Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-05-2024 05:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7d8f002c0b4f6d77e37cf219c7d86650_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
General
-
Target
7d8f002c0b4f6d77e37cf219c7d86650_NeikiAnalytics.exe
-
Size
75KB
-
MD5
7d8f002c0b4f6d77e37cf219c7d86650
-
SHA1
6ea21d57a7cbbe01dc835329dafaa5b23bf6e3b3
-
SHA256
4077f9dc1d0f1d38d217ee522d0be68fdb648ed9fa81cec82a953989a0f2032e
-
SHA512
714fd6df89d6aa111b68dd93e14ffaa4f4a050523076e7a6cd51b2331e0c30ff9923041334059d51458eb85690def0eb0115122654edb2a4371e8f41f00eac0d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1Aw:ymb3NkkiQ3mdBjFIsIVbpUL
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/1712-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2104-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1712-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2672-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2584-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2640-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2640-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2720-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2720-63-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2912-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2888-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1464-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2176-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1828-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1648-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2332-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2760-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/700-220-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1504-228-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1388-246-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2988-264-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/304-291-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2104 nbnnnh.exe 2672 9jpjd.exe 2584 pjvvv.exe 2640 xllfxxx.exe 2720 3djjv.exe 2912 pdvjj.exe 2444 xlfllll.exe 2564 3rxffxx.exe 2888 ththnt.exe 1464 jpdvp.exe 2740 jdvpp.exe 2176 xrffxrx.exe 2240 lxllrxr.exe 1928 3hnthh.exe 1828 pvpvj.exe 1648 1pdjd.exe 1244 rlrxffl.exe 1304 lxfllff.exe 2332 bnbhnh.exe 2760 7thbtt.exe 1976 3jvpv.exe 700 frflllx.exe 1504 9llflff.exe 1868 nbbnhn.exe 1388 vpdjp.exe 1880 9pjjp.exe 2988 flrrxrf.exe 1992 htbbnh.exe 2044 tbnnnh.exe 304 vpddj.exe 2168 pdpjj.exe 1720 lxffxrl.exe 2108 7xfxxrr.exe 1592 lxllxxx.exe 1980 httnhb.exe 1748 bnnhht.exe 2656 jvppj.exe 2548 dppjj.exe 2596 lxlfxxr.exe 2160 lrrxxff.exe 2700 bnnnnn.exe 2488 bnnntt.exe 2436 5vjdd.exe 2512 jdjjj.exe 1532 lxfxxxx.exe 2428 xrflxxl.exe 2528 7thbnn.exe 2876 htbhtt.exe 2844 5vdvv.exe 1704 3lfrxlr.exe 1960 rlxfxxl.exe 1884 hbthnt.exe 1556 hbbhbh.exe 2340 pdppd.exe 1348 jdjjv.exe 1176 rlrxrfr.exe 2292 7rffrxf.exe 1924 bbttht.exe 2284 9tntbb.exe 336 vvpvv.exe 108 5pvdp.exe 1668 lxxlrrx.exe 640 fxxfllf.exe 996 7tbttt.exe -
