Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 04:45
Behavioral task
behavioral1
Sample
77aebc7d210a3fed71509aa9f6245f50_NeikiAnalytics.exe
Resource
win7-20240215-en
General
-
Target
77aebc7d210a3fed71509aa9f6245f50_NeikiAnalytics.exe
-
Size
350KB
-
MD5
77aebc7d210a3fed71509aa9f6245f50
-
SHA1
08adb7c9e7246b3f7f703c9f8cffe55c13b1f28a
-
SHA256
4311158ebe13a47e2fadbea63d3688a5609a8caeaf0550aa595c0421b8ee411b
-
SHA512
b98c4618de707df419a4b942d25f638287eddd80f1c82f24c311510eabc30d414dc8bc0d08a9474ed265a1f38aabfcd80ad02fdcedade1dca795831e5afa7dc9
-
SSDEEP
6144:4cm7ImGddXvJuzyy/SfVFKpU/sien7NuOpo0HmtDKe0wKyKqiOfm8RCfDK4TrHX:+7TcBuGy/Sa+/sie0OpncKe/KFBOfmzP
Malware Config
Signatures
-
Detect Blackmoon payload 63 IoCs
Processes:
resource yara_rule behavioral2/memory/3788-0-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1700-12-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1276-28-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1664-34-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2936-36-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1316-66-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3196-147-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3544-175-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4424-223-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2320-293-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4724-317-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2232-330-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1300-334-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4864-341-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4924-357-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2724-388-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/980-474-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2740-592-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2668-610-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3868-706-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1608-761-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2156-711-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/744-624-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2960-606-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2548-543-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5052-508-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/648-433-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1404-423-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3484-399-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4280-392-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/180-381-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2892-373-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2008-368-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4780-310-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2872-260-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/992-245-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5064-240-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/212-207-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3912-203-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4488-199-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3560-198-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/820-192-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5088-191-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4048-182-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4928-170-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1992-164-