Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe
-
Size
82KB
-
MD5
6e6baa46a732b86d5a8755752e39f070
-
SHA1
89220fe51ef6ea9573422a200bf314711fbbb19b
-
SHA256
0a222ef2c91b648998dbc01bf90ba57b0f189c900cd4ed3930b0e9b41d1d680a
-
SHA512
41f66dfb701023f33d7661cde3aab6f98667ae1cd4c9f01551e046045c170f1081a329aa80a4afbf5b8acceb8765c32454c475d99d3e222ed1a70cad722ec35c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsvE:ymb3NkkiQ3mdBjFIWeFGyA9P5
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/1720-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3076-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5008-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2124-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2728-45-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5000-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2728-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1808-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2228-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5052-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1340-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4052-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2788-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3196-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/860-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4172-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1652-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/552-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1292-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/400-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1140-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4536-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1612-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4040-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2116-189-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 704 djpdv.exe 3076 lllrffx.exe 5008 bhthbn.exe 2124 bnnhhb.exe 5000 dppdv.exe 2728 jvdpj.exe 1808 flrfrlx.exe 2228 tntnhh.exe 5052 vvpjv.exe 792 9frlrrl.exe 1340 rflflxl.exe 4052 ntbnhb.exe 2788 jvpjd.exe 3196 1lfxrxr.exe 860 xflxlxl.exe 4172 bttnhb.exe 1652 pvdvj.exe 552 jdvpj.exe 1292 xlxfffr.exe 4340 1hbbnh.exe 400 dpjpv.exe 1140 frxrffx.exe 4388 lffxlfx.exe 4536 hthbtt.exe 1612 3jjdv.exe 4040 jvdpj.exe 976 rlfrffx.exe 2472 bhhnhb.exe 2116 nhnbbt.exe 316 dvjjp.exe 700 rflfxxr.exe 1440 nbnntn.exe 4328 vpvjv.exe 1020 jvvjv.exe 4280 pdvpp.exe 5060 9ffxllf.exe 704 hhhntn.exe 4532 ttnhhn.exe 3692 jvpjv.exe 4244 9lrllfx.exe 4168 bnhhbb.exe 3328 7nhbtn.exe 920 jvpdp.exe 2984 5jvpv.exe 5024 rxxlrrl.exe 628 thhbtn.exe 5028 nhbnbb.exe 4472 vpdpj.exe 792 jpdvp.exe 1852 lxxrfrl.exe 4012 fxlxrlf.exe 2788 bththb.exe 5068 pdjjv.exe 4784 jvvpd.exe 4172 9xlxlrx.exe 2192 bnhhnn.exe 1292 pdppd.exe 4396 frlxrll.exe 396 lxfxfxf.exe 4528 5tnhbb.exe 1780 bnhhtn.exe 1812 jdpvv.exe 4356 djddv.exe 1192 rxxxlfx.exe -
