Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 03:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3a997ba6ffe1391524f1c406f9ecca90_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
3a997ba6ffe1391524f1c406f9ecca90_NeikiAnalytics.exe
-
Size
76KB
-
MD5
3a997ba6ffe1391524f1c406f9ecca90
-
SHA1
85b1aedbaa2246c245bc81725284028ac65a8959
-
SHA256
8edcc0ae0debdae9c029b3dd97ec1c2cbcaae06fe262d77d99e1b9c3b39449dc
-
SHA512
8fc04483de2432a5c8445b3fe95d195051aa8a2de3e71cc6076edf0a25473df8a3194f65b3eb2dc28017fe9dba81964a5082fcc3a80a02181a060b97d84869e2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2wVEJo:ymb3NkkiQ3mdBjF+3TU2KEJo
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/2900-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1332-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2900-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2948-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/340-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2768-50-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2344-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2744-86-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2744-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2588-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1316-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2396-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1940-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2416-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2008-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2552-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2860-213-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/264-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1608-231-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/692-258-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/336-277-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1332 pvddd.exe 2948 fxffrrf.exe 340 pvvvj.exe 2768 ffxfrrl.exe 2344 7nhhnb.exe 2612 vppjv.exe 2744 xfrrxxl.exe 2588 7rlrxrf.exe 1316 7nntnb.exe 2396 ddjvp.exe 1940 ffflrrf.exe 2804 hhbntn.exe 2416 nhnbnn.exe 2008 ddvdp.exe 1592 fxrxllr.exe 2552 fxlrrll.exe 1616 btnbnn.exe 1036 bntnbb.exe 2276 1jdjv.exe 2388 xrxrxfl.exe 2860 xlxfllx.exe 264 3nntht.exe 1608 5vpvj.exe 1852 jdvjd.exe 2468 ffxlrfl.exe 692 lxxxlrl.exe 2868 9nnhtb.exe 336 jdvdj.exe 1752 jjjjj.exe 2180 1llxfxl.exe 1572 ntbthn.exe 2072 ddddp.exe 2976 9vjvd.exe 2972 fxlrxxl.exe 2708 lflxrxr.exe 340 nhtbhh.exe 2520 jddjv.exe 2752 vpdvd.exe 2796 xrrrrrf.exe 2184 fxlxxfl.exe 2524 tbttnh.exe 2904 bbbhhb.exe 2588 jjddj.exe 1952 rrlllrf.exe 1936 xlxffrx.exe 2572 3ttbht.exe 1940 3bbbbh.exe 2804 vvvpd.exe 2020 vpjjv.exe 1444 nhtbnt.exe 1468 nhtthh.exe 2392 ddpjd.exe 1628 pjdjp.exe 1616 jdjvv.exe 2272 rrxxllr.exe 2608 5rlrlrr.exe 2700 nntbnn.exe 2304 7htbbh.exe 2860 3pjpv.exe 1096 ddvdp.exe 1896 xrlxflr.exe 1804 1rflxxf.exe 860 5nnbtb.exe 892 btbbbb.exe -
