Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe
-
Size
92KB
-
MD5
d0f9ed6e4482670221a25ffa25453950
-
SHA1
5945a9b2a881efc7bc7d991403e86947eb85faf8
-
SHA256
cbe5db20299452b1f7bdd6d2d47cc9d119e92fe4462067347223cdb4a27c8f8e
-
SHA512
d56ac2cdfdf72b1f32f2d23cabdfec2c4a034ad74df458feb637b699929eb3af58e7e4b719b4ddc51816a64a129451f3e8cb2ac8eb1a4da05c43c7cc6d4870cd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21y:ymb3NkkiQ3mdBjFo73PYP1lri3K8GI
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral1/memory/1848-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1848-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2600-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2612-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2600-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2424-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2424-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2532-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2668-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2988-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2836-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1616-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1088-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1540-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1144-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2324-193-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2760-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2940-210-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/768-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/776-237-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/940-255-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1712-291-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2068-300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2724-1220-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2600 vvdvj.exe 2612 pvppp.exe 2724 rlxrlrx.exe 2668 ntnthn.exe 2636 vppvd.exe 2424 fxlxflf.exe 2532 fflrxlf.exe 2988 tnbnbh.exe 304 1vppd.exe 2836 3dvpd.exe 2620 1frxllf.exe 1616 ffxfflx.exe 1836 bthnbn.exe 1664 3nhntb.exe 1088 lfxfxfr.exe 1540 1hnnbt.exe 2400 1rrrxxl.exe 1144 tnbnhn.exe 2324 ppjjv.exe 2760 pjdpj.exe 2940 rrrflfr.exe 768 bbtntt.exe 1132 9ppjp.exe 776 5lrffff.exe 284 bhbntb.exe 940 ddpvj.exe 2928 vvpdv.exe 2020 9rlxlrx.exe 2084 tnbbnt.exe 1712 9vdpp.exe 2068 1vjjp.exe 2428 fflffrl.exe 1576 7nnbnb.exe 2168 ddpvp.exe 2800 dddpv.exe 1048 xrlrllr.exe 2708 xrfrlll.exe 3068 btnhtt.exe 2780 tthnhn.exe 2756 pjdvv.exe 2268 jvppd.exe 2584 fxrfxxf.exe 1188 3lfrxxr.exe 1424 5btttn.exe 304 ppdpj.exe 2728 9ddpv.exe 2880 1rrxlrl.exe 2968 9lllxxf.exe 276 tntbtn.exe 2480 ppvjp.exe 1612 3pjpv.exe 1588 rrfxrfl.exe 1736 flrfrrl.exe 1088 tthhtt.exe 1540 jjdvv.exe 2400 dvvjv.exe 2264 fxllxxx.exe 2936 xrlfrrf.exe 2380 btnthn.exe 2096 9bttnt.exe 988 7pddj.exe 1480 9fxrflf.exe 2356 rlxxllx.exe 1768 7tnhth.exe -
