Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe
-
Size
366KB
-
MD5
6cf74e51f438bf014b76df10b30d1270
-
SHA1
d0d6e4b8a40ae96d3e406b9063228126fa8fbce3
-
SHA256
5d5fc94712eaef6c6f58f2dd7dac84dee2c3ea1e3e3ae4d2677c36cea88a59e2
-
SHA512
30dbe7370e4257af1295925660e14cd944eef1754c09552bb6016020761889f9803f8b62a9285d5594d0e64d04196b5e43cf14b5b846ea47bfe3483d5ea7dd8f
-
SSDEEP
6144:n3C9BRo7tvnJ99T/KZEL3RUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFh4:n3C9ytvnVXFUXoSWlnwJv90aKToFqwf2
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/2740-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3932-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4768-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4020-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2696-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2972-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1860-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4912-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/540-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/436-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3076-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2932-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3276-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2028-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2464-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3768-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2888-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2952-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3852-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2260-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4824-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1848-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3660-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4204-185-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2924-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3744-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3932 846222.exe 4768 820062.exe 4020 62684.exe 1860 hntnhn.exe 2696 2466048.exe 2972 xlxrxrx.exe 4912 hbnnnn.exe 540 08660.exe 1700 hbhtnh.exe 436 6882600.exe 3076 26848.exe 2932 xllxrlf.exe 3276 088642.exe 5028 flrxfrf.exe 4156 3rxlfrf.exe 2028 3vjdv.exe 4824 1nnhnh.exe 2260 llfxlxr.exe 2040 tnbnhb.exe 3852 4200662.exe 2464 46420.exe 3768 3ntnhh.exe 2952 pvdpv.exe 2888 284260.exe 1864 ppdpj.exe 1848 66608.exe 4204 482460.exe 3660 vjpjd.exe 2924 662646.exe 4144 bthbnh.exe 3744 q62660.exe 4160 7btntn.exe 2388 1jvpp.exe 2732 rlxrrlr.exe 4316 bbnhbt.exe 3328 btbnhb.exe 4480 xlxxrrx.exe 2436 rlxllxl.exe 3564 266200.exe 1132 846048.exe 3244 6688260.exe 3224 lxrrxlr.exe 380 40204.exe 4756 xrrlfff.exe 4428 486068.exe 4568 2448600.exe 4460 o442042.exe 4516 m8086.exe 540 06208.exe 880 fxlrllf.exe 2552 ttthth.exe 4872 5ppdv.exe 2760 000842.exe 3276 48226.exe 1948 llfrffr.exe 2376 5bhnhh.exe 772 284422.exe 3672 088804.exe 1128 g6860.exe 3960 642204.exe 2040 9nbthb.exe 2816 606066.exe 2024 4882448.exe 1080 488646.exe -
resource yara_rule behavioral2/memory/2740-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3932-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4768-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1860-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4020-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1860-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2696-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2972-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1860-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4912-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4912-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4912-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4912-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/540-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/436-