Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02-06-2024 01:52
Behavioral task
behavioral1
Sample
200a913179b561f0530675ba579680f0_NeikiAnalytics.exe
Resource
win7-20240220-en
General
-
Target
200a913179b561f0530675ba579680f0_NeikiAnalytics.exe
-
Size
350KB
-
MD5
200a913179b561f0530675ba579680f0
-
SHA1
4a85fe865aee870ba1393b886ed0e878be27d041
-
SHA256
14bdc28a81fc9a410dc8c75ad44a4781264e30f73101910433497b28a698c2a7
-
SHA512
19f29d6813eadab1a04e90a1fbaaddfcc91afa043fa16745986876b16535df6aabb0668e79436ae3204774437bebb36c089c72f225527e72364db92a304dc04c
-
SSDEEP
6144:4cm7ImGddXvJuzyy/SfVFKpU/sien7NuOpo0HmtDKe0wKyKqiOfm8RCfDK4TrHe:+7TcBuGy/Sa+/sie0OpncKe/KFBOfmzG
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/4580-4-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1416-17-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1160-28-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4508-36-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4432-12-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3904-58-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1928-72-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/756-70-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3460-85-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5044-124-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4216-138-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3244-186-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2044-193-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4876-192-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2680-207-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3100-224-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1920-244-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4472-251-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/884-258-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1132-271-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1808-316-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1864-320-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1676-284-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1200-279-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4988-275-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2624-247-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5080-215-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2416-198-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2468-180-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1180-168-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/564-161-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2724-156-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3508-145-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4216-144-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4412-136-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4584-130-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4392-117-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4680-107-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3172-100-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3496-90-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4624-82-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1112-64-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/180-47-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2500-368-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5036-383-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1048-387-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4672-