resource yara_rule behavioral1/memory/1848-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2600-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2612-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2600-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2668-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2668-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2668-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2668-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2988-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2836-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1616-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1088-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1540-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1144-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2324-193-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2760-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2940-210-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/768-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/776-237-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/940-255-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1712-291-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2068-300-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2724-1220-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1848 wrote to memory of 2600 1848 d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe 28 PID 1848 wrote to memory of 2600 1848 d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe 28 PID 1848 wrote to memory of 2600 1848 d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe 28 PID 1848 wrote to memory of 2600 1848 d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe 28 PID 2600 wrote to memory of 2612 2600 vvdvj.exe 29 PID 2600 wrote to memory of 2612 2600 vvdvj.exe 29 PID 2600 wrote to memory of 2612 2600 vvdvj.exe 29 PID 2600 wrote to memory of 2612 2600 vvdvj.exe 29 PID 2612 wrote to memory of 2724 2612 pvppp.exe 30 PID 2612 wrote to memory of 2724 2612 pvppp.exe 30 PID 2612 wrote to memory of 2724 2612 pvppp.exe 30 PID 2612 wrote to memory of 2724 2612 pvppp.exe 30 PID 2724 wrote to memory of 2668 2724 rlxrlrx.exe 31 PID 2724 wrote to memory of 2668 2724 rlxrlrx.exe 31 PID 2724 wrote to memory of 2668 2724 rlxrlrx.exe 31 PID 2724 wrote to memory of 2668 2724 rlxrlrx.exe 31 PID 2668 wrote to memory of 2636 2668 ntnthn.exe 32 PID 2668 wrote to memory of 2636 2668 ntnthn.exe 32 PID 2668 wrote to memory of 2636 2668 ntnthn.exe 32 PID 2668 wrote to memory of 2636 2668 ntnthn.exe 32 PID 2636 wrote to memory of 2424 2636 vppvd.exe 33 PID 2636 wrote to memory of 2424 2636 vppvd.exe 33 PID 2636 wrote to memory of 2424 2636 vppvd.exe 33 PID 2636 wrote to memory of 2424 2636 vppvd.exe 33 PID 2424 wrote to memory of 2532 2424 fxlxflf.exe 34 PID 2424 wrote to memory of 2532 2424 fxlxflf.exe 34 PID 2424 wrote to memory of 2532 2424 fxlxflf.exe 34 PID 2424 wrote to memory of 2532 2424 fxlxflf.exe 34 PID 2532 wrote to memory of 2988 2532 