Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02-06-2024 02:20
Behavioral task
behavioral1
Sample
249c95da8259543fa1fcf705fcd1bbb0_NeikiAnalytics.exe
Resource
win7-20231129-en
General
-
Target
249c95da8259543fa1fcf705fcd1bbb0_NeikiAnalytics.exe
-
Size
211KB
-
MD5
249c95da8259543fa1fcf705fcd1bbb0
-
SHA1
d2a1d53996bf02d06c0f4aff5b58739b0d2c47a4
-
SHA256
285e498eb387dfbdc32ea83f4c2530545be94277522b4c37030cd330b73c25e6
-
SHA512
64e041c0c2f3b71f8b5ce797348eae6039105590d12091f7d692c17be3d93f2bc2737bc42fa02eabc84cdaaa407d6364821fe1214f702dc7dc1368484b632b6f
-
SSDEEP
6144:Hcm4FmowdHoSrXZf8l/ubPzYNLPf4t+lg:V4wFHoSBK/ubLcfC
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/3548-5-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1584-7-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2884-13-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2588-34-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1220-28-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2312-25-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3100-39-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4288-44-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/984-52-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4740-55-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/836-68-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1516-69-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4424-77-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/412-83-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1372-89-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1748-96-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3456-101-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2436-117-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/5004-123-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1700-134-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4992-137-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4008-143-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4148-151-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2512-159-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2116-165-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4948-174-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2000-182-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2688-189-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3344-196-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2980-197-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4560-206-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3568-213-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3348-228-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2816-232-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3676-241-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/600-248-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/684-252-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3972-276-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2436-294-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3096-299-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2032-325-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4904-336-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2020-344-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1776-348-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4876-362-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4560-368-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3164-373-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1216-388-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3348-392-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2908-399-