Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe
-
Size
70KB
-
MD5
c9f79ac83b49bbfc54ee4ed477146b80
-
SHA1
e6e9f75cb1a1a4df9e140e26a0f6378e0488be80
-
SHA256
5897ecc02a035a317a5965c5d4d522629386d07183f210c66e84127cba2d9621
-
SHA512
e9b2b298f09006aedf17f52c20f28fa61f681dd86044dab7e3ff17a8ffb14b91565d71d6326bf54ee416dc0dab901fb8ab8c781c04523749d104ceb7e9cc6a4e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnfg:ymb3NkkiQ3mdBjFIgUEBg
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/1912-286-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/108-250-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1784-232-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/528-215-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1128-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2640-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/796-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2360-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2644-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1252-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1260-98-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2916-89-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2916-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2476-79-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2476-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-69-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2620-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2492-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2588-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2748-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1976-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2748 9dpdp.exe 2584 rlxfllx.exe 2736 1bhbbh.exe 2588 jddpv.exe 2492 7ddpp.exe 2620 fxxlrxx.exe 2476 rlfxffr.exe 2916 bthhnt.exe 1260 ddddv.exe 1252 7dppv.exe 2644 llxlrrr.exe 1456 ffxrlrr.exe 2360 nhtbnb.exe 1612 hbnntt.exe 1752 jvpvd.exe 796 pppvd.exe 1184 xrffllr.exe 1692 llfflff.exe 2640 tthntt.exe 1128 7hnttb.exe 2552 pddjd.exe 528 dvpdp.exe 1068 rfxfflr.exe 1784 9rflxxf.exe 3020 tntttb.exe 108 nthbtb.exe 2284 vvjpv.exe 2064 5jjjv.exe 1632 xrlrxrr.exe 1912 lfxrlfr.exe 1436 tnbbhh.exe 2880 tnhntt.exe 2144 ppvjd.exe 1964 5pjjj.exe 2612 3vdpp.exe 2716 rfrfffl.exe 2580 fllffxl.exe 2280 fxrxflx.exe 2484 btbbtt.exe 2624 hthnbb.exe 2452 bnbttb.exe 2576 dpjpp.exe 2004 jvppv.exe 2192 pjdjp.exe 2120 3rfflll.exe 304 5llfxxl.exe 1252 rlfrffl.exe 2644 hhthth.exe 1008 ttbntb.exe 1616 ttthht.exe 288 xrllxxr.exe 2188 3fflrrx.exe 1464 9lfrxfl.exe 1088 bttthn.exe 2800 1bnhnb.exe 2808 thtttt.exe 2240 1dpvj.exe 2544 dpjpp.exe 320 jdppd.exe 688 frffrrr.exe 960 rllfrlf.exe 560 xlxfrrf.exe 2164 bthttt.exe 988 bttttn.exe -