fflrxlf.exe 35 PID 2532 wrote to memory of 2988 2532 fflrxlf.exe 35 PID 2532 wrote to memory of 2988 2532 fflrxlf.exe 35 PID 2532 wrote to memory of 2988 2532 fflrxlf.exe 35 PID 2988 wrote to memory of 304 2988 tnbnbh.exe 36 PID 2988 wrote to memory of 304 2988 tnbnbh.exe 36 PID 2988 wrote to memory of 304 2988 tnbnbh.exe 36 PID 2988 wrote to memory of 304 2988 tnbnbh.exe 36 PID 304 wrote to memory of 2836 304 1vppd.exe 37 PID 304 wrote to memory of 2836 304 1vppd.exe 37 PID 304 wrote to memory of 2836 304 1vppd.exe 37 PID 304 wrote to memory of 2836 304 1vppd.exe 37 PID 2836 wrote to memory of 2620 2836 3dvpd.exe 38 PID 2836 wrote to memory of 2620 2836 3dvpd.exe 38 PID 2836 wrote to memory of 2620 2836 3dvpd.exe 38 PID 2836 wrote to memory of 2620 2836 3dvpd.exe 38 PID 2620 wrote to memory of 1616 2620 1frxllf.exe 39 PID 2620 wrote to memory of 1616 2620 1frxllf.exe 39 PID 2620 wrote to memory of 1616 2620 1frxllf.exe 39 PID 2620 wrote to memory of 1616 2620 1frxllf.exe 39 PID 1616 wrote to memory of 1836 1616 ffxfflx.exe 40 PID 1616 wrote to memory of 1836 1616 ffxfflx.exe 40 PID 1616 wrote to memory of 1836 1616 ffxfflx.exe 40 PID 1616 wrote to memory of 1836 1616 ffxfflx.exe 40 PID 1836 wrote to memory of 1664 1836 bthnbn.exe 41 PID 1836 wrote to memory of 1664 1836 bthnbn.exe 41 PID 1836 wrote to memory of 1664 1836 bthnbn.exe 41 PID 1836 wrote to memory of 1664 1836 bthnbn.exe 41 PID 1664 wrote to memory of 1088 1664 3nhntb.exe 42 PID 1664 wrote to memory of 1088 1664 3nhntb.exe 42 PID 1664 wrote to memory of 1088 1664 3nhntb.exe 42 PID 1664 wrote to memory of 1088 1664 3nhntb.exe 42 PID 1088 wrote to memory of 1540 1088 lfxfxfr.exe 43 PID 1088 wrote to memory of 1540 1088 lfxfxfr.exe 43 PID 1088 wrote to memory of 1540 1088 lfxfxfr.exe 43 PID 1088 wrote to memory of 1540 1088 lfxfxfr.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1848 -
\??\c:\vvdvj.exec:\vvdvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\pvppp.exec:\pvppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2612 -
\??\c:\rlxrlrx.exec:\rlxrlrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\ntnthn.exec:\ntnthn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2668 -
\??\c:\vppvd.exec:\vppvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2636 -
\??\c:\fxlxflf.exec:\fxlxflf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\fflrxlf.exec:\fflrxlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\tnbnbh.exec:\tnbnbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2988 -
\??\c:\1vppd.exec:\1vppd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:304 -
\??\c:\3dvpd.exec:\3dvpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2836 -
\??\c:\1frxllf.exec:\1frxllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\ffxfflx.exec:\ffxfflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1616 -
\??\c:\bthnbn.exec:\bthnbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1836 -
\??\c:\3nhntb.exec:\3nhntb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1664 -
