Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
68f03ceae3be7434f22518e24e87eae0
-
SHA1
c03ff3599491a17da26c7835af42842442d65a8a
-
SHA256
2fe261e2b6a3cbc8f0be90b908564c6c8786b5f3a4e34e63f5abb54f85782374
-
SHA512
446147dc17f3c912f9571b1135f62f993b70606525540ae5ab642290fa737afdc67e76fa32aa4a1af9c60068ad0f810d0de8821b127e2965ed525322bace8688
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1AP2:ymb3NkkiQ3mdBjFIsIVbpUO2
Malware Config
Signatures
-
Detect Blackmoon payload 20 IoCs
resource yara_rule behavioral1/memory/2992-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2920-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2860-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1252-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2712-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2776-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2684-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2956-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2488-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1608-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2600-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1812-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1632-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1952-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1672-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/768-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1908-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1640-254-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1028-262-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/876-271-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2992 rrlrxxl.exe 2860 5ttbhh.exe 1252 9jdjp.exe 2712 ddpvd.exe 2520 nnnbhb.exe 2776 jjvpj.exe 2684 dvdvj.exe 2532 xrrflrf.exe 2956 tnntth.exe 2488 thbhnt.exe 1608 dvpvj.exe 2600 pppdj.exe 1812 fxllrxl.exe 1632 hbthnn.exe 2000 vpppd.exe 1952 3xrlrfl.exe 1672 rlllflx.exe 768 nnhnbt.exe 2960 jdpjd.exe 540 vpjpv.exe 1908 9xrxllf.exe 2084 lfrlxxx.exe 2380 tnnbnt.exe 2848 pjvjv.exe 1780 jjpdj.exe 1640 xrrxflr.exe 1028 xxffxxl.exe 876 nhbntn.exe 1788 ttnhtt.exe 2172 dvjpj.exe 1496 xlxffff.exe 1744 1hbhbn.exe 2988 9jdpd.exe 1564 vpjdp.exe 2188 xrffxfx.exe 2032 fxlrllx.exe 1720 nnbhhn.exe 2700 tnnnhb.exe 2876 pvjpj.exe 2712 vjpjd.exe 2796 7xxflxf.exe 2648 btnhnt.exe 3032 3bnntb.exe 2684 ddppv.exe 2564 jdpvd.exe 376 xxllllx.exe 1792 llflflx.exe 2772 bbthbh.exe 2836 pjddp.exe 2692 vjvpv.exe 308 rlrxllr.exe 1968 3xrfxxf.exe 1632 7nntbb.exe 2000 5thhnn.exe 1952 vpjjv.exe 348 3jvpd.exe 1196 xrxxfrf.exe 1292 bbnbnn.exe 2256 bntbbb.exe 2316 dvvpv.exe 2484 5dvvv.exe 2392 xxlxxfx.exe 2292 vpvjp.exe 580 pvppv.exe -
