Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 14:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d32c0c17965f4607f7247ccf8d34e8a0_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
d32c0c17965f4607f7247ccf8d34e8a0_NeikiAnalytics.exe
-
Size
141KB
-
MD5
d32c0c17965f4607f7247ccf8d34e8a0
-
SHA1
18519d41522ae88a64a51268b7377f57380b45ea
-
SHA256
46a6ac7d363788caeb1b577528e101fae47f3a0fb30c97135f3021fff57a8367
-
SHA512
e230d002fc7829655ef6717ad0482ab71ae90b54060132a4e6f6f2bc1a0bcbd585a4e4208089d08e16b99452508f289a4aa51167bbb389a8d0ae200ccbb21ded
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmm8mzuFli55p15AV:n3C9BRIG0asYFm71mm8fliGV
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/2184-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2172-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3004-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2616-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2616-41-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2952-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2408-61-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2408-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2424-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2412-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2432-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1616-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2664-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1840-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1448-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2856-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/268-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1784-226-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2084-244-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/752-253-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2796-262-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2172 5rfflll.exe 3004 rxxrllr.exe 2616 3nbbbn.exe 2952 jpjjp.exe 2408 frxrlrx.exe 2424 lxlllll.exe 2412 3htnnn.exe 2432 vjddd.exe 1616 xrxxffx.exe 2664 lxfxxrr.exe 1444 thhbhh.exe 1840 htthhb.exe 1460 1pvvp.exe 352 vjppv.exe 1448 1ffrxxx.exe 1240 9hnbbn.exe 1188 bhhbnh.exe 2856 jvvjj.exe 2204 9rlfxrl.exe 2164 1rxrrrr.exe 268 nbhtbt.exe 572 3hnhnn.exe 1784 vjvpv.exe 2004 lrlrrrl.exe 2084 9xxrlll.exe 752 9thbtn.exe 2796 pdvjj.exe 2132 jddjj.exe 1472 lxxlrff.exe 1668 3bbhnt.exe 880 7djvv.exe 2316 3pvpp.exe 1972 xffrlfx.exe 2948 xrfllfr.exe 2592 thtntt.exe 2584 9bnhbb.exe 2620 7ttbbt.exe 2504 dvddv.exe 2784 9jjvv.exe 2688 frxflff.exe 2444 xlffrrx.exe 2548 nbbbhb.exe 2308 tbhttn.exe 2612 thbnhb.exe 2672 pddjp.exe 2660 1vppp.exe 2340 lxrlrrx.exe 2100 rfflrrr.exe 1632 btbhnh.exe 1960 bnttbn.exe 1132 pddvv.exe 2140 1ddvv.exe 1236 ffxlxxf.exe 2128 rfrrrll.exe 2880 lxfxfxx.exe 2208 9nnntt.exe 2752 nhhtbb.exe 2188 dppdv.exe 2164 dpvpj.exe 564 9rrxfll.exe 1408 3lrlrlr.exe 2812 9ntttn.exe 108 9bnntn.exe 680 5djjj.exe -