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2524-157-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2952-142-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4880-136-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4200-129-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2332-120-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/436-117-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/432-105-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4852-96-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/664-85-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2296-78-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/596-71-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4904-48-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4896-43-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2996-22-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1440-17-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1988-815-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3136-1079-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule C:\hhhbtt.exe family_berbew C:\5dvpd.exe family_berbew C:\jvpdp.exe family_berbew \??\c:\rfxlxrl.exe family_berbew C:\9hnhtn.exe family_berbew \??\c:\djpjd.exe family_berbew \??\c:\lxffxrf.exe family_berbew \??\c:\dpvvv.exe family_berbew \??\c:\nbhbtn.exe family_berbew \??\c:\bnnbth.exe family_berbew C:\pdpdj.exe family_berbew \??\c:\5hhtbh.exe family_berbew \??\c:\rlxllff.exe family_berbew \??\c:\jdvpv.exe family_berbew C:\lrxlfxr.exe family_berbew \??\c:\xlrllff.exe family_berbew \??\c:\lrlfxxx.exe family_berbew \??\c:\djvdj.exe family_berbew \??\c:\tththh.exe family_berbew \??\c:\ppdvv.exe family_berbew \??\c:\hbbnhb.exe family_berbew \??\c:\dpdpp.exe family_berbew \??\c:\rxxrffx.exe family_berbew \??\c:\dvpdp.exe family_berbew \??\c:\xflxlrl.exe family_berbew \??\c:\rffxrlr.exe family_berbew \??\c:\tbtnnn.exe family_berbew \??\c:\llrflfl.exe family_berbew \??\c:\jjjvd.exe family_berbew \??\c:\ffxrfxr.exe family_berbew \??\c:\5fxlxxl.exe family_berbew \??\c:\tnnhtt.exe family_berbew -
Executes dropped EXE 64 IoCs
Processes:
hhhbtt.exe5dvpd.exejvpdp.exerfxlxrl.exe9hnhtn.exedjpjd.exelxffxrf.exetnnhtt.exedpvvv.exe5fxlxxl.exeffxrfxr.exenbhbtn.exejjjvd.exellrflfl.exebnnbth.exetbtnnn.exepdpdj.exerffxrlr.exexflxlrl.exe5hhtbh.exedvpdp.exerlxllff.exerxxrffx.exedpdpp.exejdvpv.exehbbnhb.exeppdvv.exelrxlfxr.exexlrllff.exetththh.exedjvdj.exelrlfxxx.exebnnnnh.exentbbnn.exe9vjpj.exerrxrllf.exetthbbt.exepjjdp.exepdpjv.exe1xrlffx.exehhbttb.exepvvpd.exerrfxrrl.exehbtnhb.exehbhbtn.exejvvjj.exexlxxrrr.exelxlfxrx.exebntnht.exevjdvj.exexxxrfxl.exe9ttnbb.exenbnnhb.exe1jjvv.exerxlllff.exeffrlfxl.exenhbtnn.exepdvpd.exedvdvp.exexlrrllx.exe1bnnhn.exebthnhh.exe9pjdv.exejpdpj.exepid process 1700 hhhbtt.exe 1440 5dvpd.exe 2996 jvpdp.exe 1276 rfxlxrl.exe 1664 9hnhtn.exe 2936 djpjd.exe 4896 lxffxrf.exe 4904 tnnhtt.exe 4856 dpvvv.exe 1316 5fxlxxl.exe 596 ffxrfxr.exe 2296 nbhbtn.exe 664 jjjvd.exe 1148 llrflfl.exe 4852 bnnbth.exe 2960 tbtnnn.exe 432 pdpdj.exe 516 rffxrlr.exe 2332 xflxlrl.exe 436 5hhtbh.exe 4200 dvpdp.exe 1920 rlxllff.exe 4880 rxxrffx.exe 2952 dpdpp.exe 3196 jdvpv.exe 2524 hbbnhb.exe 3144 ppdvv.exe 1992 lrxlfxr.exe 4928 xlrllff.exe 3544 tththh.exe 4048 djvdj.exe 5088 lrlfxxx.exe 820 bnnnnh.exe 3560 ntbbnn.exe 4488 9vjpj.exe 3912 rrxrllf.exe 212 tthbbt.exe 2552 pjjdp.exe 2112 pdpjv.exe 3928 1xrlffx.exe 4424 hhbttb.exe 3532 pvvpd.exe 1804 rrfxrrl.exe 1172 hbtnhb.exe 1716 hbhbtn.exe 5064 jvvjj.exe 992 xlxxrrr.exe 5040 lxlfxrx.exe 4896 bntnht.exe 1348 vjdvj.exe 944 xxxrfxl.exe 2872 9ttnbb.exe 1356 nbnnhb.exe 1316 1jjvv.exe 4892 rxlllff.exe 1184 ffrlfxl.exe 720 nhbtnn.exe 3156 pdvpd.exe 3192 dvdvp.exe 4900 xlrrllx.exe 2320 1bnnhn.exe 4244 bthnhh.exe 4636 9pjdv.exe 2948 jpdpj.exe -
