXE
PID:2732 -
\??\c:\djftj.exec:\djftj.exe45⤵
- Executes dropped EXE
PID:2596 -
\??\c:\pjjdt.exec:\pjjdt.exe46⤵
- Executes dropped EXE
PID:2236 -
\??\c:\nxnrl.exec:\nxnrl.exe47⤵
- Executes dropped EXE
PID:588 -
\??\c:\tptdrxh.exec:\tptdrxh.exe48⤵
- Executes dropped EXE
PID:2284 -
\??\c:\vdhrpx.exec:\vdhrpx.exe49⤵
- Executes dropped EXE
PID:904 -
\??\c:\trhdv.exec:\trhdv.exe50⤵
- Executes dropped EXE
PID:2412 -
\??\c:\dhrjffv.exec:\dhrjffv.exe51⤵
- Executes dropped EXE
PID:2264 -
\??\c:\dhpbv.exec:\dhpbv.exe52⤵
- Executes dropped EXE
PID:756 -
\??\c:\xhtpx.exec:\xhtpx.exe53⤵
- Executes dropped EXE
PID:1524 -
\??\c:\vbxxnnp.exec:\vbxxnnp.exe54⤵
- Executes dropped EXE
PID:2344 -
\??\c:\nfdtfnp.exec:\nfdtfnp.exe55⤵
- Executes dropped EXE
PID:2116 -
\??\c:\xtfplhj.exec:\xtfplhj.exe56⤵
- Executes dropped EXE
PID:2376 -
\??\c:\tptrxtx.exec:\tptrxtx.exe57⤵
- Executes dropped EXE
PID:608 -
\??\c:\lpthtvl.exec:\lpthtvl.exe58⤵
- Executes dropped EXE
PID:1644 -
\??\c:\lbxppdb.exec:\lbxppdb.exe59⤵
- Executes dropped EXE
PID:1756 -
\??\c:\tnrjjjn.exec:\tnrjjjn.exe60⤵
- Executes dropped EXE
PID:1788 -
\??\c:\dpllbn.exec:\dpllbn.exe61⤵
- Executes dropped EXE
PID:2952 -
\??\c:\jnvlhjr.exec:\jnvlhjr.exe62⤵
- Executes dropped EXE
PID:2044 -
\??\c:\pvlxlxv.exec:\pvlxlxv.exe63⤵
- Executes dropped EXE
PID:528 -
\??\c:\rftvpdf.exec:\rftvpdf.exe64⤵
- Executes dropped EXE
PID:2036 -
\??\c:\xtrfd.exec:\xtrfd.exe65⤵
- Executes dropped EXE
PID:2004 -
\??\c:\fvvrf.exec:\fvvrf.exe66⤵PID:824
-
\??\c:\jjtjbh.exec:\jjtjbh.exe67⤵PID:1028
-
\??\c:\txvlpr.exec:\txvlpr.exe68⤵PID:1376
-
\??\c:\lflbrt.exec:\lflbrt.exe69⤵PID:1476
-
\??\c:\hpbpnvd.exec:\hpbpnvd.exe70⤵PID:1668
-
\??\c:\dtjpf.exec:\dtjpf.exe71⤵PID:792
-
\??\c:\lfjhl.exec:\lfjhl.exe72⤵PID:616
-
\??\c:\hdfblr.exec:\hdfblr.exe73⤵PID:1676
-
\??\c:\bhflpn.exec:\bhflpn.exe74⤵PID:2924
-
\??\c:\njhffxt.exec:\njhffxt.exe75⤵PID:1700
-
\??\c:\hjtdhrh.exec:\hjtdhrh.exe76⤵PID:2996
-
\??\c:\rvxdp.exec:\rvxdp.exe77⤵PID:1720
-
\??\c:\jfpbbr.exec:\jfpbbr.exe78⤵PID:1736
