Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe
-
Size
82KB
-
MD5
6a651ad4dc3a3dc7aed411daad5bb300
-
SHA1
22d1923587e880e23feb756a3a43d89ebe45d4c8
-
SHA256
b029a54766f7e82fadbd1212e6e6f0ee89b7af09273456a297d8b2c656f1db18
-
SHA512
8cf57b529d431c39706c6269e642334b15435bc0ad63744c1fc5416ad73853b3fb49d561bd612ead05366f82a87849dbfbb7993742a66e1d619f8e56ed6e260e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsvG:ymb3NkkiQ3mdBjFIWeFGyA9PD
Malware Config
Signatures
-
Detect Blackmoon payload 19 IoCs
resource yara_rule behavioral1/memory/1012-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1904-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2972-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2716-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2568-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2932-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2464-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2936-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1424-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/292-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2552-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1476-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1724-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1836-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/908-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2252-216-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2260-243-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/896-261-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1904 jdvdp.exe 2972 ffrlrrf.exe 2716 frrrxfl.exe 2576 3pvjd.exe 2568 1lflxfr.exe 2932 hbthnt.exe 2464 nhbthh.exe 2936 vpvdv.exe 292 lllrxlx.exe 1424 nnbbhn.exe 2552 5hbnth.exe 2764 vpdpd.exe 1476 rfllflr.exe 748 nnnhnn.exe 1724 1tbbnn.exe 1836 vjdvd.exe 908 rlfxlxx.exe 1268 hbtnbb.exe 1172 bhnhbt.exe 2812 ddvjv.exe 2396 flxrlfr.exe 2252 rrxllrx.exe 1400 7bnnnt.exe 1732 jjvvj.exe 2260 jddpv.exe 328 xrxxfrl.exe 896 rlxxfll.exe 3028 djjpd.exe 1964 pdpvp.exe 3068 1rxxxxf.exe 1912 fxfflfl.exe 2080 tnbhtn.exe 2020 5dvvv.exe 2976 1ppvv.exe 2544 9rllrxf.exe 1500 5xrfffl.exe 2736 tnbhnn.exe 2584 nbnhhn.exe 2576 bnbthn.exe 2640 pjvdd.exe 2616 frfxfxf.exe 2456 frflrxf.exe 2572 bthhbt.exe 2040 tnhnnn.exe 2344 3dddj.exe 1432 3vppd.exe 2440 9lrxfxr.exe 1880 rlflrrl.exe 2120 5tntbb.exe 2380 hbthtt.exe 1608 pjdjp.exe 1544 rrlrxlr.exe 1000 rfllrxx.exe 484 5tnnbb.exe 1144 bnhhhh.exe 844 jvdpp.exe 2356 rlxxxlr.exe 2820 9hbnbt.exe 2784 7jvvd.exe 2328 pdppv.exe 2240 rlxrrrl.exe 2252 rllflfl.exe 2780 tnhnbt.exe 864 bnhhtn.exe -