resource yara_rule behavioral1/memory/1912-286-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/108-250-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1784-232-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/528-215-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1128-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2640-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/796-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2360-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2644-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1252-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1260-98-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2916-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2476-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2588-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2748-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1976-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1976-3-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1976 wrote to memory of 2748 1976 c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe 28 PID 1976 wrote to memory of 2748 1976 c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe 28 PID 1976 wrote to memory of 2748 1976 c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe 28 PID 1976 wrote to memory of 2748 1976 c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe 28 PID 2748 wrote to memory of 2584 2748 9dpdp.exe 29 PID 2748 wrote to memory of 2584 2748 9dpdp.exe 29 PID 2748 wrote to memory of 2584 2748 9dpdp.exe 29 PID 2748 wrote to memory of 2584 2748 9dpdp.exe 29 PID 2584 wrote to memory of 2736 2584 rlxfllx.exe 30 PID 2584 wrote to memory of 2736 2584 rlxfllx.exe 30 PID 2584 wrote to memory of 2736 2584 rlxfllx.exe 30 PID 2584 wrote to memory of 2736 2584 rlxfllx.exe 30 PID 2736 wrote to memory of 2588 2736 1bhbbh.exe 31 PID 2736 wrote to memory of 2588 2736 1bhbbh.exe 31 PID 2736 wrote to memory of 2588 2736 1bhbbh.exe 31 PID 2736 wrote to memory of 2588 2736 1bhbbh.exe 31 PID 2588 wrote to memory of 2492 2588 jddpv.exe 32 PID 2588 wrote to memory of 2492 2588 jddpv.exe 32 PID 2588 wrote to memory of 2492 2588 jddpv.exe 32 PID 2588 wrote to memory of 2492 2588 jddpv.exe 32 PID 2492 wrote to memory of 2620 2492 7ddpp.exe 33 PID 2492 wrote to memory of 2620 2492 7ddpp.exe 33 PID 2492 wrote to memory of 2620 2492 7ddpp.exe 33 PID 2492 wrote to memory of 2620 2492 7ddpp.exe 33 PID 2620 wrote to memory of 2476 2620 fxxlrxx.exe 34 PID 2620 wrote to memory of 2476 2620 fxxlrxx.exe 34 PID 2620 wrote to memory of 2476 2620 fxxlrxx.exe 34 PID 2620 wrote to memory of 2476 2620 fxxlrxx.exe 34 PID 2476 wrote to memory of 2916 2476 rlfxffr.exe 35 PID 2476 wrote to memory of 2916 2476 rlfxffr.exe 35 PID 2476 wrote to memory of 2916 2476 rlfxffr.exe 35 PID 2476 wrote to memory of 2916 2476 rlfxffr.exe 35 PID 2916 wrote to memory of 1260 2916 bthhnt.exe 36 PID 2916 wrote to memory of 1260 2916 bthhnt.exe 36 PID 2916 wrote to memory of 1260 2916 bthhnt.exe 36 PID 2916 