Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe
-
Size
65KB
-
MD5
d0f12b7854af3212c3613488cd969290
-
SHA1
c46e686a426eeaef004261cc37bc1a0438f15afc
-
SHA256
61c781b01dc729ca062cfa5fe0e94c8c9dcdf705ce618fe03bff74116df1582a
-
SHA512
7e4f5b03ad7d3ffcf2c8a024e9c67aa3bf5b46ce5c8d78ae43b21d5f6d7f142c74e78b1901a61f472f61241f7b115c9085f33d6c220bd1aebb6968e6b6c6cecf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AyXmcx:ymb3NkkiQ3mdBjFI46TQyXmcx
Malware Config
Signatures
-
Detect Blackmoon payload 20 IoCs
resource yara_rule behavioral1/memory/2408-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1852-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/856-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2616-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2708-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2900-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2536-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2568-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2632-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3016-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2816-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1068-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2312-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2996-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2856-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/536-221-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3020-238-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1936-247-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1952-266-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2344-292-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2408 dvvdj.exe 856 lxlflfr.exe 2616 frxxrrf.exe 2708 nbntnn.exe 2900 ddpdp.exe 2536 1lrffll.exe 2568 nnhbhn.exe 2632 jjvvd.exe 3016 llffrxf.exe 2816 lfxrxxf.exe 2808 tbhntn.exe 1068 dvvjp.exe 2012 1fxlfxl.exe 2312 9rflrrx.exe 1984 hhtnhh.exe 2980 vjvdv.exe 2996 llrfxlx.exe 1724 rfffrlr.exe 3040 5hhhbt.exe 2856 vpdpp.exe 2932 pjdpj.exe 536 5llxlrl.exe 496 btnnhn.exe 3020 9htbhn.exe 1936 pjvjp.exe 1344 5vdvd.exe 1952 rfffrxr.exe 2896 ththnn.exe 1216 7btthn.exe 2344 3vjpv.exe 892 rfrfxfl.exe 2416 xlxrffl.exe 2156 1bthnn.exe 1492 7dppj.exe 2780 vvvdd.exe 2652 jdjvd.exe 2724 5lxlxxl.exe 2912 btnbnb.exe 2764 dvvdp.exe 2548 xrlrlxl.exe 2648 rlffrxf.exe 2624 5thtth.exe 2544 9hbhbh.exe 3068 dvpvd.exe 1960 5vvdp.exe 2796 lxrllrx.exe 2828 lflxfrf.exe 2852 bthttb.exe 1904 vjjvj.exe 1068 3vjjp.exe 2012 fxlrxxf.exe 2140 ffrrlrf.exe 952 hhhhnn.exe 324 nhthnt.exe 792 1jdjj.exe 2996 xrxfrxl.exe 1236 rrlfxff.exe 308 9ttbtb.exe 2064 bnthtb.exe 2856 3jppp.exe 332 jvjjp.exe 1468 7fxxfll.exe 3028 fflrffl.exe 1092 btnthn.exe -