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3076-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2932-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3276-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2028-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2464-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3768-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2888-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2952-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3852-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2260-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4824-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1848-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3660-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4204-185-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2924-194-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3744-205-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2740 wrote to memory of 3932 2740 6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe 83 PID 2740 wrote to memory of 3932 2740 6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe 83 PID 2740 wrote to memory of 3932 2740 6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe 83 PID 3932 wrote to memory of 4768 3932 846222.exe 84 PID 3932 wrote to memory of 4768 3932 846222.exe 84 PID 3932 wrote to memory of 4768 3932 846222.exe 84 PID 4768 wrote to memory of 4020 4768 820062.exe 85 PID 4768 wrote to memory of 4020 4768 820062.exe 85 PID 4768 wrote to memory of 4020 4768 820062.exe 85 PID 4020 wrote to memory of 1860 4020 62684.exe 86 PID 4020 wrote to memory of 1860 4020 62684.exe 86 PID 4020 wrote to memory of 1860 4020 62684.exe 86 PID 1860 wrote to memory of 2696 1860 hntnhn.exe 87 PID 1860 wrote to memory of 2696 1860 hntnhn.exe 87 PID 1860 wrote to memory of 2696 1860 hntnhn.exe 87 PID 2696 wrote to memory of 2972 2696 2466048.exe 88 PID 2696 wrote to memory of 2972 2696 2466048.exe 88 PID 2696 wrote to memory of 2972 2696 2466048.exe 88 PID 2972 wrote to memory of 4912 2972 xlxrxrx.exe 89 PID 2972 wrote to memory of 4912 2972 xlxrxrx.exe 89 PID 2972 wrote to memory of 4912 2972 xlxrxrx.exe 89 PID 4912 wrote to memory of 540 4912 hbnnnn.exe 92 PID 4912 wrote to memory of 540 4912 hbnnnn.exe 92 PID 4912 wrote to memory of 540 4912 hbnnnn.exe 92 PID 540 wrote to memory of 1700 540 08660.exe 93 PID 540 wrote to memory of 1700 540 08660.exe 93 PID 540 wrote to memory of 1700 540 08660.exe 93 PID 1700 wrote to memory of 436 1700 hbhtnh.exe 94 PID 1700 wrote to memory of 436 1700 hbhtnh.exe 94 PID 1700 wrote to memory of 436 1700 hbhtnh.exe 94 PID 436 wrote to memory of 3076 436 6882600.exe 95 PID 436 wrote to memory of 3076 436 6882600.exe 95 PID 436 wrote to memory of 3076 436 6882600.exe 95 PID 3076 wrote to memory of 2932 3076 26848.exe 97 PID 3076 wrote to memory of 2932 3076 26848.exe 97 PID 3076 wrote to memory of 2932 3076 26848.exe 97 PID 2932 wrote to memory of 3276 2932 xllxrlf.exe 98 PID 2932 wrote to memory of 3276 2932 xllxrlf.exe 98 PID 2932 wrote to memory of 3276 2932 xllxrlf.exe 98 PID 3276 wrote to memory of 5028 3276 088642.exe 99 PID 3276 wrote to memory of 5028 3276 088642.exe 99 PID 3276 wrote to memory of 5028 3276 088642.exe 99 PID 5028 wrote to memory of 4156 5028 flrxfrf.exe 100 PID 5028 wrote to memory of 4156 5028 flrxfrf.exe 100 PID 5028 wrote to memory of 4156 5028 flrxfrf.exe 100 PID 4156 wrote to memory of 2028 4156 3rxlfrf.exe 101 PID 4156 wrote to memory of 2028 4156 3rxlfrf.exe 101 PID 4156 wrote to memory of 2028 4156 3rxlfrf.exe 101 PID 2028 wrote to memory of 4824 2028 3vjdv.exe 102 PID 2028 wrote to memory of 4824 2028 3vjdv.exe 102 PID 2028 wrote to memory of 4824 2028 3vjdv.exe 102 PID 4824 wrote to memory of 2260 4824 1nnhnh.exe 103 PID 4824 wrote to memory of 2260 4824 1nnhnh.exe 103 PID 4824 wrote to memory of 2260 4824 1nnhnh.exe 103 PID 2260 wrote to memory of 2040 2260 llfxlxr.exe 104 PID 2260 wrote to memory of 2040 2260 llfxlxr.exe 104 PID 2260 wrote to memory of 2040 2260 llfxlxr.exe 104 PID 2040 wrote to memory of 3852 2040 tnbnhb.exe 105 PID 2040 wrote to memory of 3852 2040 tnbnhb.exe 105 PID 2040 wrote to memory of 3852 2040 tnbnhb.exe 105 PID 3852 wrote to memory of 2464 3852 4200662.exe 106 PID 3852 wrote to memory of 2464 3852 4200662.exe 106 PID 3852 wrote to memory of 2464 3852 4200662.exe 106 PID 2464 wrote to memory of 3768 2464 46420.