Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe
-
Size
67KB
-
MD5
ccd52c6dfd02d57fb0ef7741e1a24510
-
SHA1
103a8c9753059bd92788fc804fcf2d1e013b7217
-
SHA256
73c0baaae752addd26288324a52fa6521f1d97f2d556f3bd1ecc51c4e36833ec
-
SHA512
207f6507d8e327d96cfbeb281f74d3026496a6d6157c67f913c2ccde71300cdea25393282c1b1b467ff42a47bb8348384c0deb79282bc8c6c2ffef6629d209f1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIaS:ymb3NkkiQ3mdBjFIFdJ8bP
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/2756-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2292-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2532-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2676-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2696-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2428-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2560-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2412-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2864-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2864-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2892-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/400-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2208-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1364-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1576-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2268-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2028-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/992-218-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1744-244-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1780-253-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1796-271-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2756 frffxxf.exe 2532 1frlxfl.exe 2676 pdjdd.exe 2696 jvppp.exe 2428 rrxlrfl.exe 2560 flxfffr.exe 2412 hhbbnn.exe 2864 tttbnh.exe 2648 jdvdp.exe 2740 ffflxxl.exe 2892 lfxxflx.exe 2888 hbtbht.exe 400 pjdjp.exe 2208 dvpvj.exe 1364 rlxfffl.exe 1600 llfrrxl.exe 1576 hhthtb.exe 2268 jdvvj.exe 2028 jdpvp.exe 2752 fxlrlrl.exe 2072 nhbtbh.exe 992 bnhbbt.exe 2792 jjdjv.exe 1188 lfxrffl.exe 1744 xrlfllf.exe 1780 3tttnn.exe 308 3hhntb.exe 1796 jddjp.exe 2008 rlxlxlr.exe 2020 lxlrrfx.exe 2300 bttnbn.exe 2760 tnntbh.exe 2660 jjdjp.exe 2580 jjvdj.exe 2592 rlfxxxf.exe 2500 9rlfrrf.exe 2032 nnbnht.exe 2696 hhthhh.exe 2504 5pppv.exe 2172 ddpvj.exe 2452 lfflffl.exe 2408 rlxxxxf.exe 2204 nhbthn.exe 2736 tnhnnn.exe 2852 dvppd.exe 1716 ppddj.exe 1668 dvjjj.exe 1672 lxfxllf.exe 1000 5xrfrfl.exe 240 5tnbbh.exe 2632 1btbbh.exe 2348 ddvpj.exe 1608 pjddj.exe 2088 rlrrxrx.exe 1156 fxrlrrr.exe 1968 nhttbn.exe 1940 hbtbhh.exe 2572 btnhht.exe 1828 jvpjj.exe 696 7dvdd.exe 1836 lffxxxl.exe 648 1xrflrx.exe 1132 5jvvd.exe 3052 vjjdd.exe -