resource yara_rule behavioral2/memory/1720-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3076-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5008-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2124-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5000-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2728-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1808-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2228-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5052-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1340-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4052-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2788-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3196-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/860-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4172-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1652-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/552-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1292-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/400-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1140-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4536-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1612-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4040-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2116-189-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1720 wrote to memory of 704 1720 6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe 87 PID 1720 wrote to memory of 704 1720 6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe 87 PID 1720 wrote to memory of 704 1720 6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe 87 PID 704 wrote to memory of 3076 704 djpdv.exe 88 PID 704 wrote to memory of 3076 704 djpdv.exe 88 PID 704 wrote to memory of 3076 704 djpdv.exe 88 PID 3076 wrote to memory of 5008 3076 lllrffx.exe 89 PID 3076 wrote to memory of 5008 3076 lllrffx.exe 89 PID 3076 wrote to memory of 5008 3076 lllrffx.exe 89 PID 5008 wrote to memory of 2124 5008 bhthbn.exe 90 PID 5008 wrote to memory of 2124 5008 bhthbn.exe 90 PID 5008 wrote to memory of 2124 5008 bhthbn.exe 90 PID 2124 wrote to memory of 5000 2124 bnnhhb.exe 91 PID 2124 wrote to memory of 5000 2124 bnnhhb.exe 91 PID 2124 wrote to memory of 5000 2124 bnnhhb.exe 91 PID 5000 wrote to memory of 2728 5000 dppdv.exe 92 PID 5000 wrote to memory of 2728 5000 dppdv.exe 92 PID 5000 wrote to memory of 2728 5000 dppdv.exe 92 PID 2728 wrote to memory of 1808 2728 jvdpj.exe 93 PID 2728 wrote to memory of 1808 2728 jvdpj.exe 93 PID 2728 wrote to memory of 1808 2728 jvdpj.exe 93 PID 1808 wrote to memory of 2228 1808 flrfrlx.exe 94 PID 1808 wrote to memory of 2228 1808 flrfrlx.exe 94 PID 1808 wrote to memory of 2228 1808 flrfrlx.exe 94 PID 2228 wrote to memory of 5052 2228 tntnhh.exe 95 PID 2228 wrote to memory of 5052 2228 tntnhh.exe 95 PID 2228 wrote to memory of 5052 2228 tntnhh.exe 95 PID 5052 wrote to memory of 792 5052 vvpjv.exe 96 PID 5052 wrote to memory of 792 5052 vvpjv.exe 96 PID 5052 wrote to memory of 792 5052 vvpjv.exe 