resource yara_rule behavioral1/memory/2104-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1712-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2672-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2584-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2640-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2640-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2640-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2640-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2720-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2888-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1464-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2176-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1828-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1648-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2332-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2760-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/700-220-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1504-228-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1388-246-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2988-264-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/304-291-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1712 wrote to memory of 2104 1712 7d8f002c0b4f6d77e37cf219c7d86650_NeikiAnalytics.exe 28 PID 1712 wrote to memory of 2104 1712 7d8f002c0b4f6d77e37cf219c7d86650_NeikiAnalytics.exe 28 PID 1712 wrote to memory of 2104 1712 7d8f002c0b4f6d77e37cf219c7d86650_NeikiAnalytics.exe 28 PID 1712 wrote to memory of 2104 1712 7d8f002c0b4f6d77e37cf219c7d86650_NeikiAnalytics.exe 28 PID 2104 wrote to memory of 2672 2104 nbnnnh.exe 29 PID 2104 wrote to memory of 2672 2104 nbnnnh.exe 29 PID 2104 wrote to memory of 2672 2104 nbnnnh.exe 29 PID 2104 wrote to memory of 2672 2104 nbnnnh.exe 29 PID 2672 wrote to memory of 2584 2672 9jpjd.exe 30 PID 2672 wrote to memory of 2584 2672 9jpjd.exe 30 PID 2672 wrote to memory of 2584 2672 9jpjd.exe 30 PID 2672 wrote to memory of 2584 2672 9jpjd.exe 30 PID 2584 wrote to memory of 2640 2584 pjvvv.exe 31 PID 2584 wrote to memory of 2640 2584 pjvvv.exe 31 PID 2584 wrote to memory of 2640 2584 pjvvv.exe 31 PID 2584 wrote to memory of 2640 2584 pjvvv.exe 31 PID 2640 wrote to memory of 2720 2640 xllfxxx.exe 32 PID 2640 wrote to memory of 2720 2640 xllfxxx.exe 32 PID 2640 wrote to memory of 2720 2640 xllfxxx.exe 32 PID 2640 wrote to memory of 2720 2640 xllfxxx.exe 32 PID 2720 wrote to memory of 2912 2720 3djjv.exe 33 PID 2720 wrote to memory of 2912 2720 3djjv.exe 33 PID 2720 wrote to memory of 2912 2720 3djjv.exe 33 PID 2720 wrote to memory of 2912 2720 3djjv.exe 33 PID 2912 wrote to memory of 2444 2912 pdvjj.exe 34 PID 2912 wrote to memory of 2444 2912 pdvjj.exe 34 PID 2912 wrote to memory of 2444 2912 pdvjj.exe 34 PID 2912 wrote to memory of 2444 2912 pdvjj.exe 34 PID 2444 wrote to memory of 2564 2444 xlfllll.exe 35 PID 2444 wrote to memory of 2564 2444 xlfllll.exe 35 PID 2444 wrote to memory