resource yara_rule behavioral1/memory/2184-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2184-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3004-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2172-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3004-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2952-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2408-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2424-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2412-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2432-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1616-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2664-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1840-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1448-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2856-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/268-208-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1784-226-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2084-244-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/752-253-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2796-262-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2172 2184 d32c0c17965f4607f7247ccf8d34e8a0_NeikiAnalytics.exe 28 PID 2184 wrote to memory of 2172 2184 d32c0c17965f4607f7247ccf8d34e8a0_NeikiAnalytics.exe 28 PID 2184 wrote to memory of 2172 2184 d32c0c17965f4607f7247ccf8d34e8a0_NeikiAnalytics.exe 28 PID 2184 wrote to memory of 2172 2184 d32c0c17965f4607f7247ccf8d34e8a0_NeikiAnalytics.exe 28 PID 2172 wrote to memory of 3004 2172 5rfflll.exe 29 PID 2172 wrote to memory of 3004 2172 5rfflll.exe 29 PID 2172 wrote to memory of 3004 2172 5rfflll.exe 29 PID 2172 wrote to memory of 3004 2172 5rfflll.exe 29 PID 3004 wrote to memory of 2616 3004 rxxrllr.exe 30 PID 3004 wrote to memory of 2616 3004 rxxrllr.exe 30 PID 3004 wrote to memory of 2616 3004 rxxrllr.exe 30 PID 3004 wrote to memory of 2616 3004 rxxrllr.exe 30 PID 2616 wrote to memory of 2952 2616 3nbbbn.exe 31 PID 2616 wrote to memory of 2952 2616 3nbbbn.exe 31 PID 2616 wrote to memory of 2952 2616 3nbbbn.exe 31 PID 2616 wrote to memory of 2952 2616 3nbbbn.exe 31 PID 2952 wrote to memory of 2408 2952 jpjjp.exe 32 PID 2952 wrote to memory of 2408 2952 jpjjp.exe 32 PID 2952 wrote to memory of 2408 2952 jpjjp.exe 32 PID 2952 wrote to memory of 2408 2952 jpjjp.exe 32 PID 2408 wrote to memory of 2424 2408 frxrlrx.exe 33 PID 2408 wrote to memory of 2424 2408 frxrlrx.exe 33 PID 2408 wrote to memory of 2424 2408 frxrlrx.exe 33 PID 2408 wrote to memory of 2424 2408 frxrlrx.exe 33 PID 2424 wrote to memory of 2412 2424 lxlllll.exe 34 PID 2424 wrote to memory of 2412 2424 lxlllll.exe 34 PID 2424 wrote to memory of 2412 2424 lxlllll.exe 34 PID 2424 wrote to memory of 2412 2424 lxlllll.exe 34 PID 2412 wrote to memory of 2432 2412 3htnnn.exe 35 PID 2412 wrote to memory of 2432 2412 3htnnn.exe 35 PID 2412 wrote to memory of 2432 2412 3htnnn.exe 35 PID 2412 wrote to memory of 2432 2412 3htnnn.exe 