resource yara_rule behavioral1/memory/1852-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2408-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1852-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/856-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2708-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2568-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2632-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3016-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2816-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1068-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2312-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2996-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2856-203-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/536-221-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3020-238-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1936-247-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1952-266-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2344-292-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1852 wrote to memory of 2408 1852 d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe 28 PID 1852 wrote to memory of 2408 1852 d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe 28 PID 1852 wrote to memory of 2408 1852 d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe 28 PID 1852 wrote to memory of 2408 1852 d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe 28 PID 2408 wrote to memory of 856 2408 dvvdj.exe 29 PID 2408 wrote to memory of 856 2408 dvvdj.exe 29 PID 2408 wrote to memory of 856 2408 dvvdj.exe 29 PID 2408 wrote to memory of 856 2408 dvvdj.exe 29 PID 856 wrote to memory of 2616 856 lxlflfr.exe 30 PID 856 wrote to memory of 2616 856 lxlflfr.exe 30 PID 856 wrote to memory of 2616 856 lxlflfr.exe 30 PID 856 wrote to memory of 2616 856 lxlflfr.exe 30 PID 2616 wrote to memory of 2708 2616 frxxrrf.exe 31 PID 2616 wrote to memory of 2708 2616 frxxrrf.exe 31 PID 2616 wrote to memory of 2708 2616 frxxrrf.exe 31 PID 2616 wrote to memory of 2708 2616 frxxrrf.exe 31 PID 2708 wrote to memory of 2900 2708 nbntnn.exe 32 PID 2708 wrote to memory of 2900 2708 nbntnn.exe 32 PID 2708 wrote to memory of 2900 2708 nbntnn.exe 32 PID 2708 wrote to memory of 2900 2708 nbntnn.exe 32 PID 2900 wrote to memory of 2536 2900 ddpdp.exe 33 PID 2900 wrote to memory of 2536 2900 ddpdp.exe 33 PID 2900 wrote to memory of 2536 2900 ddpdp.exe 33 PID 2900 wrote to memory of 2536 2900 ddpdp.exe 33 PID 2536 wrote to memory of 2568 2536 1lrffll.exe 34 PID 2536 wrote to memory of 2568 2536 1lrffll.exe 34 PID 2536 wrote to memory of 2568 2536 1lrffll.exe 34 PID 2536 wrote to memory of 2568 2536 1lrffll.exe 34 PID 2568 wrote to memory of 2632 2568 nnhbhn.exe 35 PID 2568 wrote to memory of 2632 2568 nnhbhn.exe 35 PID 2568 wrote to memory of 2632 2568 nnhbhn.exe 35 PID 2568 wrote to memory of 2632 2568 nnhbhn.exe 35 PID 2632 wrote to memory of 3016 2632 jjvvd.exe 36 PID 2632 wrote to memory of 3016 2632 jjvvd.exe 36 PID 2632 wrote to memory of 3016 2632 jjvvd.exe 