Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe
-
Size
60KB
-
MD5
cbb5e6a0b06a0e94dc4e99776def9740
-
SHA1
4ab3d4ce960848cfab3124fabd539f105e945c6d
-
SHA256
2c9cb856ff3394f42f705d5f53177a17b7a509a70c9125a95ac08a7c8cb1b63d
-
SHA512
739934905286564eea7048c7608f25dc25a6fea33b163286b0d23b28d97d853595571ad488474e081da04592b19caed9dae04cbab2896b5a9165d6afb4e69b75
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJLA:ymb3NkkiQ3mdBjFIvAvA
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/2284-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2308-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2520-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2404-63-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2056-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1572-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1780-245-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1924-299-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1928-272-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1020-263-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1756-254-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1120-237-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/992-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2176-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2272-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1864-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1584-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2612-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2424-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2420-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2404-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2308 tbhhhh.exe 2520 dvpvp.exe 2620 frfffxf.exe 2632 fxllfll.exe 2404 btttbb.exe 2420 9htnnn.exe 2424 httthn.exe 2056 pdvpv.exe 2612 vjpjv.exe 2740 rlfrxfr.exe 2752 xlrxlll.exe 1584 9hbntt.exe 780 1nnnnn.exe 1864 hhtbtn.exe 1572 vjvvd.exe 2272 jdvvd.exe 648 lflxffl.exe 3064 fxxlrxl.exe 2160 3rflxrf.exe 2176 bthtbh.exe 268 htnthh.exe 992 tnhntt.exe 2780 vpvpp.exe 1120 1pjjp.exe 1780 frflrrx.exe 1756 lflrrrr.exe 1020 nhtntb.exe 1928 nhttbt.exe 1224 7dpdj.exe 2112 3dvdv.exe 1924 7fxfflf.exe 1936 xrrrflr.exe 1204 ththbn.exe 1540 nhbhtb.exe 2484 9nhhhh.exe 2800 5dvvj.exe 2952 9jddj.exe 2760 3dppp.exe 2652 rfxxlrf.exe 2492 rlrffxl.exe 2600 rlxxllx.exe 2608 nhnthh.exe 2708 nhtbhn.exe 1280 1thntb.exe 2740 vvjjp.exe 1932 pdpdd.exe 2264 pvvvv.exe 1528 3lrrrrr.exe 780 lxfrxxx.exe 1364 xlrffxf.exe 1432 tthttt.exe 1276 nbbbnn.exe 2180 pjvdd.exe 2172 pjdpd.exe 2212 dvvdd.exe 1904 xrlrflx.exe 2448 rxlrffl.exe 584 xlrlflx.exe 1860 9btbht.exe 844 htnhhb.exe 1228 nbttbb.exe 412 djddv.exe 2944 jpdjj.exe 1728 lfflrxx.exe -