resource yara_rule behavioral1/memory/1332-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2948-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2948-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2948-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/340-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/340-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/340-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/340-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2768-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2344-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2612-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2612-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2612-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2744-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2588-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1316-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2396-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1940-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2416-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2008-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2552-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2860-213-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/264-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1608-231-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/692-258-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/336-277-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2900 wrote to memory of 1332 2900 3a997ba6ffe1391524f1c406f9ecca90_NeikiAnalytics.exe 29 PID 2900 wrote to memory of 1332 2900 3a997ba6ffe1391524f1c406f9ecca90_NeikiAnalytics.exe 29 PID 2900 wrote to memory of 1332 2900 3a997ba6ffe1391524f1c406f9ecca90_NeikiAnalytics.exe 29 PID 2900 wrote to memory of 1332 2900 3a997ba6ffe1391524f1c406f9ecca90_NeikiAnalytics.exe 29 PID 1332 wrote to memory of 2948 1332 pvddd.exe 30 PID 1332 wrote to memory of 2948 1332 pvddd.exe 30 PID 1332 wrote to memory of 2948 1332 pvddd.exe 30 PID 1332 wrote to memory of 2948 1332 pvddd.exe 30 PID 2948 wrote to memory of 340 2948 fxffrrf.exe 31 PID 2948 wrote to memory of 340 2948 fxffrrf.exe 31 PID 2948 wrote to memory of 340 2948 fxffrrf.exe 31 PID 2948 wrote to memory of 340 2948 fxffrrf.exe 31 PID 340 wrote to memory of 2768 340 pvvvj.exe 32 PID 340 wrote to memory of 2768 340 pvvvj.exe 32 PID 340 wrote to memory of 2768 340 pvvvj.exe 32 PID 340 wrote to memory of 2768 340 pvvvj.exe 32 PID 2768 wrote to memory of 2344 2768 ffxfrrl.exe 33 PID 2768 wrote to memory of 2344 2768 ffxfrrl.exe 33 PID 2768 wrote to memory of 2344 2768 ffxfrrl.exe 33 PID 2768 wrote to memory of 2344 2768 ffxfrrl.exe 33 PID 2344 wrote to memory of 2612 2344 7nhhnb.exe 34 PID 2344 wrote to memory of 2612 2344 7nhhnb.exe 34 PID 2344 wrote to memory of 2612 2344 7nhhnb.exe 34 PID 2344 wrote to memory of 2612 2344 7nhhnb.exe 34 PID 2612 wrote to memory of 2744 2612 vppjv.exe 35 PID 2612 wrote to memory of 2744 2612 vppjv.exe 35 PID 2612 wrote to memory of 2744 2612 vppjv.exe 35 PID 2612 wrote to memory of 2744 2612 vppjv.exe 35 PID 2744 wrote to memory of 2588 2744 