resource yara_rule behavioral1/memory/1012-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1904-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2972-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2568-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2932-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2932-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2464-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2936-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1424-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/292-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2552-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1476-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1724-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1836-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/908-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2252-216-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2260-243-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/896-261-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1012 wrote to memory of 1904 1012 6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe 28 PID 1012 wrote to memory of 1904 1012 6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe 28 PID 1012 wrote to memory of 1904 1012 6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe 28 PID 1012 wrote to memory of 1904 1012 6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe 28 PID 1904 wrote to memory of 2972 1904 jdvdp.exe 29 PID 1904 wrote to memory of 2972 1904 jdvdp.exe 29 PID 1904 wrote to memory of 2972 1904 jdvdp.exe 29 PID 1904 wrote to memory of 2972 1904 jdvdp.exe 29 PID 2972 wrote to memory of 2716 2972 ffrlrrf.exe 30 PID 2972 wrote to memory of 2716 2972 ffrlrrf.exe 30 PID 2972 wrote to memory of 2716 2972 ffrlrrf.exe 30 PID 2972 wrote to memory of 2716 2972 ffrlrrf.exe 30 PID 2716 wrote to memory of 2576 2716 frrrxfl.exe 31 PID 2716 wrote to memory of 2576 2716 frrrxfl.exe 31 PID 2716 wrote to memory of 2576 2716 frrrxfl.exe 31 PID 2716 wrote to memory of 2576 2716 frrrxfl.exe 31 PID 2576 wrote to memory of 2568 2576 3pvjd.exe 32 PID 2576 wrote to memory of 2568 2576 3pvjd.exe 32 PID 2576 wrote to memory of 2568 2576 3pvjd.exe 32 PID 2576 wrote to memory of 2568 2576 3pvjd.exe 32 PID 2568 wrote to memory of 2932 2568 1lflxfr.exe 33 PID 2568 wrote to memory of 2932 2568 1lflxfr.exe 33 PID 2568 wrote to memory of 2932 2568 1lflxfr.exe 33 PID 2568 wrote to memory of 2932 2568 1lflxfr.exe 33 PID 2932 wrote to memory of 2464 2932 hbthnt.exe 34 PID 2932 wrote to memory of 2464 2932 hbthnt.exe 34 PID 2932 wrote to memory of 2464 2932 hbthnt.exe 34 PID 2932 wrote to memory of 2464 2932 hbthnt.exe 34 PID 2464 wrote to memory of 2936 2464 nhbthh.exe 35 PID 2464 wrote to memory of 2936 2464 nhbthh.exe 35 PID 2464 wrote to memory of 2936 2464 nhbthh.exe 35 PID 2464 wrote to memory of 2936 2464 nhbthh.exe 35 PID 2936 wrote to memory of 292 2936 vpvdv.exe 36 PID 2936 wrote to memory of 292 2936 vpvdv.exe 36 PID 2936 wrote to memory of 292 2936 vpvdv.exe 36 PID 2936 wrote to memory of 292 