wrote to memory of 1260 2916 bthhnt.exe 36 PID 1260 wrote to memory of 1252 1260 ddddv.exe 37 PID 1260 wrote to memory of 1252 1260 ddddv.exe 37 PID 1260 wrote to memory of 1252 1260 ddddv.exe 37 PID 1260 wrote to memory of 1252 1260 ddddv.exe 37 PID 1252 wrote to memory of 2644 1252 7dppv.exe 38 PID 1252 wrote to memory of 2644 1252 7dppv.exe 38 PID 1252 wrote to memory of 2644 1252 7dppv.exe 38 PID 1252 wrote to memory of 2644 1252 7dppv.exe 38 PID 2644 wrote to memory of 1456 2644 llxlrrr.exe 39 PID 2644 wrote to memory of 1456 2644 llxlrrr.exe 39 PID 2644 wrote to memory of 1456 2644 llxlrrr.exe 39 PID 2644 wrote to memory of 1456 2644 llxlrrr.exe 39 PID 1456 wrote to memory of 2360 1456 ffxrlrr.exe 40 PID 1456 wrote to memory of 2360 1456 ffxrlrr.exe 40 PID 1456 wrote to memory of 2360 1456 ffxrlrr.exe 40 PID 1456 wrote to memory of 2360 1456 ffxrlrr.exe 40 PID 2360 wrote to memory of 1612 2360 nhtbnb.exe 41 PID 2360 wrote to memory of 1612 2360 nhtbnb.exe 41 PID 2360 wrote to memory of 1612 2360 nhtbnb.exe 41 PID 2360 wrote to memory of 1612 2360 nhtbnb.exe 41 PID 1612 wrote to memory of 1752 1612 hbnntt.exe 42 PID 1612 wrote to memory of 1752 1612 hbnntt.exe 42 PID 1612 wrote to memory of 1752 1612 hbnntt.exe 42 PID 1612 wrote to memory of 1752 1612 hbnntt.exe 42 PID 1752 wrote to memory of 796 1752 jvpvd.exe 43 PID 1752 wrote to memory of 796 1752 jvpvd.exe 43 PID 1752 wrote to memory of 796 1752 jvpvd.exe 43 PID 1752 wrote to memory of 796 1752 jvpvd.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1976 -
\??\c:\9dpdp.exec:\9dpdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\rlxfllx.exec:\rlxfllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\1bhbbh.exec:\1bhbbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\jddpv.exec:\jddpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2588 -
\??\c:\7ddpp.exec:\7ddpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\fxxlrxx.exec:\fxxlrxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\rlfxffr.exec:\rlfxffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\bthhnt.exec:\bthhnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2916 -
\??\c:\ddddv.exec:\ddddv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1260 -
\??\c:\7dppv.exec:\7dppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1252 -
\??\c:\llxlrrr.exec:\llxlrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2644 -
\??\c:\ffxrlrr.exec:\ffxrlrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1456 -
\??\c:\nhtbnb.exec:\nhtbnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360 -
\??\c:\hbnntt.exec:\hbnntt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1612 -
\??\c:\jvpvd.exec:\jvpvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1752 -
\??\c:\pppvd.exec:\pppvd.exe17⤵
- Executes dropped EXE
PID:796 -
\??\c:\xrffllr.exec:\xrffllr.exe18⤵
- Executes dropped EXE
PID:1184 -
\??\c:\llfflff.exec:\llfflff.exe19⤵