resource yara_rule behavioral1/memory/2292-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2756-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2292-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2676-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2696-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2428-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2560-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2412-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2864-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2864-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2892-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/400-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2208-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1364-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1576-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2268-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2028-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/992-218-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1744-244-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1780-253-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1796-271-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2292 wrote to memory of 2756 2292 ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe 28 PID 2292 wrote to memory of 2756 2292 ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe 28 PID 2292 wrote to memory of 2756 2292 ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe 28 PID 2292 wrote to memory of 2756 2292 ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe 28 PID 2756 wrote to memory of 2532 2756 frffxxf.exe 29 PID 2756 wrote to memory of 2532 2756 frffxxf.exe 29 PID 2756 wrote to memory of 2532 2756 frffxxf.exe 29 PID 2756 wrote to memory of 2532 2756 frffxxf.exe 29 PID 2532 wrote to memory of 2676 2532 1frlxfl.exe 30 PID 2532 wrote to memory of 2676 2532 1frlxfl.exe 30 PID 2532 wrote to memory of 2676 2532 1frlxfl.exe 30 PID 2532 wrote to memory of 2676 2532 1frlxfl.exe 30 PID 2676 wrote to memory of 2696 2676 pdjdd.exe 31 PID 2676 wrote to memory of 2696 2676 pdjdd.exe 31 PID 2676 wrote to memory of 2696 2676 pdjdd.exe 31 PID 2676 wrote to memory of 2696 2676 pdjdd.exe 31 PID 2696 wrote to memory of 2428 2696 jvppp.exe 32 PID 2696 wrote to memory of 2428 2696 jvppp.exe 32 PID 2696 wrote to memory of 2428 2696 jvppp.exe 32 PID 2696 wrote to memory of 2428 2696 jvppp.exe 32 PID 2428 wrote to memory of 2560 2428 rrxlrfl.exe 33 PID 2428 wrote to memory of 2560 2428 rrxlrfl.exe 33 PID 2428 wrote to memory of 2560 2428 rrxlrfl.exe 33 PID 2428 wrote to memory of 2560 2428 rrxlrfl.exe 33 PID 2560 wrote to memory of 2412 2560 flxfffr.exe 34 PID 2560 wrote to memory of 2412 2560 flxfffr.exe 34 PID 2560 wrote to memory of 2412 2560 flxfffr.exe 34 PID 2560 wrote to memory of 2412 2560 flxfffr.exe 34 PID 2412 wrote to memory of 2864 2412 hhbbnn.exe 35 PID 2412 wrote to memory of 2864 2412 hhbbnn.exe 35 PID 2412 wrote to memory of 2864 2412 hhbbnn.exe 35 PID 2412 wrote to memory of 2864 2412 hhbbnn.exe 35 PID 2864 wrote to memory