Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 14:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe
-
Size
81KB
-
MD5
d34e9839e9ad333eedb7c815c3112010
-
SHA1
233d9c5bba4ce6d966d29de7662f772867e67e1b
-
SHA256
6aeeab66aa3687c89dfcc35e59bb0784443940584a61791a85601539ebac3997
-
SHA512
89c31feb0e37fb27f626b650e41af5690cd8292c04e3ae7165f1d79b7c3fd4191be166c4eac585561c2c9f1f120c0536e225cfca0264ca7f9e53aa78d28edbf1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8njE:ymb3NkkiQ3mdBjFo7LAIbT6jE
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/2820-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2216-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2148-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2440-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2544-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2560-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1540-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1540-71-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2468-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2364-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2856-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/668-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/760-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1212-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1932-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1940-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2132-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-210-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2708-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1636-228-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2124-282-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2216 rdxhdp.exe 2148 pjtxxlx.exe 2440 pxblh.exe 2544 prlpdjj.exe 2560 dfxvdl.exe 1540 lldjpp.exe 2468 rxppnfd.exe 2364 ppjxd.exe 2856 vdlxr.exe 668 dndll.exe 760 vdftfr.exe 1432 pxjjvb.exe 1212 fflxfjn.exe 1932 tdvfbd.exe 2300 thjprdn.exe 1940 xjnjnvv.exe 2164 thlxdhn.exe 1688 dtbpf.exe 2400 ttfdt.exe 2132 bxdxhhf.exe 2244 vlfjl.exe 2708 tvvlxjh.exe 1636 pbphx.exe 1844 xnfdfjr.exe 1988 dftldl.exe 2512 hpxbnh.exe 2208 vbxjb.exe 1068 dvljdvd.exe 2124 jnvhth.exe 1752 dnbjtl.exe 1536 npdrfln.exe 1784 fnhbb.exe 2820 rxvrbpv.exe 2248 nllnbn.exe 2896 hhpllh.exe 2932 xxhtn.exe 2228 xlvpnj.exe 2536 xfrhvt.exe 2532 pprfptv.exe 2872 phjhdt.exe 2560 ppbbjl.exe 2380 xjxppf.exe 2372 hxhdpxf.exe 2452 nfhhjhd.exe 2944 ddbdl.exe 2776 hddndl.exe 2312 xvxdtdp.exe 812 hxtfj.exe 904 vlbtxpv.exe 552 vbxxn.exe 572 dbhhdpl.exe 1252 xbhrprj.exe 1936 bxjnhh.exe 2024 dlblj.exe 2276 rhfrnb.exe 2308 fpvnhl.exe 2592 pfdlp.exe 808 bhnjp.exe 2788 fnthdb.exe 2720 njjnfvf.exe 2636 tfrfxfn.exe 1128 hbrnnvp.exe 2904 tjjflbj.exe 1064 rnxjfrr.exe -