resource yara_rule behavioral1/memory/2284-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2284-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2308-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2520-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2632-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2632-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2632-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2056-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1572-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1780-245-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1924-299-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1928-272-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1020-263-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1756-254-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1120-237-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/992-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2176-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2272-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1864-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1584-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2612-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2420-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2404-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-36-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2284 wrote to memory of 2308 2284 cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe 28 PID 2284 wrote to memory of 2308 2284 cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe 28 PID 2284 wrote to memory of 2308 2284 cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe 28 PID 2284 wrote to memory of 2308 2284 cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe 28 PID 2308 wrote to memory of 2520 2308 tbhhhh.exe 29 PID 2308 wrote to memory of 2520 2308 tbhhhh.exe 29 PID 2308 wrote to memory of 2520 2308 tbhhhh.exe 29 PID 2308 wrote to memory of 2520 2308 tbhhhh.exe 29 PID 2520 wrote to memory of 2620 2520 dvpvp.exe 30 PID 2520 wrote to memory of 2620 2520 dvpvp.exe 30 PID 2520 wrote to memory of 2620 2520 dvpvp.exe 30 PID 2520 wrote to memory of 2620 2520 dvpvp.exe 30 PID 2620 wrote to memory of 2632 2620 frfffxf.exe 31 PID 2620 wrote to memory of 2632 2620 frfffxf.exe 31 PID 2620 wrote to memory of 2632 2620 frfffxf.exe 31 PID 2620 wrote to memory of 2632 2620 frfffxf.exe 31 PID 2632 wrote to memory of 2404 2632 fxllfll.exe 32 PID 2632 wrote to memory of 2404 2632 fxllfll.exe 32 PID 2632 wrote to memory of 2404 2632 fxllfll.exe 32 PID 2632 wrote to memory of 2404 2632 fxllfll.exe 32 PID 2404 wrote to memory of 2420 2404 btttbb.exe 33 PID 2404 wrote to memory of 2420 2404 btttbb.exe 33 PID 2404 wrote to memory of 2420 2404 btttbb.exe 33 PID 2404 wrote to memory of 2420 2404 btttbb.exe 33 PID 2420 wrote to memory of 2424 2420 9htnnn.exe 34 PID 2420 wrote to memory of 2424 2420 9htnnn.exe 34 PID 2420 wrote to memory of 2424 2420 9htnnn.exe 34 PID 2420 wrote to memory of 2424 2420 9htnnn.exe 34 PID 2424 wrote to memory of 2056 2424 httthn.exe 35 PID 2424 wrote to memory of 