Processes:
resource yara_rule behavioral2/memory/3788-0-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1700-12-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1276-28-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1664-34-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2936-36-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1316-60-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1316-66-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3196-147-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3544-175-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4424-223-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1172-230-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4896-250-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1356-264-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3192-283-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2320-293-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2948-300-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4724-317-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2232-330-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1300-334-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4864-341-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4924-357-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3752-361-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2892-369-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/180-377-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2724-388-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1984-402-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/980-474-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2740-592-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2668-610-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1792-637-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3308-656-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3868-706-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2500-735-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2856-774-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1608-761-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2368-745-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1604-722-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4736-715-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2156-711-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/896-681-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4796-673-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3544-666-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/744-624-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1400-614-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2960-606-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2960-602-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2548-543-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4184-536-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/5052-508-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4824-443-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/648-433-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1404-423-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2076-413-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3484-399-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4280-392-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/180-381-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2892-373-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2008-368-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4780-310-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2872-260-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/5040-246-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/992-245-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/992-241-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/5064-240-0x0000000000400000-0x000000000042D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
77aebc7d210a3fed71509aa9f6245f50_NeikiAnalytics.exehhhbtt.exe5dvpd.exejvpdp.exerfxlxrl.exe9hnhtn.exedjpjd.exelxffxrf.exetnnhtt.exedpvvv.exe5fxlxxl.exeffxrfxr.exenbhbtn.exejjjvd.exellrflfl.exebnnbth.exetbtnnn.exepdpdj.exerffxrlr.exexflxlrl.exe5hhtbh.exedvpdp.exedescription pid process target process PID 3788 wrote to memory of 1700 3788 77aebc7d210a3fed71509aa9f6245f50_NeikiAnalytics.exe hhhbtt.exe PID 3788 wrote to memory of 1700 3788 77aebc7d210a3fed71509aa9f6245f50_NeikiAnalytics.exe hhhbtt.exe PID 3788 wrote to memory of 1700 3788 77aebc7d210a3fed71509aa9f6245f50_NeikiAnalytics.exe hhhbtt.exe PID 1700 wrote to memory of 1440 1700 hhhbtt.exe 5dvpd.exe PID 1700 wrote to memory of 1440 1700 hhhbtt.exe 5dvpd.exe PID 1700 wrote to memory of 1440 1700 hhhbtt.exe 5dvpd.exe PID 1440 wrote to memory of 2996 1440 5dvpd.exe lllffrl.exe PID 1440 wrote to memory of 2996 1440 5dvpd.exe lllffrl.exe PID 1440 wrote to memory of 2996 1440 5dvpd.exe lllffrl.exe PID 2996 wrote to memory of 1276 2996 jvpdp.exe rfxlxrl.exe PID 2996 wrote to memory of 1276 2996 jvpdp.exe rfxlxrl.exe PID 2996 wrote to memory of 1276 2996 jvpdp.exe rfxlxrl.exe PID 1276 wrote to memory of 1664 1276 rfxlxrl.exe 9hnhtn.exe PID 1276 wrote to memory of 1664 1276 rfxlxrl.exe 9hnhtn.exe PID 1276 wrote to memory of 1664 1276 rfxlxrl.exe 9hnhtn.exe PID 1664 wrote to memory of 2936 1664 9hnhtn.exe djpjd.exe PID 1664 wrote to memory of 2936 1664 9hnhtn.exe djpjd.exe PID 1664 wrote to memory of 2936 1664 9hnhtn.exe djpjd.exe PID 2936 wrote to memory of 4896 2936 djpjd.exe lxffxrf.exe PID 2936 wrote to memory of 4896 2936 djpjd.exe lxffxrf.exe PID 2936 wrote to memory of 4896 2936 djpjd.exe lxffxrf.exe PID 4896 wrote to memory of 4904 4896 lxffxrf.exe tnnhtt.exe PID 4896 wrote to memory of 4904 4896 lxffxrf.exe tnnhtt.exe PID 4896 wrote to memory of 4904 4896 lxffxrf.exe tnnhtt.exe PID 4904 wrote to memory of 4856 4904 tnnhtt.exe dpvvv.exe PID 4904 wrote to memory of 4856 4904 tnnhtt.exe dpvvv.exe PID 4904 wrote to memory of 4856 4904 tnnhtt.exe dpvvv.exe PID 4856 wrote to memory of 1316 4856 dpvvv.exe 5fxlxxl.exe PID 4856 wrote to memory of 1316 4856 dpvvv.exe 5fxlxxl.exe PID 4856 wrote to memory of 1316 4856 dpvvv.exe 5fxlxxl.exe PID 1316 wrote to memory of 596 1316 5fxlxxl.exe ffxrfxr.exe PID 1316 wrote to memory of 596 1316 5fxlxxl.exe ffxrfxr.exe PID 1316 wrote to memory of 596 1316 5fxlxxl.exe ffxrfxr.exe PID 596 wrote to memory of 2296 596 ffxrfxr.exe nbhbtn.exe PID 596 wrote to memory of 2296 596 ffxrfxr.exe nbhbtn.exe PID 596 wrote to memory of 2296 596 ffxrfxr.exe nbhbtn.exe PID 2296 wrote to memory of 664 2296 nbhbtn.exe jjjvd.exe PID 2296 wrote to memory of 664 2296 nbhbtn.exe jjjvd.exe PID 2296 wrote to memory of 664 2296 nbhbtn.exe jjjvd.exe PID 664 wrote to memory of 1148 664 jjjvd.exe llrflfl.exe PID 664 wrote to memory of 1148 664 jjjvd.exe