resource yara_rule behavioral1/memory/2920-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2920-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2860-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1252-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2712-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2712-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2712-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2776-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2684-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2956-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2488-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1608-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2600-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1812-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1632-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1952-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1672-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/768-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1908-208-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1640-254-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1028-262-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/876-271-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2920 wrote to memory of 2992 2920 68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe 28 PID 2920 wrote to memory of 2992 2920 68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe 28 PID 2920 wrote to memory of 2992 2920 68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe 28 PID 2920 wrote to memory of 2992 2920 68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe 28 PID 2992 wrote to memory of 2860 2992 rrlrxxl.exe 29 PID 2992 wrote to memory of 2860 2992 rrlrxxl.exe 29 PID 2992 wrote to memory of 2860 2992 rrlrxxl.exe 29 PID 2992 wrote to memory of 2860 2992 rrlrxxl.exe 29 PID 2860 wrote to memory of 1252 2860 5ttbhh.exe 30 PID 2860 wrote to memory of 1252 2860 5ttbhh.exe 30 PID 2860 wrote to memory of 1252 2860 5ttbhh.exe 30 PID 2860 wrote to memory of 1252 2860 5ttbhh.exe 30 PID 1252 wrote to memory of 2712 1252 9jdjp.exe 31 PID 1252 wrote to memory of 2712 1252 9jdjp.exe 31 PID 1252 wrote to memory of 2712 1252 9jdjp.exe 31 PID 1252 wrote to memory of 2712 1252 9jdjp.exe 31 PID 2712 wrote to memory of 2520 2712 ddpvd.exe 32 PID 2712 wrote to memory of 2520 2712 ddpvd.exe 32 PID 2712 wrote to memory of 2520 2712 ddpvd.exe 32 PID 2712 wrote to memory of 2520 2712 ddpvd.exe 32 PID 2520 wrote to memory of 2776 2520 nnnbhb.exe 33 PID 2520 wrote to memory of 2776 2520 nnnbhb.exe 33 PID 2520 wrote to memory of 2776 2520 nnnbhb.exe 33 PID 2520 wrote to memory of 2776 2520 nnnbhb.exe 33 PID 2776 wrote to memory of 2684 2776 jjvpj.exe 34 PID 2776 wrote to memory of 2684 2776 jjvpj.exe 34 PID 2776 wrote to memory of 2684 2776 jjvpj.exe 34 PID 2776 wrote to memory of 2684 2776 jjvpj.exe 34 PID 2684 wrote to memory of 2532 2684 dvdvj.exe 35 PID 2684 wrote to memory of 2532 2684 dvdvj.exe 35 PID 2684 wrote to memory of 2532 2684 dvdvj.exe 35 PID 2684 wrote to memory of 2532 2684 dvdvj.exe 35 PID 2532 