96 PID 792 wrote to memory of 1340 792 9frlrrl.exe 97 PID 792 wrote to memory of 1340 792 9frlrrl.exe 97 PID 792 wrote to memory of 1340 792 9frlrrl.exe 97 PID 1340 wrote to memory of 4052 1340 rflflxl.exe 98 PID 1340 wrote to memory of 4052 1340 rflflxl.exe 98 PID 1340 wrote to memory of 4052 1340 rflflxl.exe 98 PID 4052 wrote to memory of 2788 4052 ntbnhb.exe 99 PID 4052 wrote to memory of 2788 4052 ntbnhb.exe 99 PID 4052 wrote to memory of 2788 4052 ntbnhb.exe 99 PID 2788 wrote to memory of 3196 2788 jvpjd.exe 100 PID 2788 wrote to memory of 3196 2788 jvpjd.exe 100 PID 2788 wrote to memory of 3196 2788 jvpjd.exe 100 PID 3196 wrote to memory of 860 3196 1lfxrxr.exe 101 PID 3196 wrote to memory of 860 3196 1lfxrxr.exe 101 PID 3196 wrote to memory of 860 3196 1lfxrxr.exe 101 PID 860 wrote to memory of 4172 860 xflxlxl.exe 103 PID 860 wrote to memory of 4172 860 xflxlxl.exe 103 PID 860 wrote to memory of 4172 860 xflxlxl.exe 103 PID 4172 wrote to memory of 1652 4172 bttnhb.exe 104 PID 4172 wrote to memory of 1652 4172 bttnhb.exe 104 PID 4172 wrote to memory of 1652 4172 bttnhb.exe 104 PID 1652 wrote to memory of 552 1652 pvdvj.exe 105 PID 1652 wrote to memory of 552 1652 pvdvj.exe 105 PID 1652 wrote to memory of 552 1652 pvdvj.exe 105 PID 552 wrote to memory of 1292 552 jdvpj.exe 106 PID 552 wrote to memory of 1292 552 jdvpj.exe 106 PID 552 wrote to memory of 1292 552 jdvpj.exe 106 PID 1292 wrote to memory of 4340 1292 xlxfffr.exe 107 PID 1292 wrote to memory of 4340 1292 xlxfffr.exe 107 PID 1292 wrote to memory of 4340 1292 xlxfffr.exe 107 PID 4340 wrote to memory of 400 4340 1hbbnh.exe 108 PID 4340 wrote to memory of 400 4340 1hbbnh.exe 108 PID 4340 wrote to memory of 400 4340 1hbbnh.exe 108 PID 400 wrote to memory of 1140 400 dpjpv.exe 109
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1720 -
\??\c:\djpdv.exec:\djpdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:704 -
\??\c:\lllrffx.exec:\lllrffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3076 -
\??\c:\bhthbn.exec:\bhthbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5008 -
\??\c:\bnnhhb.exec:\bnnhhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2124 -
\??\c:\dppdv.exec:\dppdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5000 -
\??\c:\jvdpj.exec:\jvdpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2728 -
\??\c:\flrfrlx.exec:\flrfrlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1808 -
\??\c:\tntnhh.exec:\tntnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2228 -
\??\c:\vvpjv.exec:\vvpjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5052 -
\??\c:\9frlrrl.exec:\9frlrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:792 -
\??\c:\rflflxl.exec:\rflflxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1340 -
\??\c:\ntbnhb.exec:\ntbnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4052 -
\??\c:\jvpjd.exec:\jvpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2788 -
\??\c:\1lfxrxr.exec:\1lfxrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3196 -