llrflfl.exe PID 664 wrote to memory of 1148 664 jjjvd.exe llrflfl.exe PID 1148 wrote to memory of 4852 1148 llrflfl.exe bnnbth.exe PID 1148 wrote to memory of 4852 1148 llrflfl.exe bnnbth.exe PID 1148 wrote to memory of 4852 1148 llrflfl.exe bnnbth.exe PID 4852 wrote to memory of 2960 4852 bnnbth.exe tbtnnn.exe PID 4852 wrote to memory of 2960 4852 bnnbth.exe tbtnnn.exe PID 4852 wrote to memory of 2960 4852 bnnbth.exe tbtnnn.exe PID 2960 wrote to memory of 432 2960 tbtnnn.exe pdpdj.exe PID 2960 wrote to memory of 432 2960 tbtnnn.exe pdpdj.exe PID 2960 wrote to memory of 432 2960 tbtnnn.exe pdpdj.exe PID 432 wrote to memory of 516 432 pdpdj.exe rffxrlr.exe PID 432 wrote to memory of 516 432 pdpdj.exe rffxrlr.exe PID 432 wrote to memory of 516 432 pdpdj.exe rffxrlr.exe PID 516 wrote to memory of 2332 516 rffxrlr.exe 1tntnn.exe PID 516 wrote to memory of 2332 516 rffxrlr.exe 1tntnn.exe PID 516 wrote to memory of 2332 516 rffxrlr.exe 1tntnn.exe PID 2332 wrote to memory of 436 2332 xflxlrl.exe 5hhtbh.exe PID 2332 wrote to memory of 436 2332 xflxlrl.exe 5hhtbh.exe PID 2332 wrote to memory of 436 2332 xflxlrl.exe 5hhtbh.exe PID 436 wrote to memory of 4200 436 5hhtbh.exe dvpdp.exe PID 436 wrote to memory of 4200 436 5hhtbh.exe dvpdp.exe PID 436 wrote to memory of 4200 436 5hhtbh.exe dvpdp.exe PID 4200 wrote to memory of 1920 4200 dvpdp.exe rlxllff.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\77aebc7d210a3fed71509aa9f6245f50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\77aebc7d210a3fed71509aa9f6245f50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3788 -
\??\c:\hhhbtt.exec:\hhhbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1700 -
\??\c:\5dvpd.exec:\5dvpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1440 -
\??\c:\jvpdp.exec:\jvpdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2996 -
\??\c:\rfxlxrl.exec:\rfxlxrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1276 -
\??\c:\9hnhtn.exec:\9hnhtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1664 -
\??\c:\djpjd.exec:\djpjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2936 -
\??\c:\lxffxrf.exec:\lxffxrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4896 -
\??\c:\tnnhtt.exec:\tnnhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4904 -
\??\c:\dpvvv.exec:\dpvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4856 -
\??\c:\5fxlxxl.exec:\5fxlxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1316 -
\??\c:\ffxrfxr.exec:\ffxrfxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:596 -
\??\c:\nbhbtn.exec:\nbhbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2296 -
\??\c:\jjjvd.exec:\jjjvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:664 -
\??\c:\llrflfl.exec:\llrflfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1148 -
\??\c:\bnnbth.exec:\bnnbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4852 -
\??\c:\tbtnnn.exec:\tbtnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2960 -
\??\c:\pdpdj.exec:\pdpdj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:432 -
\??\c:\rffxrlr.exec:\rffxrlr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:516 -
\??\c:\xflxlrl.exec:\xflxlrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2332 -
\??\c:\5hhtbh.exec:\5hhtbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:436 -
\??\c:\dvpdp.exec:\dvpdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4200 -
\??\c:\rlxllff.exec:\rlxllff.exe23⤵
- Executes dropped EXE
PID:1920 -
\??\c:\rxxrffx.exec:\rxxrffx.exe24⤵
- Executes dropped EXE
PID:4880 -
\??\c:\dpdpp.exec:\dpdpp.exe25⤵
- Executes dropped EXE