407-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3100-427-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4384-443-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1728-450-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4204-489-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3912-496-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5112-546-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4456-580-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1964-590-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3416-598-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4624-666-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/944-722-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1668-774-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3016-782-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/844-810-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1808-835-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/696-903-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4660-910-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule C:\pjdjj.exe family_berbew \??\c:\vvjpp.exe family_berbew C:\5rrlflf.exe family_berbew \??\c:\htbnhb.exe family_berbew C:\tbhbht.exe family_berbew \??\c:\ddddv.exe family_berbew \??\c:\lrlxrlf.exe family_berbew \??\c:\rllfffx.exe family_berbew \??\c:\3hthtb.exe family_berbew \??\c:\vjjjv.exe family_berbew \??\c:\tnnnhb.exe family_berbew C:\frlxlfx.exe family_berbew C:\nhhhnn.exe family_berbew \??\c:\vppjd.exe family_berbew \??\c:\1xlxfff.exe family_berbew \??\c:\pppdv.exe family_berbew C:\9nhbtn.exe family_berbew \??\c:\pjdpd.exe family_berbew \??\c:\vjpdv.exe family_berbew \??\c:\hhbhbb.exe family_berbew \??\c:\lxlfffx.exe family_berbew \??\c:\bbhhtt.exe family_berbew \??\c:\3ffxrlf.exe family_berbew \??\c:\xrrllff.exe family_berbew \??\c:\xlrlllf.exe family_berbew \??\c:\pdjjd.exe family_berbew \??\c:\btnhnh.exe family_berbew \??\c:\lflfxrl.exe family_berbew \??\c:\vjvjd.exe family_berbew \??\c:\xxlflrr.exe family_berbew \??\c:\jpvpd.exe family_berbew \??\c:\jvdpv.exe family_berbew -
Executes dropped EXE 64 IoCs
Processes:
pjdjj.exevvjpp.exe5rrlflf.exehtbnhb.exetbhbht.exeddddv.exelrlxrlf.exejvdpv.exerllfffx.exe3hthtb.exejpvpd.exevjjjv.exexxlflrr.exetnnnhb.exevjvjd.exefrlxlfx.exelflfxrl.exenhhhnn.exevppjd.exe1xlxfff.exebtnhnh.exepdjjd.exepppdv.exexlrlllf.exe9nhbtn.exepjdpd.exexrrllff.exe3ffxrlf.exebbhhtt.exelxlfffx.exehhbhbb.exevjpdv.exerlrffrx.exehtttnt.exennthtn.exe7dvpj.exe7ffxrll.exethhbnn.exebnnbtn.exeppvjd.exe7pdvj.exelrxlxrf.exexxxrfxl.exehnnbnn.exepppdp.exejdvjd.exelrrrxff.exebbbnhh.exenntnbt.exedvvpd.exejvpdp.exelxffffl.exetbhbtn.exethbnnh.exevjjvd.exevvvpd.exexxrfrlx.exerrxllfl.exettbtbt.exepdvdp.exevpjdp.exefrrfrlf.exeffxlxfr.exehbthtb.exepid process 1036 pjdjj.exe 4432 vvjpp.exe 1416 5rrlflf.exe 1132 htbnhb.exe 1160 tbhbht.exe 4508 ddddv.exe 684 lrlxrlf.exe 180 jvdpv.exe 3904 rllfffx.exe 1112 3hthtb.exe 756 jpvpd.exe 1928 vjjjv.exe 4624 xxlflrr.exe 3460 tnnnhb.exe 3496 vjvjd.exe 3172 frlxlfx.exe 4680 lflfxrl.exe 1632 nhhhnn.exe 4392 vppjd.exe 5044 1xlxfff.exe 4584 btnhnh.exe 4412 pdjjd.exe 4216 pppdv.exe 3508 xlrlllf.exe 1264 9nhbtn.exe 2724 pjdpd.exe 564 xrrllff.exe 1180 3ffxrlf.exe 2468 bbhhtt.exe 3244 lxlfffx.exe 4876 hhbhbb.exe 2044 vjpdv.exe 2416 rlrffrx.exe 1972 htttnt.exe 708 nnthtn.exe 2680 7dvpj.exe 5096 7ffxrll.exe 5080 thhbnn.exe 3704 bnnbtn.exe 4176 ppvjd.exe 3100 7pdvj.exe 652 lrxlxrf.exe 3016 xxxrfxl.exe 2672 hnnbnn.exe 2876 pppdp.exe 1920 jdvjd.exe 2624 lrrrxff.exe 4472 bbbnhh.exe 2292 nntnbt.exe 884 dvvpd.exe 2028 jvpdp.exe 1092 lxffffl.exe 1344 tbhbtn.exe 1132 thbnnh.exe 4988 vjjvd.exe 1200 vvvpd.exe 1676 xxrfrlx.exe 3712 rrxllfl.exe 636 ttbtbt.exe 888 pdvdp.exe 1768 vpjdp.exe 1044 frrfrlf.exe 1872 ffxlxfr.exe 3940 hbthtb.exe -