of 2648 2864 tttbnh.exe 36 PID 2864 wrote to memory of 2648 2864 tttbnh.exe 36 PID 2864 wrote to memory of 2648 2864 tttbnh.exe 36 PID 2864 wrote to memory of 2648 2864 tttbnh.exe 36 PID 2648 wrote to memory of 2740 2648 jdvdp.exe 37 PID 2648 wrote to memory of 2740 2648 jdvdp.exe 37 PID 2648 wrote to memory of 2740 2648 jdvdp.exe 37 PID 2648 wrote to memory of 2740 2648 jdvdp.exe 37 PID 2740 wrote to memory of 2892 2740 ffflxxl.exe 38 PID 2740 wrote to memory of 2892 2740 ffflxxl.exe 38 PID 2740 wrote to memory of 2892 2740 ffflxxl.exe 38 PID 2740 wrote to memory of 2892 2740 ffflxxl.exe 38 PID 2892 wrote to memory of 2888 2892 lfxxflx.exe 39 PID 2892 wrote to memory of 2888 2892 lfxxflx.exe 39 PID 2892 wrote to memory of 2888 2892 lfxxflx.exe 39 PID 2892 wrote to memory of 2888 2892 lfxxflx.exe 39 PID 2888 wrote to memory of 400 2888 hbtbht.exe 40 PID 2888 wrote to memory of 400 2888 hbtbht.exe 40 PID 2888 wrote to memory of 400 2888 hbtbht.exe 40 PID 2888 wrote to memory of 400 2888 hbtbht.exe 40 PID 400 wrote to memory of 2208 400 pjdjp.exe 41 PID 400 wrote to memory of 2208 400 pjdjp.exe 41 PID 400 wrote to memory of 2208 400 pjdjp.exe 41 PID 400 wrote to memory of 2208 400 pjdjp.exe 41 PID 2208 wrote to memory of 1364 2208 dvpvj.exe 42 PID 2208 wrote to memory of 1364 2208 dvpvj.exe 42 PID 2208 wrote to memory of 1364 2208 dvpvj.exe 42 PID 2208 wrote to memory of 1364 2208 dvpvj.exe 42 PID 1364 wrote to memory of 1600 1364 rlxfffl.exe 43 PID 1364 wrote to memory of 1600 1364 rlxfffl.exe 43 PID 1364 wrote to memory of 1600 1364 rlxfffl.exe 43 PID 1364 wrote to memory of 1600 1364 rlxfffl.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ccd52c6dfd02d57fb0ef7741e1a24510_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2292 -
\??\c:\frffxxf.exec:\frffxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2756 -
\??\c:\1frlxfl.exec:\1frlxfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\pdjdd.exec:\pdjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2676 -
\??\c:\jvppp.exec:\jvppp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\rrxlrfl.exec:\rrxlrfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428 -
\??\c:\flxfffr.exec:\flxfffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\hhbbnn.exec:\hhbbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\tttbnh.exec:\tttbnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\jdvdp.exec:\jdvdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\ffflxxl.exec:\ffflxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\lfxxflx.exec:\lfxxflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\hbtbht.exec:\hbtbht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2888 -
\??\c:\pjdjp.exec:\pjdjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:400 -
\??\c:\dvpvj.exec:\dvpvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2208 -
\??\c:\rlxfffl.exec:\rlxfffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1364 -