PID:2952 -
\??\c:\jdvpv.exec:\jdvpv.exe26⤵
- Executes dropped EXE
PID:3196 -
\??\c:\hbbnhb.exec:\hbbnhb.exe27⤵
- Executes dropped EXE
PID:2524 -
\??\c:\ppdvv.exec:\ppdvv.exe28⤵
- Executes dropped EXE
PID:3144 -
\??\c:\lrxlfxr.exec:\lrxlfxr.exe29⤵
- Executes dropped EXE
PID:1992 -
\??\c:\xlrllff.exec:\xlrllff.exe30⤵
- Executes dropped EXE
PID:4928 -
\??\c:\tththh.exec:\tththh.exe31⤵
- Executes dropped EXE
PID:3544 -
\??\c:\djvdj.exec:\djvdj.exe32⤵
- Executes dropped EXE
PID:4048 -
\??\c:\lrlfxxx.exec:\lrlfxxx.exe33⤵
- Executes dropped EXE
PID:5088 -
\??\c:\bnnnnh.exec:\bnnnnh.exe34⤵
- Executes dropped EXE
PID:820 -
\??\c:\ntbbnn.exec:\ntbbnn.exe35⤵
- Executes dropped EXE
PID:3560 -
\??\c:\9vjpj.exec:\9vjpj.exe36⤵
- Executes dropped EXE
PID:4488 -
\??\c:\rrxrllf.exec:\rrxrllf.exe37⤵
- Executes dropped EXE
PID:3912 -
\??\c:\tthbbt.exec:\tthbbt.exe38⤵
- Executes dropped EXE
PID:212 -
\??\c:\pjjdp.exec:\pjjdp.exe39⤵
- Executes dropped EXE
PID:2552 -
\??\c:\pdpjv.exec:\pdpjv.exe40⤵
- Executes dropped EXE
PID:2112 -
\??\c:\1xrlffx.exec:\1xrlffx.exe41⤵
- Executes dropped EXE
PID:3928 -
\??\c:\hhbttb.exec:\hhbttb.exe42⤵
- Executes dropped EXE
PID:4424 -
\??\c:\pvvpd.exec:\pvvpd.exe43⤵
- Executes dropped EXE
PID:3532 -
\??\c:\rrfxrrl.exec:\rrfxrrl.exe44⤵
- Executes dropped EXE
PID:1804 -
\??\c:\hbtnhb.exec:\hbtnhb.exe45⤵
- Executes dropped EXE
PID:1172 -
\??\c:\hbhbtn.exec:\hbhbtn.exe46⤵
- Executes dropped EXE
PID:1716 -
\??\c:\jvvjj.exec:\jvvjj.exe47⤵
- Executes dropped EXE
PID:5064 -
\??\c:\xlxxrrr.exec:\xlxxrrr.exe48⤵
- Executes dropped EXE
PID:992 -
\??\c:\lxlfxrx.exec:\lxlfxrx.exe49⤵
- Executes dropped EXE
PID:5040 -
\??\c:\bntnht.exec:\bntnht.exe50⤵
- Executes dropped EXE
PID:4896 -
\??\c:\vjdvj.exec:\vjdvj.exe51⤵
- Executes dropped EXE
PID:1348 -
\??\c:\xxxrfxl.exec:\xxxrfxl.exe52⤵
- Executes dropped EXE
PID:944 -
\??\c:\9ttnbb.exec:\9ttnbb.exe53⤵
- Executes dropped EXE
PID:2872 -
\??\c:\nbnnhb.exec:\nbnnhb.exe54⤵
- Executes dropped EXE
PID:1356 -
\??\c:\1jjvv.exec:\1jjvv.exe55⤵
- Executes dropped EXE
PID:1316 -
\??\c:\rxlllff.exec:\rxlllff.exe56⤵
- Executes dropped EXE
PID:4892 -
\??\c:\ffrlfxl.exec:\ffrlfxl.exe57⤵
- Executes dropped EXE
PID:1184 -
\??\c:\nhbtnn.exec:\nhbtnn.exe58⤵
- Executes dropped EXE
PID:720 -
\??\c:\pdvpd.exec:\pdvpd.exe59⤵
- Executes dropped EXE
PID:3156 -
\??\c:\dvdvp.exec:\dvdvp.exe60⤵
- Executes dropped EXE
PID:3192 -
\??\c:\xlrrllx.exec:\xlrrllx.exe61⤵
- Executes dropped EXE
PID:4900 -
\??\c:\1bnnhn.exec:\1bnnhn.exe62⤵
- Executes dropped EXE
PID:2320 -
\??\c:\bthnhh.exec:\bthnhh.exe63⤵
- Executes dropped EXE
PID:4244 -
\??\c:\9pjdv.exec:\9pjdv.exe64⤵
- Executes dropped EXE
PID:4636 -
\??\c:\jpdpj.exec:\jpdpj.exe65⤵
- Executes dropped EXE
PID:2948 -
\??\c:\fxrrlll.exec:\fxrrlll.exe66⤵PID:2752
-
\??\c:\1nnnbt.exec:\1nnnbt.exe67⤵PID:4780
-
\??\c:\thtnht.exec:\thtnht.exe68⤵PID:2964
-
\??\c:\vvvjd.exec:\vvvjd.exe69⤵PID:4724
-
\??\c:\9vvdd.exec:\9vvdd.exe70⤵PID:1920
-
\??\c:\xxlfrrl.exec:\xxlfrrl.exe71⤵PID:4380
-
\??\c:\nnbtbb.exec:\nnbtbb.exe72⤵PID:4820
-
\??\c:\rllffll.exec:\rllffll.exe73⤵PID:2232
-
\??\c:\nnbtnn.exec:\nnbtnn.exe74⤵PID:1300
-
\??\c:\pjjvv.exec:\pjjvv.exe75⤵PID:4980
-
\??\c:\rfrlfxf.exec:\rfrlfxf.exe76⤵PID:4864
-
\??\c:\ffxxflx.exec:\ffxxflx.exe77⤵PID:4132
-
\??\c:\tbhbhb.exec:\tbhbhb.exe78⤵PID:2208
-
\??\c:\vdjdv.exec:\vdjdv.exe79⤵PID:4868
-
\??\c:\fxfflfl.exec:\fxfflfl.exe80⤵PID:3528
-
\??\c:\rxxrllf.exec:\rxxrllf.exe81⤵PID:4924
-
\??\c:\hhnhtn.exec:\hhnhtn.exe82⤵PID:4088
-
\??\c:\bhhnht.exec:\bhhnht.exe83⤵PID:3752
-
\??\c:\vjdvj.exec:\vjdvj.exe84⤵PID:2008
-