35 PID 2432 wrote to memory of 1616 2432 vjddd.exe 36 PID 2432 wrote to memory of 1616 2432 vjddd.exe 36 PID 2432 wrote to memory of 1616 2432 vjddd.exe 36 PID 2432 wrote to memory of 1616 2432 vjddd.exe 36 PID 1616 wrote to memory of 2664 1616 xrxxffx.exe 37 PID 1616 wrote to memory of 2664 1616 xrxxffx.exe 37 PID 1616 wrote to memory of 2664 1616 xrxxffx.exe 37 PID 1616 wrote to memory of 2664 1616 xrxxffx.exe 37 PID 2664 wrote to memory of 1444 2664 lxfxxrr.exe 38 PID 2664 wrote to memory of 1444 2664 lxfxxrr.exe 38 PID 2664 wrote to memory of 1444 2664 lxfxxrr.exe 38 PID 2664 wrote to memory of 1444 2664 lxfxxrr.exe 38 PID 1444 wrote to memory of 1840 1444 thhbhh.exe 39 PID 1444 wrote to memory of 1840 1444 thhbhh.exe 39 PID 1444 wrote to memory of 1840 1444 thhbhh.exe 39 PID 1444 wrote to memory of 1840 1444 thhbhh.exe 39 PID 1840 wrote to memory of 1460 1840 htthhb.exe 40 PID 1840 wrote to memory of 1460 1840 htthhb.exe 40 PID 1840 wrote to memory of 1460 1840 htthhb.exe 40 PID 1840 wrote to memory of 1460 1840 htthhb.exe 40 PID 1460 wrote to memory of 352 1460 1pvvp.exe 41 PID 1460 wrote to memory of 352 1460 1pvvp.exe 41 PID 1460 wrote to memory of 352 1460 1pvvp.exe 41 PID 1460 wrote to memory of 352 1460 1pvvp.exe 41 PID 352 wrote to memory of 1448 352 vjppv.exe 42 PID 352 wrote to memory of 1448 352 vjppv.exe 42 PID 352 wrote to memory of 1448 352 vjppv.exe 42 PID 352 wrote to memory of 1448 352 vjppv.exe 42 PID 1448 wrote to memory of 1240 1448 1ffrxxx.exe 43 PID 1448 wrote to memory of 1240 1448 1ffrxxx.exe 43 PID 1448 wrote to memory of 1240 1448 1ffrxxx.exe 43 PID 1448 wrote to memory of 1240 1448 1ffrxxx.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d32c0c17965f4607f7247ccf8d34e8a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d32c0c17965f4607f7247ccf8d34e8a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\5rfflll.exec:\5rfflll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2172 -
\??\c:\rxxrllr.exec:\rxxrllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3004 -
\??\c:\3nbbbn.exec:\3nbbbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\jpjjp.exec:\jpjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2952 -
\??\c:\frxrlrx.exec:\frxrlrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\lxlllll.exec:\lxlllll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\3htnnn.exec:\3htnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\vjddd.exec:\vjddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2432 -
\??\c:\xrxxffx.exec:\xrxxffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1616 -
\??\c:\lxfxxrr.exec:\lxfxxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2664 -
\??\c:\thhbhh.exec:\thhbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1444 -
\??\c:\htthhb.exec:\htthhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1840 -
\??\c:\1pvvp.exec:\1pvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1460 -
\??\c:\vjppv.exec:\vjppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:352 -