2936 vpvdv.exe 36 PID 292 wrote to memory of 1424 292 lllrxlx.exe 37 PID 292 wrote to memory of 1424 292 lllrxlx.exe 37 PID 292 wrote to memory of 1424 292 lllrxlx.exe 37 PID 292 wrote to memory of 1424 292 lllrxlx.exe 37 PID 1424 wrote to memory of 2552 1424 nnbbhn.exe 38 PID 1424 wrote to memory of 2552 1424 nnbbhn.exe 38 PID 1424 wrote to memory of 2552 1424 nnbbhn.exe 38 PID 1424 wrote to memory of 2552 1424 nnbbhn.exe 38 PID 2552 wrote to memory of 2764 2552 5hbnth.exe 39 PID 2552 wrote to memory of 2764 2552 5hbnth.exe 39 PID 2552 wrote to memory of 2764 2552 5hbnth.exe 39 PID 2552 wrote to memory of 2764 2552 5hbnth.exe 39 PID 2764 wrote to memory of 1476 2764 vpdpd.exe 40 PID 2764 wrote to memory of 1476 2764 vpdpd.exe 40 PID 2764 wrote to memory of 1476 2764 vpdpd.exe 40 PID 2764 wrote to memory of 1476 2764 vpdpd.exe 40 PID 1476 wrote to memory of 748 1476 rfllflr.exe 41 PID 1476 wrote to memory of 748 1476 rfllflr.exe 41 PID 1476 wrote to memory of 748 1476 rfllflr.exe 41 PID 1476 wrote to memory of 748 1476 rfllflr.exe 41 PID 748 wrote to memory of 1724 748 nnnhnn.exe 42 PID 748 wrote to memory of 1724 748 nnnhnn.exe 42 PID 748 wrote to memory of 1724 748 nnnhnn.exe 42 PID 748 wrote to memory of 1724 748 nnnhnn.exe 42 PID 1724 wrote to memory of 1836 1724 1tbbnn.exe 43 PID 1724 wrote to memory of 1836 1724 1tbbnn.exe 43 PID 1724 wrote to memory of 1836 1724 1tbbnn.exe 43 PID 1724 wrote to memory of 1836 1724 1tbbnn.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1012 -
\??\c:\jdvdp.exec:\jdvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1904 -
\??\c:\ffrlrrf.exec:\ffrlrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2972 -
\??\c:\frrrxfl.exec:\frrrxfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\3pvjd.exec:\3pvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\1lflxfr.exec:\1lflxfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\hbthnt.exec:\hbthnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\nhbthh.exec:\nhbthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\vpvdv.exec:\vpvdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2936 -
\??\c:\lllrxlx.exec:\lllrxlx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:292 -
\??\c:\nnbbhn.exec:\nnbbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1424 -
\??\c:\5hbnth.exec:\5hbnth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\vpdpd.exec:\vpdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\rfllflr.exec:\rfllflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1476 -
\??\c:\nnnhnn.exec:\nnnhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:748 -
\??\c:\1tbbnn.exec:\1tbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1724 -
\??\c:\vjdvd.exec:\vjdvd.exe17⤵
- Executes dropped EXE
PID:1836 -
\??\c:\rlfxlxx.exec:\rlfxlxx.exe18⤵
- Executes dropped EXE
PID:908 -
\??\c:\hbtnbb.exec:\hbtnbb.exe19⤵
- Executes dropped EXE