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2472-406-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4184-462-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4008-468-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2020-494-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3432-528-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3432-531-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1636-535-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4148-603-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3960-631-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/840-669-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1320-802-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2516-932-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1392-948-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1448-999-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule behavioral2/memory/3548-0-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\btnhht.exe family_berbew behavioral2/memory/3548-5-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/1584-7-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\vvjpv.exe family_berbew behavioral2/memory/2884-13-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\3frfxxr.exe family_berbew C:\dvdjp.exe family_berbew \??\c:\jjvvv.exe family_berbew behavioral2/memory/2588-34-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/1220-28-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/2312-25-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\hhnhtt.exe family_berbew behavioral2/memory/1220-20-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/3100-39-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\5flllrl.exe family_berbew behavioral2/memory/4288-44-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\thtbth.exe family_berbew behavioral2/memory/984-52-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/4740-55-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\xxrrlll.exe family_berbew \??\c:\9xrxrfl.exe family_berbew \??\c:\ppvvd.exe family_berbew behavioral2/memory/836-68-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\nhnhbt.exe family_berbew behavioral2/memory/1516-69-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/4424-77-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\ttbbhh.exe family_berbew C:\xlxxffl.exe family_berbew behavioral2/memory/412-83-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\vvjjp.exe family_berbew behavioral2/memory/1372-89-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\hhthtn.exe family_berbew behavioral2/memory/1748-96-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\jjjjj.exe family_berbew behavioral2/memory/3456-101-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\fxxxfrl.exe family_berbew \??\c:\jpjjd.exe family_berbew C:\hhhnnn.exe family_berbew behavioral2/memory/2436-117-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\vjdvp.exe family_berbew behavioral2/memory/5004-123-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\bbhhnh.exe family_berbew C:\jvvdp.exe family_berbew behavioral2/memory/1700-134-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/4992-137-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\flfrfrf.exe family_berbew behavioral2/memory/4008-143-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\rrlxflr.exe family_berbew C:\dpvdj.exe family_berbew behavioral2/memory/4148-151-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\xlxxrll.exe family_berbew behavioral2/memory/2512-159-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\tthnht.exe family_berbew behavioral2/memory/2116-165-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew \??\c:\7vvvp.exe family_berbew \??\c:\bnttnn.exe family_berbew behavioral2/memory/4948-174-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\httnnn.exe family_berbew behavioral2/memory/2000-182-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew C:\jvpjd.exe family_berbew behavioral2/memory/2688-189-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/3344-196-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew behavioral2/memory/2980-197-0x0000000000400000-0x0000000000434000-memory.dmp family_berbew -