36 PID 2632 wrote to memory of 3016 2632 jjvvd.exe 36 PID 3016 wrote to memory of 2816 3016 llffrxf.exe 37 PID 3016 wrote to memory of 2816 3016 llffrxf.exe 37 PID 3016 wrote to memory of 2816 3016 llffrxf.exe 37 PID 3016 wrote to memory of 2816 3016 llffrxf.exe 37 PID 2816 wrote to memory of 2808 2816 lfxrxxf.exe 38 PID 2816 wrote to memory of 2808 2816 lfxrxxf.exe 38 PID 2816 wrote to memory of 2808 2816 lfxrxxf.exe 38 PID 2816 wrote to memory of 2808 2816 lfxrxxf.exe 38 PID 2808 wrote to memory of 1068 2808 tbhntn.exe 39 PID 2808 wrote to memory of 1068 2808 tbhntn.exe 39 PID 2808 wrote to memory of 1068 2808 tbhntn.exe 39 PID 2808 wrote to memory of 1068 2808 tbhntn.exe 39 PID 1068 wrote to memory of 2012 1068 dvvjp.exe 40 PID 1068 wrote to memory of 2012 1068 dvvjp.exe 40 PID 1068 wrote to memory of 2012 1068 dvvjp.exe 40 PID 1068 wrote to memory of 2012 1068 dvvjp.exe 40 PID 2012 wrote to memory of 2312 2012 1fxlfxl.exe 41 PID 2012 wrote to memory of 2312 2012 1fxlfxl.exe 41 PID 2012 wrote to memory of 2312 2012 1fxlfxl.exe 41 PID 2012 wrote to memory of 2312 2012 1fxlfxl.exe 41 PID 2312 wrote to memory of 1984 2312 9rflrrx.exe 42 PID 2312 wrote to memory of 1984 2312 9rflrrx.exe 42 PID 2312 wrote to memory of 1984 2312 9rflrrx.exe 42 PID 2312 wrote to memory of 1984 2312 9rflrrx.exe 42 PID 1984 wrote to memory of 2980 1984 hhtnhh.exe 43 PID 1984 wrote to memory of 2980 1984 hhtnhh.exe 43 PID 1984 wrote to memory of 2980 1984 hhtnhh.exe 43 PID 1984 wrote to memory of 2980 1984 hhtnhh.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1852 -
\??\c:\dvvdj.exec:\dvvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\lxlflfr.exec:\lxlflfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:856 -
\??\c:\frxxrrf.exec:\frxxrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\nbntnn.exec:\nbntnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2708 -
\??\c:\ddpdp.exec:\ddpdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\1lrffll.exec:\1lrffll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\nnhbhn.exec:\nnhbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\jjvvd.exec:\jjvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\llffrxf.exec:\llffrxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3016 -
\??\c:\lfxrxxf.exec:\lfxrxxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\tbhntn.exec:\tbhntn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808 -
\??\c:\dvvjp.exec:\dvvjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1068 -
\??\c:\1fxlfxl.exec:\1fxlfxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2012 -
\??\c:\9rflrrx.exec:\9rflrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312 -
\??\c:\hhtnhh.exec:\hhtnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\vjvdv.exec:\vjvdv.exe17⤵
- Executes dropped EXE
PID:2980 -
\??\c:\llrfxlx.exec:\llrfxlx.exe18⤵
- Executes dropped EXE
PID:2996 -
\??\c:\rfffrlr.exec:\rfffrlr.exe19⤵