of 2564 2444 xlfllll.exe 35 PID 2444 wrote to memory of 2564 2444 xlfllll.exe 35 PID 2564 wrote to memory of 2888 2564 3rxffxx.exe 36 PID 2564 wrote to memory of 2888 2564 3rxffxx.exe 36 PID 2564 wrote to memory of 2888 2564 3rxffxx.exe 36 PID 2564 wrote to memory of 2888 2564 3rxffxx.exe 36 PID 2888 wrote to memory of 1464 2888 ththnt.exe 37 PID 2888 wrote to memory of 1464 2888 ththnt.exe 37 PID 2888 wrote to memory of 1464 2888 ththnt.exe 37 PID 2888 wrote to memory of 1464 2888 ththnt.exe 37 PID 1464 wrote to memory of 2740 1464 jpdvp.exe 38 PID 1464 wrote to memory of 2740 1464 jpdvp.exe 38 PID 1464 wrote to memory of 2740 1464 jpdvp.exe 38 PID 1464 wrote to memory of 2740 1464 jpdvp.exe 38 PID 2740 wrote to memory of 2176 2740 jdvpp.exe 39 PID 2740 wrote to memory of 2176 2740 jdvpp.exe 39 PID 2740 wrote to memory of 2176 2740 jdvpp.exe 39 PID 2740 wrote to memory of 2176 2740 jdvpp.exe 39 PID 2176 wrote to memory of 2240 2176 xrffxrx.exe 40 PID 2176 wrote to memory of 2240 2176 xrffxrx.exe 40 PID 2176 wrote to memory of 2240 2176 xrffxrx.exe 40 PID 2176 wrote to memory of 2240 2176 xrffxrx.exe 40 PID 2240 wrote to memory of 1928 2240 lxllrxr.exe 41 PID 2240 wrote to memory of 1928 2240 lxllrxr.exe 41 PID 2240 wrote to memory of 1928 2240 lxllrxr.exe 41 PID 2240 wrote to memory of 1928 2240 lxllrxr.exe 41 PID 1928 wrote to memory of 1828 1928 3hnthh.exe 42 PID 1928 wrote to memory of 1828 1928 3hnthh.exe 42 PID 1928 wrote to memory of 1828 1928 3hnthh.exe 42 PID 1928 wrote to memory of 1828 1928 3hnthh.exe 42 PID 1828 wrote to memory of 1648 1828 pvpvj.exe 43 PID 1828 wrote to memory of 1648 1828 pvpvj.exe 43 PID 1828 wrote to memory of 1648 1828 pvpvj.exe 43 PID 1828 wrote to memory of 1648 1828 pvpvj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d8f002c0b4f6d77e37cf219c7d86650_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7d8f002c0b4f6d77e37cf219c7d86650_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1712 -
\??\c:\nbnnnh.exec:\nbnnnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2104 -
\??\c:\9jpjd.exec:\9jpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2672 -
\??\c:\pjvvv.exec:\pjvvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\xllfxxx.exec:\xllfxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2640 -
\??\c:\3djjv.exec:\3djjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\pdvjj.exec:\pdvjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\xlfllll.exec:\xlfllll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2444 -
\??\c:\3rxffxx.exec:\3rxffxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\ththnt.exec:\ththnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2888 -
\??\c:\jpdvp.exec:\jpdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1464 -
\??\c:\jdvpp.exec:\jdvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\xrffxrx.exec:\xrffxrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\lxllrxr.exec:\lxllrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2240 -