Executes dropped EXE 64 IoCs
Processes:
btnhht.exevvjpv.exe3frfxxr.exehhnhtt.exedvdjp.exejjvvv.exe5flllrl.exethtbth.exeppvvd.exexxrrlll.exe9xrxrfl.exenhnhbt.exettbbhh.exexlxxffl.exevvjjp.exehhthtn.exejjjjj.exefxxxfrl.exejpjjd.exehhhnnn.exevjdvp.exebbhhnh.exejvvdp.exeflfrfrf.exerrlxflr.exedpvdj.exexlxxrll.exetthnht.exe7vvvp.exebnttnn.exehttnnn.exejvpjd.exerxxfrrl.exebnntbt.exejjvdj.exedvjjd.exefxlfffx.exepdpjj.exerxrlxxl.exebbtttt.exepvjvd.exelxfxrxx.exehtthnn.exe5ntbtn.exe3vdjd.exexrrfxxf.exe7nhtnh.exeddvjp.exexrxllxl.exerflffff.exetntttn.exepdddd.exellfflrx.exebnttbh.exepvjdd.exeffxrxll.exellllfxf.exebbtttb.exepppjd.exedjppp.exerxxlfxr.exetttntn.exehhbbhh.exepjvpj.exepid process 1584 btnhht.exe 2884 vvjpv.exe 1220 3frfxxr.exe 2312 hhnhtt.exe 2588 dvdjp.exe 3100 jjvvv.exe 4288 5flllrl.exe 984 thtbth.exe 4740 ppvvd.exe 836 xxrrlll.exe 1516 9xrxrfl.exe 4424 nhnhbt.exe 412 ttbbhh.exe 1372 xlxxffl.exe 1748 vvjjp.exe 3456 hhthtn.exe 5072 jjjjj.exe 2508 fxxxfrl.exe 2436 jpjjd.exe 5004 hhhnnn.exe 5104 vjdvp.exe 1700 bbhhnh.exe 4992 jvvdp.exe 4008 flfrfrf.exe 4148 rrlxflr.exe 2736 dpvdj.exe 2512 xlxxrll.exe 2116 tthnht.exe 4948 7vvvp.exe 1612 bnttnn.exe 2000 httnnn.exe 2688 jvpjd.exe 3344 rxxfrrl.exe 2980 bnntbt.exe 4736 jjvdj.exe 4560 dvjjd.exe 4428 fxlfffx.exe 3568 pdpjj.exe 1936 rxrlxxl.exe 2432 bbtttt.exe 2456 pvjvd.exe 2708 lxfxrxx.exe 3348 htthnn.exe 2816 5ntbtn.exe 2908 3vdjd.exe 3676 xrrfxxf.exe 1984 7nhtnh.exe 600 ddvjp.exe 684 xrxllxl.exe 3300 rflffff.exe 2064 tntttn.exe 2292 pdddd.exe 4388 llfflrx.exe 2352 bnttbh.exe 4628 pvjdd.exe 1372 ffxrxll.exe 3972 llllfxf.exe 1344 bbtttb.exe 764 pppjd.exe 2380 djppp.exe 2316 rxxlfxr.exe 2436 tttntn.exe 3096 hhbbhh.exe 4980 pjvpj.exe -
Processes:
resource yara_rule behavioral2/memory/3548-0-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\btnhht.exe upx behavioral2/memory/3548-5-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/1584-7-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\vvjpv.exe upx behavioral2/memory/2884-13-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\3frfxxr.exe upx C:\dvdjp.exe upx \??\c:\jjvvv.exe upx behavioral2/memory/2588-34-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/1220-28-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/2312-25-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\hhnhtt.exe upx behavioral2/memory/1220-20-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/3100-39-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\5flllrl.exe upx behavioral2/memory/4288-44-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\thtbth.exe upx behavioral2/memory/984-52-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4740-55-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\xxrrlll.exe upx \??\c:\9xrxrfl.exe upx \??\c:\ppvvd.exe upx behavioral2/memory/836-68-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\nhnhbt.exe upx behavioral2/memory/1516-69-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4424-77-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\ttbbhh.exe upx C:\xlxxffl.exe upx behavioral2/memory/412-83-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\vvjjp.exe upx behavioral2/memory/1372-89-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\hhthtn.exe upx behavioral2/memory/1748-96-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\jjjjj.exe upx behavioral2/memory/3456-101-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\fxxxfrl.exe upx \??