Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe
-
Size
62KB
-
MD5
c9e3bbb9266867d3c948075ef6ba9970
-
SHA1
a4e7b0eb15663205ddb60680f7b02bca25c3c607
-
SHA256
569446031209d8a01d40160fd3aedac9b81b934c795037bc5a01f540f04f7bac
-
SHA512
7ec9a5d446baeef05e5c5d0cfb1d87ca7ee3682c4ea334f98cda272697e99a449b1adbcb198e93daef1b83ec080fbdf0f66267303c793f3321c82b7bedae887f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh12d:ymb3NkkiQ3mdBjFIFdJmg
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/1720-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2868-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2940-29-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2940-28-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2688-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2976-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2788-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2728-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2532-92-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2532-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2456-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2792-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1624-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1660-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1796-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1500-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1248-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2848-210-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/264-218-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1596-245-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1920-263-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2144-299-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2868 dpjvv.exe 2940 rxfflll.exe 2576 bnhtbn.exe 2688 3dpvj.exe 2976 rfrflrf.exe 2788 hhthnn.exe 2728 djvjj.exe 2532 lxxxllr.exe 2304 ffxflrf.exe 2424 9bbtth.exe 2456 vdjdp.exe 2792 3vvdp.exe 1624 flrxxxr.exe 1956 nnnhbn.exe 328 jvpdd.exe 1660 vpdpd.exe 1796 xxrrflr.exe 1500 fxfrflx.exe 1248 bnbntb.exe 1408 jdvdp.exe 2848 pjpvj.exe 264 1lrlffl.exe 864 rrlrlfr.exe 2960 nnhbnt.exe 1596 hbbbhn.exe 756 jvjdd.exe 1920 rlxxlrx.exe 2064 rlflrxr.exe 2000 nbntbb.exe 1704 3dpvv.exe 2144 jjjjp.exe 2944 3llxflx.exe 2816 3xlrxfl.exe 1588 btbnth.exe 2684 pdpjv.exe 2832 nttnbb.exe 2584 1hnhtb.exe 2504 jdppj.exe 2720 9fflxfr.exe 2632 3bbnbh.exe 2484 1hthnb.exe 2636 pjpdj.exe 2168 pvdvv.exe 1800 frfxfrx.exe 1572 hbttnn.exe 2760 hbbnnt.exe 2752 pjvpd.exe 1640 pjppj.exe 1364 xrfrfrf.exe 276 ttttnh.exe 1808 3bhbht.exe 1344 pdvdp.exe 2376 vpjpp.exe 1796 fflxxfl.exe 2220 lfxlrxf.exe 2236 tnbnhh.exe 2856 9bhthh.exe 2840 dvjdp.exe 696 ddddj.exe 924 rlflffl.exe 1112 lflrxxx.exe 2436 tnhbtb.exe 540 tnhnnn.exe 1992 5bbhnt.exe -