\??\c:\3hnthh.exec:\3hnthh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1928 -
\??\c:\pvpvj.exec:\pvpvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1828 -
\??\c:\1pdjd.exec:\1pdjd.exe17⤵
- Executes dropped EXE
PID:1648 -
\??\c:\rlrxffl.exec:\rlrxffl.exe18⤵
- Executes dropped EXE
PID:1244 -
\??\c:\lxfllff.exec:\lxfllff.exe19⤵
- Executes dropped EXE
PID:1304 -
\??\c:\bnbhnh.exec:\bnbhnh.exe20⤵
- Executes dropped EXE
PID:2332 -
\??\c:\7thbtt.exec:\7thbtt.exe21⤵
- Executes dropped EXE
PID:2760 -
\??\c:\3jvpv.exec:\3jvpv.exe22⤵
- Executes dropped EXE
PID:1976 -
\??\c:\frflllx.exec:\frflllx.exe23⤵
- Executes dropped EXE
PID:700 -
\??\c:\9llflff.exec:\9llflff.exe24⤵
- Executes dropped EXE
PID:1504 -
\??\c:\nbbnhn.exec:\nbbnhn.exe25⤵
- Executes dropped EXE
PID:1868 -
\??\c:\vpdjp.exec:\vpdjp.exe26⤵
- Executes dropped EXE
PID:1388 -
\??\c:\9pjjp.exec:\9pjjp.exe27⤵
- Executes dropped EXE
PID:1880 -
\??\c:\flrrxrf.exec:\flrrxrf.exe28⤵
- Executes dropped EXE
PID:2988 -
\??\c:\htbbnh.exec:\htbbnh.exe29⤵
- Executes dropped EXE
PID:1992 -
\??\c:\tbnnnh.exec:\tbnnnh.exe30⤵
- Executes dropped EXE
PID:2044 -
\??\c:\vpddj.exec:\vpddj.exe31⤵
- Executes dropped EXE
PID:304 -
\??\c:\pdpjj.exec:\pdpjj.exe32⤵
- Executes dropped EXE
PID:2168 -
\??\c:\lxffxrl.exec:\lxffxrl.exe33⤵
- Executes dropped EXE
PID:1720 -
\??\c:\7xfxxrr.exec:\7xfxxrr.exe34⤵
- Executes dropped EXE
PID:2108 -
\??\c:\lxllxxx.exec:\lxllxxx.exe35⤵
- Executes dropped EXE
PID:1592 -
\??\c:\httnhb.exec:\httnhb.exe36⤵
- Executes dropped EXE
PID:1980 -
\??\c:\bnnhht.exec:\bnnhht.exe37⤵
- Executes dropped EXE
PID:1748 -
\??\c:\jvppj.exec:\jvppj.exe38⤵
- Executes dropped EXE
PID:2656 -
\??\c:\dppjj.exec:\dppjj.exe39⤵
- Executes dropped EXE
PID:2548 -
\??\c:\lxlfxxr.exec:\lxlfxxr.exe40⤵
- Executes dropped EXE
PID:2596 -
\??\c:\lrrxxff.exec:\lrrxxff.exe41⤵
- Executes dropped EXE
PID:2160 -
\??\c:\bnnnnn.exec:\bnnnnn.exe42⤵
- Executes dropped EXE
PID:2700 -
\??\c:\bnnntt.exec:\bnnntt.exe43⤵
- Executes dropped EXE
PID:2488 -
\??\c:\5vjdd.exec:\5vjdd.exe44⤵
- Executes dropped EXE
PID:2436 -
\??\c:\jdjjj.exec:\jdjjj.exe45⤵
- Executes dropped EXE
PID:2512 -
\??\c:\lxfxxxx.exec:\lxfxxxx.exe46⤵
- Executes dropped EXE
PID:1532 -
\??\c:\xrflxxl.exec:\xrflxxl.exe47⤵
- Executes dropped EXE
PID:2428 -
\??\c:\7thbnn.exec:\7thbnn.exe48⤵
- Executes dropped EXE
PID:2528 -
\??\c:\htbhtt.exec:\htbhtt.exe49⤵
- Executes dropped EXE
PID:2876 -
\??\c:\5vdvv.exec:\5vdvv.exe50⤵
- Executes dropped EXE
PID:2844 -
\??\c:\3lfrxlr.exec:\3lfrxlr.exe51⤵
- Executes dropped EXE
PID:1704 -
\??\c:\rlxfxxl.exec:\rlxfxxl.exe52⤵
- Executes dropped EXE
PID:1960 -
\??\c:\hbthnt.exec:\hbthnt.exe53⤵
- Executes dropped EXE
PID:1884 -
\??\c:\hbbhbh.exec:\hbbhbh.exe54⤵
- Executes dropped EXE
PID:1556 -
\??\c:\pdppd.exec:\pdppd.exe55⤵
- Executes dropped EXE
PID:2340 -
\??\c:\jdjjv.exec:\jdjjv.exe56⤵
- Executes dropped EXE
PID:1348 -
\??\c:\rlrxrfr.exec:\rlrxrfr.exe57⤵
- Executes dropped EXE
PID:1176 -
\??\c:\7rffrxf.exec:\7rffrxf.exe58⤵
- Executes dropped EXE
PID:2292 -
\??\c:\bbttht.exec:\bbttht.exe59⤵