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6cf74e51f438bf014b76df10b30d1270_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\846222.exec:\846222.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3932 -
\??\c:\820062.exec:\820062.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4768 -
\??\c:\62684.exec:\62684.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4020 -
\??\c:\hntnhn.exec:\hntnhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1860 -
\??\c:\2466048.exec:\2466048.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\xlxrxrx.exec:\xlxrxrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2972 -
\??\c:\hbnnnn.exec:\hbnnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4912 -
\??\c:\08660.exec:\08660.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:540 -
\??\c:\hbhtnh.exec:\hbhtnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1700 -
\??\c:\6882600.exec:\6882600.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:436 -
\??\c:\26848.exec:\26848.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3076 -
\??\c:\xllxrlf.exec:\xllxrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\088642.exec:\088642.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3276 -
\??\c:\flrxfrf.exec:\flrxfrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5028 -
\??\c:\3rxlfrf.exec:\3rxlfrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4156 -
\??\c:\3vjdv.exec:\3vjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\1nnhnh.exec:\1nnhnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4824 -
\??\c:\llfxlxr.exec:\llfxlxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2260 -
\??\c:\tnbnhb.exec:\tnbnhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2040 -
\??\c:\4200662.exec:\4200662.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3852 -
\??\c:\46420.exec:\46420.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\3ntnhh.exec:\3ntnhh.exe23⤵
- Executes dropped EXE
PID:3768 -
\??\c:\pvdpv.exec:\pvdpv.exe24⤵
- Executes dropped EXE
PID:2952 -
\??\c:\284260.exec:\284260.exe25⤵
- Executes dropped EXE
PID:2888 -
\??\c:\ppdpj.exec:\ppdpj.exe26⤵
- Executes dropped EXE
PID:1864 -
\??\c:\66608.exec:\66608.exe27⤵
- Executes dropped EXE
PID:1848 -
\??\c:\482460.exec:\482460.exe28⤵
- Executes dropped EXE
PID:4204 -
\??\c:\vjpjd.exec:\vjpjd.exe29⤵
- Executes dropped EXE
PID:3660 -
\??\c:\662646.exec:\662646.exe30⤵
- Executes dropped EXE
PID:2924 -
\??\c:\bthbnh.exec:\bthbnh.exe31⤵
- Executes dropped EXE
PID:4144 -
\??\c:\q62660.exec:\q62660.exe32⤵
- Executes dropped EXE
PID:3744 -
\??\c:\7btntn.exec:\7btntn.exe33⤵
- Executes dropped EXE
PID:4160 -
\??\c:\1jvpp.exec:\1jvpp.exe34⤵
- Executes dropped EXE
PID:2388 -
\??\c:\rlxrrlr.exec:\rlxrrlr.exe35⤵
- Executes dropped EXE
PID:2732 -
\??\c:\bbnhbt.exec:\bbnhbt.exe36⤵
- Executes dropped EXE
PID:4316 -
\??\c:\btbnhb.exec:\btbnhb.exe37⤵
- Executes dropped EXE
PID:3328 -
\??\c:\xlxxrrx.exec:\xlxxrrx.exe38⤵
- Executes dropped EXE
PID:4480 -
\??\c:\rlxllxl.exec:\rlxllxl.exe39⤵
- Executes dropped EXE
PID:2436 -
\??\c:\266200.exec:\266200.exe40⤵
- Executes dropped EXE
PID:3564 -
\??\c:\846048.exec:\846048.exe41⤵
- Executes dropped EXE
PID:1132 -
\??\c:\6688260.exec:\6688260.exe42⤵
- Executes dropped EXE
PID:3244 -
\??\c:\lxrrxlr.exec:\lxrrxlr.exe43⤵
- Executes dropped EXE
PID:3224 -
\??\c:\40204.exec:\40204.exe44⤵
- Executes dropped EXE
PID:380 -
\??\c:\xrrlfff.exec:\xrrlfff.exe45⤵
- Executes dropped EXE
PID:4756 -