resource yara_rule behavioral1/memory/1720-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2868-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2940-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2688-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2976-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2976-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2976-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2788-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2728-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2792-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1624-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1660-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1796-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1500-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1248-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2848-210-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/264-218-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1596-245-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1920-263-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2144-299-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1720 wrote to memory of 2868 1720 c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe 29 PID 1720 wrote to memory of 2868 1720 c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe 29 PID 1720 wrote to memory of 2868 1720 c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe 29 PID 1720 wrote to memory of 2868 1720 c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe 29 PID 2868 wrote to memory of 2940 2868 dpjvv.exe 30 PID 2868 wrote to memory of 2940 2868 dpjvv.exe 30 PID 2868 wrote to memory of 2940 2868 dpjvv.exe 30 PID 2868 wrote to memory of 2940 2868 dpjvv.exe 30 PID 2940 wrote to memory of 2576 2940 rxfflll.exe 31 PID 2940 wrote to memory of 2576 2940 rxfflll.exe 31 PID 2940 wrote to memory of 2576 2940 rxfflll.exe 31 PID 2940 wrote to memory of 2576 2940 rxfflll.exe 31 PID 2576 wrote to memory of 2688 2576 bnhtbn.exe 32 PID 2576 wrote to memory of 2688 2576 bnhtbn.exe 32 PID 2576 wrote to memory of 2688 2576 bnhtbn.exe 32 PID 2576 wrote to memory of 2688 2576 bnhtbn.exe 32 PID 2688 wrote to memory of 2976 2688 3dpvj.exe 33 PID 2688 wrote to memory of 2976 2688 3dpvj.exe 33 PID 2688 wrote to memory of 2976 2688 3dpvj.exe 33 PID 2688 wrote to memory of 2976 2688 3dpvj.exe 33 PID 2976 wrote to memory of 2788 2976 rfrflrf.exe 34 PID 2976 wrote to memory of 2788 2976 rfrflrf.exe 34 PID 2976 wrote to memory of 2788 2976 rfrflrf.exe 34 PID 2976 wrote to memory of 2788 2976 rfrflrf.exe 34 PID 2788 wrote to memory of 2728 2788 hhthnn.exe 35 PID 2788 wrote to memory of 2728 2788 hhthnn.exe 35 PID 2788 wrote to memory of 2728 2788 hhthnn.exe 35 PID 2788 wrote to memory of 2728 2788 hhthnn.exe 35 PID 2728 wrote to memory of 2532 2728 djvjj.exe 36 PID 2728 wrote to memory of 2532 2728 djvjj.exe 36 PID 2728 wrote to memory of 2532 2728 djvjj.exe 36 PID 2728 wrote to memory of 2532 2728 djvjj.exe 36 PID 