Processes:
resource yara_rule behavioral2/memory/4580-4-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1416-17-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1160-28-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4508-36-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4432-12-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3904-53-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3904-58-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/756-66-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1928-72-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/756-70-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3460-85-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/5044-124-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4412-131-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4216-138-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2468-174-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3244-186-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2044-193-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4876-192-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2680-207-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3100-224-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3016-231-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1920-244-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4472-251-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/884-258-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1132-271-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1676-280-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1768-294-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1808-316-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1864-320-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1676-284-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1200-279-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4988-275-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2624-247-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/5080-215-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2416-198-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2468-180-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1180-168-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/564-161-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2724-156-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3508-145-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4216-144-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4412-136-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4584-130-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4392-117-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4680-107-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4680-102-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3172-100-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3496-90-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4624-82-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1112-64-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/180-47-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3456-342-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2500-368-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/5036-383-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1048-387-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4660-388-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4672-407-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3100-427-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4384-443-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1728-450-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1968-469-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/980-482-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4204-489-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3912-496-0x0000000000400000-0x000000000042D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
200a913179b561f0530675ba579680f0_NeikiAnalytics.exepjdjj.exevvjpp.exe5rrlflf.exehtbnhb.exetbhbht.exeddddv.exelrlxrlf.exejvdpv.exerllfffx.exe3hthtb.exejpvpd.exevjjjv.exexxlflrr.exetnnnhb.exevjvjd.exefrlxlfx.exelflfxrl.exenhhhnn.exevppjd.exe1xlxfff.exebtnhnh.exedescription pid process target process PID 4580 wrote to memory of 1036 4580 200a913179b561f0530675ba579680f0_NeikiAnalytics.exe pjdjj.exe PID 4580 wrote to memory of 1036 4580 200a913179b561f0530675ba579680f0_NeikiAnalytics.exe pjdjj.exe PID 4580 wrote to memory of 1036 4580 200a913179b561f0530675ba579680f0_NeikiAnalytics.exe pjdjj.exe PID 1036 wrote to memory of 4432 1036 pjdjj.exe vvjpp.exe PID 1036 wrote to memory of 4432 1036 pjdjj.exe vvjpp.exe PID 1036 wrote to memory of 4432 1036 pjdjj.exe vvjpp.exe PID 4432 wrote to memory of 1416 4432 vvjpp.exe 5rrlflf.exe PID 4432 wrote to memory of 1416 4432 vvjpp.exe 5rrlflf.exe PID 4432 wrote to memory of 1416 4432 vvjpp.exe 5rrlflf.exe PID 1416 wrote to memory of 1132 1416 5rrlflf.exe thbnnh.exe PID 1416 wrote to memory of 1132 1416 5rrlflf.exe thbnnh.exe PID 1416 wrote to memory of 1132 1416 5rrlflf.exe thbnnh.exe PID 1132 wrote to memory of 1160 1132 htbnhb.exe tbhbht.exe PID 1132 wrote to memory of 1160 1132 htbnhb.exe tbhbht.exe PID 1132 wrote to memory of 1160 1132 htbnhb.exe tbhbht.exe PID 1160 wrote to memory of 4508 1160 tbhbht.exe ddddv.exe PID 1160 wrote to memory of 4508 1160 tbhbht.exe ddddv.exe PID 1160 wrote to memory of 4508 1160 tbhbht.exe ddddv.exe PID 4508 wrote to memory of 684 4508 ddddv.exe lrlxrlf.exe PID 4508 wrote to memory of 684 4508 ddddv.exe lrlxrlf.exe PID 4508 wrote to memory of 684 4508 ddddv.exe lrlxrlf.exe PID 684 wrote to memory of 180 684 lrlxrlf.exe jvdpv.exe PID 684 wrote to memory of 180 684 lrlxrlf.exe jvdpv.exe PID 684 wrote to memory of 180 684 lrlxrlf.exe jvdpv.exe PID 180 wrote to memory of 3904 180 jvdpv.exe rllfffx.exe PID 180 wrote to memory of 3904 180 jvdpv.exe rllfffx.exe PID 180 wrote to memory of 3904 180 jvdpv.exe rllfffx.exe PID 3904 wrote to memory of 1112 3904 rllfffx.exe 3hthtb.exe PID 3904 wrote to memory of 1112 3904 rllfffx.exe 3hthtb.exe PID 3904 wrote to memory of 1112 3904 rllfffx.exe 3hthtb.exe PID 1112 wrote to memory of 756 1112 3hthtb.exe jpvpd.exe PID 1112 wrote to memory of 756 1112 3hthtb.exe jpvpd.exe PID 1112 wrote to memory of 756 1112 3hthtb.exe jpvpd.exe PID 756 wrote to memory of 1928 756 jpvpd.exe vjjjv.exe PID 756 wrote to memory of 1928 756 jpvpd.exe vjjjv.exe PID 756 wrote to memory of 1928 756 jpvpd.exe vjjjv.exe PID 1928 wrote to memory of 4624 1928 vjjjv.exe xxlflrr.exe PID 1928 wrote to memory of 4624 1928 vjjjv.exe xxlflrr.exe PID 1928 wrote to memory of 4624 1928 vjjjv.exe xxlflrr.exe PID 4624 wrote to memory of 3460 4624 xxlflrr.exe tnnnhb.exe PID 4624 wrote to memory of 3460 4624 xxlflrr.exe tnnnhb.exe PID 4624 wrote