\??\c:\llfrrxl.exec:\llfrrxl.exe17⤵
- Executes dropped EXE
PID:1600 -
\??\c:\hhthtb.exec:\hhthtb.exe18⤵
- Executes dropped EXE
PID:1576 -
\??\c:\jdvvj.exec:\jdvvj.exe19⤵
- Executes dropped EXE
PID:2268 -
\??\c:\jdpvp.exec:\jdpvp.exe20⤵
- Executes dropped EXE
PID:2028 -
\??\c:\fxlrlrl.exec:\fxlrlrl.exe21⤵
- Executes dropped EXE
PID:2752 -
\??\c:\nhbtbh.exec:\nhbtbh.exe22⤵
- Executes dropped EXE
PID:2072 -
\??\c:\bnhbbt.exec:\bnhbbt.exe23⤵
- Executes dropped EXE
PID:992 -
\??\c:\jjdjv.exec:\jjdjv.exe24⤵
- Executes dropped EXE
PID:2792 -
\??\c:\lfxrffl.exec:\lfxrffl.exe25⤵
- Executes dropped EXE
PID:1188 -
\??\c:\xrlfllf.exec:\xrlfllf.exe26⤵
- Executes dropped EXE
PID:1744 -
\??\c:\3tttnn.exec:\3tttnn.exe27⤵
- Executes dropped EXE
PID:1780 -
\??\c:\3hhntb.exec:\3hhntb.exe28⤵
- Executes dropped EXE
PID:308 -
\??\c:\jddjp.exec:\jddjp.exe29⤵
- Executes dropped EXE
PID:1796 -
\??\c:\rlxlxlr.exec:\rlxlxlr.exe30⤵
- Executes dropped EXE
PID:2008 -
\??\c:\lxlrrfx.exec:\lxlrrfx.exe31⤵
- Executes dropped EXE
PID:2020 -
\??\c:\bttnbn.exec:\bttnbn.exe32⤵
- Executes dropped EXE
PID:2300 -
\??\c:\tnntbh.exec:\tnntbh.exe33⤵
- Executes dropped EXE
PID:2760 -
\??\c:\jjdjp.exec:\jjdjp.exe34⤵
- Executes dropped EXE
PID:2660 -
\??\c:\jjvdj.exec:\jjvdj.exe35⤵
- Executes dropped EXE
PID:2580 -
\??\c:\rlfxxxf.exec:\rlfxxxf.exe36⤵
- Executes dropped EXE
PID:2592 -
\??\c:\9rlfrrf.exec:\9rlfrrf.exe37⤵
- Executes dropped EXE
PID:2500 -
\??\c:\nnbnht.exec:\nnbnht.exe38⤵
- Executes dropped EXE
PID:2032 -
\??\c:\hhthhh.exec:\hhthhh.exe39⤵
- Executes dropped EXE
PID:2696 -
\??\c:\5pppv.exec:\5pppv.exe40⤵
- Executes dropped EXE
PID:2504 -
\??\c:\ddpvj.exec:\ddpvj.exe41⤵
- Executes dropped EXE
PID:2172 -
\??\c:\lfflffl.exec:\lfflffl.exe42⤵
- Executes dropped EXE
PID:2452 -
\??\c:\rlxxxxf.exec:\rlxxxxf.exe43⤵
- Executes dropped EXE
PID:2408 -
\??\c:\nhbthn.exec:\nhbthn.exe44⤵
- Executes dropped EXE
PID:2204 -
\??\c:\tnhnnn.exec:\tnhnnn.exe45⤵
- Executes dropped EXE
PID:2736 -
\??\c:\dvppd.exec:\dvppd.exe46⤵
- Executes dropped EXE
PID:2852 -
\??\c:\ppddj.exec:\ppddj.exe47⤵
- Executes dropped EXE
PID:1716 -
\??\c:\dvjjj.exec:\dvjjj.exe48⤵
- Executes dropped EXE
PID:1668 -
\??\c:\lxfxllf.exec:\lxfxllf.exe49⤵
- Executes dropped EXE
PID:1672 -
\??\c:\5xrfrfl.exec:\5xrfrfl.exe50⤵
- Executes dropped EXE
PID:1000 -
\??\c:\5tnbbh.exec:\5tnbbh.exe51⤵
- Executes dropped EXE
PID:240 -
\??\c:\1btbbh.exec:\1btbbh.exe52⤵
- Executes dropped EXE
PID:2632 -
\??\c:\ddvpj.exec:\ddvpj.exe53⤵
- Executes dropped EXE
PID:2348 -
\??\c:\pjddj.exec:\pjddj.exe54⤵
- Executes dropped EXE
PID:1608 -
\??\c:\rlrrxrx.exec:\rlrrxrx.exe55⤵
- Executes dropped EXE
PID:2088 -
\??\c:\fxrlrrr.exec:\fxrlrrr.exe56⤵
- Executes dropped EXE
PID:1156 -
\??\c:\nhttbn.exec:\nhttbn.exe57⤵
- Executes dropped EXE
PID:1968 -
\??\c:\hbtbhh.exec:\hbtbhh.exe58⤵
- Executes dropped EXE
PID:1940 -
\??\c:\btnhht.exec:\btnhht.exe59⤵
- Executes dropped EXE
PID:2572 -
\??\c:\jvpjj.exec:\jvpjj.exe60⤵