2532 wrote to memory of 2304 2532 lxxxllr.exe 37 PID 2532 wrote to memory of 2304 2532 lxxxllr.exe 37 PID 2532 wrote to memory of 2304 2532 lxxxllr.exe 37 PID 2532 wrote to memory of 2304 2532 lxxxllr.exe 37 PID 2304 wrote to memory of 2424 2304 ffxflrf.exe 38 PID 2304 wrote to memory of 2424 2304 ffxflrf.exe 38 PID 2304 wrote to memory of 2424 2304 ffxflrf.exe 38 PID 2304 wrote to memory of 2424 2304 ffxflrf.exe 38 PID 2424 wrote to memory of 2456 2424 9bbtth.exe 39 PID 2424 wrote to memory of 2456 2424 9bbtth.exe 39 PID 2424 wrote to memory of 2456 2424 9bbtth.exe 39 PID 2424 wrote to memory of 2456 2424 9bbtth.exe 39 PID 2456 wrote to memory of 2792 2456 vdjdp.exe 40 PID 2456 wrote to memory of 2792 2456 vdjdp.exe 40 PID 2456 wrote to memory of 2792 2456 vdjdp.exe 40 PID 2456 wrote to memory of 2792 2456 vdjdp.exe 40 PID 2792 wrote to memory of 1624 2792 3vvdp.exe 41 PID 2792 wrote to memory of 1624 2792 3vvdp.exe 41 PID 2792 wrote to memory of 1624 2792 3vvdp.exe 41 PID 2792 wrote to memory of 1624 2792 3vvdp.exe 41 PID 1624 wrote to memory of 1956 1624 flrxxxr.exe 42 PID 1624 wrote to memory of 1956 1624 flrxxxr.exe 42 PID 1624 wrote to memory of 1956 1624 flrxxxr.exe 42 PID 1624 wrote to memory of 1956 1624 flrxxxr.exe 42 PID 1956 wrote to memory of 328 1956 nnnhbn.exe 43 PID 1956 wrote to memory of 328 1956 nnnhbn.exe 43 PID 1956 wrote to memory of 328 1956 nnnhbn.exe 43 PID 1956 wrote to memory of 328 1956 nnnhbn.exe 43 PID 328 wrote to memory of 1660 328 jvpdd.exe 44 PID 328 wrote to memory of 1660 328 jvpdd.exe 44 PID 328 wrote to memory of 1660 328 jvpdd.exe 44 PID 328 wrote to memory of 1660 328 jvpdd.exe 44
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1720 -
\??\c:\dpjvv.exec:\dpjvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2868 -
\??\c:\rxfflll.exec:\rxfflll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2940 -
\??\c:\bnhtbn.exec:\bnhtbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\3dpvj.exec:\3dpvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\rfrflrf.exec:\rfrflrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2976 -
\??\c:\hhthnn.exec:\hhthnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2788 -
\??\c:\djvjj.exec:\djvjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2728 -
\??\c:\lxxxllr.exec:\lxxxllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\ffxflrf.exec:\ffxflrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2304 -
\??\c:\9bbtth.exec:\9bbtth.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\vdjdp.exec:\vdjdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\3vvdp.exec:\3vvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2792 -
\??\c:\flrxxxr.exec:\flrxxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1624 -
\??\c:\nnnhbn.exec:\nnnhbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1956 -
\??\c:\jvpdd.exec:\jvpdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:328 -
\??\c:\vpdpd.exec:\vpdpd.exe17⤵