\??\c:\1ffrxxx.exec:\1ffrxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1448 -
\??\c:\9hnbbn.exec:\9hnbbn.exe17⤵
- Executes dropped EXE
PID:1240 -
\??\c:\bhhbnh.exec:\bhhbnh.exe18⤵
- Executes dropped EXE
PID:1188 -
\??\c:\jvvjj.exec:\jvvjj.exe19⤵
- Executes dropped EXE
PID:2856 -
\??\c:\9rlfxrl.exec:\9rlfxrl.exe20⤵
- Executes dropped EXE
PID:2204 -
\??\c:\1rxrrrr.exec:\1rxrrrr.exe21⤵
- Executes dropped EXE
PID:2164 -
\??\c:\nbhtbt.exec:\nbhtbt.exe22⤵
- Executes dropped EXE
PID:268 -
\??\c:\3hnhnn.exec:\3hnhnn.exe23⤵
- Executes dropped EXE
PID:572 -
\??\c:\vjvpv.exec:\vjvpv.exe24⤵
- Executes dropped EXE
PID:1784 -
\??\c:\lrlrrrl.exec:\lrlrrrl.exe25⤵
- Executes dropped EXE
PID:2004 -
\??\c:\9xxrlll.exec:\9xxrlll.exe26⤵
- Executes dropped EXE
PID:2084 -
\??\c:\9thbtn.exec:\9thbtn.exe27⤵
- Executes dropped EXE
PID:752 -
\??\c:\pdvjj.exec:\pdvjj.exe28⤵
- Executes dropped EXE
PID:2796 -
\??\c:\jddjj.exec:\jddjj.exe29⤵
- Executes dropped EXE
PID:2132 -
\??\c:\lxxlrff.exec:\lxxlrff.exe30⤵
- Executes dropped EXE
PID:1472 -
\??\c:\3bbhnt.exec:\3bbhnt.exe31⤵
- Executes dropped EXE
PID:1668 -
\??\c:\7djvv.exec:\7djvv.exe32⤵
- Executes dropped EXE
PID:880 -
\??\c:\3pvpp.exec:\3pvpp.exe33⤵
- Executes dropped EXE
PID:2316 -
\??\c:\xffrlfx.exec:\xffrlfx.exe34⤵
- Executes dropped EXE
PID:1972 -
\??\c:\xrfllfr.exec:\xrfllfr.exe35⤵
- Executes dropped EXE
PID:2948 -
\??\c:\thtntt.exec:\thtntt.exe36⤵
- Executes dropped EXE
PID:2592 -
\??\c:\9bnhbb.exec:\9bnhbb.exe37⤵
- Executes dropped EXE
PID:2584 -
\??\c:\7ttbbt.exec:\7ttbbt.exe38⤵
- Executes dropped EXE
PID:2620 -
\??\c:\dvddv.exec:\dvddv.exe39⤵
- Executes dropped EXE
PID:2504 -
\??\c:\9jjvv.exec:\9jjvv.exe40⤵
- Executes dropped EXE
PID:2784 -
\??\c:\frxflff.exec:\frxflff.exe41⤵
- Executes dropped EXE
PID:2688 -
\??\c:\xlffrrx.exec:\xlffrrx.exe42⤵
- Executes dropped EXE
PID:2444 -
\??\c:\nbbbhb.exec:\nbbbhb.exe43⤵
- Executes dropped EXE
PID:2548 -
\??\c:\tbhttn.exec:\tbhttn.exe44⤵
- Executes dropped EXE
PID:2308 -
\??\c:\thbnhb.exec:\thbnhb.exe45⤵
- Executes dropped EXE
PID:2612 -
\??\c:\pddjp.exec:\pddjp.exe46⤵
- Executes dropped EXE
PID:2672 -
\??\c:\1vppp.exec:\1vppp.exe47⤵
- Executes dropped EXE
PID:2660 -
\??\c:\lxrlrrx.exec:\lxrlrrx.exe48⤵
- Executes dropped EXE
PID:2340 -
\??\c:\rfflrrr.exec:\rfflrrr.exe49⤵
- Executes dropped EXE
PID:2100 -
\??\c:\btbhnh.exec:\btbhnh.exe50⤵
- Executes dropped EXE
PID:1632 -
\??\c:\bnttbn.exec:\bnttbn.exe51⤵
- Executes dropped EXE
PID:1960 -
\??\c:\pddvv.exec:\pddvv.exe52⤵
- Executes dropped EXE
PID:1132 -
\??\c:\1ddvv.exec:\1ddvv.exe53⤵
- Executes dropped EXE
PID:2140 -
\??\c:\ffxlxxf.exec:\ffxlxxf.exe54⤵
- Executes dropped EXE
PID:1236 -
\??\c:\rfrrrll.exec:\rfrrrll.exe55⤵
- Executes dropped EXE
PID:2128 -
\??\c:\lxfxfxx.exec:\lxfxfxx.exe56⤵
- Executes dropped EXE
PID:2880 -
\??\c:\9nnntt.exec:\9nnntt.exe57⤵
- Executes dropped EXE
PID:2208 -
\??\c:\nhhtbb.exec:\nhhtbb.exe58⤵
- Executes dropped EXE
PID:2752 -
\??\c:\dppdv.exec:\dppdv.exe59⤵
- Executes dropped EXE