\c:\jpjjd.exe upx C:\hhhnnn.exe upx behavioral2/memory/2436-117-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\vjdvp.exe upx behavioral2/memory/5004-123-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\bbhhnh.exe upx C:\jvvdp.exe upx behavioral2/memory/1700-134-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4992-137-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\flfrfrf.exe upx behavioral2/memory/4008-143-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\rrlxflr.exe upx C:\dpvdj.exe upx behavioral2/memory/4148-151-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\xlxxrll.exe upx behavioral2/memory/2512-159-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\tthnht.exe upx behavioral2/memory/2116-165-0x0000000000400000-0x0000000000434000-memory.dmp upx \??\c:\7vvvp.exe upx \??\c:\bnttnn.exe upx behavioral2/memory/4948-174-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\httnnn.exe upx behavioral2/memory/2000-182-0x0000000000400000-0x0000000000434000-memory.dmp upx C:\jvpjd.exe upx behavioral2/memory/2688-189-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/3344-196-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/2980-197-0x0000000000400000-0x0000000000434000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
249c95da8259543fa1fcf705fcd1bbb0_NeikiAnalytics.exebtnhht.exevvjpv.exe3frfxxr.exehhnhtt.exedvdjp.exejjvvv.exe5flllrl.exethtbth.exeppvvd.exexxrrlll.exe9xrxrfl.exenhnhbt.exettbbhh.exexlxxffl.exevvjjp.exehhthtn.exejjjjj.exefxxxfrl.exejpjjd.exehhhnnn.exevjdvp.exedescription pid process target process PID 3548 wrote to memory of 1584 3548 249c95da8259543fa1fcf705fcd1bbb0_NeikiAnalytics.exe btnhht.exe PID 3548 wrote to memory of 1584 3548 249c95da8259543fa1fcf705fcd1bbb0_NeikiAnalytics.exe btnhht.exe PID 3548 wrote to memory of 1584 3548 249c95da8259543fa1fcf705fcd1bbb0_NeikiAnalytics.exe btnhht.exe PID 1584 wrote to memory of 2884 1584 btnhht.exe vvjpv.exe PID 1584 wrote to memory of 2884 1584 btnhht.exe vvjpv.exe PID 1584 wrote to memory of 2884 1584 btnhht.exe vvjpv.exe PID 2884 wrote to memory of 1220 2884 vvjpv.exe 3frfxxr.exe PID 2884 wrote to memory of 1220 2884 vvjpv.exe 3frfxxr.exe PID 2884 wrote to memory of 1220 2884 vvjpv.exe 3frfxxr.exe PID 1220 wrote to memory of 2312 1220 3frfxxr.exe hhnhtt.exe PID 1220 wrote to memory of 2312 1220 3frfxxr.exe hhnhtt.exe PID 1220 wrote to memory of 2312 1220 3frfxxr.exe hhnhtt.exe PID 2312 wrote to memory of 2588 2312 hhnhtt.exe dvdjp.exe PID 2312 wrote to memory of 2588 2312 hhnhtt.exe dvdjp.exe PID 2312 wrote to memory of 2588 2312 hhnhtt.exe dvdjp.exe PID 2588 wrote to memory of 3100 2588 dvdjp.exe jjvvv.exe PID 2588 wrote to memory of 3100 2588 dvdjp.exe jjvvv.exe PID 2588 wrote to memory of 3100 2588 dvdjp.exe jjvvv.exe PID 3100 wrote to memory of 4288 3100 jjvvv.exe 5flllrl.exe PID 3100 wrote to memory of 4288 3100 jjvvv.exe 5flllrl.exe PID 3100 wrote to memory of 4288 3100 jjvvv.exe 5flllrl.exe PID 4288 wrote to memory of 984 4288 5flllrl.exe thtbth.exe PID 4288 wrote to memory of 984 4288 5flllrl.exe thtbth.exe PID 4288 wrote to memory of 984 4288 5flllrl.exe thtbth.exe PID 984 wrote to memory of 4740 984 thtbth.exe ppvvd.exe PID 984 wrote to memory of 4740 984 thtbth.exe ppvvd.exe PID 984 wrote to memory of 4740 984 thtbth.exe ppvvd.exe PID 4740 wrote to memory of 836 4740 ppvvd.exe xxrrlll.exe PID 4740 wrote to memory of 836 4740 ppvvd.exe xxrrlll.exe PID 4740 wrote to memory of 836 4740 ppvvd.exe xxrrlll.exe PID 