\??\c:\llxlrfx.exec:\llxlrfx.exe85⤵PID:2892
-
\??\c:\frxrrlx.exec:\frxrrlx.exe86⤵PID:2580
-
\??\c:\tbnhbt.exec:\tbnhbt.exe87⤵PID:180
-
\??\c:\9jjjv.exec:\9jjjv.exe88⤵PID:2300
-
\??\c:\pvdvj.exec:\pvdvj.exe89⤵PID:2724
-
\??\c:\lxrlfrr.exec:\lxrlfrr.exe90⤵PID:4280
-
\??\c:\hhbhnn.exec:\hhbhnn.exe91⤵PID:4736
-
\??\c:\tttnbt.exec:\tttnbt.exe92⤵PID:3484
-
\??\c:\dpvjv.exec:\dpvjv.exe93⤵PID:5068
-
\??\c:\pvjpv.exec:\pvjpv.exe94⤵PID:1984
-
\??\c:\3lfxrrr.exec:\3lfxrrr.exe95⤵PID:1172
-
\??\c:\nhnnnb.exec:\nhnnnb.exe96⤵PID:1712
-
\??\c:\tbnhnt.exec:\tbnhnt.exe97⤵PID:2076
-
\??\c:\pdjdv.exec:\pdjdv.exe98⤵PID:5040
-
\??\c:\1dpjv.exec:\1dpjv.exe99⤵PID:1404
-
\??\c:\flrrxxr.exec:\flrrxxr.exe100⤵PID:2368
-
\??\c:\fflfxrl.exec:\fflfxrl.exe101⤵PID:2696
-
\??\c:\ntnnbh.exec:\ntnnbh.exe102⤵PID:1560
-
\??\c:\3djvp.exec:\3djvp.exe103⤵PID:648
-
\??\c:\pppjd.exec:\pppjd.exe104⤵PID:1360
-
\??\c:\xrxrfff.exec:\xrxrfff.exe105⤵PID:720
-
\??\c:\frrflxx.exec:\frrflxx.exe106⤵PID:4824
-
\??\c:\nhnhbn.exec:\nhnhbn.exe107⤵PID:3192
-
\??\c:\dddvj.exec:\dddvj.exe108⤵PID:4900
-
\??\c:\dpppd.exec:\dpppd.exe109⤵PID:3000
-
\??\c:\5rxrfrl.exec:\5rxrfrl.exe110⤵PID:516
-
\??\c:\rffxllf.exec:\rffxllf.exe111⤵PID:2268
-
\??\c:\1tntnn.exec:\1tntnn.exe112⤵PID:2332
-
\??\c:\ntbthb.exec:\ntbthb.exe113⤵PID:2692
-
\??\c:\pjdvv.exec:\pjdvv.exe114⤵PID:3136
-
\??\c:\vvdpj.exec:\vvdpj.exe115⤵PID:980
-
\??\c:\rrxrlll.exec:\rrxrlll.exe116⤵PID:2372
-
\??\c:\hhtnbb.exec:\hhtnbb.exe117⤵PID:1512
-
\??\c:\jvvpd.exec:\jvvpd.exe118⤵PID:1920
-
\??\c:\dvpvj.exec:\dvpvj.exe119⤵PID:3580
-
\??\c:\rrlflfl.exec:\rrlflfl.exe120⤵PID:2016
-
\??\c:\lrxxffl.exec:\lrxxffl.exe121⤵PID:3596
-
\??\c:\hbbbtn.exec:\hbbbtn.exe122⤵PID:3924
-
\??\c:\bhhtnh.exec:\bhhtnh.exe123⤵PID:3024
-
\??\c:\5vppj.exec:\5vppj.exe124⤵PID:4388
-
\??\c:\xxxfrrf.exec:\xxxfrrf.exe125⤵PID:3352
-
\??\c:\fxfxlfx.exec:\fxfxlfx.exe126⤵PID:1284
-
\??\c:\nhhbhb.exec:\nhhbhb.exe127⤵PID:5052
-
\??\c:\thhbtt.exec:\thhbtt.exe128⤵PID:3712
-
\??\c:\jvvjd.exec:\jvvjd.exe129⤵PID:2616
-
\??\c:\dvpjj.exec:\dvpjj.exe130⤵PID:4836
-
\??\c:\ffxrxlf.exec:\ffxrxlf.exe131⤵PID:4088
-
\??\c:\lfrrxlf.exec:\lfrrxlf.exe132⤵PID:3752
-
\??\c:\bnbhnt.exec:\bnbhnt.exe133⤵PID:2020
-
\??\c:\hnbtnn.exec:\hnbtnn.exe134⤵PID:1104
-
\??\c:\jpjdj.exec:\jpjdj.exe135⤵PID:5060
-
\??\c:\ppjdp.exec:\ppjdp.exe136⤵PID:4184
-
\??\c:\7lflxrf.exec:\7lflxrf.exe137⤵PID:212
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe138⤵PID:2548
-
\??\c:\hbbthb.exec:\hbbthb.exe139⤵PID:4288
-
\??\c:\dpjpd.exec:\dpjpd.exe140⤵PID:3696
-
\??\c:\jvjvp.exec:\jvjvp.exe141⤵PID:952
-
\??\c:\9lfxllf.exec:\9lfxllf.exe142⤵PID:1804
-
\??\c:\lllffrl.exec:\lllffrl.exe143⤵PID:2996
-
\??\c:\bntbbn.exec:\bntbbn.exe144⤵PID:1592
-
\??\c:\nhtnhb.exec:\nhtnhb.exe145⤵PID:992
-
\??\c:\dpvpd.exec:\dpvpd.exe146⤵PID:2500
-
\??\c:\7djjv.exec:\7djjv.exe147⤵PID:4904
-
\??\c:\rfrfrff.exec:\rfrfrff.exe148⤵PID:3256
-
\??\c:\tnnhtt.exec:\tnnhtt.exe149⤵PID:1404
-
\??\c:\hhhbtn.exec:\hhhbtn.exe150⤵PID:3936
-
\??\c:\9pvjd.exec:\9pvjd.exe151⤵PID:2696
-
\??\c:\pjvpv.exec:\pjvpv.exe152⤵PID:1560
-
\??\c:\5rffffl.exec:\5rffffl.exe153⤵PID:2740
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe154⤵PID:4524
-
\??\c:\thnhbb.exec:\thnhbb.exe155⤵PID:2296
-
\??\c:\vjpjd.exec:\vjpjd.exe156⤵PID:4176
-
\??\c:\pjjjj.exec:\pjjjj.exe157⤵PID:2960
-
\??\c:\rxrlxxf.exec:\rxrlxxf.exe158⤵PID:2668
-
\??\c:\xxrrllf.exec:\xxrrllf.exe159⤵PID:4244
-
\??\c:\thttnt.exec:\thttnt.exe160⤵PID:1400
-
\??\c:\jdddv.exec:\jdddv.exe161⤵PID:2392
-
\??\c:\5dpjv.exec:\5dpjv.exe162⤵PID:2332
-
\??\c:\fxfxfrl.exec:\fxfxfrl.exe163⤵PID:744
-