\??\c:\lfxfxfr.exec:\lfxfxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1088 -
\??\c:\1hnnbt.exec:\1hnnbt.exe17⤵
- Executes dropped EXE
PID:1540 -
\??\c:\1rrrxxl.exec:\1rrrxxl.exe18⤵
- Executes dropped EXE
PID:2400 -
\??\c:\tnbnhn.exec:\tnbnhn.exe19⤵
- Executes dropped EXE
PID:1144 -
\??\c:\ppjjv.exec:\ppjjv.exe20⤵
- Executes dropped EXE
PID:2324 -
\??\c:\pjdpj.exec:\pjdpj.exe21⤵
- Executes dropped EXE
PID:2760 -
\??\c:\rrrflfr.exec:\rrrflfr.exe22⤵
- Executes dropped EXE
PID:2940 -
\??\c:\bbtntt.exec:\bbtntt.exe23⤵
- Executes dropped EXE
PID:768 -
\??\c:\9ppjp.exec:\9ppjp.exe24⤵
- Executes dropped EXE
PID:1132 -
\??\c:\5lrffff.exec:\5lrffff.exe25⤵
- Executes dropped EXE
PID:776 -
\??\c:\bhbntb.exec:\bhbntb.exe26⤵
- Executes dropped EXE
PID:284 -
\??\c:\ddpvj.exec:\ddpvj.exe27⤵
- Executes dropped EXE
PID:940 -
\??\c:\vvpdv.exec:\vvpdv.exe28⤵
- Executes dropped EXE
PID:2928 -
\??\c:\9rlxlrx.exec:\9rlxlrx.exe29⤵
- Executes dropped EXE
PID:2020 -
\??\c:\tnbbnt.exec:\tnbbnt.exe30⤵
- Executes dropped EXE
PID:2084 -
\??\c:\9vdpp.exec:\9vdpp.exe31⤵
- Executes dropped EXE
PID:1712 -
\??\c:\1vjjp.exec:\1vjjp.exe32⤵
- Executes dropped EXE
PID:2068 -
\??\c:\fflffrl.exec:\fflffrl.exe33⤵
- Executes dropped EXE
PID:2428 -
\??\c:\7nnbnb.exec:\7nnbnb.exe34⤵
- Executes dropped EXE
PID:1576 -
\??\c:\ddpvp.exec:\ddpvp.exe35⤵
- Executes dropped EXE
PID:2168 -
\??\c:\dddpv.exec:\dddpv.exe36⤵
- Executes dropped EXE
PID:2800 -
\??\c:\xrlrllr.exec:\xrlrllr.exe37⤵
- Executes dropped EXE
PID:1048 -
\??\c:\xrfrlll.exec:\xrfrlll.exe38⤵
- Executes dropped EXE
PID:2708 -
\??\c:\btnhtt.exec:\btnhtt.exe39⤵
- Executes dropped EXE
PID:3068 -
\??\c:\tthnhn.exec:\tthnhn.exe40⤵
- Executes dropped EXE
PID:2780 -
\??\c:\pjdvv.exec:\pjdvv.exe41⤵
- Executes dropped EXE
PID:2756 -
\??\c:\jvppd.exec:\jvppd.exe42⤵
- Executes dropped EXE
PID:2268 -
\??\c:\fxrfxxf.exec:\fxrfxxf.exe43⤵
- Executes dropped EXE
PID:2584 -
\??\c:\3lfrxxr.exec:\3lfrxxr.exe44⤵
- Executes dropped EXE
PID:1188 -
\??\c:\5btttn.exec:\5btttn.exe45⤵
- Executes dropped EXE
PID:1424 -
\??\c:\ppdpj.exec:\ppdpj.exe46⤵
- Executes dropped EXE
PID:304 -
\??\c:\9ddpv.exec:\9ddpv.exe47⤵
- Executes dropped EXE
PID:2728 -
\??\c:\1rrxlrl.exec:\1rrxlrl.exe48⤵
- Executes dropped EXE
PID:2880 -
\??\c:\9lllxxf.exec:\9lllxxf.exe49⤵
- Executes dropped EXE
PID:2968 -
\??\c:\tntbtn.exec:\tntbtn.exe50⤵
- Executes dropped EXE
PID:276 -
\??\c:\ppvjp.exec:\ppvjp.exe51⤵
- Executes dropped EXE
PID:2480 -
\??\c:\3pjpv.exec:\3pjpv.exe52⤵
- Executes dropped EXE
PID:1612 -
\??\c:\rrfxrfl.exec:\rrfxrfl.exe53⤵
- Executes dropped EXE
PID:1588 -
\??\c:\flrfrrl.exec:\flrfrrl.exe54⤵
- Executes dropped EXE
PID:1736 -
\??\c:\tthhtt.exec:\tthhtt.exe55⤵
- Executes dropped EXE
PID:1088 -
\??\c:\jjdvv.exec:\jjdvv.exe56⤵
- Executes dropped EXE
PID:1540 -
\??\c:\dvvjv.exec:\dvvjv.exe57⤵
- Executes dropped EXE
PID:2400 -
\??\c:\fxllxxx.exec:\fxllxxx.exe58⤵
- Executes dropped EXE
PID:2264 -
\??\c:\xrlfrrf.exec:\xrlfrrf.exe59⤵
- Executes dropped EXE
PID:2936 -