to memory of 3460 4624 xxlflrr.exe tnnnhb.exe PID 3460 wrote to memory of 3496 3460 tnnnhb.exe vjvjd.exe PID 3460 wrote to memory of 3496 3460 tnnnhb.exe vjvjd.exe PID 3460 wrote to memory of 3496 3460 tnnnhb.exe vjvjd.exe PID 3496 wrote to memory of 3172 3496 vjvjd.exe frlxlfx.exe PID 3496 wrote to memory of 3172 3496 vjvjd.exe frlxlfx.exe PID 3496 wrote to memory of 3172 3496 vjvjd.exe frlxlfx.exe PID 3172 wrote to memory of 4680 3172 frlxlfx.exe lflfxrl.exe PID 3172 wrote to memory of 4680 3172 frlxlfx.exe lflfxrl.exe PID 3172 wrote to memory of 4680 3172 frlxlfx.exe lflfxrl.exe PID 4680 wrote to memory of 1632 4680 lflfxrl.exe nhhhnn.exe PID 4680 wrote to memory of 1632 4680 lflfxrl.exe nhhhnn.exe PID 4680 wrote to memory of 1632 4680 lflfxrl.exe nhhhnn.exe PID 1632 wrote to memory of 4392 1632 nhhhnn.exe dddjp.exe PID 1632 wrote to memory of 4392 1632 nhhhnn.exe dddjp.exe PID 1632 wrote to memory of 4392 1632 nhhhnn.exe dddjp.exe PID 4392 wrote to memory of 5044 4392 vppjd.exe 1xlxfff.exe PID 4392 wrote to memory of 5044 4392 vppjd.exe 1xlxfff.exe PID 4392 wrote to memory of 5044 4392 vppjd.exe 1xlxfff.exe PID 5044 wrote to memory of 4584 5044 1xlxfff.exe pdjvp.exe PID 5044 wrote to memory of 4584 5044 1xlxfff.exe pdjvp.exe PID 5044 wrote to memory of 4584 5044 1xlxfff.exe pdjvp.exe PID 4584 wrote to memory of 4412 4584 btnhnh.exe pdjjd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\200a913179b561f0530675ba579680f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\200a913179b561f0530675ba579680f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4580 -
\??\c:\pjdjj.exec:\pjdjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1036 -
\??\c:\vvjpp.exec:\vvjpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4432 -
\??\c:\5rrlflf.exec:\5rrlflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1416 -
\??\c:\htbnhb.exec:\htbnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1132 -
\??\c:\tbhbht.exec:\tbhbht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1160 -
\??\c:\ddddv.exec:\ddddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4508 -
\??\c:\lrlxrlf.exec:\lrlxrlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:684 -
\??\c:\jvdpv.exec:\jvdpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:180 -
\??\c:\rllfffx.exec:\rllfffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3904 -
\??\c:\3hthtb.exec:\3hthtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1112 -
\??\c:\jpvpd.exec:\jpvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:756 -
\??\c:\vjjjv.exec:\vjjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1928 -
\??\c:\xxlflrr.exec:\xxlflrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4624 -
\??\c:\tnnnhb.exec:\tnnnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3460 -
\??\c:\vjvjd.exec:\vjvjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3496 -
\??\c:\frlxlfx.exec:\frlxlfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3172 -
\??\c:\lflfxrl.exec:\lflfxrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4680 -
\??\c:\nhhhnn.exec:\nhhhnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1632 -
\??\c:\vppjd.exec:\vppjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4392 -
\??\c:\1xlxfff.exec:\1xlxfff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5044 -
\??\c:\btnhnh.exec:\btnhnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4584 -
\??\c:\pdjjd.exec:\pdjjd.exe23⤵
- Executes dropped EXE
PID:4412 -
\??\c:\pppdv.exec:\pppdv.exe24⤵
- Executes dropped EXE
PID:4216 -
\??\c:\xlrlllf.exec:\xlrlllf.exe25⤵
- Executes dropped EXE
PID:3508 -