- Executes dropped EXE
PID:1692 -
\??\c:\tthntt.exec:\tthntt.exe20⤵
- Executes dropped EXE
PID:2640 -
\??\c:\7hnttb.exec:\7hnttb.exe21⤵
- Executes dropped EXE
PID:1128 -
\??\c:\pddjd.exec:\pddjd.exe22⤵
- Executes dropped EXE
PID:2552 -
\??\c:\dvpdp.exec:\dvpdp.exe23⤵
- Executes dropped EXE
PID:528 -
\??\c:\rfxfflr.exec:\rfxfflr.exe24⤵
- Executes dropped EXE
PID:1068 -
\??\c:\9rflxxf.exec:\9rflxxf.exe25⤵
- Executes dropped EXE
PID:1784 -
\??\c:\tntttb.exec:\tntttb.exe26⤵
- Executes dropped EXE
PID:3020 -
\??\c:\nthbtb.exec:\nthbtb.exe27⤵
- Executes dropped EXE
PID:108 -
\??\c:\vvjpv.exec:\vvjpv.exe28⤵
- Executes dropped EXE
PID:2284 -
\??\c:\5jjjv.exec:\5jjjv.exe29⤵
- Executes dropped EXE
PID:2064 -
\??\c:\xrlrxrr.exec:\xrlrxrr.exe30⤵
- Executes dropped EXE
PID:1632 -
\??\c:\lfxrlfr.exec:\lfxrlfr.exe31⤵
- Executes dropped EXE
PID:1912 -
\??\c:\tnbbhh.exec:\tnbbhh.exe32⤵
- Executes dropped EXE
PID:1436 -
\??\c:\tnhntt.exec:\tnhntt.exe33⤵
- Executes dropped EXE
PID:2880 -
\??\c:\ppvjd.exec:\ppvjd.exe34⤵
- Executes dropped EXE
PID:2144 -
\??\c:\5pjjj.exec:\5pjjj.exe35⤵
- Executes dropped EXE
PID:1964 -
\??\c:\3vdpp.exec:\3vdpp.exe36⤵
- Executes dropped EXE
PID:2612 -
\??\c:\rfrfffl.exec:\rfrfffl.exe37⤵
- Executes dropped EXE
PID:2716 -
\??\c:\fllffxl.exec:\fllffxl.exe38⤵
- Executes dropped EXE
PID:2580 -
\??\c:\fxrxflx.exec:\fxrxflx.exe39⤵
- Executes dropped EXE
PID:2280 -
\??\c:\btbbtt.exec:\btbbtt.exe40⤵
- Executes dropped EXE
PID:2484 -
\??\c:\hthnbb.exec:\hthnbb.exe41⤵
- Executes dropped EXE
PID:2624 -
\??\c:\bnbttb.exec:\bnbttb.exe42⤵
- Executes dropped EXE
PID:2452 -
\??\c:\dpjpp.exec:\dpjpp.exe43⤵
- Executes dropped EXE
PID:2576 -
\??\c:\jvppv.exec:\jvppv.exe44⤵
- Executes dropped EXE
PID:2004 -
\??\c:\pjdjp.exec:\pjdjp.exe45⤵
- Executes dropped EXE
PID:2192 -
\??\c:\3rfflll.exec:\3rfflll.exe46⤵
- Executes dropped EXE
PID:2120 -
\??\c:\5llfxxl.exec:\5llfxxl.exe47⤵
- Executes dropped EXE
PID:304 -
\??\c:\rlfrffl.exec:\rlfrffl.exe48⤵
- Executes dropped EXE
PID:1252 -
\??\c:\hhthth.exec:\hhthth.exe49⤵
- Executes dropped EXE
PID:2644 -
\??\c:\ttbntb.exec:\ttbntb.exe50⤵
- Executes dropped EXE
PID:1008 -
\??\c:\ttthht.exec:\ttthht.exe51⤵
- Executes dropped EXE
PID:1616 -
\??\c:\xrllxxr.exec:\xrllxxr.exe52⤵
- Executes dropped EXE
PID:288 -
\??\c:\3fflrrx.exec:\3fflrrx.exe53⤵
- Executes dropped EXE
PID:2188 -
\??\c:\9lfrxfl.exec:\9lfrxfl.exe54⤵
- Executes dropped EXE
PID:1464 -
\??\c:\bttthn.exec:\bttthn.exe55⤵
- Executes dropped EXE
PID:1088 -
\??\c:\1bnhnb.exec:\1bnhnb.exe56⤵
- Executes dropped EXE
PID:2800 -
\??\c:\thtttt.exec:\thtttt.exe57⤵
- Executes dropped EXE
PID:2808 -
\??\c:\1dpvj.exec:\1dpvj.exe58⤵
- Executes dropped EXE
PID:2240 -
\??\c:\dpjpp.exec:\dpjpp.exe59⤵
- Executes dropped EXE
PID:2544 -
\??\c:\jdppd.exec:\jdppd.exe60⤵
- Executes dropped EXE
PID:320 -
\??\c:\frffrrr.exec:\frffrrr.exe61⤵
- Executes dropped EXE
PID:688 -