PID:2188 -
\??\c:\dpvpj.exec:\dpvpj.exe60⤵
- Executes dropped EXE
PID:2164 -
\??\c:\9rrxfll.exec:\9rrxfll.exe61⤵
- Executes dropped EXE
PID:564 -
\??\c:\3lrlrlr.exec:\3lrlrlr.exe62⤵
- Executes dropped EXE
PID:1408 -
\??\c:\9ntttn.exec:\9ntttn.exe63⤵
- Executes dropped EXE
PID:2812 -
\??\c:\9bnntn.exec:\9bnntn.exe64⤵
- Executes dropped EXE
PID:108 -
\??\c:\5djjj.exec:\5djjj.exe65⤵
- Executes dropped EXE
PID:680 -
\??\c:\vjjdd.exec:\vjjdd.exe66⤵PID:3032
-
\??\c:\fxfrlll.exec:\fxfrlll.exe67⤵PID:944
-
\??\c:\5lxllll.exec:\5lxllll.exe68⤵PID:284
-
\??\c:\bhnnnh.exec:\bhnnnh.exe69⤵PID:2288
-
\??\c:\hbhbbt.exec:\hbhbbt.exe70⤵PID:2932
-
\??\c:\dpvvd.exec:\dpvvd.exe71⤵PID:1472
-
\??\c:\vjpjv.exec:\vjpjv.exe72⤵PID:2976
-
\??\c:\xlfrrlr.exec:\xlfrrlr.exe73⤵PID:1852
-
\??\c:\rflrrlr.exec:\rflrrlr.exe74⤵PID:2568
-
\??\c:\tntttn.exec:\tntttn.exe75⤵PID:2528
-
\??\c:\httnbb.exec:\httnbb.exe76⤵PID:3044
-
\??\c:\bnbhbb.exec:\bnbhbb.exe77⤵PID:2472
-
\??\c:\7dvvv.exec:\7dvvv.exe78⤵PID:3004
-
\??\c:\pjddp.exec:\pjddp.exe79⤵PID:1208
-
\??\c:\xffxxrr.exec:\xffxxrr.exe80⤵PID:2764
-
\??\c:\rlrxxxx.exec:\rlrxxxx.exe81⤵PID:2704
-
\??\c:\httthh.exec:\httthh.exe82⤵PID:2952
-
\??\c:\9thntn.exec:\9thntn.exe83⤵PID:2576
-
\??\c:\pdjdp.exec:\pdjdp.exe84⤵PID:2864
-
\??\c:\jjjpv.exec:\jjjpv.exe85⤵PID:2872
-
\??\c:\5frrrxl.exec:\5frrrxl.exe86⤵PID:2308
-
\??\c:\7ffrrlf.exec:\7ffrrlf.exe87⤵PID:1752
-
\??\c:\tnthtb.exec:\tnthtb.exe88⤵PID:2716
-
\??\c:\httttn.exec:\httttn.exe89⤵PID:2368
-
\??\c:\9pvdj.exec:\9pvdj.exe90⤵PID:2668
-
\??\c:\flfflll.exec:\flfflll.exe91⤵PID:1996
-
\??\c:\1rllrrx.exec:\1rllrrx.exe92⤵PID:1632
-
\??\c:\nntthh.exec:\nntthh.exe93⤵PID:804
-
\??\c:\3hnhbt.exec:\3hnhbt.exe94⤵PID:1132
-
\??\c:\jvdjp.exec:\jvdjp.exe95⤵PID:1676
-
\??\c:\dvddv.exec:\dvddv.exe96⤵PID:2768
-
\??\c:\xlllxxf.exec:\xlllxxf.exe97⤵PID:1240
-
\??\c:\lfxxlfr.exec:\lfxxlfr.exe98⤵PID:2224
-
\??\c:\tnnbnh.exec:\tnnbnh.exe99⤵PID:2232
-
\??\c:\9bnntt.exec:\9bnntt.exe100⤵PID:2752
-
\??\c:\pdjjp.exec:\pdjjp.exe101⤵PID:2176
-
\??\c:\vvdvp.exec:\vvdvp.exe102⤵PID:872
-
\??\c:\rrflffx.exec:\rrflffx.exe103⤵PID:536
-
\??\c:\3tbhnn.exec:\3tbhnn.exe104⤵PID:1148
-
\??\c:\thnbbb.exec:\thnbbb.exe105⤵PID:1788
-
\??\c:\dvpdv.exec:\dvpdv.exe106⤵PID:1104
-
\??\c:\7dvpj.exec:\7dvpj.exe107⤵PID:448
-
\??\c:\tbbbht.exec:\tbbbht.exe108⤵PID:2084
-
\??\c:\vpdjp.exec:\vpdjp.exe109⤵PID:3060
-
\??\c:\vjdvv.exec:\vjdvv.exe110⤵PID:284
-
\??\c:\5flxfrx.exec:\5flxfrx.exe111⤵PID:600
-
\??\c:\9rrxfxf.exec:\9rrxfxf.exe112⤵PID:1428
-
\??\c:\tnbttt.exec:\tnbttt.exe113⤵PID:1664
-
\??\c:\1nnhbh.exec:\1nnhbh.exe114⤵PID:112
-
\??\c:\1jvvj.exec:\1jvvj.exe115⤵PID:1744
-
\??\c:\pdjdj.exec:\pdjdj.exe116⤵PID:2568
-
\??\c:\3xrxllx.exec:\3xrxllx.exe117⤵PID:2712
-
\??\c:\1llrflx.exec:\1llrflx.exe118⤵PID:3044
-
\??\c:\nbnthb.exec:\nbnthb.exe119⤵PID:2948
-
\??\c:\hbhhtt.exec:\hbhhtt.exe120⤵PID:2496
-
\??\c:\ppdpv.exec:\ppdpv.exe121⤵PID:2532
-
\??\c:\3fxxxxx.exec:\3fxxxxx.exe122⤵PID:2616
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-