xfrrxxl.exe 36 PID 2744 wrote to memory of 2588 2744 xfrrxxl.exe 36 PID 2744 wrote to memory of 2588 2744 xfrrxxl.exe 36 PID 2744 wrote to memory of 2588 2744 xfrrxxl.exe 36 PID 2588 wrote to memory of 1316 2588 7rlrxrf.exe 37 PID 2588 wrote to memory of 1316 2588 7rlrxrf.exe 37 PID 2588 wrote to memory of 1316 2588 7rlrxrf.exe 37 PID 2588 wrote to memory of 1316 2588 7rlrxrf.exe 37 PID 1316 wrote to memory of 2396 1316 7nntnb.exe 38 PID 1316 wrote to memory of 2396 1316 7nntnb.exe 38 PID 1316 wrote to memory of 2396 1316 7nntnb.exe 38 PID 1316 wrote to memory of 2396 1316 7nntnb.exe 38 PID 2396 wrote to memory of 1940 2396 ddjvp.exe 39 PID 2396 wrote to memory of 1940 2396 ddjvp.exe 39 PID 2396 wrote to memory of 1940 2396 ddjvp.exe 39 PID 2396 wrote to memory of 1940 2396 ddjvp.exe 39 PID 1940 wrote to memory of 2804 1940 ffflrrf.exe 40 PID 1940 wrote to memory of 2804 1940 ffflrrf.exe 40 PID 1940 wrote to memory of 2804 1940 ffflrrf.exe 40 PID 1940 wrote to memory of 2804 1940 ffflrrf.exe 40 PID 2804 wrote to memory of 2416 2804 hhbntn.exe 41 PID 2804 wrote to memory of 2416 2804 hhbntn.exe 41 PID 2804 wrote to memory of 2416 2804 hhbntn.exe 41 PID 2804 wrote to memory of 2416 2804 hhbntn.exe 41 PID 2416 wrote to memory of 2008 2416 nhnbnn.exe 42 PID 2416 wrote to memory of 2008 2416 nhnbnn.exe 42 PID 2416 wrote to memory of 2008 2416 nhnbnn.exe 42 PID 2416 wrote to memory of 2008 2416 nhnbnn.exe 42 PID 2008 wrote to memory of 1592 2008 ddvdp.exe 43 PID 2008 wrote to memory of 1592 2008 ddvdp.exe 43 PID 2008 wrote to memory of 1592 2008 ddvdp.exe 43 PID 2008 wrote to memory of 1592 2008 ddvdp.exe 43 PID 1592 wrote to memory of 2552 1592 fxrxllr.exe 44 PID 1592 wrote to memory of 2552 1592 fxrxllr.exe 44 PID 1592 wrote to memory of 2552 1592 fxrxllr.exe 44 PID 1592 wrote to memory of 2552 1592 fxrxllr.exe 44
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a997ba6ffe1391524f1c406f9ecca90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3a997ba6ffe1391524f1c406f9ecca90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\pvddd.exec:\pvddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1332 -
\??\c:\fxffrrf.exec:\fxffrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2948 -
\??\c:\pvvvj.exec:\pvvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:340 -
\??\c:\ffxfrrl.exec:\ffxfrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2768 -
\??\c:\7nhhnb.exec:\7nhhnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2344 -
\??\c:\vppjv.exec:\vppjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2612 -
\??\c:\xfrrxxl.exec:\xfrrxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\7rlrxrf.exec:\7rlrxrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2588 -
\??\c:\7nntnb.exec:\7nntnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1316 -
\??\c:\ddjvp.exec:\ddjvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2396 -
\??\c:\ffflrrf.exec:\ffflrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1940 -
\??\c:\hhbntn.exec:\hhbntn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2804 -