\??\c:\rllfrlf.exec:\rllfrlf.exe62⤵
- Executes dropped EXE
PID:960 -
\??\c:\xlxfrrf.exec:\xlxfrrf.exe63⤵
- Executes dropped EXE
PID:560 -
\??\c:\bthttt.exec:\bthttt.exe64⤵
- Executes dropped EXE
PID:2164 -
\??\c:\bttttn.exec:\bttttn.exe65⤵
- Executes dropped EXE
PID:988 -
\??\c:\btnbht.exec:\btnbht.exe66⤵PID:3020
-
\??\c:\9vddp.exec:\9vddp.exe67⤵PID:2272
-
\??\c:\jdpdd.exec:\jdpdd.exe68⤵PID:2084
-
\??\c:\dpjjj.exec:\dpjjj.exe69⤵PID:1644
-
\??\c:\xrfrxrf.exec:\xrfrxrf.exe70⤵PID:3008
-
\??\c:\7rxrlfr.exec:\7rxrlfr.exe71⤵PID:1884
-
\??\c:\rlflrfl.exec:\rlflrfl.exe72⤵PID:1672
-
\??\c:\tthnbh.exec:\tthnbh.exe73⤵PID:2124
-
\??\c:\3bbbhn.exec:\3bbbhn.exe74⤵PID:2752
-
\??\c:\htnnbb.exec:\htnnbb.exe75⤵PID:1536
-
\??\c:\dpddd.exec:\dpddd.exe76⤵PID:2980
-
\??\c:\vjpvj.exec:\vjpvj.exe77⤵PID:2704
-
\??\c:\pvdvj.exec:\pvdvj.exe78⤵PID:2608
-
\??\c:\xxxflrf.exec:\xxxflrf.exe79⤵PID:2736
-
\??\c:\7frflrx.exec:\7frflrx.exe80⤵PID:2580
-
\??\c:\xlxlxfx.exec:\xlxlxfx.exe81⤵PID:2628
-
\??\c:\3bbhnt.exec:\3bbhnt.exe82⤵PID:2500
-
\??\c:\tnbbbb.exec:\tnbbbb.exe83⤵PID:2512
-
\??\c:\btthhn.exec:\btthhn.exe84⤵PID:3004
-
\??\c:\jvppv.exec:\jvppv.exe85⤵PID:2924
-
\??\c:\pdpjp.exec:\pdpjp.exe86⤵PID:2508
-
\??\c:\pjvdd.exec:\pjvdd.exe87⤵PID:1248
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe88⤵PID:2680
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe89⤵PID:1576
-
\??\c:\rfrrxrr.exec:\rfrrxrr.exe90⤵PID:2136
-
\??\c:\btbhnb.exec:\btbhnb.exe91⤵PID:1600
-
\??\c:\nhntbb.exec:\nhntbb.exe92⤵PID:1532
-
\??\c:\bnhbbb.exec:\bnhbbb.exe93⤵PID:2432
-
\??\c:\vppjp.exec:\vppjp.exe94⤵PID:1920
-
\??\c:\jdvjj.exec:\jdvjj.exe95⤵PID:2188
-
\??\c:\jjdjp.exec:\jjdjp.exe96⤵PID:796
-
\??\c:\5fflxxf.exec:\5fflxxf.exe97⤵PID:2304
-
\??\c:\xrfrffl.exec:\xrfrffl.exe98⤵PID:3028
-
\??\c:\9xrxfxf.exec:\9xrxfxf.exe99⤵PID:1204
-
\??\c:\3rfrrxl.exec:\3rfrrxl.exe100⤵PID:2052
-
\??\c:\nnbtbh.exec:\nnbtbh.exe101⤵PID:2220
-
\??\c:\tnhtnt.exec:\tnhtnt.exe102⤵PID:1420
-
\??\c:\hthbnt.exec:\hthbnt.exe103⤵PID:2868
-
\??\c:\9jddp.exec:\9jddp.exe104⤵PID:960
-
\??\c:\ppjpd.exec:\ppjpd.exe105⤵PID:3016
-
\??\c:\jdvpd.exec:\jdvpd.exe106⤵PID:792
-
\??\c:\xlflrrx.exec:\xlflrrx.exe107⤵PID:568
-
\??\c:\lfxfxfr.exec:\lfxfxfr.exe108⤵PID:2296
-
\??\c:\xlxfrrf.exec:\xlxfrrf.exe109⤵PID:696
-
\??\c:\bnbhnh.exec:\bnbhnh.exe110⤵PID:1712
-
\??\c:\7nbntb.exec:\7nbntb.exe111⤵PID:2200
-
\??\c:\btntbh.exec:\btntbh.exe112⤵PID:608
-
\??\c:\btbbnn.exec:\btbbnn.exe113⤵PID:1912
-
\??\c:\dvjpd.exec:\dvjpd.exe114⤵PID:1896
-
\??\c:\pjvvd.exec:\pjvvd.exe115⤵PID:2984
-
\??\c:\dvpvj.exec:\dvpvj.exe116⤵PID:1640
-
\??\c:\fxlffrx.exec:\fxlffrx.exe117⤵PID:2596
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe118⤵PID:2708
-
\??\c:\fxxllrf.exec:\fxxllrf.exe119⤵PID:2844
-
\??\c:\5btbhh.exec:\5btbhh.exe120⤵PID:2840
-
\??\c:\btbbhh.exec:\btbbhh.exe121⤵PID:2588
-
\??\c:\hbhthn.exec:\hbhthn.exe122⤵PID:2592
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-