\??\c:\486068.exec:\486068.exe46⤵
- Executes dropped EXE
PID:4428 -
\??\c:\2448600.exec:\2448600.exe47⤵
- Executes dropped EXE
PID:4568 -
\??\c:\o442042.exec:\o442042.exe48⤵
- Executes dropped EXE
PID:4460 -
\??\c:\m8086.exec:\m8086.exe49⤵
- Executes dropped EXE
PID:4516 -
\??\c:\06208.exec:\06208.exe50⤵
- Executes dropped EXE
PID:540 -
\??\c:\fxlrllf.exec:\fxlrllf.exe51⤵
- Executes dropped EXE
PID:880 -
\??\c:\ttthth.exec:\ttthth.exe52⤵
- Executes dropped EXE
PID:2552 -
\??\c:\5ppdv.exec:\5ppdv.exe53⤵
- Executes dropped EXE
PID:4872 -
\??\c:\000842.exec:\000842.exe54⤵
- Executes dropped EXE
PID:2760 -
\??\c:\48226.exec:\48226.exe55⤵
- Executes dropped EXE
PID:3276 -
\??\c:\llfrffr.exec:\llfrffr.exe56⤵
- Executes dropped EXE
PID:1948 -
\??\c:\5bhnhh.exec:\5bhnhh.exe57⤵
- Executes dropped EXE
PID:2376 -
\??\c:\284422.exec:\284422.exe58⤵
- Executes dropped EXE
PID:772 -
\??\c:\088804.exec:\088804.exe59⤵
- Executes dropped EXE
PID:3672 -
\??\c:\g6860.exec:\g6860.exe60⤵
- Executes dropped EXE
PID:1128 -
\??\c:\642204.exec:\642204.exe61⤵
- Executes dropped EXE
PID:3960 -
\??\c:\9nbthb.exec:\9nbthb.exe62⤵
- Executes dropped EXE
PID:2040 -
\??\c:\606066.exec:\606066.exe63⤵
- Executes dropped EXE
PID:2816 -
\??\c:\4882448.exec:\4882448.exe64⤵
- Executes dropped EXE
PID:2024 -
\??\c:\488646.exec:\488646.exe65⤵
- Executes dropped EXE
PID:1080 -
\??\c:\xrxlxrl.exec:\xrxlxrl.exe66⤵PID:1964
-
\??\c:\80440.exec:\80440.exe67⤵PID:3300
-
\??\c:\224282.exec:\224282.exe68⤵PID:4448
-
\??\c:\066048.exec:\066048.exe69⤵PID:1460
-
\??\c:\rxlrlrr.exec:\rxlrlrr.exe70⤵PID:3760
-
\??\c:\6008260.exec:\6008260.exe71⤵PID:4684
-
\??\c:\28826.exec:\28826.exe72⤵PID:2284
-
\??\c:\xxrlffx.exec:\xxrlffx.exe73⤵PID:4848
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe74⤵PID:372
-
\??\c:\288200.exec:\288200.exe75⤵PID:4576
-
\??\c:\2282600.exec:\2282600.exe76⤵PID:2912
-
\??\c:\pjjdp.exec:\pjjdp.exe77⤵PID:4140
-
\??\c:\djjdp.exec:\djjdp.exe78⤵PID:3868
-
\??\c:\nbthbh.exec:\nbthbh.exe79⤵PID:2396
-
\??\c:\8460404.exec:\8460404.exe80⤵PID:2300
-
\??\c:\02622.exec:\02622.exe81⤵PID:4508
-
\??\c:\3xrflfx.exec:\3xrflfx.exe82⤵PID:212
-
\??\c:\266004.exec:\266004.exe83⤵PID:3328
-
\??\c:\bntnhh.exec:\bntnhh.exe84⤵PID:4768
-
\??\c:\28408.exec:\28408.exe85⤵PID:4788
-
\??\c:\ffxrfxx.exec:\ffxrfxx.exe86⤵PID:1888
-
\??\c:\lffxlfx.exec:\lffxlfx.exe87⤵PID:4828
-
\??\c:\3rlfxrl.exec:\3rlfxrl.exe88⤵PID:3596
-
\??\c:\q00866.exec:\q00866.exe89⤵PID:3956
-
\??\c:\xxfxrxl.exec:\xxfxrxl.exe90⤵PID:764
-
\??\c:\nbthbt.exec:\nbthbt.exe91⤵PID:4432
-
\??\c:\hhtnhn.exec:\hhtnhn.exe92⤵PID:4752
-
\??\c:\3rrlrrx.exec:\3rrlrrx.exe93⤵PID:4568
-
\??\c:\8664826.exec:\8664826.exe94⤵PID:4460
-
\??\c:\tnnhhb.exec:\tnnhhb.exe95⤵PID:3624
-
\??\c:\04048.exec:\04048.exe96⤵PID:4984
-
\??\c:\vvpjd.exec:\vvpjd.exe97⤵PID:4456
-
\??\c:\3ntnbb.exec:\3ntnbb.exe98⤵PID:4872
-
\??\c:\0848660.exec:\0848660.exe99⤵PID:2324
-
\??\c:\dpdvv.exec:\dpdvv.exe100⤵PID:1152
-
\??\c:\w88062.exec:\w88062.exe101⤵PID:3752
-
\??\c:\vvvjv.exec:\vvvjv.exe102⤵PID:1600
-
\??\c:\44042.exec:\44042.exe103⤵PID:2316
-
\??\c:\2842042.exec:\2842042.exe104⤵PID:2040
-
\??\c:\lxfrxrr.exec:\lxfrxrr.exe105⤵PID:1192
-
\??\c:\048646.exec:\048646.exe106⤵PID:2404
-
\??\c:\nnnhhb.exec:\nnnhhb.exe107⤵PID:5076
-
\??\c:\g4008.exec:\g4008.exe108⤵PID:1464
-
\??\c:\682280.exec:\682280.exe109⤵PID:4356
-
\??\c:\lrfrllf.exec:\lrfrllf.exe110⤵PID:2716
-
\??\c:\pjpdp.exec:\pjpdp.exe111⤵PID:4812
-
\??\c:\2242042.exec:\2242042.exe112⤵PID:4408
-
\??\c:\22884.exec:\22884.exe113⤵PID:3080
-
\??\c:\28448.exec:\28448.exe114⤵PID:3460
-
\??\c:\884666.exec:\884666.exe115⤵PID:3268
-
\??\c:\bnhthb.exec:\bnhthb.exe116⤵PID:2776
-
\??\c:\rlrffxx.exec:\rlrffxx.exe117⤵PID:4476
-
\??\c:\66608.exec:\66608.exe118⤵PID:3448
-
\??\c:\08826.exec:\08826.exe119⤵PID:3748
-
\??\c:\42082.exec:\42082.exe120⤵PID:4960
-
\??\c:\406044.exec:\406044.exe121⤵PID:336
-
\??\c:\tnhthb.exec:\tnhthb.exe122⤵PID:4496
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-