resource yara_rule behavioral1/memory/2820-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2216-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2148-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2440-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2544-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2544-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2560-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1540-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2468-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2468-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2468-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2364-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2856-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/668-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/760-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1212-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1932-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1940-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2132-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-210-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2708-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1636-228-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2124-282-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2820 wrote to memory of 2216 2820 d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe 28 PID 2820 wrote to memory of 2216 2820 d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe 28 PID 2820 wrote to memory of 2216 2820 d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe 28 PID 2820 wrote to memory of 2216 2820 d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe 28 PID 2216 wrote to memory of 2148 2216 rdxhdp.exe 29 PID 2216 wrote to memory of 2148 2216 rdxhdp.exe 29 PID 2216 wrote to memory of 2148 2216 rdxhdp.exe 29 PID 2216 wrote to memory of 2148 2216 rdxhdp.exe 29 PID 2148 wrote to memory of 2440 2148 pjtxxlx.exe 30 PID 2148 wrote to memory of 2440 2148 pjtxxlx.exe 30 PID 2148 wrote to memory of 2440 2148 pjtxxlx.exe 30 PID 2148 wrote to memory of 2440 2148 pjtxxlx.exe 30 PID 2440 wrote to memory of 2544 2440 pxblh.exe 31 PID 2440 wrote to memory of 2544 2440 pxblh.exe 31 PID 2440 wrote to memory of 2544 2440 pxblh.exe 31 PID 2440 wrote to memory of 2544 2440 pxblh.exe 31 PID 2544 wrote to memory of 2560 2544 prlpdjj.exe 32 PID 2544 wrote to memory of 2560 2544 prlpdjj.exe 32 PID 2544 wrote to memory of 2560 2544 prlpdjj.exe 32 PID 2544 wrote to memory of 2560 2544 prlpdjj.exe 32 PID 2560 wrote to memory of 1540 2560 dfxvdl.exe 33 PID 2560 wrote to memory of 1540 2560 dfxvdl.exe 33 PID 2560 wrote to memory of 1540 2560 dfxvdl.exe 33 PID 2560 wrote to memory of 1540 2560 dfxvdl.exe 33 PID 1540 wrote to memory of 2468 1540 lldjpp.exe 34 PID 1540 wrote to memory of 2468 1540 lldjpp.exe 34 PID 1540 wrote to memory of 2468 1540 lldjpp.exe 34 PID 1540 wrote to memory of 2468 1540 lldjpp.exe 34 PID 2468 wrote to memory of 2364 2468 rxppnfd.exe 35 PID 2468 wrote to memory of 2364 2468 rxppnfd.exe 35 PID 