- Executes dropped EXE
PID:1724 -
\??\c:\5hhhbt.exec:\5hhhbt.exe20⤵
- Executes dropped EXE
PID:3040 -
\??\c:\vpdpp.exec:\vpdpp.exe21⤵
- Executes dropped EXE
PID:2856 -
\??\c:\pjdpj.exec:\pjdpj.exe22⤵
- Executes dropped EXE
PID:2932 -
\??\c:\5llxlrl.exec:\5llxlrl.exe23⤵
- Executes dropped EXE
PID:536 -
\??\c:\btnnhn.exec:\btnnhn.exe24⤵
- Executes dropped EXE
PID:496 -
\??\c:\9htbhn.exec:\9htbhn.exe25⤵
- Executes dropped EXE
PID:3020 -
\??\c:\pjvjp.exec:\pjvjp.exe26⤵
- Executes dropped EXE
PID:1936 -
\??\c:\5vdvd.exec:\5vdvd.exe27⤵
- Executes dropped EXE
PID:1344 -
\??\c:\rfffrxr.exec:\rfffrxr.exe28⤵
- Executes dropped EXE
PID:1952 -
\??\c:\ththnn.exec:\ththnn.exe29⤵
- Executes dropped EXE
PID:2896 -
\??\c:\7btthn.exec:\7btthn.exe30⤵
- Executes dropped EXE
PID:1216 -
\??\c:\3vjpv.exec:\3vjpv.exe31⤵
- Executes dropped EXE
PID:2344 -
\??\c:\rfrfxfl.exec:\rfrfxfl.exe32⤵
- Executes dropped EXE
PID:892 -
\??\c:\xlxrffl.exec:\xlxrffl.exe33⤵
- Executes dropped EXE
PID:2416 -
\??\c:\1bthnn.exec:\1bthnn.exe34⤵
- Executes dropped EXE
PID:2156 -
\??\c:\7dppj.exec:\7dppj.exe35⤵
- Executes dropped EXE
PID:1492 -
\??\c:\vvvdd.exec:\vvvdd.exe36⤵
- Executes dropped EXE
PID:2780 -
\??\c:\jdjvd.exec:\jdjvd.exe37⤵
- Executes dropped EXE
PID:2652 -
\??\c:\5lxlxxl.exec:\5lxlxxl.exe38⤵
- Executes dropped EXE
PID:2724 -
\??\c:\btnbnb.exec:\btnbnb.exe39⤵
- Executes dropped EXE
PID:2912 -
\??\c:\dvvdp.exec:\dvvdp.exe40⤵
- Executes dropped EXE
PID:2764 -
\??\c:\xrlrlxl.exec:\xrlrlxl.exe41⤵
- Executes dropped EXE
PID:2548 -
\??\c:\rlffrxf.exec:\rlffrxf.exe42⤵
- Executes dropped EXE
PID:2648 -
\??\c:\5thtth.exec:\5thtth.exe43⤵
- Executes dropped EXE
PID:2624 -
\??\c:\9hbhbh.exec:\9hbhbh.exe44⤵
- Executes dropped EXE
PID:2544 -
\??\c:\dvpvd.exec:\dvpvd.exe45⤵
- Executes dropped EXE
PID:3068 -
\??\c:\5vvdp.exec:\5vvdp.exe46⤵
- Executes dropped EXE
PID:1960 -
\??\c:\lxrllrx.exec:\lxrllrx.exe47⤵
- Executes dropped EXE
PID:2796 -
\??\c:\lflxfrf.exec:\lflxfrf.exe48⤵
- Executes dropped EXE
PID:2828 -
\??\c:\bthttb.exec:\bthttb.exe49⤵
- Executes dropped EXE
PID:2852 -
\??\c:\vjjvj.exec:\vjjvj.exe50⤵
- Executes dropped EXE
PID:1904 -
\??\c:\3vjjp.exec:\3vjjp.exe51⤵
- Executes dropped EXE
PID:1068 -
\??\c:\fxlrxxf.exec:\fxlrxxf.exe52⤵
- Executes dropped EXE
PID:2012 -
\??\c:\ffrrlrf.exec:\ffrrlrf.exe53⤵
- Executes dropped EXE
PID:2140 -
\??\c:\hhhhnn.exec:\hhhhnn.exe54⤵
- Executes dropped EXE
PID:952 -
\??\c:\nhthnt.exec:\nhthnt.exe55⤵
- Executes dropped EXE
PID:324 -
\??\c:\1jdjj.exec:\1jdjj.exe56⤵
- Executes dropped EXE
PID:792 -
\??\c:\xrxfrxl.exec:\xrxfrxl.exe57⤵
- Executes dropped EXE
PID:2996 -
\??\c:\rrlfxff.exec:\rrlfxff.exe58⤵
- Executes dropped EXE
PID:1236 -
\??\c:\9ttbtb.exec:\9ttbtb.exe59⤵
- Executes dropped EXE
PID:308 -
\??\c:\bnthtb.exec:\bnthtb.exe60⤵
- Executes dropped EXE
PID:2064 -
\??\c:\3jppp.exec:\3jppp.exe61⤵
- Executes dropped EXE
PID:2856 -
\??\c:\jvjjp.exec:\jvjjp.exe62⤵