\??\c:\btnthn.exec:\btnthn.exe60⤵
- Executes dropped EXE
PID:2380 -
\??\c:\9bttnt.exec:\9bttnt.exe61⤵
- Executes dropped EXE
PID:2096 -
\??\c:\7pddj.exec:\7pddj.exe62⤵
- Executes dropped EXE
PID:988 -
\??\c:\9fxrflf.exec:\9fxrflf.exe63⤵
- Executes dropped EXE
PID:1480 -
\??\c:\rlxxllx.exec:\rlxxllx.exe64⤵
- Executes dropped EXE
PID:2356 -
\??\c:\7tnhth.exec:\7tnhth.exe65⤵
- Executes dropped EXE
PID:1768 -
\??\c:\3nnbnb.exec:\3nnbnb.exe66⤵PID:776
-
\??\c:\7pjvj.exec:\7pjvj.exe67⤵PID:1524
-
\??\c:\jdvjv.exec:\jdvjv.exe68⤵PID:1224
-
\??\c:\lfffrxx.exec:\lfffrxx.exe69⤵PID:992
-
\??\c:\1xlxrxf.exec:\1xlxrxf.exe70⤵PID:2352
-
\??\c:\nnnhtb.exec:\nnnhtb.exe71⤵PID:1944
-
\??\c:\9thntt.exec:\9thntt.exe72⤵PID:2084
-
\??\c:\pjvjv.exec:\pjvjv.exe73⤵PID:984
-
\??\c:\ppdjd.exec:\ppdjd.exe74⤵PID:1660
-
\??\c:\5ffrfrf.exec:\5ffrfrf.exe75⤵PID:2604
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe76⤵PID:1580
-
\??\c:\hbbhnn.exec:\hbbhnn.exe77⤵PID:2384
-
\??\c:\ttnbth.exec:\ttnbth.exe78⤵PID:1672
-
\??\c:\vjpdv.exec:\vjpdv.exe79⤵PID:2736
-
\??\c:\pvdpj.exec:\pvdpj.exe80⤵PID:2764
-
\??\c:\7lrlxrf.exec:\7lrlxrf.exe81⤵PID:2708
-
\??\c:\rlxxlrx.exec:\rlxxlrx.exe82⤵PID:2112
-
\??\c:\bbtnbb.exec:\bbtnbb.exe83⤵PID:2636
-
\??\c:\3hbthn.exec:\3hbthn.exe84⤵PID:2656
-
\??\c:\jvddj.exec:\jvddj.exe85⤵PID:2788
-
\??\c:\9xrrfrf.exec:\9xrrfrf.exe86⤵PID:1056
-
\??\c:\lflrffr.exec:\lflrffr.exe87⤵PID:2524
-
\??\c:\nhhnhh.exec:\nhhnhh.exe88⤵PID:2868
-
\??\c:\bbhnbb.exec:\bbhnbb.exe89⤵PID:3004
-
\??\c:\dvvdd.exec:\dvvdd.exe90⤵PID:288
-
\??\c:\pdppp.exec:\pdppp.exe91⤵PID:2232
-
\??\c:\xxxrrfx.exec:\xxxrrfx.exe92⤵PID:1616
-
\??\c:\tttnbn.exec:\tttnbn.exe93⤵PID:1840
-
\??\c:\tbttnn.exec:\tbttnn.exe94⤵PID:1676
-
\??\c:\1nhntb.exec:\1nhntb.exe95⤵PID:1636
-
\??\c:\pjdpd.exec:\pjdpd.exe96⤵PID:3008
-
\??\c:\dvjpp.exec:\dvjpp.exe97⤵PID:1736
-
\??\c:\lxlflfl.exec:\lxlflfl.exe98⤵PID:1088
-
\??\c:\rrlxxlx.exec:\rrlxxlx.exe99⤵PID:1268
-
\??\c:\nhtbnt.exec:\nhtbnt.exe100⤵PID:2616
-
\??\c:\hthbtt.exec:\hthbtt.exe101⤵PID:2500
-
\??\c:\dvddp.exec:\dvddp.exe102⤵PID:2388
-
\??\c:\9rlrflr.exec:\9rlrflr.exe103⤵PID:1856
-
\??\c:\bthhtb.exec:\bthhtb.exe104⤵PID:1084
-
\??\c:\hbtbhn.exec:\hbtbhn.exe105⤵PID:768
-
\??\c:\pppdv.exec:\pppdv.exe106⤵PID:1132
-
\??\c:\pjdpj.exec:\pjdpj.exe107⤵PID:1772
-
\??\c:\xrlxxfx.exec:\xrlxxfx.exe108⤵PID:1316
-
\??\c:\btbhbb.exec:\btbhbb.exe109⤵PID:1328
-
\??\c:\hbbhnt.exec:\hbbhnt.exe110⤵PID:1624
-
\??\c:\vdjdd.exec:\vdjdd.exe111⤵PID:2964
-
\??\c:\jdppd.exec:\jdppd.exe112⤵PID:2236
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe113⤵PID:2952
-
\??\c:\fxlxrxf.exec:\fxlxrxf.exe114⤵PID:2956
-
\??\c:\3bthbh.exec:\3bthbh.exe115⤵PID:1748
-
\??\c:\ddppj.exec:\ddppj.exe116⤵PID:2452
-
\??\c:\9ddvd.exec:\9ddvd.exe117⤵PID:2064
-
\??\c:\lfllxxl.exec:\lfllxxl.exe118⤵PID:2252
-
\??\c:\xrflrfr.exec:\xrflrfr.exe119⤵PID:2732
-
\??\c:\nhbbhn.exec:\nhbbhn.exe120⤵PID:3016
-
\??\c:\btnbnn.exec:\btnbnn.exe121⤵PID:2916
-
\??\c:\7jdvd.exec:\7jdvd.exe122⤵PID:2704
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-