2468 wrote to memory of 2364 2468 rxppnfd.exe 35 PID 2468 wrote to memory of 2364 2468 rxppnfd.exe 35 PID 2364 wrote to memory of 2856 2364 ppjxd.exe 36 PID 2364 wrote to memory of 2856 2364 ppjxd.exe 36 PID 2364 wrote to memory of 2856 2364 ppjxd.exe 36 PID 2364 wrote to memory of 2856 2364 ppjxd.exe 36 PID 2856 wrote to memory of 668 2856 vdlxr.exe 37 PID 2856 wrote to memory of 668 2856 vdlxr.exe 37 PID 2856 wrote to memory of 668 2856 vdlxr.exe 37 PID 2856 wrote to memory of 668 2856 vdlxr.exe 37 PID 668 wrote to memory of 760 668 dndll.exe 38 PID 668 wrote to memory of 760 668 dndll.exe 38 PID 668 wrote to memory of 760 668 dndll.exe 38 PID 668 wrote to memory of 760 668 dndll.exe 38 PID 760 wrote to memory of 1432 760 vdftfr.exe 39 PID 760 wrote to memory of 1432 760 vdftfr.exe 39 PID 760 wrote to memory of 1432 760 vdftfr.exe 39 PID 760 wrote to memory of 1432 760 vdftfr.exe 39 PID 1432 wrote to memory of 1212 1432 pxjjvb.exe 40 PID 1432 wrote to memory of 1212 1432 pxjjvb.exe 40 PID 1432 wrote to memory of 1212 1432 pxjjvb.exe 40 PID 1432 wrote to memory of 1212 1432 pxjjvb.exe 40 PID 1212 wrote to memory of 1932 1212 fflxfjn.exe 41 PID 1212 wrote to memory of 1932 1212 fflxfjn.exe 41 PID 1212 wrote to memory of 1932 1212 fflxfjn.exe 41 PID 1212 wrote to memory of 1932 1212 fflxfjn.exe 41 PID 1932 wrote to memory of 2300 1932 tdvfbd.exe 42 PID 1932 wrote to memory of 2300 1932 tdvfbd.exe 42 PID 1932 wrote to memory of 2300 1932 tdvfbd.exe 42 PID 1932 wrote to memory of 2300 1932 tdvfbd.exe 42 PID 2300 wrote to memory of 1940 2300 thjprdn.exe 43 PID 2300 wrote to memory of 1940 2300 thjprdn.exe 43 PID 2300 wrote to memory of 1940 2300 thjprdn.exe 43 PID 2300 wrote to memory of 1940 2300 thjprdn.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
\??\c:\rdxhdp.exec:\rdxhdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2216 -
\??\c:\pjtxxlx.exec:\pjtxxlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2148 -
\??\c:\pxblh.exec:\pxblh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2440 -
\??\c:\prlpdjj.exec:\prlpdjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\dfxvdl.exec:\dfxvdl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\lldjpp.exec:\lldjpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1540 -
\??\c:\rxppnfd.exec:\rxppnfd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\ppjxd.exec:\ppjxd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2364 -
\??\c:\vdlxr.exec:\vdlxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2856 -
\??\c:\dndll.exec:\dndll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:668 -
\??\c:\vdftfr.exec:\vdftfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:760 -
\??\c:\pxjjvb.exec:\pxjjvb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1432 -
\??\c:\fflxfjn.exec:\fflxfjn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1212 -
\??\c:\tdvfbd.exec:\tdvfbd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1932 -