836 wrote to memory of 1516 836 xxrrlll.exe 9xrxrfl.exe PID 836 wrote to memory of 1516 836 xxrrlll.exe 9xrxrfl.exe PID 836 wrote to memory of 1516 836 xxrrlll.exe 9xrxrfl.exe PID 1516 wrote to memory of 4424 1516 9xrxrfl.exe nhnhbt.exe PID 1516 wrote to memory of 4424 1516 9xrxrfl.exe nhnhbt.exe PID 1516 wrote to memory of 4424 1516 9xrxrfl.exe nhnhbt.exe PID 4424 wrote to memory of 412 4424 nhnhbt.exe ttbbhh.exe PID 4424 wrote to memory of 412 4424 nhnhbt.exe ttbbhh.exe PID 4424 wrote to memory of 412 4424 nhnhbt.exe ttbbhh.exe PID 412 wrote to memory of 1372 412 ttbbhh.exe xlxxffl.exe PID 412 wrote to memory of 1372 412 ttbbhh.exe xlxxffl.exe PID 412 wrote to memory of 1372 412 ttbbhh.exe xlxxffl.exe PID 1372 wrote to memory of 1748 1372 xlxxffl.exe vvjjp.exe PID 1372 wrote to memory of 1748 1372 xlxxffl.exe vvjjp.exe PID 1372 wrote to memory of 1748 1372 xlxxffl.exe vvjjp.exe PID 1748 wrote to memory of 3456 1748 vvjjp.exe hhthtn.exe PID 1748 wrote to memory of 3456 1748 vvjjp.exe hhthtn.exe PID 1748 wrote to memory of 3456 1748 vvjjp.exe hhthtn.exe PID 3456 wrote to memory of 5072 3456 hhthtn.exe jjjjj.exe PID 3456 wrote to memory of 5072 3456 hhthtn.exe jjjjj.exe PID 3456 wrote to memory of 5072 3456 hhthtn.exe jjjjj.exe PID 5072 wrote to memory of 2508 5072 jjjjj.exe fxxxfrl.exe PID 5072 wrote to memory of 2508 5072 jjjjj.exe fxxxfrl.exe PID 5072 wrote to memory of 2508 5072 jjjjj.exe fxxxfrl.exe PID 2508 wrote to memory of 2436 2508 fxxxfrl.exe jpjjd.exe PID 2508 wrote to memory of 2436 2508 fxxxfrl.exe jpjjd.exe PID 2508 wrote to memory of 2436 2508 fxxxfrl.exe jpjjd.exe PID 2436 wrote to memory of 5004 2436 jpjjd.exe hhhnnn.exe PID 2436 wrote to memory of 5004 2436 jpjjd.exe hhhnnn.exe PID 2436 wrote to memory of 5004 2436 jpjjd.exe hhhnnn.exe PID 5004 wrote to memory of 5104 5004 hhhnnn.exe vjdvp.exe PID 5004 wrote to memory of 5104 5004 hhhnnn.exe vjdvp.exe PID 5004 wrote to memory of 5104 5004 hhhnnn.exe vjdvp.exe PID 5104 wrote to memory of 1700 5104 vjdvp.exe bbhhnh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\249c95da8259543fa1fcf705fcd1bbb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\249c95da8259543fa1fcf705fcd1bbb0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3548 -
\??\c:\btnhht.exec:\btnhht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\vvjpv.exec:\vvjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2884 -
\??\c:\3frfxxr.exec:\3frfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1220 -
\??\c:\hhnhtt.exec:\hhnhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312 -
\??\c:\dvdjp.exec:\dvdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2588 -
\??\c:\jjvvv.exec:\jjvvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3100 -
\??\c:\5flllrl.exec:\5flllrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4288 -
\??\c:\thtbth.exec:\thtbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:984 -
\??\c:\ppvvd.exec:\ppvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4740 -
\??\c:\xxrrlll.exec:\xxrrlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:836 -
\??\c:\9xrxrfl.exec:\9xrxrfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1516 -
\??\c:\nhnhbt.exec:\nhnhbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4424 -
\??\c:\ttbbhh.exec:\ttbbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:412 -
\??\c:\xlxxffl.exec:\xlxxffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1372 -
\??\c:\vvjjp.exec:\vvjjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1748 -
\??\c:\hhthtn.exec:\hhthtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3456 -
\??\c:\jjjjj.exec:\jjjjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5072 -