-
\??\c:\dntnlv.exec:\dntnlv.exe79⤵PID:1284
-
\??\c:\rhfxxlh.exec:\rhfxxlh.exe80⤵PID:1588
-
\??\c:\ltlxv.exec:\ltlxv.exe81⤵PID:2156
-
\??\c:\pjxntx.exec:\pjxntx.exe82⤵PID:2668
-
\??\c:\xlhnfpr.exec:\xlhnfpr.exe83⤵PID:2780
-
\??\c:\xbhfd.exec:\xbhfd.exe84⤵PID:2576
-
\??\c:\rntntv.exec:\rntntv.exe85⤵PID:2460
-
\??\c:\jtljhv.exec:\jtljhv.exe86⤵PID:2720
-
\??\c:\ltvnnpf.exec:\ltvnnpf.exe87⤵PID:2560
-
\??\c:\hdfbntp.exec:\hdfbntp.exe88⤵PID:2716
-
\??\c:\hhppjpf.exec:\hhppjpf.exe89⤵PID:572
-
\??\c:\xnlxp.exec:\xnlxp.exe90⤵PID:1080
-
\??\c:\brpdvx.exec:\brpdvx.exe91⤵PID:800
-
\??\c:\bdvpn.exec:\bdvpn.exe92⤵PID:1252
-
\??\c:\tlldth.exec:\tlldth.exe93⤵PID:920
-
\??\c:\dtfhn.exec:\dtfhn.exe94⤵PID:2632
-
\??\c:\ndptl.exec:\ndptl.exe95⤵PID:1280
-
\??\c:\drfxpl.exec:\drfxpl.exe96⤵PID:292
-
\??\c:\lbbbr.exec:\lbbbr.exe97⤵PID:1292
-
\??\c:\xdfxn.exec:\xdfxn.exe98⤵PID:2384
-
\??\c:\rtfjrrf.exec:\rtfjrrf.exe99⤵PID:2644
-
\??\c:\pfvhfbl.exec:\pfvhfbl.exe100⤵PID:1300
-
\??\c:\xdfjrv.exec:\xdfjrv.exe101⤵PID:1532
-
\??\c:\xnnbpth.exec:\xnnbpth.exe102⤵PID:1632
-
\??\c:\hxtnnl.exec:\hxtnnl.exe103⤵PID:1644
-
\??\c:\fdjhx.exec:\fdjhx.exe104⤵PID:2096
-
\??\c:\jxnjt.exec:\jxnjt.exe105⤵PID:780
-
\??\c:\lthtrv.exec:\lthtrv.exe106⤵PID:324
-
\??\c:\hxpjp.exec:\hxpjp.exe107⤵PID:2044
-
\??\c:\bvfbpl.exec:\bvfbpl.exe108⤵PID:400
-
\??\c:\nbnnv.exec:\nbnnv.exe109⤵PID:2072
-
\??\c:\xxtjfh.exec:\xxtjfh.exe110⤵PID:2112
-
\??\c:\hndbhhr.exec:\hndbhhr.exe111⤵PID:2340
-
\??\c:\fdnfj.exec:\fdnfj.exe112⤵PID:772
-
\??\c:\trftnjx.exec:\trftnjx.exe113⤵PID:1852
-
\??\c:\rvjnfn.exec:\rvjnfn.exe114⤵PID:1324
-
\??\c:\hxbdhtt.exec:\hxbdhtt.exe115⤵PID:1488
-
\??\c:\xrpxf.exec:\xrpxf.exe116⤵PID:712
-
\??\c:\npxlpjp.exec:\npxlpjp.exe117⤵PID:616
-
\??\c:\ftvvlvr.exec:\ftvvlvr.exe118⤵PID:1688
-
\??\c:\rnxlfb.exec:\rnxlfb.exe119⤵PID:3048
-
\??\c:\jdxdnj.exec:\jdxdnj.exe120⤵PID:1596
-
\??\c:\nxhpff.exec:\nxhpff.exe121⤵PID:2056
-
\??\c:\pjlfnd.exec:\pjlfnd.exe122⤵PID:112
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-