\??\c:\9nhbtn.exec:\9nhbtn.exe26⤵
- Executes dropped EXE
PID:1264 -
\??\c:\pjdpd.exec:\pjdpd.exe27⤵
- Executes dropped EXE
PID:2724 -
\??\c:\xrrllff.exec:\xrrllff.exe28⤵
- Executes dropped EXE
PID:564 -
\??\c:\3ffxrlf.exec:\3ffxrlf.exe29⤵
- Executes dropped EXE
PID:1180 -
\??\c:\bbhhtt.exec:\bbhhtt.exe30⤵
- Executes dropped EXE
PID:2468 -
\??\c:\lxlfffx.exec:\lxlfffx.exe31⤵
- Executes dropped EXE
PID:3244 -
\??\c:\hhbhbb.exec:\hhbhbb.exe32⤵
- Executes dropped EXE
PID:4876 -
\??\c:\vjpdv.exec:\vjpdv.exe33⤵
- Executes dropped EXE
PID:2044 -
\??\c:\rlrffrx.exec:\rlrffrx.exe34⤵
- Executes dropped EXE
PID:2416 -
\??\c:\htttnt.exec:\htttnt.exe35⤵
- Executes dropped EXE
PID:1972 -
\??\c:\nnthtn.exec:\nnthtn.exe36⤵
- Executes dropped EXE
PID:708 -
\??\c:\7dvpj.exec:\7dvpj.exe37⤵
- Executes dropped EXE
PID:2680 -
\??\c:\7ffxrll.exec:\7ffxrll.exe38⤵
- Executes dropped EXE
PID:5096 -
\??\c:\thhbnn.exec:\thhbnn.exe39⤵
- Executes dropped EXE
PID:5080 -
\??\c:\bnnbtn.exec:\bnnbtn.exe40⤵
- Executes dropped EXE
PID:3704 -
\??\c:\ppvjd.exec:\ppvjd.exe41⤵
- Executes dropped EXE
PID:4176 -
\??\c:\7pdvj.exec:\7pdvj.exe42⤵
- Executes dropped EXE
PID:3100 -
\??\c:\lrxlxrf.exec:\lrxlxrf.exe43⤵
- Executes dropped EXE
PID:652 -
\??\c:\xxxrfxl.exec:\xxxrfxl.exe44⤵
- Executes dropped EXE
PID:3016 -
\??\c:\hnnbnn.exec:\hnnbnn.exe45⤵
- Executes dropped EXE
PID:2672 -
\??\c:\pppdp.exec:\pppdp.exe46⤵
- Executes dropped EXE
PID:2876 -
\??\c:\jdvjd.exec:\jdvjd.exe47⤵
- Executes dropped EXE
PID:1920 -
\??\c:\lrrrxff.exec:\lrrrxff.exe48⤵
- Executes dropped EXE
PID:2624 -
\??\c:\bbbnhh.exec:\bbbnhh.exe49⤵
- Executes dropped EXE
PID:4472 -
\??\c:\nntnbt.exec:\nntnbt.exe50⤵
- Executes dropped EXE
PID:2292 -
\??\c:\dvvpd.exec:\dvvpd.exe51⤵
- Executes dropped EXE
PID:884 -
\??\c:\jvpdp.exec:\jvpdp.exe52⤵
- Executes dropped EXE
PID:2028 -
\??\c:\lxffffl.exec:\lxffffl.exe53⤵
- Executes dropped EXE
PID:1092 -
\??\c:\tbhbtn.exec:\tbhbtn.exe54⤵
- Executes dropped EXE
PID:1344 -
\??\c:\thbnnh.exec:\thbnnh.exe55⤵
- Executes dropped EXE
PID:1132 -
\??\c:\vjjvd.exec:\vjjvd.exe56⤵
- Executes dropped EXE
PID:4988 -
\??\c:\vvvpd.exec:\vvvpd.exe57⤵
- Executes dropped EXE
PID:1200 -
\??\c:\xxrfrlx.exec:\xxrfrlx.exe58⤵
- Executes dropped EXE
PID:1676 -
\??\c:\rrxllfl.exec:\rrxllfl.exe59⤵
- Executes dropped EXE
PID:3712 -
\??\c:\ttbtbt.exec:\ttbtbt.exe60⤵
- Executes dropped EXE
PID:636 -
\??\c:\pdvdp.exec:\pdvdp.exe61⤵
- Executes dropped EXE
PID:888 -
\??\c:\vpjdp.exec:\vpjdp.exe62⤵
- Executes dropped EXE
PID:1768 -
\??\c:\frrfrlf.exec:\frrfrlf.exe63⤵
- Executes dropped EXE
PID:1044 -
\??\c:\ffxlxfr.exec:\ffxlxfr.exe64⤵
- Executes dropped EXE
PID:1872 -
\??\c:\hbthtb.exec:\hbthtb.exe65⤵
- Executes dropped EXE
PID:3940 -
\??\c:\bnbnbt.exec:\bnbnbt.exe66⤵PID:4492
-
\??\c:\vvdpd.exec:\vvdpd.exe67⤵PID:1988
-
\??\c:\pjjvj.exec:\pjjvj.exe68⤵PID:1808
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe69⤵PID:4696
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe70⤵PID:1864
-
\??\c:\htnbtn.exec:\htnbtn.exe71⤵PID:4048
-
\??\c:\pdjjv.exec:\pdjjv.exe72⤵PID:3200
-
\??\c:\vdjvj.exec:\vdjvj.exe73⤵PID:1684
-
\??\c:\3llxrfr.exec:\3llxrfr.exe74⤵PID:5068
-
\??\c:\htthhb.exec:\htthhb.exe75⤵PID:2004
-
\??\c:\dddjp.exec:\dddjp.exe76⤵PID:4392
-
\??\c:\1jpdd.exec:\1jpdd.exe77⤵PID:3456
-
\??\c:\pdjvp.exec:\pdjvp.exe78⤵PID:4584
-
\??\c:\xlfrfrl.exec:\xlfrfrl.exe79⤵PID:2348
-
\??\c:\nhhntt.exec:\nhhntt.exe80⤵PID:2664
-
\??\c:\bttnbt.exec:\bttnbt.exe81⤵PID:3528
-
\??\c:\vjdpd.exec:\vjdpd.exe82⤵PID:1552
-
\??\c:\rllfxxl.exec:\rllfxxl.exe83⤵PID:4532
-
\??\c:\bhthtn.exec:\bhthtn.exe84⤵PID:3520