PID:1268 -
\??\c:\bhnhbt.exec:\bhnhbt.exe20⤵
- Executes dropped EXE
PID:1172 -
\??\c:\ddvjv.exec:\ddvjv.exe21⤵
- Executes dropped EXE
PID:2812 -
\??\c:\flxrlfr.exec:\flxrlfr.exe22⤵
- Executes dropped EXE
PID:2396 -
\??\c:\rrxllrx.exec:\rrxllrx.exe23⤵
- Executes dropped EXE
PID:2252 -
\??\c:\7bnnnt.exec:\7bnnnt.exe24⤵
- Executes dropped EXE
PID:1400 -
\??\c:\jjvvj.exec:\jjvvj.exe25⤵
- Executes dropped EXE
PID:1732 -
\??\c:\jddpv.exec:\jddpv.exe26⤵
- Executes dropped EXE
PID:2260 -
\??\c:\xrxxfrl.exec:\xrxxfrl.exe27⤵
- Executes dropped EXE
PID:328 -
\??\c:\rlxxfll.exec:\rlxxfll.exe28⤵
- Executes dropped EXE
PID:896 -
\??\c:\djjpd.exec:\djjpd.exe29⤵
- Executes dropped EXE
PID:3028 -
\??\c:\pdpvp.exec:\pdpvp.exe30⤵
- Executes dropped EXE
PID:1964 -
\??\c:\1rxxxxf.exec:\1rxxxxf.exe31⤵
- Executes dropped EXE
PID:3068 -
\??\c:\fxfflfl.exec:\fxfflfl.exe32⤵
- Executes dropped EXE
PID:1912 -
\??\c:\tnbhtn.exec:\tnbhtn.exe33⤵
- Executes dropped EXE
PID:2080 -
\??\c:\5dvvv.exec:\5dvvv.exe34⤵
- Executes dropped EXE
PID:2020 -
\??\c:\1ppvv.exec:\1ppvv.exe35⤵
- Executes dropped EXE
PID:2976 -
\??\c:\9rllrxf.exec:\9rllrxf.exe36⤵
- Executes dropped EXE
PID:2544 -
\??\c:\5xrfffl.exec:\5xrfffl.exe37⤵
- Executes dropped EXE
PID:1500 -
\??\c:\tnbhnn.exec:\tnbhnn.exe38⤵
- Executes dropped EXE
PID:2736 -
\??\c:\nbnhhn.exec:\nbnhhn.exe39⤵
- Executes dropped EXE
PID:2584 -
\??\c:\bnbthn.exec:\bnbthn.exe40⤵
- Executes dropped EXE
PID:2576 -
\??\c:\pjvdd.exec:\pjvdd.exe41⤵
- Executes dropped EXE
PID:2640 -
\??\c:\frfxfxf.exec:\frfxfxf.exe42⤵
- Executes dropped EXE
PID:2616 -
\??\c:\frflrxf.exec:\frflrxf.exe43⤵
- Executes dropped EXE
PID:2456 -
\??\c:\bthhbt.exec:\bthhbt.exe44⤵
- Executes dropped EXE
PID:2572 -
\??\c:\tnhnnn.exec:\tnhnnn.exe45⤵
- Executes dropped EXE
PID:2040 -
\??\c:\3dddj.exec:\3dddj.exe46⤵
- Executes dropped EXE
PID:2344 -
\??\c:\3vppd.exec:\3vppd.exe47⤵
- Executes dropped EXE
PID:1432 -
\??\c:\9lrxfxr.exec:\9lrxfxr.exe48⤵
- Executes dropped EXE
PID:2440 -
\??\c:\rlflrrl.exec:\rlflrrl.exe49⤵
- Executes dropped EXE
PID:1880 -
\??\c:\5tntbb.exec:\5tntbb.exe50⤵
- Executes dropped EXE
PID:2120 -
\??\c:\hbthtt.exec:\hbthtt.exe51⤵
- Executes dropped EXE
PID:2380 -
\??\c:\pjdjp.exec:\pjdjp.exe52⤵
- Executes dropped EXE
PID:1608 -
\??\c:\rrlrxlr.exec:\rrlrxlr.exe53⤵
- Executes dropped EXE
PID:1544 -
\??\c:\rfllrxx.exec:\rfllrxx.exe54⤵
- Executes dropped EXE
PID:1000 -
\??\c:\5tnnbb.exec:\5tnnbb.exe55⤵
- Executes dropped EXE
PID:484 -
\??\c:\bnhhhh.exec:\bnhhhh.exe56⤵
- Executes dropped EXE
PID:1144 -
\??\c:\jvdpp.exec:\jvdpp.exe57⤵
- Executes dropped EXE
PID:844 -
\??\c:\rlxxxlr.exec:\rlxxxlr.exe58⤵
- Executes dropped EXE
PID:2356 -
\??\c:\9hbnbt.exec:\9hbnbt.exe59⤵
- Executes dropped EXE
PID:2820 -
\??\c:\7jvvd.exec:\7jvvd.exe60⤵
- Executes dropped EXE
PID:2784 -
\??\c:\pdppv.exec:\pdppv.exe61⤵
- Executes dropped EXE
PID:2328 -