- Executes dropped EXE
PID:1828 -
\??\c:\7dvdd.exec:\7dvdd.exe61⤵
- Executes dropped EXE
PID:696 -
\??\c:\lffxxxl.exec:\lffxxxl.exe62⤵
- Executes dropped EXE
PID:1836 -
\??\c:\1xrflrx.exec:\1xrflrx.exe63⤵
- Executes dropped EXE
PID:648 -
\??\c:\5jvvd.exec:\5jvvd.exe64⤵
- Executes dropped EXE
PID:1132 -
\??\c:\vjjdd.exec:\vjjdd.exe65⤵
- Executes dropped EXE
PID:3052 -
\??\c:\1xrxrrf.exec:\1xrxrrf.exe66⤵PID:968
-
\??\c:\lfllxlr.exec:\lfllxlr.exe67⤵PID:1240
-
\??\c:\nnnnbn.exec:\nnnnbn.exe68⤵PID:1960
-
\??\c:\bntthh.exec:\bntthh.exe69⤵PID:1368
-
\??\c:\9jvvj.exec:\9jvvj.exe70⤵PID:1192
-
\??\c:\5pjvd.exec:\5pjvd.exe71⤵PID:1592
-
\??\c:\lfffflx.exec:\lfffflx.exe72⤵PID:1788
-
\??\c:\xlrrlll.exec:\xlrrlll.exe73⤵PID:1540
-
\??\c:\9nbbhh.exec:\9nbbhh.exe74⤵PID:2044
-
\??\c:\9bnnnn.exec:\9bnnnn.exe75⤵PID:2980
-
\??\c:\vpjpj.exec:\vpjpj.exe76⤵PID:2584
-
\??\c:\pdpvv.exec:\pdpvv.exe77⤵PID:2340
-
\??\c:\xrxrxrr.exec:\xrxrxrr.exe78⤵PID:2604
-
\??\c:\frxffll.exec:\frxffll.exe79⤵PID:2524
-
\??\c:\ttthnt.exec:\ttthnt.exe80⤵PID:2508
-
\??\c:\tnbbhh.exec:\tnbbhh.exe81⤵PID:2416
-
\??\c:\tbtnhb.exec:\tbtnhb.exe82⤵PID:2560
-
\??\c:\vpdjp.exec:\vpdjp.exe83⤵PID:2412
-
\??\c:\vjjpj.exec:\vjjpj.exe84⤵PID:2872
-
\??\c:\1rflllr.exec:\1rflllr.exe85⤵PID:2880
-
\??\c:\3lxfrrx.exec:\3lxfrrx.exe86⤵PID:2844
-
\??\c:\1nbhbb.exec:\1nbhbb.exe87⤵PID:1588
-
\??\c:\thtntn.exec:\thtntn.exe88⤵PID:272
-
\??\c:\pdppd.exec:\pdppd.exe89⤵PID:1620
-
\??\c:\3jdvd.exec:\3jdvd.exe90⤵PID:1568
-
\??\c:\frxxrlx.exec:\frxxrlx.exe91⤵PID:1612
-
\??\c:\frxflrx.exec:\frxflrx.exe92⤵PID:2208
-
\??\c:\rflffxr.exec:\rflffxr.exe93⤵PID:1364
-
\??\c:\btbbhb.exec:\btbbhb.exe94⤵PID:2920
-
\??\c:\7thntb.exec:\7thntb.exe95⤵PID:1492
-
\??\c:\vpdjp.exec:\vpdjp.exe96⤵PID:1988
-
\??\c:\7jdpp.exec:\7jdpp.exe97⤵PID:2268
-
\??\c:\lfrrllx.exec:\lfrrllx.exe98⤵PID:2220
-
\??\c:\xlrxllf.exec:\xlrxllf.exe99⤵PID:268
-
\??\c:\3hbhnh.exec:\3hbhnh.exe100⤵PID:488
-
\??\c:\hbnntt.exec:\hbnntt.exe101⤵PID:664
-
\??\c:\tnbbbt.exec:\tnbbbt.exe102⤵PID:992
-
\??\c:\djpjj.exec:\djpjj.exe103⤵PID:620
-
\??\c:\dvpjj.exec:\dvpjj.exe104⤵PID:3064
-
\??\c:\rlxxfxf.exec:\rlxxfxf.exe105⤵PID:1188
-
\??\c:\lfrxfxf.exec:\lfrxfxf.exe106⤵PID:1676
-
\??\c:\7htbbb.exec:\7htbbb.exe107⤵PID:920
-
\??\c:\nhtbhh.exec:\nhtbhh.exe108⤵PID:1748
-
\??\c:\3djjp.exec:\3djjp.exe109⤵PID:2192
-
\??\c:\rrflxrl.exec:\rrflxrl.exe110⤵PID:2076
-
\??\c:\frrllrr.exec:\frrllrr.exe111⤵PID:996
-
\??\c:\thbbbh.exec:\thbbbh.exe112⤵PID:1444
-
\??\c:\hhnnbb.exec:\hhnnbb.exe113⤵PID:1532
-
\??\c:\5nbhbb.exec:\5nbhbb.exe114⤵PID:1644
-
\??\c:\dddpv.exec:\dddpv.exe115⤵PID:2496
-
\??\c:\vvpjd.exec:\vvpjd.exe116⤵PID:3056
-
\??\c:\lxlrxxr.exec:\lxlrxxr.exe117⤵PID:2540
-
\??\c:\rfrfxxl.exec:\rfrfxxl.exe118⤵PID:2400
-
\??\c:\nhbnnh.exec:\nhbnnh.exe119⤵PID:2608
-
\??\c:\htnnhh.exec:\htnnhh.exe120⤵PID:2708
-
\??\c:\ppvjv.exec:\ppvjv.exe121⤵PID:2180
-
\??\c:\pjvvj.exec:\pjvvj.exe122⤵PID:2556
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-