\??\c:\xflxlxl.exec:\xflxlxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:860 -
\??\c:\bttnhb.exec:\bttnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4172 -
\??\c:\pvdvj.exec:\pvdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1652 -
\??\c:\jdvpj.exec:\jdvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:552 -
\??\c:\xlxfffr.exec:\xlxfffr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1292 -
\??\c:\1hbbnh.exec:\1hbbnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4340 -
\??\c:\dpjpv.exec:\dpjpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:400 -
\??\c:\frxrffx.exec:\frxrffx.exe23⤵
- Executes dropped EXE
PID:1140 -
\??\c:\lffxlfx.exec:\lffxlfx.exe24⤵
- Executes dropped EXE
PID:4388 -
\??\c:\hthbtt.exec:\hthbtt.exe25⤵
- Executes dropped EXE
PID:4536 -
\??\c:\3jjdv.exec:\3jjdv.exe26⤵
- Executes dropped EXE
PID:1612 -
\??\c:\jvdpj.exec:\jvdpj.exe27⤵
- Executes dropped EXE
PID:4040 -
\??\c:\rlfrffx.exec:\rlfrffx.exe28⤵
- Executes dropped EXE
PID:976 -
\??\c:\bhhnhb.exec:\bhhnhb.exe29⤵
- Executes dropped EXE
PID:2472 -
\??\c:\nhnbbt.exec:\nhnbbt.exe30⤵
- Executes dropped EXE
PID:2116 -
\??\c:\dvjjp.exec:\dvjjp.exe31⤵
- Executes dropped EXE
PID:316 -
\??\c:\rflfxxr.exec:\rflfxxr.exe32⤵
- Executes dropped EXE
PID:700 -
\??\c:\nbnntn.exec:\nbnntn.exe33⤵
- Executes dropped EXE
PID:1440 -
\??\c:\vpvjv.exec:\vpvjv.exe34⤵
- Executes dropped EXE
PID:4328 -
\??\c:\jvvjv.exec:\jvvjv.exe35⤵
- Executes dropped EXE
PID:1020 -
\??\c:\pdvpp.exec:\pdvpp.exe36⤵
- Executes dropped EXE
PID:4280 -
\??\c:\9ffxllf.exec:\9ffxllf.exe37⤵
- Executes dropped EXE
PID:5060 -
\??\c:\hhhntn.exec:\hhhntn.exe38⤵
- Executes dropped EXE
PID:704 -
\??\c:\ttnhhn.exec:\ttnhhn.exe39⤵
- Executes dropped EXE
PID:4532 -
\??\c:\jvpjv.exec:\jvpjv.exe40⤵
- Executes dropped EXE
PID:3692 -
\??\c:\9lrllfx.exec:\9lrllfx.exe41⤵
- Executes dropped EXE
PID:4244 -
\??\c:\bnhhbb.exec:\bnhhbb.exe42⤵
- Executes dropped EXE
PID:4168 -
\??\c:\7nhbtn.exec:\7nhbtn.exe43⤵
- Executes dropped EXE
PID:3328 -
\??\c:\jvpdp.exec:\jvpdp.exe44⤵
- Executes dropped EXE
PID:920 -
\??\c:\5jvpv.exec:\5jvpv.exe45⤵
- Executes dropped EXE
PID:2984 -
\??\c:\rxxlrrl.exec:\rxxlrrl.exe46⤵
- Executes dropped EXE
PID:5024 -
\??\c:\thhbtn.exec:\thhbtn.exe47⤵
- Executes dropped EXE
PID:628 -
\??\c:\nhbnbb.exec:\nhbnbb.exe48⤵
- Executes dropped EXE
PID:5028 -
\??\c:\vpdpj.exec:\vpdpj.exe49⤵
- Executes dropped EXE
PID:4472 -
\??\c:\jpdvp.exec:\jpdvp.exe50⤵
- Executes dropped EXE
PID:792 -
\??\c:\lxxrfrl.exec:\lxxrfrl.exe51⤵
- Executes dropped EXE
PID:1852 -
\??\c:\fxlxrlf.exec:\fxlxrlf.exe52⤵
- Executes dropped EXE
PID:4012 -
\??\c:\bththb.exec:\bththb.exe53⤵
- Executes dropped EXE
PID:2788 -
\??\c:\pdjjv.exec:\pdjjv.exe54⤵
- Executes dropped EXE
PID:5068 -
\??\c:\jvvpd.exec:\jvvpd.exe55⤵
- Executes dropped EXE
PID:4784 -
\??\c:\9xlxlrx.exec:\9xlxlrx.exe56⤵
- Executes dropped EXE
PID:4172 -
\??\c:\bnhhnn.exec:\bnhhnn.exe57⤵
- Executes dropped EXE
PID:2192 -
\??\c:\pdppd.exec:\pdppd.exe58⤵
- Executes dropped EXE
PID:1292 -
\??\c:\frlxrll.exec:\frlxrll.exe59⤵