\??\c:\llrlxxr.exec:\llrlxxr.exe164⤵PID:5000
-
\??\c:\9hbthh.exec:\9hbthh.exe165⤵PID:3896
-
\??\c:\3dvvp.exec:\3dvvp.exe166⤵PID:2952
-
\??\c:\jjvvj.exec:\jjvvj.exe167⤵PID:1792
-
\??\c:\9rlxrlf.exec:\9rlxrlf.exe168⤵PID:5092
-
\??\c:\tntnbt.exec:\tntnbt.exe169⤵PID:4116
-
\??\c:\htbhnt.exec:\htbhnt.exe170⤵PID:3376
-
\??\c:\1vpdj.exec:\1vpdj.exe171⤵PID:1300
-
\??\c:\dvpjd.exec:\dvpjd.exe172⤵PID:3144
-
\??\c:\flrlxrl.exec:\flrlxrl.exe173⤵PID:3308
-
\??\c:\xlrllff.exec:\xlrllff.exe174⤵PID:4620
-
\??\c:\hbtnbt.exec:\hbtnbt.exe175⤵PID:4756
-
\??\c:\7hbnhh.exec:\7hbnhh.exe176⤵PID:3544
-
\??\c:\pjdvj.exec:\pjdvj.exe177⤵PID:1420
-
\??\c:\pjvpd.exec:\pjvpd.exe178⤵PID:4796
-
\??\c:\frlfxrf.exec:\frlfxrf.exe179⤵PID:4612
-
\??\c:\3xxrlfx.exec:\3xxrlfx.exe180⤵PID:896
-
\??\c:\bnhbtt.exec:\bnhbtt.exe181⤵PID:1292
-
\??\c:\pdvpj.exec:\pdvpj.exe182⤵PID:4488
-
\??\c:\jddvj.exec:\jddvj.exe183⤵PID:2580
-
\??\c:\rrrfxlf.exec:\rrrfxlf.exe184⤵PID:3092
-
\??\c:\frrxfrx.exec:\frrxfrx.exe185⤵PID:4788
-
\??\c:\hhtnnt.exec:\hhtnnt.exe186⤵PID:2052
-
\??\c:\djpjv.exec:\djpjv.exe187⤵PID:3868
-
\??\c:\pddvv.exec:\pddvv.exe188⤵PID:4252
-
\??\c:\lxlffxf.exec:\lxlffxf.exe189⤵PID:4296
-
\??\c:\hnhthb.exec:\hnhthb.exe190⤵PID:2156
-
\??\c:\bbhhht.exec:\bbhhht.exe191⤵PID:4736
-
\??\c:\ddjdd.exec:\ddjdd.exe192⤵PID:952
-
\??\c:\jddpj.exec:\jddpj.exe193⤵PID:1604
-
\??\c:\xflxlfx.exec:\xflxlfx.exe194⤵PID:2996
-
\??\c:\rxrfxfx.exec:\rxrfxfx.exe195⤵PID:1592
-
\??\c:\9bhbnh.exec:\9bhbnh.exe196⤵PID:1656
-
\??\c:\vvdvp.exec:\vvdvp.exe197⤵PID:2500
-
\??\c:\5jjvj.exec:\5jjvj.exe198⤵PID:1288
-
\??\c:\fxrxxrx.exec:\fxrxxrx.exe199⤵PID:3256
-
\??\c:\1flffff.exec:\1flffff.exe200⤵PID:2368
-
\??\c:\bnnhtn.exec:\bnnhtn.exe201⤵PID:596
-
\??\c:\djjdj.exec:\djjdj.exe202⤵PID:2920
-
\??\c:\pdjdv.exec:\pdjdv.exe203⤵PID:1360
-
\??\c:\rflfrrl.exec:\rflfrrl.exe204⤵PID:1608
-
\??\c:\1rrrlll.exec:\1rrrlll.exe205⤵PID:3356
-
\??\c:\1thhbt.exec:\1thhbt.exe206⤵PID:3608
-
\??\c:\hbhbnn.exec:\hbhbnn.exe207⤵PID:3100
-
\??\c:\vvdvp.exec:\vvdvp.exe208⤵PID:3480
-
\??\c:\ffxrrrr.exec:\ffxrrrr.exe209⤵PID:2856
-
\??\c:\lfllfff.exec:\lfllfff.exe210⤵PID:2464
-
\??\c:\httnnn.exec:\httnnn.exe211⤵PID:2752
-
\??\c:\tntntb.exec:\tntntb.exe212⤵PID:1480
-
\??\c:\vvvdv.exec:\vvvdv.exe213⤵PID:2964
-
\??\c:\dpppv.exec:\dpppv.exe214⤵PID:1624
-
\??\c:\frlfrlf.exec:\frlfrlf.exe215⤵PID:4880
-
\??\c:\nnhbnt.exec:\nnhbnt.exe216⤵PID:1936
-
\??\c:\bhbnhb.exec:\bhbnhb.exe217⤵PID:2388
-
\??\c:\jjvpd.exec:\jjvpd.exe218⤵PID:392
-
\??\c:\flrlfrl.exec:\flrlfrl.exe219⤵PID:1116
-
\??\c:\9nthbb.exec:\9nthbb.exe220⤵PID:1756
-
\??\c:\5pvpd.exec:\5pvpd.exe221⤵PID:3220
-
\??\c:\xrrlxrl.exec:\xrrlxrl.exe222⤵PID:1988
-
\??\c:\tnnhtn.exec:\tnnhtn.exe223⤵PID:3352
-
\??\c:\pdjpd.exec:\pdjpd.exe224⤵PID:3456
-
\??\c:\vjpdv.exec:\vjpdv.exe225⤵PID:4452
-
\??\c:\xffxffl.exec:\xffxffl.exe226⤵PID:4924
-
\??\c:\nnthbn.exec:\nnthbn.exe227⤵PID:64
-
\??\c:\vvvpv.exec:\vvvpv.exe228⤵PID:820
-
\??\c:\vjvdv.exec:\vjvdv.exe229⤵PID:2684
-
\??\c:\pjddv.exec:\pjddv.exe230⤵PID:3912
-
\??\c:\fxfxxfr.exec:\fxfxxfr.exe231⤵PID:5100
-
\??\c:\hntnnn.exec:\hntnnn.exe232⤵PID:2456
-
\??\c:\xxlffll.exec:\xxlffll.exe233⤵PID:940
-
\??\c:\bbhbbb.exec:\bbhbbb.exe234⤵PID:2216
-
\??\c:\9xffxxr.exec:\9xffxxr.exe235⤵PID:2552
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe236⤵PID:2052
-
\??\c:\nhbbnt.exec:\nhbbnt.exe237⤵PID:3868
-
\??\c:\7ppjv.exec:\7ppjv.exe238⤵PID:4252
-
\??\c:\pdjjj.exec:\pdjjj.exe239⤵PID:3788
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe240⤵PID:1600
-
\??\c:\5nhbnn.exec:\5nhbnn.exe241⤵PID:3424
-
\??\c:\hhnhbb.exec:\hhnhbb.exe242⤵PID:3760