wrote to memory of 2956 2532 xrrflrf.exe 36 PID 2532 wrote to memory of 2956 2532 xrrflrf.exe 36 PID 2532 wrote to memory of 2956 2532 xrrflrf.exe 36 PID 2532 wrote to memory of 2956 2532 xrrflrf.exe 36 PID 2956 wrote to memory of 2488 2956 tnntth.exe 37 PID 2956 wrote to memory of 2488 2956 tnntth.exe 37 PID 2956 wrote to memory of 2488 2956 tnntth.exe 37 PID 2956 wrote to memory of 2488 2956 tnntth.exe 37 PID 2488 wrote to memory of 1608 2488 thbhnt.exe 38 PID 2488 wrote to memory of 1608 2488 thbhnt.exe 38 PID 2488 wrote to memory of 1608 2488 thbhnt.exe 38 PID 2488 wrote to memory of 1608 2488 thbhnt.exe 38 PID 1608 wrote to memory of 2600 1608 dvpvj.exe 39 PID 1608 wrote to memory of 2600 1608 dvpvj.exe 39 PID 1608 wrote to memory of 2600 1608 dvpvj.exe 39 PID 1608 wrote to memory of 2600 1608 dvpvj.exe 39 PID 2600 wrote to memory of 1812 2600 pppdj.exe 40 PID 2600 wrote to memory of 1812 2600 pppdj.exe 40 PID 2600 wrote to memory of 1812 2600 pppdj.exe 40 PID 2600 wrote to memory of 1812 2600 pppdj.exe 40 PID 1812 wrote to memory of 1632 1812 fxllrxl.exe 41 PID 1812 wrote to memory of 1632 1812 fxllrxl.exe 41 PID 1812 wrote to memory of 1632 1812 fxllrxl.exe 41 PID 1812 wrote to memory of 1632 1812 fxllrxl.exe 41 PID 1632 wrote to memory of 2000 1632 hbthnn.exe 42 PID 1632 wrote to memory of 2000 1632 hbthnn.exe 42 PID 1632 wrote to memory of 2000 1632 hbthnn.exe 42 PID 1632 wrote to memory of 2000 1632 hbthnn.exe 42 PID 2000 wrote to memory of 1952 2000 vpppd.exe 43 PID 2000 wrote to memory of 1952 2000 vpppd.exe 43 PID 2000 wrote to memory of 1952 2000 vpppd.exe 43 PID 2000 wrote to memory of 1952 2000 vpppd.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2920 -
\??\c:\rrlrxxl.exec:\rrlrxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2992 -
\??\c:\5ttbhh.exec:\5ttbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2860 -
\??\c:\9jdjp.exec:\9jdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1252 -
\??\c:\ddpvd.exec:\ddpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\nnnbhb.exec:\nnnbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\jjvpj.exec:\jjvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2776 -
\??\c:\dvdvj.exec:\dvdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2684 -
\??\c:\xrrflrf.exec:\xrrflrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\tnntth.exec:\tnntth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956 -
\??\c:\thbhnt.exec:\thbhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2488 -
\??\c:\dvpvj.exec:\dvpvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1608 -
\??\c:\pppdj.exec:\pppdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\fxllrxl.exec:\fxllrxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1812 -
\??\c:\hbthnn.exec:\hbthnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1632 -
\??\c:\vpppd.exec:\vpppd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\3xrlrfl.exec:\3xrlrfl.exe17⤵