\??\c:\rlxrrrl.exec:\rlxrrrl.exe62⤵
- Executes dropped EXE
PID:2240 -
\??\c:\rllflfl.exec:\rllflfl.exe63⤵
- Executes dropped EXE
PID:2252 -
\??\c:\tnhnbt.exec:\tnhnbt.exe64⤵
- Executes dropped EXE
PID:2780 -
\??\c:\bnhhtn.exec:\bnhhtn.exe65⤵
- Executes dropped EXE
PID:864 -
\??\c:\vpdjj.exec:\vpdjj.exe66⤵PID:1532
-
\??\c:\pdpjj.exec:\pdpjj.exe67⤵PID:1736
-
\??\c:\9lxfffr.exec:\9lxfffr.exe68⤵PID:328
-
\??\c:\rfrllrl.exec:\rfrllrl.exe69⤵PID:556
-
\??\c:\nhnttt.exec:\nhnttt.exe70⤵PID:1580
-
\??\c:\7bbhnn.exec:\7bbhnn.exe71⤵PID:1892
-
\??\c:\jddjj.exec:\jddjj.exe72⤵PID:1148
-
\??\c:\vvjdj.exec:\vvjdj.exe73⤵PID:3068
-
\??\c:\7xfrflx.exec:\7xfrflx.exe74⤵PID:2156
-
\??\c:\fflrxrx.exec:\fflrxrx.exe75⤵PID:1996
-
\??\c:\thbhht.exec:\thbhht.exe76⤵PID:2744
-
\??\c:\nhbtbt.exec:\nhbtbt.exe77⤵PID:2556
-
\??\c:\vpvjv.exec:\vpvjv.exe78⤵PID:1508
-
\??\c:\ddpvj.exec:\ddpvj.exe79⤵PID:2596
-
\??\c:\rxfrlrl.exec:\rxfrlrl.exe80⤵PID:2604
-
\??\c:\rlxflll.exec:\rlxflll.exe81⤵PID:2716
-
\??\c:\hbhntb.exec:\hbhntb.exe82⤵PID:2836
-
\??\c:\9tnnbb.exec:\9tnnbb.exe83⤵PID:2588
-
\??\c:\jdvpv.exec:\jdvpv.exe84⤵PID:2352
-
\??\c:\7rflrfx.exec:\7rflrfx.exe85⤵PID:2516
-
\??\c:\xlxrxrr.exec:\xlxrxrr.exe86⤵PID:2464
-
\??\c:\9nbnnt.exec:\9nbnnt.exe87⤵PID:1928
-
\??\c:\bhtnbn.exec:\bhtnbn.exe88⤵PID:2128
-
\??\c:\vpjdp.exec:\vpjdp.exe89⤵PID:1372
-
\??\c:\pvdjv.exec:\pvdjv.exe90⤵PID:2520
-
\??\c:\7rfllll.exec:\7rfllll.exe91⤵PID:2552
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe92⤵PID:1716
-
\??\c:\llxxrfl.exec:\llxxrfl.exe93⤵PID:796
-
\??\c:\nbntbt.exec:\nbntbt.exe94⤵PID:1876
-
\??\c:\nbnhhb.exec:\nbnhhb.exe95⤵PID:848
-
\??\c:\ppjpj.exec:\ppjpj.exe96⤵PID:536
-
\??\c:\vpdjj.exec:\vpdjj.exe97⤵PID:984
-
\??\c:\lxlrxxl.exec:\lxlrxxl.exe98⤵PID:2776
-
\??\c:\ffxlxfl.exec:\ffxlxfl.exe99⤵PID:1320
-
\??\c:\btthhn.exec:\btthhn.exe100⤵PID:2492
-
\??\c:\hhtthn.exec:\hhtthn.exe101⤵PID:2800
-
\??\c:\nhbtbt.exec:\nhbtbt.exe102⤵PID:1072
-
\??\c:\1jpdd.exec:\1jpdd.exe103⤵PID:2248
-
\??\c:\dvjjj.exec:\dvjjj.exe104⤵PID:1656
-
\??\c:\5fxfflr.exec:\5fxfflr.exe105⤵PID:840
-
\??\c:\xrfflll.exec:\xrfflll.exe106⤵PID:2400
-
\??\c:\bntthh.exec:\bntthh.exe107⤵PID:1732
-
\??\c:\tthbnt.exec:\tthbnt.exe108⤵PID:1916
-
\??\c:\thbhtt.exec:\thbhtt.exe109⤵PID:1864
-
\??\c:\7jppp.exec:\7jppp.exe110⤵PID:772
-
\??\c:\7vpvd.exec:\7vpvd.exe111⤵PID:2340
-
\??\c:\rllfllr.exec:\rllfllr.exe112⤵PID:2872
-
\??\c:\7rllrxf.exec:\7rllrxf.exe113⤵PID:2008
-
\??\c:\1bbttt.exec:\1bbttt.exe114⤵PID:1940
-
\??\c:\tnhnnh.exec:\tnhnnh.exe115⤵PID:884
-
\??\c:\dvvjp.exec:\dvvjp.exe116⤵PID:2832
-
\??\c:\dpdvp.exec:\dpdvp.exe117⤵PID:2136
-
\??\c:\frxrffr.exec:\frxrffr.exe118⤵PID:2560
-
\??\c:\xxlxxfx.exec:\xxlxxfx.exe119⤵PID:2828
-
\??\c:\ttbhtb.exec:\ttbhtb.exe120⤵PID:1504
-
\??\c:\1hthtt.exec:\1hthtt.exe121⤵PID:1500
-
\??\c:\pjdjj.exec:\pjdjj.exe122⤵PID:2728
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-