- Executes dropped EXE
PID:332 -
\??\c:\7fxxfll.exec:\7fxxfll.exe63⤵
- Executes dropped EXE
PID:1468 -
\??\c:\fflrffl.exec:\fflrffl.exe64⤵
- Executes dropped EXE
PID:3028 -
\??\c:\btnthn.exec:\btnthn.exe65⤵
- Executes dropped EXE
PID:1092 -
\??\c:\dvdvj.exec:\dvdvj.exe66⤵PID:824
-
\??\c:\vjvvd.exec:\vjvvd.exe67⤵PID:1940
-
\??\c:\lxxxffl.exec:\lxxxffl.exe68⤵PID:396
-
\??\c:\3rfrrlr.exec:\3rfrrlr.exe69⤵PID:2944
-
\??\c:\hbhnhn.exec:\hbhnhn.exe70⤵PID:2292
-
\??\c:\7bthth.exec:\7bthth.exe71⤵PID:984
-
\??\c:\vvjpv.exec:\vvjpv.exe72⤵PID:2388
-
\??\c:\1vvjv.exec:\1vvjv.exe73⤵PID:1136
-
\??\c:\ffrfxxf.exec:\ffrfxxf.exe74⤵PID:2288
-
\??\c:\5ffxllr.exec:\5ffxllr.exe75⤵PID:2464
-
\??\c:\3bbhhh.exec:\3bbhhh.exe76⤵PID:1560
-
\??\c:\9nthnt.exec:\9nthnt.exe77⤵PID:2784
-
\??\c:\dvjdp.exec:\dvjdp.exe78⤵PID:3036
-
\??\c:\vppjv.exec:\vppjv.exe79⤵PID:2704
-
\??\c:\5xrrffl.exec:\5xrrffl.exe80⤵PID:2732
-
\??\c:\rrfxllr.exec:\rrfxllr.exe81⤵PID:2644
-
\??\c:\nnbnnt.exec:\nnbnnt.exe82⤵PID:2788
-
\??\c:\jdpdj.exec:\jdpdj.exe83⤵PID:2848
-
\??\c:\dvpvp.exec:\dvpvp.exe84⤵PID:2684
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe85⤵PID:2508
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe86⤵PID:2584
-
\??\c:\btnntb.exec:\btnntb.exe87⤵PID:2212
-
\??\c:\hbnhth.exec:\hbnhth.exe88⤵PID:2564
-
\??\c:\jvjvd.exec:\jvjvd.exe89⤵PID:2696
-
\??\c:\rxxxffr.exec:\rxxxffr.exe90⤵PID:2880
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe91⤵PID:1060
-
\??\c:\7thnbb.exec:\7thnbb.exe92⤵PID:1968
-
\??\c:\1bnnhb.exec:\1bnnhb.exe93⤵PID:2044
-
\??\c:\7jjvj.exec:\7jjvj.exe94⤵PID:1056
-
\??\c:\vvpdd.exec:\vvpdd.exe95⤵PID:2396
-
\??\c:\ffflrxf.exec:\ffflrxf.exe96⤵PID:1616
-
\??\c:\xrrfxfr.exec:\xrrfxfr.exe97⤵PID:2200
-
\??\c:\tnttbb.exec:\tnttbb.exe98⤵PID:1744
-
\??\c:\nhbhth.exec:\nhbhth.exe99⤵PID:2148
-
\??\c:\ttntnt.exec:\ttntnt.exe100⤵PID:2960
-
\??\c:\dvvdd.exec:\dvvdd.exe101⤵PID:1256
-
\??\c:\7vpdd.exec:\7vpdd.exe102⤵PID:2928
-
\??\c:\flrflrf.exec:\flrflrf.exe103⤵PID:2236
-
\??\c:\5rlxflx.exec:\5rlxflx.exe104⤵PID:696
-
\??\c:\ttnthh.exec:\ttnthh.exe105⤵PID:536
-
\??\c:\bnntbh.exec:\bnntbh.exe106⤵PID:2004
-
\??\c:\3vdpj.exec:\3vdpj.exe107⤵PID:2096
-
\??\c:\3rllrfl.exec:\3rllrfl.exe108⤵PID:1484
-
\??\c:\9rxrlxr.exec:\9rxrlxr.exe109⤵PID:1592
-
\??\c:\tnbhnt.exec:\tnbhnt.exe110⤵PID:876
-
\??\c:\tthntb.exec:\tthntb.exe111⤵PID:1612
-
\??\c:\dvjjd.exec:\dvjjd.exe112⤵PID:2420
-
\??\c:\3dpvd.exec:\3dpvd.exe113⤵PID:628
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe114⤵PID:2108
-
\??\c:\rrrxrxf.exec:\rrrxrxf.exe115⤵PID:1736
-
\??\c:\hhnbnt.exec:\hhnbnt.exe116⤵PID:1608
-
\??\c:\9hhtnt.exec:\9hhtnt.exe117⤵PID:2304
-
\??\c:\dvvdp.exec:\dvvdp.exe118⤵PID:1568
-
\??\c:\pvvjv.exec:\pvvjv.exe119⤵PID:2888
-
\??\c:\5xxxrff.exec:\5xxxrff.exe120⤵PID:1504
-
\??\c:\5fflrxl.exec:\5fflrxl.exe121⤵PID:2720
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe122⤵PID:2724
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-