2056 2424 httthn.exe 35 PID 2424 wrote to memory of 2056 2424 httthn.exe 35 PID 2424 wrote to memory of 2056 2424 httthn.exe 35 PID 2056 wrote to memory of 2612 2056 pdvpv.exe 36 PID 2056 wrote to memory of 2612 2056 pdvpv.exe 36 PID 2056 wrote to memory of 2612 2056 pdvpv.exe 36 PID 2056 wrote to memory of 2612 2056 pdvpv.exe 36 PID 2612 wrote to memory of 2740 2612 vjpjv.exe 37 PID 2612 wrote to memory of 2740 2612 vjpjv.exe 37 PID 2612 wrote to memory of 2740 2612 vjpjv.exe 37 PID 2612 wrote to memory of 2740 2612 vjpjv.exe 37 PID 2740 wrote to memory of 2752 2740 rlfrxfr.exe 38 PID 2740 wrote to memory of 2752 2740 rlfrxfr.exe 38 PID 2740 wrote to memory of 2752 2740 rlfrxfr.exe 38 PID 2740 wrote to memory of 2752 2740 rlfrxfr.exe 38 PID 2752 wrote to memory of 1584 2752 xlrxlll.exe 39 PID 2752 wrote to memory of 1584 2752 xlrxlll.exe 39 PID 2752 wrote to memory of 1584 2752 xlrxlll.exe 39 PID 2752 wrote to memory of 1584 2752 xlrxlll.exe 39 PID 1584 wrote to memory of 780 1584 9hbntt.exe 40 PID 1584 wrote to memory of 780 1584 9hbntt.exe 40 PID 1584 wrote to memory of 780 1584 9hbntt.exe 40 PID 1584 wrote to memory of 780 1584 9hbntt.exe 40 PID 780 wrote to memory of 1864 780 1nnnnn.exe 41 PID 780 wrote to memory of 1864 780 1nnnnn.exe 41 PID 780 wrote to memory of 1864 780 1nnnnn.exe 41 PID 780 wrote to memory of 1864 780 1nnnnn.exe 41 PID 1864 wrote to memory of 1572 1864 hhtbtn.exe 42 PID 1864 wrote to memory of 1572 1864 hhtbtn.exe 42 PID 1864 wrote to memory of 1572 1864 hhtbtn.exe 42 PID 1864 wrote to memory of 1572 1864 hhtbtn.exe 42 PID 1572 wrote to memory of 2272 1572 vjvvd.exe 43 PID 1572 wrote to memory of 2272 1572 vjvvd.exe 43 PID 1572 wrote to memory of 2272 1572 vjvvd.exe 43 PID 1572 wrote to memory of 2272 1572 vjvvd.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\tbhhhh.exec:\tbhhhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\dvpvp.exec:\dvpvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\frfffxf.exec:\frfffxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\fxllfll.exec:\fxllfll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\btttbb.exec:\btttbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\9htnnn.exec:\9htnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\httthn.exec:\httthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\pdvpv.exec:\pdvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2056 -
\??\c:\vjpjv.exec:\vjpjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2612 -
\??\c:\rlfrxfr.exec:\rlfrxfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\xlrxlll.exec:\xlrxlll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\9hbntt.exec:\9hbntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\1nnnnn.exec:\1nnnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:780 -
\??\c:\hhtbtn.exec:\hhtbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1864 -
\??\c:\vjvvd.exec:\vjvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1572 -