- Executes dropped EXE
PID:4396 -
\??\c:\lxfxfxf.exec:\lxfxfxf.exe60⤵
- Executes dropped EXE
PID:396 -
\??\c:\5tnhbb.exec:\5tnhbb.exe61⤵
- Executes dropped EXE
PID:4528 -
\??\c:\bnhhtn.exec:\bnhhtn.exe62⤵
- Executes dropped EXE
PID:1780 -
\??\c:\jdpvv.exec:\jdpvv.exe63⤵
- Executes dropped EXE
PID:1812 -
\??\c:\djddv.exec:\djddv.exe64⤵
- Executes dropped EXE
PID:4356 -
\??\c:\rxxxlfx.exec:\rxxxlfx.exe65⤵
- Executes dropped EXE
PID:1192 -
\??\c:\hthbnn.exec:\hthbnn.exe66⤵PID:3944
-
\??\c:\nhbthb.exec:\nhbthb.exe67⤵PID:3012
-
\??\c:\jppdp.exec:\jppdp.exe68⤵PID:2664
-
\??\c:\djjdv.exec:\djjdv.exe69⤵PID:2208
-
\??\c:\xlfxllx.exec:\xlfxllx.exe70⤵PID:4924
-
\??\c:\xrlxxlr.exec:\xrlxxlr.exe71⤵PID:2916
-
\??\c:\thbttt.exec:\thbttt.exe72⤵PID:664
-
\??\c:\nhbtnb.exec:\nhbtnb.exe73⤵PID:2652
-
\??\c:\jvvpd.exec:\jvvpd.exe74⤵PID:1440
-
\??\c:\vpjdp.exec:\vpjdp.exe75⤵PID:612
-
\??\c:\lflxlfl.exec:\lflxlfl.exe76⤵PID:3336
-
\??\c:\hnnnhb.exec:\hnnnhb.exe77⤵PID:1020
-
\??\c:\vvdvj.exec:\vvdvj.exe78⤵PID:1540
-
\??\c:\vjjvd.exec:\vjjvd.exe79⤵PID:3912
-
\??\c:\pdvjv.exec:\pdvjv.exe80⤵PID:3076
-
\??\c:\rxfrfxr.exec:\rxfrfxr.exe81⤵PID:4020
-
\??\c:\nhbbtt.exec:\nhbbtt.exe82⤵PID:4608
-
\??\c:\bbtnhb.exec:\bbtnhb.exe83⤵PID:2420
-
\??\c:\ttbhth.exec:\ttbhth.exe84⤵PID:3648
-
\??\c:\dpdpj.exec:\dpdpj.exe85⤵PID:3328
-
\??\c:\pppjp.exec:\pppjp.exe86⤵PID:920
-
\??\c:\9rlfrlx.exec:\9rlfrlx.exe87⤵PID:1456
-
\??\c:\lrrrlrl.exec:\lrrrlrl.exe88⤵PID:1808
-
\??\c:\3hhbtt.exec:\3hhbtt.exe89⤵PID:3220
-
\??\c:\1pjjv.exec:\1pjjv.exe90⤵PID:4872
-
\??\c:\5jpjd.exec:\5jpjd.exe91⤵PID:3676
-
\??\c:\lxrlrlf.exec:\lxrlrlf.exe92⤵PID:4596
-
\??\c:\xlfrlfx.exec:\xlfrlfx.exe93⤵PID:3244
-
\??\c:\7hhtnh.exec:\7hhtnh.exe94⤵PID:3496
-
\??\c:\hbbbht.exec:\hbbbht.exe95⤵PID:4792
-
\??\c:\vppjv.exec:\vppjv.exe96⤵PID:5068
-
\??\c:\rllfrrx.exec:\rllfrrx.exe97⤵PID:4784
-
\??\c:\tnnbht.exec:\tnnbht.exe98⤵PID:404
-
\??\c:\bbbtnn.exec:\bbbtnn.exe99⤵PID:1984
-
\??\c:\dvvjd.exec:\dvvjd.exe100⤵PID:4740
-
\??\c:\vvpdp.exec:\vvpdp.exe101⤵PID:5036
-
\??\c:\7lffrlf.exec:\7lffrlf.exe102⤵PID:4184
-
\??\c:\lxfrlff.exec:\lxfrlff.exe103⤵PID:4776
-
\??\c:\bthbtt.exec:\bthbtt.exe104⤵PID:4492
-
\??\c:\ddvdp.exec:\ddvdp.exe105⤵PID:1244
-
\??\c:\pjdpj.exec:\pjdpj.exe106⤵PID:4272
-
\??\c:\3rlxlfx.exec:\3rlxlfx.exe107⤵PID:3232
-
\??\c:\frlfxrl.exec:\frlfxrl.exe108⤵PID:3148
-
\??\c:\5thhbh.exec:\5thhbh.exe109⤵PID:3944
-
\??\c:\vpvjj.exec:\vpvjj.exe110⤵PID:2936
-
\??\c:\pdppd.exec:\pdppd.exe111⤵PID:1536
-
\??\c:\1rrlfxx.exec:\1rrlfxx.exe112⤵PID:1008
-
\??\c:\frlfxxr.exec:\frlfxxr.exe113⤵PID:1688
-
\??\c:\nhhhtn.exec:\nhhhtn.exe114⤵PID:4304
-
\??\c:\ttnhbt.exec:\ttnhbt.exe115⤵PID:4808
-
\??\c:\dvjdv.exec:\dvjdv.exe116⤵PID:1500
-
\??\c:\dpjvj.exec:\dpjvj.exe117⤵PID:3972
-
\??\c:\xxffflx.exec:\xxffflx.exe118⤵PID:3788
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe119⤵PID:1352
-
\??\c:\7nbtnn.exec:\7nbtnn.exe120⤵PID:4984
-
\??\c:\nhthbt.exec:\nhthbt.exe121⤵PID:4352
-
\??\c:\ppjvp.exec:\ppjvp.exe122⤵PID:704
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-