\??\c:\thjprdn.exec:\thjprdn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2300 -
\??\c:\xjnjnvv.exec:\xjnjnvv.exe17⤵
- Executes dropped EXE
PID:1940 -
\??\c:\thlxdhn.exec:\thlxdhn.exe18⤵
- Executes dropped EXE
PID:2164 -
\??\c:\dtbpf.exec:\dtbpf.exe19⤵
- Executes dropped EXE
PID:1688 -
\??\c:\ttfdt.exec:\ttfdt.exe20⤵
- Executes dropped EXE
PID:2400 -
\??\c:\bxdxhhf.exec:\bxdxhhf.exe21⤵
- Executes dropped EXE
PID:2132 -
\??\c:\vlfjl.exec:\vlfjl.exe22⤵
- Executes dropped EXE
PID:2244 -
\??\c:\tvvlxjh.exec:\tvvlxjh.exe23⤵
- Executes dropped EXE
PID:2708 -
\??\c:\pbphx.exec:\pbphx.exe24⤵
- Executes dropped EXE
PID:1636 -
\??\c:\xnfdfjr.exec:\xnfdfjr.exe25⤵
- Executes dropped EXE
PID:1844 -
\??\c:\dftldl.exec:\dftldl.exe26⤵
- Executes dropped EXE
PID:1988 -
\??\c:\hpxbnh.exec:\hpxbnh.exe27⤵
- Executes dropped EXE
PID:2512 -
\??\c:\vbxjb.exec:\vbxjb.exe28⤵
- Executes dropped EXE
PID:2208 -
\??\c:\dvljdvd.exec:\dvljdvd.exe29⤵
- Executes dropped EXE
PID:1068 -
\??\c:\jnvhth.exec:\jnvhth.exe30⤵
- Executes dropped EXE
PID:2124 -
\??\c:\dnbjtl.exec:\dnbjtl.exe31⤵
- Executes dropped EXE
PID:1752 -
\??\c:\npdrfln.exec:\npdrfln.exe32⤵
- Executes dropped EXE
PID:1536 -
\??\c:\fnhbb.exec:\fnhbb.exe33⤵
- Executes dropped EXE
PID:1784 -
\??\c:\rxvrbpv.exec:\rxvrbpv.exe34⤵
- Executes dropped EXE
PID:2820 -
\??\c:\nllnbn.exec:\nllnbn.exe35⤵
- Executes dropped EXE
PID:2248 -
\??\c:\hhpllh.exec:\hhpllh.exe36⤵
- Executes dropped EXE
PID:2896 -
\??\c:\xxhtn.exec:\xxhtn.exe37⤵
- Executes dropped EXE
PID:2932 -
\??\c:\xlvpnj.exec:\xlvpnj.exe38⤵
- Executes dropped EXE
PID:2228 -
\??\c:\xfrhvt.exec:\xfrhvt.exe39⤵
- Executes dropped EXE
PID:2536 -
\??\c:\pprfptv.exec:\pprfptv.exe40⤵
- Executes dropped EXE
PID:2532 -
\??\c:\phjhdt.exec:\phjhdt.exe41⤵
- Executes dropped EXE
PID:2872 -
\??\c:\ppbbjl.exec:\ppbbjl.exe42⤵
- Executes dropped EXE
PID:2560 -
\??\c:\xjxppf.exec:\xjxppf.exe43⤵
- Executes dropped EXE
PID:2380 -
\??\c:\hxhdpxf.exec:\hxhdpxf.exe44⤵
- Executes dropped EXE
PID:2372 -
\??\c:\nfhhjhd.exec:\nfhhjhd.exe45⤵
- Executes dropped EXE
PID:2452 -
\??\c:\ddbdl.exec:\ddbdl.exe46⤵
- Executes dropped EXE
PID:2944 -
\??\c:\hddndl.exec:\hddndl.exe47⤵
- Executes dropped EXE
PID:2776 -
\??\c:\xvxdtdp.exec:\xvxdtdp.exe48⤵
- Executes dropped EXE
PID:2312 -
\??\c:\hxtfj.exec:\hxtfj.exe49⤵
- Executes dropped EXE
PID:812 -
\??\c:\vlbtxpv.exec:\vlbtxpv.exe50⤵
- Executes dropped EXE
PID:904 -
\??\c:\vbxxn.exec:\vbxxn.exe51⤵
- Executes dropped EXE
PID:552 -
\??\c:\dbhhdpl.exec:\dbhhdpl.exe52⤵
- Executes dropped EXE
PID:572 -
\??\c:\xbhrprj.exec:\xbhrprj.exe53⤵
- Executes dropped EXE
PID:1252 -
\??\c:\bxjnhh.exec:\bxjnhh.exe54⤵
- Executes dropped EXE
PID:1936 -
\??\c:\dlblj.exec:\dlblj.exe55⤵
- Executes dropped EXE
PID:2024 -
\??\c:\rhfrnb.exec:\rhfrnb.exe56⤵
- Executes dropped EXE
PID:2276 -
\??\c:\fpvnhl.exec:\fpvnhl.exe57⤵
- Executes dropped EXE
PID:2308 -
\??\c:\pfdlp.exec:\pfdlp.exe58⤵
- Executes dropped EXE
PID:2592 -
\??\c:\bhnjp.exec:\bhnjp.exe59⤵
- Executes dropped EXE