- Executes dropped EXE
PID:1660 -
\??\c:\xxrrflr.exec:\xxrrflr.exe18⤵
- Executes dropped EXE
PID:1796 -
\??\c:\fxfrflx.exec:\fxfrflx.exe19⤵
- Executes dropped EXE
PID:1500 -
\??\c:\bnbntb.exec:\bnbntb.exe20⤵
- Executes dropped EXE
PID:1248 -
\??\c:\jdvdp.exec:\jdvdp.exe21⤵
- Executes dropped EXE
PID:1408 -
\??\c:\pjpvj.exec:\pjpvj.exe22⤵
- Executes dropped EXE
PID:2848 -
\??\c:\1lrlffl.exec:\1lrlffl.exe23⤵
- Executes dropped EXE
PID:264 -
\??\c:\rrlrlfr.exec:\rrlrlfr.exe24⤵
- Executes dropped EXE
PID:864 -
\??\c:\nnhbnt.exec:\nnhbnt.exe25⤵
- Executes dropped EXE
PID:2960 -
\??\c:\hbbbhn.exec:\hbbbhn.exe26⤵
- Executes dropped EXE
PID:1596 -
\??\c:\jvjdd.exec:\jvjdd.exe27⤵
- Executes dropped EXE
PID:756 -
\??\c:\rlxxlrx.exec:\rlxxlrx.exe28⤵
- Executes dropped EXE
PID:1920 -
\??\c:\rlflrxr.exec:\rlflrxr.exe29⤵
- Executes dropped EXE
PID:2064 -
\??\c:\nbntbb.exec:\nbntbb.exe30⤵
- Executes dropped EXE
PID:2000 -
\??\c:\3dpvv.exec:\3dpvv.exe31⤵
- Executes dropped EXE
PID:1704 -
\??\c:\jjjjp.exec:\jjjjp.exe32⤵
- Executes dropped EXE
PID:2144 -
\??\c:\3llxflx.exec:\3llxflx.exe33⤵
- Executes dropped EXE
PID:2944 -
\??\c:\3xlrxfl.exec:\3xlrxfl.exe34⤵
- Executes dropped EXE
PID:2816 -
\??\c:\btbnth.exec:\btbnth.exe35⤵
- Executes dropped EXE
PID:1588 -
\??\c:\pdpjv.exec:\pdpjv.exe36⤵
- Executes dropped EXE
PID:2684 -
\??\c:\nttnbb.exec:\nttnbb.exe37⤵
- Executes dropped EXE
PID:2832 -
\??\c:\1hnhtb.exec:\1hnhtb.exe38⤵
- Executes dropped EXE
PID:2584 -
\??\c:\jdppj.exec:\jdppj.exe39⤵
- Executes dropped EXE
PID:2504 -
\??\c:\9fflxfr.exec:\9fflxfr.exe40⤵
- Executes dropped EXE
PID:2720 -
\??\c:\3bbnbh.exec:\3bbnbh.exe41⤵
- Executes dropped EXE
PID:2632 -
\??\c:\1hthnb.exec:\1hthnb.exe42⤵
- Executes dropped EXE
PID:2484 -
\??\c:\pjpdj.exec:\pjpdj.exe43⤵
- Executes dropped EXE
PID:2636 -
\??\c:\pvdvv.exec:\pvdvv.exe44⤵
- Executes dropped EXE
PID:2168 -
\??\c:\frfxfrx.exec:\frfxfrx.exe45⤵
- Executes dropped EXE
PID:1800 -
\??\c:\hbttnn.exec:\hbttnn.exe46⤵
- Executes dropped EXE
PID:1572 -
\??\c:\hbbnnt.exec:\hbbnnt.exe47⤵
- Executes dropped EXE
PID:2760 -
\??\c:\pjvpd.exec:\pjvpd.exe48⤵
- Executes dropped EXE
PID:2752 -
\??\c:\pjppj.exec:\pjppj.exe49⤵
- Executes dropped EXE
PID:1640 -
\??\c:\xrfrfrf.exec:\xrfrfrf.exe50⤵
- Executes dropped EXE
PID:1364 -
\??\c:\ttttnh.exec:\ttttnh.exe51⤵
- Executes dropped EXE
PID:276 -
\??\c:\3bhbht.exec:\3bhbht.exe52⤵
- Executes dropped EXE
PID:1808 -
\??\c:\pdvdp.exec:\pdvdp.exe53⤵
- Executes dropped EXE
PID:1344 -
\??\c:\vpjpp.exec:\vpjpp.exe54⤵
- Executes dropped EXE
PID:2376 -
\??\c:\fflxxfl.exec:\fflxxfl.exe55⤵
- Executes dropped EXE
PID:1796 -
\??\c:\lfxlrxf.exec:\lfxlrxf.exe56⤵
- Executes dropped EXE
PID:2220 -
\??\c:\tnbnhh.exec:\tnbnhh.exe57⤵
- Executes dropped EXE
PID:2236 -
\??\c:\9bhthh.exec:\9bhthh.exe58⤵
- Executes dropped EXE
PID:2856 -
\??\c:\dvjdp.exec:\dvjdp.exe59⤵
- Executes dropped EXE
PID:2840 -
\??\c:\ddddj.exec:\ddddj.exe60⤵
- Executes dropped EXE