- Executes dropped EXE
PID:1952 -
\??\c:\rlllflx.exec:\rlllflx.exe18⤵
- Executes dropped EXE
PID:1672 -
\??\c:\nnhnbt.exec:\nnhnbt.exe19⤵
- Executes dropped EXE
PID:768 -
\??\c:\jdpjd.exec:\jdpjd.exe20⤵
- Executes dropped EXE
PID:2960 -
\??\c:\vpjpv.exec:\vpjpv.exe21⤵
- Executes dropped EXE
PID:540 -
\??\c:\9xrxllf.exec:\9xrxllf.exe22⤵
- Executes dropped EXE
PID:1908 -
\??\c:\lfrlxxx.exec:\lfrlxxx.exe23⤵
- Executes dropped EXE
PID:2084 -
\??\c:\tnnbnt.exec:\tnnbnt.exe24⤵
- Executes dropped EXE
PID:2380 -
\??\c:\pjvjv.exec:\pjvjv.exe25⤵
- Executes dropped EXE
PID:2848 -
\??\c:\jjpdj.exec:\jjpdj.exe26⤵
- Executes dropped EXE
PID:1780 -
\??\c:\xrrxflr.exec:\xrrxflr.exe27⤵
- Executes dropped EXE
PID:1640 -
\??\c:\xxffxxl.exec:\xxffxxl.exe28⤵
- Executes dropped EXE
PID:1028 -
\??\c:\nhbntn.exec:\nhbntn.exe29⤵
- Executes dropped EXE
PID:876 -
\??\c:\ttnhtt.exec:\ttnhtt.exe30⤵
- Executes dropped EXE
PID:1788 -
\??\c:\dvjpj.exec:\dvjpj.exe31⤵
- Executes dropped EXE
PID:2172 -
\??\c:\xlxffff.exec:\xlxffff.exe32⤵
- Executes dropped EXE
PID:1496 -
\??\c:\1hbhbn.exec:\1hbhbn.exe33⤵
- Executes dropped EXE
PID:1744 -
\??\c:\9jdpd.exec:\9jdpd.exe34⤵
- Executes dropped EXE
PID:2988 -
\??\c:\vpjdp.exec:\vpjdp.exe35⤵
- Executes dropped EXE
PID:1564 -
\??\c:\xrffxfx.exec:\xrffxfx.exe36⤵
- Executes dropped EXE
PID:2188 -
\??\c:\fxlrllx.exec:\fxlrllx.exe37⤵
- Executes dropped EXE
PID:2032 -
\??\c:\nnbhhn.exec:\nnbhhn.exe38⤵
- Executes dropped EXE
PID:1720 -
\??\c:\tnnnhb.exec:\tnnnhb.exe39⤵
- Executes dropped EXE
PID:2700 -
\??\c:\pvjpj.exec:\pvjpj.exe40⤵
- Executes dropped EXE
PID:2876 -
\??\c:\vjpjd.exec:\vjpjd.exe41⤵
- Executes dropped EXE
PID:2712 -
\??\c:\7xxflxf.exec:\7xxflxf.exe42⤵
- Executes dropped EXE
PID:2796 -
\??\c:\btnhnt.exec:\btnhnt.exe43⤵
- Executes dropped EXE
PID:2648 -
\??\c:\3bnntb.exec:\3bnntb.exe44⤵
- Executes dropped EXE
PID:3032 -
\??\c:\ddppv.exec:\ddppv.exe45⤵
- Executes dropped EXE
PID:2684 -
\??\c:\jdpvd.exec:\jdpvd.exe46⤵
- Executes dropped EXE
PID:2564 -
\??\c:\xxllllx.exec:\xxllllx.exe47⤵
- Executes dropped EXE
PID:376 -
\??\c:\llflflx.exec:\llflflx.exe48⤵
- Executes dropped EXE
PID:1792 -
\??\c:\bbthbh.exec:\bbthbh.exe49⤵
- Executes dropped EXE
PID:2772 -
\??\c:\pjddp.exec:\pjddp.exe50⤵
- Executes dropped EXE
PID:2836 -
\??\c:\vjvpv.exec:\vjvpv.exe51⤵
- Executes dropped EXE
PID:2692 -
\??\c:\rlrxllr.exec:\rlrxllr.exe52⤵
- Executes dropped EXE
PID:308 -
\??\c:\3xrfxxf.exec:\3xrfxxf.exe53⤵
- Executes dropped EXE
PID:1968 -
\??\c:\7nntbb.exec:\7nntbb.exe54⤵
- Executes dropped EXE
PID:1632 -
\??\c:\5thhnn.exec:\5thhnn.exe55⤵
- Executes dropped EXE
PID:2000 -
\??\c:\vpjjv.exec:\vpjjv.exe56⤵
- Executes dropped EXE
PID:1952 -
\??\c:\3jvpd.exec:\3jvpd.exe57⤵
- Executes dropped EXE
PID:348 -
\??\c:\xrxxfrf.exec:\xrxxfrf.exe58⤵
- Executes dropped EXE
PID:1196 -
\??\c:\bbnbnn.exec:\bbnbnn.exe59⤵
- Executes dropped EXE
PID:1292 -
\??\c:\bntbbb.exec:\bntbbb.exe60⤵
- Executes dropped EXE
PID:2256 -