-
\??\c:\httbbh.exec:\httbbh.exe85⤵PID:2500
-
\??\c:\vddvp.exec:\vddvp.exe86⤵PID:640
-
\??\c:\3rxxxxl.exec:\3rxxxxl.exe87⤵PID:868
-
\??\c:\thnbtn.exec:\thnbtn.exe88⤵PID:1240
-
\??\c:\9dvjd.exec:\9dvjd.exe89⤵PID:5036
-
\??\c:\9xfrllf.exec:\9xfrllf.exe90⤵PID:1048
-
\??\c:\hnhthn.exec:\hnhthn.exe91⤵PID:4660
-
\??\c:\bhhbnn.exec:\bhhbnn.exe92⤵PID:2060
-
\??\c:\lxlxxrr.exec:\lxlxxrr.exe93⤵PID:3208
-
\??\c:\pvdjv.exec:\pvdjv.exe94⤵PID:1476
-
\??\c:\lffxrrl.exec:\lffxrrl.exe95⤵PID:2916
-
\??\c:\dvjdv.exec:\dvjdv.exe96⤵PID:4672
-
\??\c:\tnttnb.exec:\tnttnb.exe97⤵PID:2680
-
\??\c:\pdvjv.exec:\pdvjv.exe98⤵PID:5000
-
\??\c:\7jvpp.exec:\7jvpp.exe99⤵PID:3784
-
\??\c:\hhnbth.exec:\hhnbth.exe100⤵PID:5024
-
\??\c:\hnnhbn.exec:\hnnhbn.exe101⤵PID:2956
-
\??\c:\lrxlxlx.exec:\lrxlxlx.exe102⤵PID:4176
-
\??\c:\bntbnh.exec:\bntbnh.exe103⤵PID:3100
-
\??\c:\ddpdv.exec:\ddpdv.exe104⤵PID:2728
-
\??\c:\xxlfrlr.exec:\xxlfrlr.exe105⤵PID:3016
-
\??\c:\jjjjj.exec:\jjjjj.exe106⤵PID:224
-
\??\c:\xrfxxll.exec:\xrfxxll.exe107⤵PID:2644
-
\??\c:\ntbbtt.exec:\ntbbtt.exe108⤵PID:212
-
\??\c:\jpvpj.exec:\jpvpj.exe109⤵PID:4384
-
\??\c:\rxfrxll.exec:\rxfrxll.exe110⤵PID:1728
-
\??\c:\xflfrrf.exec:\xflfrrf.exe111⤵PID:1036
-
\??\c:\bbtnhh.exec:\bbtnhh.exe112⤵PID:1080
-
\??\c:\tthhnn.exec:\tthhnn.exe113⤵PID:400
-
\??\c:\jdvpj.exec:\jdvpj.exe114⤵PID:2492
-
\??\c:\lffxxrr.exec:\lffxxrr.exe115⤵PID:4860
-
\??\c:\frrlxxl.exec:\frrlxxl.exe116⤵PID:1200
-
\??\c:\bnnnhb.exec:\bnnnhb.exe117⤵PID:1968
-
\??\c:\9ddvp.exec:\9ddvp.exe118⤵PID:888
-
\??\c:\dvpjd.exec:\dvpjd.exe119⤵PID:3700
-
\??\c:\xxrxxll.exec:\xxrxxll.exe120⤵PID:4124
-
\??\c:\3thbbb.exec:\3thbbb.exe121⤵PID:980
-
\??\c:\lxllffx.exec:\lxllffx.exe122⤵PID:4204
-
\??\c:\rrrrllf.exec:\rrrrllf.exe123⤵PID:4108
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe124⤵PID:3912
-
\??\c:\bntnhh.exec:\bntnhh.exe125⤵PID:2384
-
\??\c:\1dpjj.exec:\1dpjj.exe126⤵PID:3496
-
\??\c:\rlrrllf.exec:\rlrrllf.exe127⤵PID:3172
-
\??\c:\xrxrlfr.exec:\xrxrlfr.exe128⤵PID:1512
-
\??\c:\3bttnn.exec:\3bttnn.exe129⤵PID:2984
-
\??\c:\dvdvp.exec:\dvdvp.exe130⤵PID:4452
-
\??\c:\vdjdd.exec:\vdjdd.exe131⤵PID:5060
-
\??\c:\5fxxrrr.exec:\5fxxrrr.exe132⤵PID:3336
-
\??\c:\hbtnhh.exec:\hbtnhh.exe133⤵PID:3068
-
\??\c:\thnhtb.exec:\thnhtb.exe134⤵PID:4188
-
\??\c:\ppdvd.exec:\ppdvd.exe135⤵PID:700
-
\??\c:\9vdvd.exec:\9vdvd.exe136⤵PID:3372
-
\??\c:\llxrffx.exec:\llxrffx.exe137⤵PID:4928
-
\??\c:\tntnhh.exec:\tntnhh.exe138⤵PID:1832
-
\??\c:\vjpdv.exec:\vjpdv.exe139⤵PID:4512
-
\??\c:\vppdv.exec:\vppdv.exe140⤵PID:5112
-
\??\c:\llrfxfx.exec:\llrfxfx.exe141⤵PID:2500
-
\??\c:\hbhbbt.exec:\hbhbbt.exe142⤵PID:1396
-
\??\c:\vjppd.exec:\vjppd.exe143⤵PID:696
-
\??\c:\djpjd.exec:\djpjd.exe144⤵PID:2468
-
\??\c:\ffrlxxr.exec:\ffrlxxr.exe145⤵PID:5036
-
\??\c:\frxrllf.exec:\frxrllf.exe146⤵PID:1272
-
\??\c:\tbbbhn.exec:\tbbbhn.exe147⤵PID:1108
-
\??\c:\pdjdv.exec:\pdjdv.exe148⤵PID:4956
-
\??\c:\5vdvj.exec:\5vdvj.exe149⤵PID:908
-
\??\c:\fllllxx.exec:\fllllxx.exe150⤵PID:4536
-
\??\c:\ntbhnh.exec:\ntbhnh.exe151⤵PID:4456
-
\??\c:\nhnntn.exec:\nhnntn.exe152⤵PID:2332
-
\??\c:\jdpjd.exec:\jdpjd.exe153⤵PID:4912
-
\??\c:\fllfrrr.exec:\fllfrrr.exe154⤵PID:4348
-
\??\c:\btbbtn.exec:\btbbtn.exe155⤵PID:1964
-
\??\c:\hntnbb.exec:\hntnbb.exe156⤵PID:3416
-
\??\c:\djdpj.exec:\djdpj.exe157⤵PID:2304
-
\??\c:\pjjdv.exec:\pjjdv.exe158⤵PID:3220
-
\??\c:\rlxrrlr.exec:\rlxrrlr.exe159⤵PID:4632
-
\??\c:\lrlrlfx.exec:\lrlrlfx.exe160⤵PID:208
-
\??\c:\hbhhbb.exec:\hbhhbb.exe161⤵PID:4480
-
\??\c:\nnbthh.exec:\nnbthh.exe162⤵PID:2968
-
\??\c:\pjddp.exec:\pjddp.exe163⤵PID:2236
-