PID:696 -
\??\c:\rlflffl.exec:\rlflffl.exe61⤵
- Executes dropped EXE
PID:924 -
\??\c:\lflrxxx.exec:\lflrxxx.exe62⤵
- Executes dropped EXE
PID:1112 -
\??\c:\tnhbtb.exec:\tnhbtb.exe63⤵
- Executes dropped EXE
PID:2436 -
\??\c:\tnhnnn.exec:\tnhnnn.exe64⤵
- Executes dropped EXE
PID:540 -
\??\c:\5bbhnt.exec:\5bbhnt.exe65⤵
- Executes dropped EXE
PID:1992 -
\??\c:\dpdpv.exec:\dpdpv.exe66⤵PID:1932
-
\??\c:\5pppd.exec:\5pppd.exe67⤵PID:2364
-
\??\c:\lxlxlxf.exec:\lxlxlxf.exe68⤵PID:2064
-
\??\c:\lfxlrxx.exec:\lfxlrxx.exe69⤵PID:2796
-
\??\c:\nbnntt.exec:\nbnntt.exe70⤵PID:2876
-
\??\c:\bthhht.exec:\bthhht.exe71⤵PID:2068
-
\??\c:\pppvv.exec:\pppvv.exe72⤵PID:2160
-
\??\c:\dpjpp.exec:\dpjpp.exe73⤵PID:2280
-
\??\c:\fxrrfxf.exec:\fxrrfxf.exe74⤵PID:2992
-
\??\c:\fffrlxr.exec:\fffrlxr.exe75⤵PID:1776
-
\??\c:\hbbbbn.exec:\hbbbbn.exe76⤵PID:2576
-
\??\c:\5nhnht.exec:\5nhnht.exe77⤵PID:2680
-
\??\c:\vvpdj.exec:\vvpdj.exe78⤵PID:2628
-
\??\c:\jvpdp.exec:\jvpdp.exe79⤵PID:2748
-
\??\c:\frflflr.exec:\frflflr.exe80⤵PID:2580
-
\??\c:\rfrrlrf.exec:\rfrrlrf.exe81⤵PID:2472
-
\??\c:\bhbnnh.exec:\bhbnnh.exe82⤵PID:2728
-
\??\c:\1bnhnb.exec:\1bnhnb.exe83⤵PID:2904
-
\??\c:\1ddjp.exec:\1ddjp.exe84⤵PID:2428
-
\??\c:\jjddj.exec:\jjddj.exe85⤵PID:2444
-
\??\c:\fllxlfx.exec:\fllxlfx.exe86⤵PID:2756
-
\??\c:\xrllxlx.exec:\xrllxlx.exe87⤵PID:2192
-
\??\c:\1btnth.exec:\1btnth.exe88⤵PID:1636
-
\??\c:\1tntht.exec:\1tntht.exe89⤵PID:1708
-
\??\c:\3djvj.exec:\3djvj.exe90⤵PID:1984
-
\??\c:\jjddd.exec:\jjddd.exe91⤵PID:1756
-
\??\c:\xxxflrf.exec:\xxxflrf.exe92⤵PID:1656
-
\??\c:\5fxrlrf.exec:\5fxrlrf.exe93⤵PID:2884
-
\??\c:\nhbbnn.exec:\nhbbnn.exe94⤵PID:2508
-
\??\c:\hbthth.exec:\hbthth.exe95⤵PID:2260
-
\??\c:\vddpv.exec:\vddpv.exe96⤵PID:2320
-
\??\c:\lfxrlfr.exec:\lfxrlfr.exe97⤵PID:2220
-
\??\c:\3ffxxxx.exec:\3ffxxxx.exe98⤵PID:2204
-
\??\c:\3hbnbn.exec:\3hbnbn.exe99⤵PID:668
-
\??\c:\bnhhnn.exec:\bnhhnn.exe100⤵PID:264
-
\??\c:\pvvvp.exec:\pvvvp.exe101⤵PID:444
-
\??\c:\3pppv.exec:\3pppv.exe102⤵PID:380
-
\??\c:\lllxfrf.exec:\lllxfrf.exe103⤵PID:1528
-
\??\c:\xrrxrxf.exec:\xrrxrxf.exe104⤵PID:1596
-
\??\c:\tnhbtb.exec:\tnhbtb.exe105⤵PID:688
-
\??\c:\tnthbn.exec:\tnthbn.exe106⤵PID:1296
-
\??\c:\jddpv.exec:\jddpv.exe107⤵PID:1780
-
\??\c:\ddpvd.exec:\ddpvd.exe108⤵PID:976
-
\??\c:\rrlxrfr.exec:\rrlxrfr.exe109⤵PID:1452
-
\??\c:\7xfrlrl.exec:\7xfrlrl.exe110⤵PID:2924
-
\??\c:\tnnhth.exec:\tnnhth.exe111⤵PID:2308
-
\??\c:\nhthtb.exec:\nhthtb.exe112⤵PID:2152
-
\??\c:\vdpjp.exec:\vdpjp.exe113⤵PID:2968
-
\??\c:\lfrfxff.exec:\lfrfxff.exe114⤵PID:1592
-
\??\c:\1hhnhn.exec:\1hhnhn.exe115⤵PID:1588
-
\??\c:\1nnhnb.exec:\1nnhnb.exe116⤵PID:2592
-
\??\c:\pjjpv.exec:\pjjpv.exe117⤵PID:2832
-
\??\c:\ppppd.exec:\ppppd.exe118⤵PID:1424
-
\??\c:\jdpjv.exec:\jdpjv.exe119⤵PID:2504
-
\??\c:\9xrxflx.exec:\9xrxflx.exe120⤵PID:2464
-
\??\c:\7lrrxfr.exec:\7lrrxfr.exe121⤵PID:2488
-
\??\c:\bbtbht.exec:\bbtbht.exe122⤵PID:2484
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-