\??\c:\dvvpv.exec:\dvvpv.exe61⤵
- Executes dropped EXE
PID:2316 -
\??\c:\5dvvv.exec:\5dvvv.exe62⤵
- Executes dropped EXE
PID:2484 -
\??\c:\xxlxxfx.exec:\xxlxxfx.exe63⤵
- Executes dropped EXE
PID:2392 -
\??\c:\vpvjp.exec:\vpvjp.exe64⤵
- Executes dropped EXE
PID:2292 -
\??\c:\pvppv.exec:\pvppv.exe65⤵
- Executes dropped EXE
PID:580 -
\??\c:\llfflrf.exec:\llfflrf.exe66⤵PID:1288
-
\??\c:\3lffffl.exec:\3lffffl.exe67⤵PID:1320
-
\??\c:\tnbhtt.exec:\tnbhtt.exe68⤵PID:544
-
\??\c:\vpjjd.exec:\vpjjd.exe69⤵PID:3048
-
\??\c:\jdpvv.exec:\jdpvv.exe70⤵PID:2348
-
\??\c:\xxxxfrx.exec:\xxxxfrx.exe71⤵PID:2180
-
\??\c:\xrfrxrx.exec:\xrfrxrx.exe72⤵PID:2768
-
\??\c:\nhtbnt.exec:\nhtbnt.exe73⤵PID:2396
-
\??\c:\tnhnth.exec:\tnhnth.exe74⤵PID:1756
-
\??\c:\pjvjj.exec:\pjvjj.exe75⤵PID:1064
-
\??\c:\ddpvj.exec:\ddpvj.exe76⤵PID:1744
-
\??\c:\3ffxfrf.exec:\3ffxfrf.exe77⤵PID:2988
-
\??\c:\frflxfl.exec:\frflxfl.exe78⤵PID:2996
-
\??\c:\hbnnbn.exec:\hbnnbn.exe79⤵PID:2800
-
\??\c:\pjdjj.exec:\pjdjj.exe80⤵PID:1092
-
\??\c:\jjvvp.exec:\jjvvp.exe81⤵PID:1720
-
\??\c:\xfrfrll.exec:\xfrfrll.exe82⤵PID:1252
-
\??\c:\rlrxllx.exec:\rlrxllx.exe83⤵PID:2664
-
\??\c:\9nbbhn.exec:\9nbbhn.exe84⤵PID:2868
-
\??\c:\7vppd.exec:\7vppd.exe85⤵PID:2676
-
\??\c:\jjdpv.exec:\jjdpv.exe86⤵PID:2512
-
\??\c:\jdpvd.exec:\jdpvd.exe87⤵PID:2588
-
\??\c:\7xrxffl.exec:\7xrxffl.exe88⤵PID:2576
-
\??\c:\nhtbnt.exec:\nhtbnt.exe89⤵PID:2564
-
\??\c:\ttntht.exec:\ttntht.exe90⤵PID:1620
-
\??\c:\7pjdp.exec:\7pjdp.exe91⤵PID:2808
-
\??\c:\ddvdv.exec:\ddvdv.exe92⤵PID:2760
-
\??\c:\pjdpd.exec:\pjdpd.exe93⤵PID:2836
-
\??\c:\xxxlrxl.exec:\xxxlrxl.exe94⤵PID:2600
-
\??\c:\rlrrrfx.exec:\rlrrrfx.exe95⤵PID:2240
-
\??\c:\9tthhn.exec:\9tthhn.exe96⤵PID:1980
-
\??\c:\vjvvj.exec:\vjvvj.exe97⤵PID:1616
-
\??\c:\pjpdj.exec:\pjpdj.exe98⤵PID:2212
-
\??\c:\dvjjp.exec:\dvjjp.exe99⤵PID:1952
-
\??\c:\1rxfrxf.exec:\1rxfrxf.exe100⤵PID:1572
-
\??\c:\xrflrfl.exec:\xrflrfl.exe101⤵PID:1512
-
\??\c:\5bbntb.exec:\5bbntb.exe102⤵PID:2136
-
\??\c:\nhtbhn.exec:\nhtbhn.exe103⤵PID:2252
-
\??\c:\vvpdj.exec:\vvpdj.exe104⤵PID:2304
-
\??\c:\vjddp.exec:\vjddp.exe105⤵PID:2280
-
\??\c:\lfxxlxf.exec:\lfxxlxf.exe106⤵PID:2896
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe107⤵PID:2292
-
\??\c:\bbbbhh.exec:\bbbbhh.exe108⤵PID:2724
-
\??\c:\tntthh.exec:\tntthh.exe109⤵PID:1380
-
\??\c:\5vjpj.exec:\5vjpj.exe110⤵PID:1368
-
\??\c:\rllrflx.exec:\rllrflx.exe111⤵PID:544
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe112⤵PID:1028
-
\??\c:\nntbhh.exec:\nntbhh.exe113⤵PID:2004
-
\??\c:\nhtbht.exec:\nhtbht.exe114⤵PID:1788
-
\??\c:\pjppd.exec:\pjppd.exe115⤵PID:2324
-
\??\c:\5djjv.exec:\5djjv.exe116⤵PID:804
-
\??\c:\7rlfxxf.exec:\7rlfxxf.exe117⤵PID:1444
-
\??\c:\7lrrrxx.exec:\7lrrrxx.exe118⤵PID:2008
-
\??\c:\hbhnhn.exec:\hbhnhn.exe119⤵PID:1692
-
\??\c:\hhhhtb.exec:\hhhhtb.exe120⤵PID:1316
-
\??\c:\jdjjp.exec:\jdjjp.exe121⤵PID:2604
-
\??\c:\vvvdp.exec:\vvvdp.exe122⤵PID:2708
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-