- Executes dropped EXE
PID:1924 -
\??\c:\9tntbb.exec:\9tntbb.exe60⤵
- Executes dropped EXE
PID:2284 -
\??\c:\vvpvv.exec:\vvpvv.exe61⤵
- Executes dropped EXE
PID:336 -
\??\c:\5pvdp.exec:\5pvdp.exe62⤵
- Executes dropped EXE
PID:108 -
\??\c:\lxxlrrx.exec:\lxxlrrx.exe63⤵
- Executes dropped EXE
PID:1668 -
\??\c:\fxxfllf.exec:\fxxfllf.exe64⤵
- Executes dropped EXE
PID:640 -
\??\c:\7tbttt.exec:\7tbttt.exe65⤵
- Executes dropped EXE
PID:996 -
\??\c:\9ntbhn.exec:\9ntbhn.exe66⤵PID:2680
-
\??\c:\dpvpd.exec:\dpvpd.exe67⤵PID:1784
-
\??\c:\frllffl.exec:\frllffl.exe68⤵PID:2852
-
\??\c:\lrlxfxf.exec:\lrlxfxf.exe69⤵PID:2996
-
\??\c:\tnbhtt.exec:\tnbhtt.exe70⤵PID:2792
-
\??\c:\htbhhh.exec:\htbhhh.exe71⤵PID:2828
-
\??\c:\jvjpd.exec:\jvjpd.exe72⤵PID:1328
-
\??\c:\pdppv.exec:\pdppv.exe73⤵PID:1764
-
\??\c:\fxlfflr.exec:\fxlfflr.exe74⤵PID:2372
-
\??\c:\1xllrrf.exec:\1xllrrf.exe75⤵PID:1624
-
\??\c:\nhtbnn.exec:\nhtbnn.exe76⤵PID:2108
-
\??\c:\9ttntn.exec:\9ttntn.exe77⤵PID:1760
-
\??\c:\dvddv.exec:\dvddv.exe78⤵PID:2956
-
\??\c:\pjpvd.exec:\pjpvd.exe79⤵PID:2620
-
\??\c:\lfrrffl.exec:\lfrrffl.exe80⤵PID:2572
-
\??\c:\1flfllr.exec:\1flfllr.exe81⤵PID:2560
-
\??\c:\3thhnh.exec:\3thhnh.exe82⤵PID:2720
-
\??\c:\ttnnbb.exec:\ttnnbb.exe83⤵PID:2608
-
\??\c:\pdpvv.exec:\pdpvv.exe84⤵PID:2912
-
\??\c:\dpdjp.exec:\dpdjp.exe85⤵PID:2616
-
\??\c:\frfflll.exec:\frfflll.exe86⤵PID:2864
-
\??\c:\9xrrrff.exec:\9xrrrff.exe87⤵PID:876
-
\??\c:\5bnnth.exec:\5bnnth.exe88⤵PID:2112
-
\??\c:\5httbb.exec:\5httbb.exe89⤵PID:772
-
\??\c:\vpvdp.exec:\vpvdp.exe90⤵PID:2856
-
\??\c:\vpvvv.exec:\vpvvv.exe91⤵PID:1204
-
\??\c:\1frflrx.exec:\1frflrx.exe92⤵PID:2176
-
\??\c:\xrflfxr.exec:\xrflfxr.exe93⤵PID:2240
-
\??\c:\hbhhhn.exec:\hbhhhn.exe94⤵PID:1072
-
\??\c:\tnbbnn.exec:\tnbbnn.exe95⤵PID:500
-
\??\c:\jpppj.exec:\jpppj.exe96⤵PID:1576
-
\??\c:\9pjjj.exec:\9pjjj.exe97⤵PID:1028
-
\??\c:\xrflflr.exec:\xrflflr.exe98⤵PID:1400
-
\??\c:\9rlllff.exec:\9rlllff.exe99⤵PID:2324
-
\??\c:\hhtnht.exec:\hhtnht.exe100⤵PID:2316
-
\??\c:\thhhbh.exec:\thhhbh.exe101⤵PID:2420
-
\??\c:\9pjvj.exec:\9pjvj.exe102⤵PID:2760
-
\??\c:\3pdjp.exec:\3pdjp.exe103⤵PID:784
-
\??\c:\fxrxffl.exec:\fxrxffl.exe104⤵PID:1664
-
\??\c:\xflxllx.exec:\xflxllx.exe105⤵PID:560
-
\??\c:\hbhthn.exec:\hbhthn.exe106⤵PID:1500
-
\??\c:\nbbtbt.exec:\nbbtbt.exe107⤵PID:2412
-
\??\c:\jdpdj.exec:\jdpdj.exe108⤵PID:1044
-
\??\c:\pjpvj.exec:\pjpvj.exe109⤵PID:1216
-
\??\c:\xflrrxf.exec:\xflrrxf.exe110⤵PID:2848
-
\??\c:\rrxflfl.exec:\rrxflfl.exe111⤵PID:2080
-
\??\c:\1nbbbb.exec:\1nbbbb.exe112⤵PID:360
-
\??\c:\nbhhnn.exec:\nbhhnn.exe113⤵PID:3012
-
\??\c:\vjppp.exec:\vjppp.exe114⤵PID:3060
-
\??\c:\rfxllxx.exec:\rfxllxx.exe115⤵PID:2300
-
\??\c:\xlxflrf.exec:\xlxflrf.exe116⤵PID:1768
-
\??\c:\5ntntn.exec:\5ntntn.exe117⤵PID:1620
-
\??\c:\jdvvv.exec:\jdvvv.exe118⤵PID:2268
-
\??\c:\7pjpj.exec:\7pjpj.exe119⤵PID:1592
-
\??\c:\jvdvp.exec:\jvdvp.exe120⤵PID:2060
-
\??\c:\rlrxlrx.exec:\rlrxlrx.exe121⤵PID:2956
-
\??\c:\fxffrrf.exec:\fxffrrf.exe122⤵PID:2796
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-