\??\c:\fxxxfrl.exec:\fxxxfrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\jpjjd.exec:\jpjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\hhhnnn.exec:\hhhnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5004 -
\??\c:\vjdvp.exec:\vjdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5104 -
\??\c:\bbhhnh.exec:\bbhhnh.exe23⤵
- Executes dropped EXE
PID:1700 -
\??\c:\jvvdp.exec:\jvvdp.exe24⤵
- Executes dropped EXE
PID:4992 -
\??\c:\flfrfrf.exec:\flfrfrf.exe25⤵
- Executes dropped EXE
PID:4008 -
\??\c:\rrlxflr.exec:\rrlxflr.exe26⤵
- Executes dropped EXE
PID:4148 -
\??\c:\dpvdj.exec:\dpvdj.exe27⤵
- Executes dropped EXE
PID:2736 -
\??\c:\xlxxrll.exec:\xlxxrll.exe28⤵
- Executes dropped EXE
PID:2512 -
\??\c:\tthnht.exec:\tthnht.exe29⤵
- Executes dropped EXE
PID:2116 -
\??\c:\7vvvp.exec:\7vvvp.exe30⤵
- Executes dropped EXE
PID:4948 -
\??\c:\bnttnn.exec:\bnttnn.exe31⤵
- Executes dropped EXE
PID:1612 -
\??\c:\httnnn.exec:\httnnn.exe32⤵
- Executes dropped EXE
PID:2000 -
\??\c:\jvpjd.exec:\jvpjd.exe33⤵
- Executes dropped EXE
PID:2688 -
\??\c:\rxxfrrl.exec:\rxxfrrl.exe34⤵
- Executes dropped EXE
PID:3344 -
\??\c:\bnntbt.exec:\bnntbt.exe35⤵
- Executes dropped EXE
PID:2980 -
\??\c:\jjvdj.exec:\jjvdj.exe36⤵
- Executes dropped EXE
PID:4736 -
\??\c:\dvjjd.exec:\dvjjd.exe37⤵
- Executes dropped EXE
PID:4560 -
\??\c:\fxlfffx.exec:\fxlfffx.exe38⤵
- Executes dropped EXE
PID:4428 -
\??\c:\pdpjj.exec:\pdpjj.exe39⤵
- Executes dropped EXE
PID:3568 -
\??\c:\rxrlxxl.exec:\rxrlxxl.exe40⤵
- Executes dropped EXE
PID:1936 -
\??\c:\bbtttt.exec:\bbtttt.exe41⤵
- Executes dropped EXE
PID:2432 -
\??\c:\pvjvd.exec:\pvjvd.exe42⤵
- Executes dropped EXE
PID:2456 -
\??\c:\lxfxrxx.exec:\lxfxrxx.exe43⤵
- Executes dropped EXE
PID:2708 -
\??\c:\htthnn.exec:\htthnn.exe44⤵
- Executes dropped EXE
PID:3348 -
\??\c:\5ntbtn.exec:\5ntbtn.exe45⤵
- Executes dropped EXE
PID:2816 -
\??\c:\3vdjd.exec:\3vdjd.exe46⤵
- Executes dropped EXE
PID:2908 -
\??\c:\xrrfxxf.exec:\xrrfxxf.exe47⤵
- Executes dropped EXE
PID:3676 -
\??\c:\7nhtnh.exec:\7nhtnh.exe48⤵
- Executes dropped EXE
PID:1984 -
\??\c:\ddvjp.exec:\ddvjp.exe49⤵
- Executes dropped EXE
PID:600 -
\??\c:\xrxllxl.exec:\xrxllxl.exe50⤵
- Executes dropped EXE
PID:684 -
\??\c:\rflffff.exec:\rflffff.exe51⤵
- Executes dropped EXE
PID:3300 -
\??\c:\tntttn.exec:\tntttn.exe52⤵
- Executes dropped EXE
PID:2064 -
\??\c:\pdddd.exec:\pdddd.exe53⤵
- Executes dropped EXE
PID:2292 -
\??\c:\llfflrx.exec:\llfflrx.exe54⤵
- Executes dropped EXE
PID:4388 -
\??\c:\bnttbh.exec:\bnttbh.exe55⤵
- Executes dropped EXE
PID:2352 -
\??\c:\pvjdd.exec:\pvjdd.exe56⤵
- Executes dropped EXE
PID:4628 -
\??\c:\ffxrxll.exec:\ffxrxll.exe57⤵
- Executes dropped EXE
PID:1372 -
\??\c:\llllfxf.exec:\llllfxf.exe58⤵
- Executes dropped EXE
PID:3972 -
\??\c:\bbtttb.exec:\bbtttb.exe59⤵
- Executes dropped EXE
PID:1344 -
\??\c:\pppjd.exec:\pppjd.exe60⤵
- Executes dropped EXE
PID:764 -
\??\c:\djppp.exec:\djppp.exe61⤵
- Executes dropped EXE
PID:2380 -
\??\c:\rxxlfxr.exec:\rxxlfxr.exe62⤵
- Executes dropped EXE
PID:2316 -
\??\c:\tttntn.exec:\tttntn.exe63⤵
- Executes dropped EXE
PID:2436 -
\??\c:\hhbbhh.exec:\hhbbhh.exe64⤵
- Executes dropped EXE
PID:3096 -
\??\c:\pjvpj.exec:\pjvpj.exe65⤵
- Executes dropped EXE
PID:4980 -
\??\c:\llxrrrl.exec:\llxrrrl.exe66⤵PID:2396
-
\??\c:\nhhhhh.exec:\nhhhhh.exe67⤵PID:4844
-
\??\c:\9thhnn.exec:\9thhnn.exe68⤵PID:672
-
\??\c:\vpvdv.exec:\vpvdv.exe69⤵PID:1404
-
\??\c:\jpppv.exec:\jpppv.exe70⤵PID:4328
-
\??\c:\5rlxxxx.exec:\5rlxxxx.exe71⤵PID:4148
-
\??\c:\5tttnb.exec:\5tttnb.exe72⤵PID:4972
-
\??\c:\tnnnhb.exec:\tnnnhb.exe73⤵PID:2032
-
\??\c:\jjjdd.exec:\jjjdd.exe74⤵PID:3448
-
\??\c:\flxfxfr.exec:\flxfxfr.exe75⤵PID:2376
-
\??\c:\9lxrrxx.exec:\9lxrrxx.exe76⤵PID:4904
-
\??\c:\bhhhhh.exec:\bhhhhh.exe77⤵PID:2192
-
\??\c:\jpvpj.exec:\jpvpj.exe78⤵PID:2020