\??\c:\jdvvd.exec:\jdvvd.exe17⤵
- Executes dropped EXE
PID:2272 -
\??\c:\lflxffl.exec:\lflxffl.exe18⤵
- Executes dropped EXE
PID:648 -
\??\c:\fxxlrxl.exec:\fxxlrxl.exe19⤵
- Executes dropped EXE
PID:3064 -
\??\c:\3rflxrf.exec:\3rflxrf.exe20⤵
- Executes dropped EXE
PID:2160 -
\??\c:\bthtbh.exec:\bthtbh.exe21⤵
- Executes dropped EXE
PID:2176 -
\??\c:\htnthh.exec:\htnthh.exe22⤵
- Executes dropped EXE
PID:268 -
\??\c:\tnhntt.exec:\tnhntt.exe23⤵
- Executes dropped EXE
PID:992 -
\??\c:\vpvpp.exec:\vpvpp.exe24⤵
- Executes dropped EXE
PID:2780 -
\??\c:\1pjjp.exec:\1pjjp.exe25⤵
- Executes dropped EXE
PID:1120 -
\??\c:\frflrrx.exec:\frflrrx.exe26⤵
- Executes dropped EXE
PID:1780 -
\??\c:\lflrrrr.exec:\lflrrrr.exe27⤵
- Executes dropped EXE
PID:1756 -
\??\c:\nhtntb.exec:\nhtntb.exe28⤵
- Executes dropped EXE
PID:1020 -
\??\c:\nhttbt.exec:\nhttbt.exe29⤵
- Executes dropped EXE
PID:1928 -
\??\c:\7dpdj.exec:\7dpdj.exe30⤵
- Executes dropped EXE
PID:1224 -
\??\c:\3dvdv.exec:\3dvdv.exe31⤵
- Executes dropped EXE
PID:2112 -
\??\c:\7fxfflf.exec:\7fxfflf.exe32⤵
- Executes dropped EXE
PID:1924 -
\??\c:\xrrrflr.exec:\xrrrflr.exe33⤵
- Executes dropped EXE
PID:1936 -
\??\c:\ththbn.exec:\ththbn.exe34⤵
- Executes dropped EXE
PID:1204 -
\??\c:\nhbhtb.exec:\nhbhtb.exe35⤵
- Executes dropped EXE
PID:1540 -
\??\c:\9nhhhh.exec:\9nhhhh.exe36⤵
- Executes dropped EXE
PID:2484 -
\??\c:\5dvvj.exec:\5dvvj.exe37⤵
- Executes dropped EXE
PID:2800 -
\??\c:\9jddj.exec:\9jddj.exe38⤵
- Executes dropped EXE
PID:2952 -
\??\c:\3dppp.exec:\3dppp.exe39⤵
- Executes dropped EXE
PID:2760 -
\??\c:\rfxxlrf.exec:\rfxxlrf.exe40⤵
- Executes dropped EXE
PID:2652 -
\??\c:\rlrffxl.exec:\rlrffxl.exe41⤵
- Executes dropped EXE
PID:2492 -
\??\c:\rlxxllx.exec:\rlxxllx.exe42⤵
- Executes dropped EXE
PID:2600 -
\??\c:\nhnthh.exec:\nhnthh.exe43⤵
- Executes dropped EXE
PID:2608 -
\??\c:\nhtbhn.exec:\nhtbhn.exe44⤵
- Executes dropped EXE
PID:2708 -
\??\c:\1thntb.exec:\1thntb.exe45⤵
- Executes dropped EXE
PID:1280 -
\??\c:\vvjjp.exec:\vvjjp.exe46⤵
- Executes dropped EXE
PID:2740 -
\??\c:\pdpdd.exec:\pdpdd.exe47⤵
- Executes dropped EXE
PID:1932 -
\??\c:\pvvvv.exec:\pvvvv.exe48⤵
- Executes dropped EXE
PID:2264 -
\??\c:\3lrrrrr.exec:\3lrrrrr.exe49⤵
- Executes dropped EXE
PID:1528 -
\??\c:\lxfrxxx.exec:\lxfrxxx.exe50⤵
- Executes dropped EXE
PID:780 -
\??\c:\xlrffxf.exec:\xlrffxf.exe51⤵
- Executes dropped EXE
PID:1364 -
\??\c:\tthttt.exec:\tthttt.exe52⤵
- Executes dropped EXE
PID:1432 -
\??\c:\nbbbnn.exec:\nbbbnn.exe53⤵
- Executes dropped EXE
PID:1276 -
\??\c:\pjvdd.exec:\pjvdd.exe54⤵
- Executes dropped EXE
PID:2180 -
\??\c:\pjdpd.exec:\pjdpd.exe55⤵
- Executes dropped EXE
PID:2172 -
\??\c:\dvvdd.exec:\dvvdd.exe56⤵
- Executes dropped EXE
PID:2212 -
\??\c:\xrlrflx.exec:\xrlrflx.exe57⤵
- Executes dropped EXE
PID:1904 -
\??\c:\rxlrffl.exec:\rxlrffl.exe58⤵
- Executes dropped EXE
PID:2448 -
\??\c:\xlrlflx.exec:\xlrlflx.exe59⤵
- Executes dropped EXE
PID:584 -
\??\c:\9btbht.exec:\9btbht.exe60⤵
- Executes dropped EXE