\??\c:\nhnbnn.exec:\nhnbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\ddvdp.exec:\ddvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2008 -
\??\c:\fxrxllr.exec:\fxrxllr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1592 -
\??\c:\fxlrrll.exec:\fxlrrll.exe17⤵
- Executes dropped EXE
PID:2552 -
\??\c:\btnbnn.exec:\btnbnn.exe18⤵
- Executes dropped EXE
PID:1616 -
\??\c:\bntnbb.exec:\bntnbb.exe19⤵
- Executes dropped EXE
PID:1036 -
\??\c:\1jdjv.exec:\1jdjv.exe20⤵
- Executes dropped EXE
PID:2276 -
\??\c:\xrxrxfl.exec:\xrxrxfl.exe21⤵
- Executes dropped EXE
PID:2388 -
\??\c:\xlxfllx.exec:\xlxfllx.exe22⤵
- Executes dropped EXE
PID:2860 -
\??\c:\3nntht.exec:\3nntht.exe23⤵
- Executes dropped EXE
PID:264 -
\??\c:\5vpvj.exec:\5vpvj.exe24⤵
- Executes dropped EXE
PID:1608 -
\??\c:\jdvjd.exec:\jdvjd.exe25⤵
- Executes dropped EXE
PID:1852 -
\??\c:\ffxlrfl.exec:\ffxlrfl.exe26⤵
- Executes dropped EXE
PID:2468 -
\??\c:\lxxxlrl.exec:\lxxxlrl.exe27⤵
- Executes dropped EXE
PID:692 -
\??\c:\9nnhtb.exec:\9nnhtb.exe28⤵
- Executes dropped EXE
PID:2868 -
\??\c:\jdvdj.exec:\jdvdj.exe29⤵
- Executes dropped EXE
PID:336 -
\??\c:\jjjjj.exec:\jjjjj.exe30⤵
- Executes dropped EXE
PID:1752 -
\??\c:\1llxfxl.exec:\1llxfxl.exe31⤵
- Executes dropped EXE
PID:2180 -
\??\c:\ntbthn.exec:\ntbthn.exe32⤵
- Executes dropped EXE
PID:1572 -
\??\c:\ddddp.exec:\ddddp.exe33⤵
- Executes dropped EXE
PID:2072 -
\??\c:\9vjvd.exec:\9vjvd.exe34⤵
- Executes dropped EXE
PID:2976 -
\??\c:\fxlrxxl.exec:\fxlrxxl.exe35⤵
- Executes dropped EXE
PID:2972 -
\??\c:\lflxrxr.exec:\lflxrxr.exe36⤵
- Executes dropped EXE
PID:2708 -
\??\c:\nhtbhh.exec:\nhtbhh.exe37⤵
- Executes dropped EXE
PID:340 -
\??\c:\jddjv.exec:\jddjv.exe38⤵
- Executes dropped EXE
PID:2520 -
\??\c:\vpdvd.exec:\vpdvd.exe39⤵
- Executes dropped EXE
PID:2752 -
\??\c:\xrrrrrf.exec:\xrrrrrf.exe40⤵
- Executes dropped EXE
PID:2796 -
\??\c:\fxlxxfl.exec:\fxlxxfl.exe41⤵
- Executes dropped EXE
PID:2184 -
\??\c:\tbttnh.exec:\tbttnh.exe42⤵
- Executes dropped EXE
PID:2524 -
\??\c:\bbbhhb.exec:\bbbhhb.exe43⤵
- Executes dropped EXE
PID:2904 -
\??\c:\jjddj.exec:\jjddj.exe44⤵
- Executes dropped EXE
PID:2588 -
\??\c:\rrlllrf.exec:\rrlllrf.exe45⤵
- Executes dropped EXE
PID:1952 -
\??\c:\xlxffrx.exec:\xlxffrx.exe46⤵
- Executes dropped EXE
PID:1936 -
\??\c:\3ttbht.exec:\3ttbht.exe47⤵
- Executes dropped EXE
PID:2572 -
\??\c:\3bbbbh.exec:\3bbbbh.exe48⤵
- Executes dropped EXE
PID:1940 -
\??\c:\vvvpd.exec:\vvvpd.exe49⤵
- Executes dropped EXE
PID:2804 -
\??\c:\vpjjv.exec:\vpjjv.exe50⤵
- Executes dropped EXE
PID:2020 -
\??\c:\nhtbnt.exec:\nhtbnt.exe51⤵
- Executes dropped EXE
PID:1444 -
\??\c:\nhtthh.exec:\nhtthh.exe52⤵
- Executes dropped EXE
PID:1468 -
\??\c:\ddpjd.exec:\ddpjd.exe53⤵
- Executes dropped EXE
PID:2392 -
\??\c:\pjdjp.exec:\pjdjp.exe54⤵
- Executes dropped EXE
PID:1628 -
\??\c:\jdjvv.exec:\jdjvv.exe55⤵
- Executes dropped EXE
PID:1616 -
\??\c:\rrxxllr.exec:\rrxxllr.exe56⤵
- Executes dropped EXE
PID:2272 -
\??\c:\5rlrlrr.exec:\5rlrlrr.exe57⤵
- Executes dropped EXE
PID:2608 -
\??\c:\nntbnn.exec:\nntbnn.exe58⤵
- Executes dropped EXE
PID:2700 -