-
\??\c:\frfrxrx.exec:\frfrxrx.exe79⤵PID:1776
-
\??\c:\nhnhhh.exec:\nhnhhh.exe80⤵PID:2780
-
\??\c:\djvvj.exec:\djvvj.exe81⤵PID:212
-
\??\c:\flffrfr.exec:\flffrfr.exe82⤵PID:2656
-
\??\c:\rflllll.exec:\rflllll.exe83⤵PID:3344
-
\??\c:\tbhhbh.exec:\tbhhbh.exe84⤵PID:4876
-
\??\c:\3ntthh.exec:\3ntthh.exe85⤵PID:3548
-
\??\c:\vvvpd.exec:\vvvpd.exe86⤵PID:4560
-
\??\c:\xflllll.exec:\xflllll.exe87⤵PID:3164
-
\??\c:\frfflrr.exec:\frfflrr.exe88⤵PID:1908
-
\??\c:\tntbbh.exec:\tntbbh.exe89⤵PID:3516
-
\??\c:\pvdjd.exec:\pvdjd.exe90⤵PID:4596
-
\??\c:\pvvjp.exec:\pvvjp.exe91⤵PID:1216
-
\??\c:\llfffrf.exec:\llfffrf.exe92⤵PID:3348
-
\??\c:\htbbtn.exec:\htbbtn.exe93⤵PID:1508
-
\??\c:\dpvvp.exec:\dpvvp.exe94⤵PID:2908
-
\??\c:\jppjv.exec:\jppjv.exe95⤵PID:984
-
\??\c:\1rllfxr.exec:\1rllfxr.exe96⤵PID:2472
-
\??\c:\nbttbn.exec:\nbttbn.exe97⤵PID:2184
-
\??\c:\ddddj.exec:\ddddj.exe98⤵PID:4668
-
\??\c:\lrrxrxx.exec:\lrrxrxx.exe99⤵PID:1440
-
\??\c:\btbhnt.exec:\btbhnt.exe100⤵PID:2176
-
\??\c:\dvjvv.exec:\dvjvv.exe101⤵PID:4864
-
\??\c:\hbthht.exec:\hbthht.exe102⤵PID:3768
-
\??\c:\hbhntn.exec:\hbhntn.exe103⤵PID:4436
-
\??\c:\ddjdp.exec:\ddjdp.exe104⤵PID:4628
-
\??\c:\fffrfrf.exec:\fffrfrf.exe105⤵PID:3684
-
\??\c:\bththb.exec:\bththb.exe106⤵PID:3456
-
\??\c:\djdpd.exec:\djdpd.exe107⤵PID:2156
-
\??\c:\vvdjv.exec:\vvdjv.exe108⤵PID:3472
-
\??\c:\rxflrxl.exec:\rxflrxl.exe109⤵PID:1852
-
\??\c:\hnhntt.exec:\hnhntt.exe110⤵PID:3660
-
\??\c:\htnnbt.exec:\htnnbt.exe111⤵PID:4384
-
\??\c:\dvddd.exec:\dvddd.exe112⤵PID:5104
-
\??\c:\lllffxf.exec:\lllffxf.exe113⤵PID:4980
-
\??\c:\9bnnnt.exec:\9bnnnt.exe114⤵PID:2396
-
\??\c:\jvvpj.exec:\jvvpj.exe115⤵PID:4184
-
\??\c:\rlllfll.exec:\rlllfll.exe116⤵PID:4008
-
\??\c:\hntnhh.exec:\hntnhh.exe117⤵PID:4148
-
\??\c:\vjjdv.exec:\vjjdv.exe118⤵PID:4972
-
\??\c:\xrrfxxx.exec:\xrrfxxx.exe119⤵PID:3732
-
\??\c:\xlllfff.exec:\xlllfff.exe120⤵PID:1572
-
\??\c:\htttnt.exec:\htttnt.exe121⤵PID:4948
-
\??\c:\hhhnhh.exec:\hhhnhh.exe122⤵PID:4632
-
\??\c:\pjddv.exec:\pjddv.exe123⤵PID:4460
-
\??\c:\1xffxxr.exec:\1xffxxr.exe124⤵PID:2020
-
\??\c:\frxllxr.exec:\frxllxr.exe125⤵PID:1776
-
\??\c:\thnbtt.exec:\thnbtt.exe126⤵PID:2688
-
\??\c:\jjddv.exec:\jjddv.exe127⤵PID:932
-
\??\c:\dddpj.exec:\dddpj.exe128⤵PID:2980
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe129⤵PID:2900
-
\??\c:\rllfrlf.exec:\rllfrlf.exe130⤵PID:4416
-
\??\c:\htbtnn.exec:\htbtnn.exe131⤵PID:4796
-
\??\c:\bbnhbh.exec:\bbnhbh.exe132⤵PID:2884
-
\??\c:\jdjjd.exec:\jdjjd.exe133⤵PID:3848
-
\??\c:\lfrlflf.exec:\lfrlflf.exe134⤵PID:2312
-
\??\c:\hntntb.exec:\hntntb.exe135⤵PID:3432
-
\??\c:\btnhtn.exec:\btnhtn.exe136⤵PID:1636
-
\??\c:\lxrxxxl.exec:\lxrxxxl.exe137⤵PID:3348
-
\??\c:\bnbbtt.exec:\bnbbtt.exe138⤵PID:3100
-
\??\c:\djvpp.exec:\djvpp.exe139⤵PID:800
-
\??\c:\xfxxxrf.exec:\xfxxxrf.exe140⤵PID:316
-
\??\c:\frxxrrr.exec:\frxxrrr.exe141⤵PID:600
-
\??\c:\tbnnhb.exec:\tbnnhb.exe142⤵PID:4740
-
\??\c:\bhnnnh.exec:\bhnnnh.exe143⤵PID:916
-
\??\c:\dvjpp.exec:\dvjpp.exe144⤵PID:1320
-
\??\c:\3jppp.exec:\3jppp.exe145⤵PID:5108
-
\??\c:\fxfxxlf.exec:\fxfxxlf.exe146⤵PID:4004
-
\??\c:\btnbbh.exec:\btnbbh.exe147⤵PID:4580
-
\??\c:\bbhtnt.exec:\bbhtnt.exe148⤵PID:2712
-
\??\c:\jppvv.exec:\jppvv.exe149⤵PID:3700
-
\??\c:\7rrffxf.exec:\7rrffxf.exe150⤵PID:1608
-
\??\c:\tbthhb.exec:\tbthhb.exe151⤵PID:4520
-
\??\c:\9htnth.exec:\9htnth.exe152⤵PID:2156
-
\??\c:\vjvjv.exec:\vjvjv.exe153⤵PID:3192
-
\??\c:\frllxrf.exec:\frllxrf.exe154⤵PID:4468
-
\??\c:\ntnbtb.exec:\ntnbtb.exe155⤵PID:5104
-
\??\c:\7jjpp.exec:\7jjpp.exe156⤵PID:2820
-
\??\c:\dvpvv.exec:\dvpvv.exe157⤵PID:1404
-
\??\c:\7rrrxxl.exec:\7rrrxxl.exe158⤵PID:2152
-
\??\c:\7tbttt.exec:\7tbttt.exe159⤵PID:4148
-
\??\c:\hbhnht.exec:\hbhnht.exe160⤵PID:4548
-
\??\c:\7vvpp.exec:\7vvpp.exe161⤵PID:4556