\??\c:\xrlffrl.exec:\xrlffrl.exe164⤵PID:212
-
\??\c:\btthbb.exec:\btthbb.exe165⤵PID:4960
-
\??\c:\tnnhtt.exec:\tnnhtt.exe166⤵PID:1456
-
\??\c:\vpjjj.exec:\vpjjj.exe167⤵PID:4168
-
\??\c:\vppvp.exec:\vppvp.exe168⤵PID:1344
-
\??\c:\llrlffl.exec:\llrlffl.exe169⤵PID:400
-
\??\c:\thhhbn.exec:\thhhbn.exe170⤵PID:4988
-
\??\c:\httnbb.exec:\httnbb.exe171⤵PID:4652
-
\??\c:\vppjd.exec:\vppjd.exe172⤵PID:1200
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe173⤵PID:3920
-
\??\c:\7xxrrrr.exec:\7xxrrrr.exe174⤵PID:4732
-
\??\c:\hhnnnn.exec:\hhnnnn.exe175⤵PID:452
-
\??\c:\jpjpd.exec:\jpjpd.exe176⤵PID:4460
-
\??\c:\pjppv.exec:\pjppv.exe177⤵PID:3140
-
\??\c:\rffxrrr.exec:\rffxrrr.exe178⤵PID:4624
-
\??\c:\thbhbn.exec:\thbhbn.exe179⤵PID:1504
-
\??\c:\hntbtn.exec:\hntbtn.exe180⤵PID:3968
-
\??\c:\dvvpp.exec:\dvvpp.exe181⤵PID:1792
-
\??\c:\dddpj.exec:\dddpj.exe182⤵PID:4908
-
\??\c:\fxxrffx.exec:\fxxrffx.exe183⤵PID:3872
-
\??\c:\hhnhht.exec:\hhnhht.exe184⤵PID:3216
-
\??\c:\thnhbb.exec:\thnhbb.exe185⤵PID:4084
-
\??\c:\5ddvp.exec:\5ddvp.exe186⤵PID:2264
-
\??\c:\vvdpj.exec:\vvdpj.exe187⤵PID:3396
-
\??\c:\lffxlfl.exec:\lffxlfl.exe188⤵PID:1908
-
\??\c:\bttttn.exec:\bttttn.exe189⤵PID:4584
-
\??\c:\nnbbhb.exec:\nnbbhb.exe190⤵PID:3676
-
\??\c:\5vddp.exec:\5vddp.exe191⤵PID:2348
-
\??\c:\9fllxxf.exec:\9fllxxf.exe192⤵PID:4588
-
\??\c:\fllflll.exec:\fllflll.exe193⤵PID:1552
-
\??\c:\bnthbb.exec:\bnthbb.exe194⤵PID:816
-
\??\c:\bttnnh.exec:\bttnnh.exe195⤵PID:3428
-
\??\c:\vdjdp.exec:\vdjdp.exe196⤵PID:2240
-
\??\c:\rrfxffl.exec:\rrfxffl.exe197⤵PID:944
-
\??\c:\xrfflff.exec:\xrfflff.exe198⤵PID:3468
-
\??\c:\nbtnbh.exec:\nbtnbh.exe199⤵PID:952
-
\??\c:\jdpdj.exec:\jdpdj.exe200⤵PID:3160
-
\??\c:\xxlfffl.exec:\xxlfffl.exe201⤵PID:2912
-
\??\c:\xffxrlf.exec:\xffxrlf.exe202⤵PID:1836
-
\??\c:\thhbtt.exec:\thhbtt.exe203⤵PID:3376
-
\??\c:\bbbtnh.exec:\bbbtnh.exe204⤵PID:2416
-
\??\c:\djjpj.exec:\djjpj.exe205⤵PID:2480
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe206⤵PID:1476
-
\??\c:\llrlxxr.exec:\llrlxxr.exe207⤵PID:708
-
\??\c:\btttnn.exec:\btttnn.exe208⤵PID:4672
-
\??\c:\bttnhh.exec:\bttnhh.exe209⤵PID:1620
-
\??\c:\vpppj.exec:\vpppj.exe210⤵PID:4912
-
\??\c:\vjpjv.exec:\vjpjv.exe211⤵PID:2140
-
\??\c:\9llfxrr.exec:\9llfxrr.exe212⤵PID:2084
-
\??\c:\fxllrlr.exec:\fxllrlr.exe213⤵PID:1668
-
\??\c:\3hnbtt.exec:\3hnbtt.exe214⤵PID:3620
-
\??\c:\tttnbb.exec:\tttnbb.exe215⤵PID:2728
-
\??\c:\pjjdv.exec:\pjjdv.exe216⤵PID:3016
-
\??\c:\9xffxxx.exec:\9xffxxx.exe217⤵PID:2900
-
\??\c:\tbhhbb.exec:\tbhhbb.exe218⤵PID:3412
-
\??\c:\tthbnb.exec:\tthbnb.exe219⤵PID:4432
-
\??\c:\1ddvv.exec:\1ddvv.exe220⤵PID:1176
-
\??\c:\rffxllf.exec:\rffxllf.exe221⤵PID:884
-
\??\c:\tthhnn.exec:\tthhnn.exe222⤵PID:1312
-
\??\c:\nnbhbb.exec:\nnbhbb.exe223⤵PID:4944
-
\??\c:\ppvvp.exec:\ppvvp.exe224⤵PID:844
-
\??\c:\lfrlllr.exec:\lfrlllr.exe225⤵PID:3512
-
\??\c:\rxfrrrl.exec:\rxfrrrl.exe226⤵PID:928
-
\??\c:\bnthbb.exec:\bnthbb.exe227⤵PID:4676
-
\??\c:\vdpvd.exec:\vdpvd.exe228⤵PID:1032
-
\??\c:\vjpvp.exec:\vjpvp.exe229⤵PID:396
-
\??\c:\xxlflfl.exec:\xxlflfl.exe230⤵PID:2388
-
\??\c:\9hntnt.exec:\9hntnt.exe231⤵PID:5032
-
\??\c:\tbtthh.exec:\tbtthh.exe232⤵PID:4492
-
\??\c:\dvjdv.exec:\dvjdv.exe233⤵PID:1808
-
\??\c:\ppvpp.exec:\ppvpp.exe234⤵PID:3640
-
\??\c:\xxfxxrx.exec:\xxfxxrx.exe235⤵PID:3096
-
\??\c:\hbtnhb.exec:\hbtnhb.exe236⤵PID:3496
-
\??\c:\htbnhb.exec:\htbnhb.exe237⤵PID:3200
-
\??\c:\jdjjv.exec:\jdjjv.exe238⤵PID:1684
-
\??\c:\rxffxxr.exec:\rxffxxr.exe239⤵PID:1512
-
\??\c:\bhnhbt.exec:\bhnhbt.exe240⤵PID:2984
-
\??\c:\nbhhbt.exec:\nbhhbt.exe241⤵PID:5044
-
\??\c:\1dpjp.exec:\1dpjp.exe242⤵PID:4044