\??\c:\7htbbh.exec:\7htbbh.exe59⤵
- Executes dropped EXE
PID:2304 -
\??\c:\3pjpv.exec:\3pjpv.exe60⤵
- Executes dropped EXE
PID:2860 -
\??\c:\ddvdp.exec:\ddvdp.exe61⤵
- Executes dropped EXE
PID:1096 -
\??\c:\xrlxflr.exec:\xrlxflr.exe62⤵
- Executes dropped EXE
PID:1896 -
\??\c:\1rflxxf.exec:\1rflxxf.exe63⤵
- Executes dropped EXE
PID:1804 -
\??\c:\5nnbtb.exec:\5nnbtb.exe64⤵
- Executes dropped EXE
PID:860 -
\??\c:\btbbbb.exec:\btbbbb.exe65⤵
- Executes dropped EXE
PID:892 -
\??\c:\dvjpp.exec:\dvjpp.exe66⤵PID:2080
-
\??\c:\pjppv.exec:\pjppv.exe67⤵PID:3028
-
\??\c:\xrflrrx.exec:\xrflrrx.exe68⤵PID:492
-
\??\c:\xrffrrx.exec:\xrffrrx.exe69⤵PID:1556
-
\??\c:\9nbthh.exec:\9nbthh.exe70⤵PID:2932
-
\??\c:\thbbhn.exec:\thbbhn.exe71⤵PID:1684
-
\??\c:\5pdjj.exec:\5pdjj.exe72⤵PID:2068
-
\??\c:\1pppd.exec:\1pppd.exe73⤵PID:316
-
\??\c:\7lrllrr.exec:\7lrllrr.exe74⤵PID:2788
-
\??\c:\1lffrrr.exec:\1lffrrr.exe75⤵PID:2640
-
\??\c:\xrllrrr.exec:\xrllrrr.exe76⤵PID:2728
-
\??\c:\tnbhnh.exec:\tnbhnh.exe77⤵PID:2660
-
\??\c:\tbhhnh.exec:\tbhhnh.exe78⤵PID:2768
-
\??\c:\vpdjv.exec:\vpdjv.exe79⤵PID:2808
-
\??\c:\7pvvv.exec:\7pvvv.exe80⤵PID:2760
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe81⤵PID:2508
-
\??\c:\3lfrfff.exec:\3lfrfff.exe82⤵PID:2744
-
\??\c:\httttn.exec:\httttn.exe83⤵PID:2988
-
\??\c:\tnhtbb.exec:\tnhtbb.exe84⤵PID:2040
-
\??\c:\dpvdp.exec:\dpvdp.exe85⤵PID:2168
-
\??\c:\jpvvd.exec:\jpvvd.exe86⤵PID:2396
-
\??\c:\3frrxff.exec:\3frrxff.exe87⤵PID:1964
-
\??\c:\rlfxffr.exec:\rlfxffr.exe88⤵PID:2012
-
\??\c:\7nbbbt.exec:\7nbbbt.exe89⤵PID:2232
-
\??\c:\nntbtt.exec:\nntbtt.exe90⤵PID:880
-
\??\c:\nhnnhh.exec:\nhnnhh.exe91⤵PID:1492
-
\??\c:\7jvdj.exec:\7jvdj.exe92⤵PID:2240
-
\??\c:\dpvvv.exec:\dpvvv.exe93⤵PID:2420
-
\??\c:\fxrflrx.exec:\fxrflrx.exe94⤵PID:2348
-
\??\c:\lxlffff.exec:\lxlffff.exe95⤵PID:1760
-
\??\c:\bnhhtt.exec:\bnhhtt.exe96⤵PID:1148
-
\??\c:\1nttbb.exec:\1nttbb.exe97⤵PID:1724
-
\??\c:\dvjjp.exec:\dvjjp.exe98⤵PID:2852
-
\??\c:\vdjjp.exec:\vdjjp.exe99⤵PID:532
-
\??\c:\jvjpj.exec:\jvjpj.exe100⤵PID:908
-
\??\c:\3lrlrrx.exec:\3lrlrrx.exe101⤵PID:1736
-
\??\c:\3lrxxff.exec:\3lrxxff.exe102⤵PID:3008
-
\??\c:\nhnnnn.exec:\nhnnnn.exe103⤵PID:1852
-
\??\c:\5hnntb.exec:\5hnntb.exe104⤵PID:1644
-
\??\c:\3dppp.exec:\3dppp.exe105⤵PID:2336
-
\??\c:\5jpvv.exec:\5jpvv.exe106⤵PID:1308
-
\??\c:\xrflxff.exec:\xrflxff.exe107⤵PID:344
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe108⤵PID:884
-
\??\c:\1lrxflr.exec:\1lrxflr.exe109⤵PID:1288
-
\??\c:\nhtbbh.exec:\nhtbbh.exe110⤵PID:1752
-
\??\c:\nbbtbt.exec:\nbbtbt.exe111⤵PID:2820
-
\??\c:\vpddj.exec:\vpddj.exe112⤵PID:2084
-
\??\c:\dvvvv.exec:\dvvvv.exe113⤵PID:2176
-
\??\c:\lfxfflx.exec:\lfxfflx.exe114⤵PID:1808
-
\??\c:\ffrfxfl.exec:\ffrfxfl.exe115⤵PID:2972
-
\??\c:\hhbbth.exec:\hhbbth.exe116⤵PID:2664
-
\??\c:\hbnhtb.exec:\hbnhtb.exe117⤵PID:2840
-
\??\c:\nhnbtt.exec:\nhnbtt.exe118⤵PID:3020
-
\??\c:\9dppv.exec:\9dppv.exe119⤵PID:2764
-
\??\c:\pjppj.exec:\pjppj.exe120⤵PID:2536
-
\??\c:\jvddp.exec:\jvddp.exe121⤵PID:2476
-
\??\c:\fxrxxxl.exec:\fxrxxxl.exe122⤵PID:2524
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-