-
\??\c:\lxxlflx.exec:\lxxlflx.exe162⤵PID:4960
-
\??\c:\lrlrfxx.exec:\lrlrfxx.exe163⤵PID:4660
-
\??\c:\htttnn.exec:\htttnn.exe164⤵PID:232
-
\??\c:\nhbtnh.exec:\nhbtnh.exe165⤵PID:4868
-
\??\c:\jvjdv.exec:\jvjdv.exe166⤵PID:1352
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe167⤵PID:3960
-
\??\c:\tntntn.exec:\tntntn.exe168⤵PID:4876
-
\??\c:\httthb.exec:\httthb.exe169⤵PID:4648
-
\??\c:\pvjjj.exec:\pvjjj.exe170⤵PID:3568
-
\??\c:\xrxfrrl.exec:\xrxfrrl.exe171⤵PID:4616
-
\??\c:\frrffrx.exec:\frrffrx.exe172⤵PID:3404
-
\??\c:\vddvd.exec:\vddvd.exe173⤵PID:2312
-
\??\c:\xxlfrff.exec:\xxlfrff.exe174⤵PID:4596
-
\??\c:\fxxllrr.exec:\fxxllrr.exe175⤵PID:956
-
\??\c:\5tbttb.exec:\5tbttb.exe176⤵PID:1044
-
\??\c:\dvjjj.exec:\dvjjj.exe177⤵PID:1508
-
\??\c:\fffxxxx.exec:\fffxxxx.exe178⤵PID:2908
-
\??\c:\rlrfxlf.exec:\rlrfxlf.exe179⤵PID:840
-
\??\c:\bhhthh.exec:\bhhthh.exe180⤵PID:5112
-
\??\c:\lfrlxlx.exec:\lfrlxlx.exe181⤵PID:5024
-
\??\c:\tttbbn.exec:\tttbbn.exe182⤵PID:1836
-
\??\c:\htbhhh.exec:\htbhhh.exe183⤵PID:3300
-
\??\c:\pvdvp.exec:\pvdvp.exe184⤵PID:412
-
\??\c:\vppjv.exec:\vppjv.exe185⤵PID:4568
-
\??\c:\9xffxxr.exec:\9xffxxr.exe186⤵PID:4836
-
\??\c:\nbnnnh.exec:\nbnnnh.exe187⤵PID:2712
-
\??\c:\htbnht.exec:\htbnht.exe188⤵PID:4752
-
\??\c:\9jpdd.exec:\9jpdd.exe189⤵PID:4780
-
\??\c:\9lllrff.exec:\9lllrff.exe190⤵PID:4520
-
\??\c:\thhnnn.exec:\thhnnn.exe191⤵PID:2156
-
\??\c:\vjpdv.exec:\vjpdv.exe192⤵PID:3192
-
\??\c:\ddjjj.exec:\ddjjj.exe193⤵PID:1016
-
\??\c:\tnnhhn.exec:\tnnhhn.exe194⤵PID:4572
-
\??\c:\jpvvv.exec:\jpvvv.exe195⤵PID:1392
-
\??\c:\9flffxx.exec:\9flffxx.exe196⤵PID:836
-
\??\c:\vjvpd.exec:\vjvpd.exe197⤵PID:2468
-
\??\c:\jpddv.exec:\jpddv.exe198⤵PID:3512
-
\??\c:\xfrrfrf.exec:\xfrrfrf.exe199⤵PID:1332
-
\??\c:\nnbntt.exec:\nnbntt.exe200⤵PID:2376
-
\??\c:\ppvjv.exec:\ppvjv.exe201⤵PID:4128
-
\??\c:\1rflllf.exec:\1rflllf.exe202⤵PID:3792
-
\??\c:\lfxxxfx.exec:\lfxxxfx.exe203⤵PID:3272
-
\??\c:\bhnnnn.exec:\bhnnnn.exe204⤵PID:2688
-
\??\c:\pdpvj.exec:\pdpvj.exe205⤵PID:3784
-
\??\c:\rrffffr.exec:\rrffffr.exe206⤵PID:5064
-
\??\c:\xlxrxlx.exec:\xlxrxlx.exe207⤵PID:1236
-
\??\c:\nbnnnh.exec:\nbnnnh.exe208⤵PID:4420
-
\??\c:\tnnnnn.exec:\tnnnnn.exe209⤵PID:4216
-
\??\c:\vddpv.exec:\vddpv.exe210⤵PID:4796
-
\??\c:\llflfxx.exec:\llflfxx.exe211⤵PID:4460
-
\??\c:\9bhtbt.exec:\9bhtbt.exe212⤵PID:3848
-
\??\c:\hnnthb.exec:\hnnthb.exe213⤵PID:2432
-
\??\c:\dvpvp.exec:\dvpvp.exe214⤵PID:2312
-
\??\c:\lxfxffx.exec:\lxfxffx.exe215⤵PID:3604
-
\??\c:\xxxlxfx.exec:\xxxlxfx.exe216⤵PID:956
-
\??\c:\thhbth.exec:\thhbth.exe217⤵PID:3676
-
\??\c:\vjpvv.exec:\vjpvv.exe218⤵PID:3476
-
\??\c:\rxrfllr.exec:\rxrfllr.exe219⤵PID:1616
-
\??\c:\xxrrffx.exec:\xxrrffx.exe220⤵PID:5116
-
\??\c:\bnhhhh.exec:\bnhhhh.exe221⤵PID:4740
-
\??\c:\pjdpp.exec:\pjdpp.exe222⤵PID:916
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe223⤵PID:1320
-
\??\c:\7rllxfl.exec:\7rllxfl.exe224⤵PID:4232
-
\??\c:\bnhbnt.exec:\bnhbnt.exe225⤵PID:2292
-
\??\c:\jvdpd.exec:\jvdpd.exe226⤵PID:2352
-
\??\c:\xxrxxrx.exec:\xxrxxrx.exe227⤵PID:4236
-
\??\c:\1lxrxrl.exec:\1lxrxrl.exe228⤵PID:1372
-
\??\c:\ttbtbb.exec:\ttbtbb.exe229⤵PID:3972
-
\??\c:\vvdjp.exec:\vvdjp.exe230⤵PID:1124
-
\??\c:\vjvpv.exec:\vjvpv.exe231⤵PID:4872
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe232⤵PID:2668
-
\??\c:\tnnttb.exec:\tnnttb.exe233⤵PID:3640
-
\??\c:\httttt.exec:\httttt.exe234⤵PID:4572
-
\??\c:\ddddj.exec:\ddddj.exe235⤵PID:2032
-
\??\c:\rxxxrrx.exec:\rxxxrrx.exe236⤵PID:836
-
\??\c:\ttbhnb.exec:\ttbhnb.exe237⤵PID:4548
-
\??\c:\hhbthb.exec:\hhbthb.exe238⤵PID:528
-
\??\c:\dpdvv.exec:\dpdvv.exe239⤵PID:1332
-
\??\c:\1vppj.exec:\1vppj.exe240⤵PID:2376
-
\??\c:\rxlxrlx.exec:\rxlxrlx.exe241⤵PID:4128
-
\??\c:\1frrrxf.exec:\1frrrxf.exe242⤵PID:2644