PID:808 -
\??\c:\fnthdb.exec:\fnthdb.exe60⤵
- Executes dropped EXE
PID:2788 -
\??\c:\njjnfvf.exec:\njjnfvf.exe61⤵
- Executes dropped EXE
PID:2720 -
\??\c:\tfrfxfn.exec:\tfrfxfn.exe62⤵
- Executes dropped EXE
PID:2636 -
\??\c:\hbrnnvp.exec:\hbrnnvp.exe63⤵
- Executes dropped EXE
PID:1128 -
\??\c:\tjjflbj.exec:\tjjflbj.exe64⤵
- Executes dropped EXE
PID:2904 -
\??\c:\rnxjfrr.exec:\rnxjfrr.exe65⤵
- Executes dropped EXE
PID:1064 -
\??\c:\tdlfh.exec:\tdlfh.exe66⤵PID:1564
-
\??\c:\htdrtpj.exec:\htdrtpj.exe67⤵PID:1768
-
\??\c:\thffthv.exec:\thffthv.exe68⤵PID:1980
-
\??\c:\hjvhv.exec:\hjvhv.exe69⤵PID:1992
-
\??\c:\bjbhbtx.exec:\bjbhbtx.exe70⤵PID:568
-
\??\c:\lrbbrx.exec:\lrbbrx.exe71⤵PID:1068
-
\??\c:\bdnxr.exec:\bdnxr.exe72⤵PID:2688
-
\??\c:\ptnrhll.exec:\ptnrhll.exe73⤵PID:240
-
\??\c:\hrbtb.exec:\hrbtb.exe74⤵PID:1764
-
\??\c:\xfvnl.exec:\xfvnl.exe75⤵PID:2212
-
\??\c:\jpjhdjl.exec:\jpjhdjl.exe76⤵PID:2236
-
\??\c:\xrbvp.exec:\xrbvp.exe77⤵PID:2992
-
\??\c:\djffbf.exec:\djffbf.exe78⤵PID:2684
-
\??\c:\hjrfdx.exec:\hjrfdx.exe79⤵PID:1324
-
\??\c:\frvtf.exec:\frvtf.exe80⤵PID:2128
-
\??\c:\jhldtr.exec:\jhldtr.exe81⤵PID:2440
-
\??\c:\ljtjbt.exec:\ljtjbt.exe82⤵PID:2488
-
\??\c:\bhbdrpt.exec:\bhbdrpt.exe83⤵PID:2448
-
\??\c:\fbfxl.exec:\fbfxl.exe84⤵PID:2464
-
\??\c:\hxdhj.exec:\hxdhj.exe85⤵PID:2556
-
\??\c:\xltnr.exec:\xltnr.exe86⤵PID:2152
-
\??\c:\nhbfd.exec:\nhbfd.exe87⤵PID:2496
-
\??\c:\rbrdj.exec:\rbrdj.exe88⤵PID:2800
-
\??\c:\bhbxthj.exec:\bhbxthj.exe89⤵PID:2388
-
\??\c:\jdtttx.exec:\jdtttx.exe90⤵PID:2856
-
\??\c:\lhvlht.exec:\lhvlht.exe91⤵PID:1092
-
\??\c:\ttpvvtj.exec:\ttpvvtj.exe92⤵PID:460
-
\??\c:\tbxjt.exec:\tbxjt.exe93⤵PID:1424
-
\??\c:\fljpb.exec:\fljpb.exe94⤵PID:1428
-
\??\c:\prfbt.exec:\prfbt.exe95⤵PID:964
-
\??\c:\bbljv.exec:\bbljv.exe96⤵PID:1996
-
\??\c:\bdptdv.exec:\bdptdv.exe97⤵PID:2004
-
\??\c:\nvdhh.exec:\nvdhh.exe98⤵PID:2024
-
\??\c:\xlnbln.exec:\xlnbln.exe99⤵PID:2140
-
\??\c:\jdbpj.exec:\jdbpj.exe100⤵PID:2160
-
\??\c:\nxxxrh.exec:\nxxxrh.exe101⤵PID:2588
-
\??\c:\rtdxnlp.exec:\rtdxnlp.exe102⤵PID:2960
-
\??\c:\rvpdv.exec:\rvpdv.exe103⤵PID:2584
-
\??\c:\xbtjbn.exec:\xbtjbn.exe104⤵PID:2712
-
\??\c:\rrpht.exec:\rrpht.exe105⤵PID:2916
-
\??\c:\xhvhx.exec:\xhvhx.exe106⤵PID:2908
-
\??\c:\bbhjjjx.exec:\bbhjjjx.exe107⤵PID:2912
-
\??\c:\lbhpr.exec:\lbhpr.exe108⤵PID:2596
-
\??\c:\nfpbldp.exec:\nfpbldp.exe109⤵PID:2884
-
\??\c:\flxxxt.exec:\flxxxt.exe110⤵PID:1808
-
\??\c:\lfbdr.exec:\lfbdr.exe111⤵PID:1620
-
\??\c:\hrdxd.exec:\hrdxd.exe112⤵PID:908
-
\??\c:\ttltl.exec:\ttltl.exe113⤵PID:3036
-
\??\c:\jbrvv.exec:\jbrvv.exe114⤵PID:2976
-
\??\c:\xtttd.exec:\xtttd.exe115⤵PID:1068
-
\??\c:\dblhdn.exec:\dblhdn.exe116⤵PID:2688
-
\??\c:\xdrjr.exec:\xdrjr.exe117⤵PID:240
-
\??\c:\ltphdpd.exec:\ltphdpd.exe118⤵PID:2264
-
\??\c:\dpxrl.exec:\dpxrl.exe119⤵PID:2212
-
\??\c:\hhhhjlt.exec:\hhhhjlt.exe120⤵PID:2216
-
\??\c:\vfndhd.exec:\vfndhd.exe121⤵PID:2628
-
\??\c:\rjdtpd.exec:\rjdtpd.exe122⤵PID:1692
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-