PID:1860 -
\??\c:\htnhhb.exec:\htnhhb.exe61⤵
- Executes dropped EXE
PID:844 -
\??\c:\nbttbb.exec:\nbttbb.exe62⤵
- Executes dropped EXE
PID:1228 -
\??\c:\djddv.exec:\djddv.exe63⤵
- Executes dropped EXE
PID:412 -
\??\c:\jpdjj.exec:\jpdjj.exe64⤵
- Executes dropped EXE
PID:2944 -
\??\c:\lfflrxx.exec:\lfflrxx.exe65⤵
- Executes dropped EXE
PID:1728 -
\??\c:\xxrlrxf.exec:\xxrlrxf.exe66⤵PID:1984
-
\??\c:\rrlrfxx.exec:\rrlrfxx.exe67⤵PID:752
-
\??\c:\nbnttb.exec:\nbnttb.exe68⤵PID:2216
-
\??\c:\thbnnb.exec:\thbnnb.exe69⤵PID:2648
-
\??\c:\7bthnn.exec:\7bthnn.exe70⤵PID:2232
-
\??\c:\1jdjv.exec:\1jdjv.exe71⤵PID:1920
-
\??\c:\1jvjp.exec:\1jvjp.exe72⤵PID:1664
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe73⤵PID:2488
-
\??\c:\7llxxfr.exec:\7llxxfr.exe74⤵PID:1660
-
\??\c:\rllffff.exec:\rllffff.exe75⤵PID:1520
-
\??\c:\5hnntt.exec:\5hnntt.exe76⤵PID:2380
-
\??\c:\pjvvj.exec:\pjvvj.exe77⤵PID:2592
-
\??\c:\5rrllll.exec:\5rrllll.exe78⤵PID:2640
-
\??\c:\dvdjv.exec:\dvdjv.exe79⤵PID:2068
-
\??\c:\9flxxxf.exec:\9flxxxf.exe80⤵PID:308
-
\??\c:\fllfxlf.exec:\fllfxlf.exe81⤵PID:2408
-
\??\c:\5thtbb.exec:\5thtbb.exe82⤵PID:380
-
\??\c:\hhntbh.exec:\hhntbh.exe83⤵PID:1592
-
\??\c:\dpjvj.exec:\dpjvj.exe84⤵PID:2604
-
\??\c:\1llrxfr.exec:\1llrxfr.exe85⤵PID:2668
-
\??\c:\9tntbh.exec:\9tntbh.exe86⤵PID:2700
-
\??\c:\7jdjd.exec:\7jdjd.exe87⤵PID:1856
-
\??\c:\rfrffxf.exec:\rfrffxf.exe88⤵PID:2256
-
\??\c:\hhnnnh.exec:\hhnnnh.exe89⤵PID:1584
-
\??\c:\nhhbht.exec:\nhhbht.exe90⤵PID:2412
-
\??\c:\1vddp.exec:\1vddp.exe91⤵PID:2880
-
\??\c:\5rfxrxl.exec:\5rfxrxl.exe92⤵PID:1536
-
\??\c:\lflrflx.exec:\lflrflx.exe93⤵PID:1572
-
\??\c:\bnnnnh.exec:\bnnnnh.exe94⤵PID:1144
-
\??\c:\pjvvj.exec:\pjvvj.exe95⤵PID:1456
-
\??\c:\lflrffl.exec:\lflrffl.exe96⤵PID:2672
-
\??\c:\ntthbn.exec:\ntthbn.exe97⤵PID:1212
-
\??\c:\ppjvv.exec:\ppjvv.exe98⤵PID:2236
-
\??\c:\dpjdj.exec:\dpjdj.exe99⤵PID:2176
-
\??\c:\5xllrxl.exec:\5xllrxl.exe100⤵PID:540
-
\??\c:\9thbbn.exec:\9thbbn.exe101⤵PID:1788
-
\??\c:\dvvvv.exec:\dvvvv.exe102⤵PID:2344
-
\??\c:\9lxllfr.exec:\9lxllfr.exe103⤵PID:280
-
\??\c:\rxrllll.exec:\rxrllll.exe104⤵PID:1016
-
\??\c:\bnbhhh.exec:\bnbhhh.exe105⤵PID:1888
-
\??\c:\hthhhn.exec:\hthhhn.exe106⤵PID:272
-
\??\c:\1vjdd.exec:\1vjdd.exe107⤵PID:692
-
\??\c:\ddvdd.exec:\ddvdd.exe108⤵PID:2040
-
\??\c:\vjppd.exec:\vjppd.exe109⤵PID:1272
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe110⤵PID:1560
-
\??\c:\rlxrxll.exec:\rlxrxll.exe111⤵PID:452
-
\??\c:\htbhhb.exec:\htbhhb.exe112⤵PID:1844
-
\??\c:\5htnhn.exec:\5htnhn.exe113⤵PID:1840
-
\??\c:\dvddd.exec:\dvddd.exe114⤵PID:2560
-
\??\c:\djpvj.exec:\djpvj.exe115⤵PID:1544
-
\??\c:\jpdpv.exec:\jpdpv.exe116⤵PID:2904
-
\??\c:\fxlfrll.exec:\fxlfrll.exe117⤵PID:2684
-
\??\c:\rrfrxfl.exec:\rrfrxfl.exe118⤵PID:2380
-
\??\c:\tbnbbb.exec:\tbnbbb.exe119⤵PID:2028
-
\??\c:\bbtbnn.exec:\bbtbnn.exe120⤵PID:2640
-
\??\c:\pdjjv.exec:\pdjjv.exe121⤵PID:2440
-
\??\c:\vpjjj.exec:\vpjjj.exe122⤵PID:2624
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-