Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe
-
Size
78KB
-
MD5
659e1f2ab56f7df4960fcd0b74b5de10
-
SHA1
adb350da8d145bcf06df1bfa8841804f466923bf
-
SHA256
ef3ddee9fe87227aafe046dfd48a83b093da8c381a206c251ce785552edafb25
-
SHA512
c318c26f0d426a8467d0be493110fa3e500e23eb098371b5f0b1c611eebc145cc681c16dc488f1debda021af7e262c22e14105cc15e024b56e128b671f334bfc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2wVEJjOBo9P:ymb3NkkiQ3mdBjF+3TU2KEJjE6P
Malware Config
Signatures
-
Detect Blackmoon payload 20 IoCs
resource yara_rule behavioral1/memory/1636-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1744-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2780-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2600-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2524-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2692-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2452-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1232-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/352-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1184-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2676-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2136-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2308-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1180-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2848-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1928-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1172-236-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1676-253-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1796-280-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1120-289-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1744 nbbhhb.exe 2780 vpdjv.exe 2600 lrxxfxx.exe 2524 3tnbnb.exe 2692 5bhtbt.exe 2556 vdpdp.exe 2452 fxflllf.exe 1232 tthbht.exe 352 pjvpj.exe 1184 pjdpd.exe 2676 frrrxxf.exe 2648 lxffrxl.exe 2136 nhbntb.exe 360 vddjv.exe 112 vpjpj.exe 2308 rrxxlxf.exe 1180 9lrrlff.exe 2848 btntbb.exe 1928 vjppp.exe 1956 5lflxlx.exe 268 flxrflr.exe 596 nnhnth.exe 560 7tntth.exe 1172 pppvd.exe 2080 jjdpd.exe 1676 9lrlrrf.exe 580 hbthtb.exe 2260 bttbtn.exe 1796 7vpdd.exe 1120 xxlrrxl.exe 1580 xlflffr.exe 1636 nttnbn.exe 2932 bbnttt.exe 1536 jdpdv.exe 2712 flxlrrf.exe 2792 xxlxlfx.exe 2600 3nttbt.exe 2396 5pvdp.exe 2720 3llxfrl.exe 2624 rflrfll.exe 2384 nhntnb.exe 1728 tthnbh.exe 2856 djjdp.exe 632 pvdpd.exe 352 rrlxffr.exe 2568 xlxlxxr.exe 2156 bbnbhh.exe 2640 ddddd.exe 2312 vjvvv.exe 1016 xffrfrx.exe 2304 lxffffl.exe 2300 htnbnt.exe 1888 nnbttb.exe 2004 vdpjd.exe 1180 rfrrflx.exe 1940 rfrflff.exe 1904 bhtttt.exe 2120 pvvpv.exe 788 9vjdv.exe 600 lfxxfll.exe 596 flxrfxl.exe 2340 nnhtnt.exe 2980 vpvdj.exe 808 jdvjv.exe -
resource yara_rule behavioral1/memory/1636-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1744-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2780-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2600-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2452-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1232-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/352-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1184-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2676-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2136-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2308-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1180-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2848-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1928-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1172-236-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1676-253-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1796-280-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1120-289-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1636 wrote to memory of 1744 1636 659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe 28 PID 1636 wrote to memory of 1744 1636 659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe 28 PID 1636 wrote to memory of 1744 1636 659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe 28 PID 1636 wrote to memory of 1744 1636 659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe 28 PID 1744 wrote to memory of 2780 1744 nbbhhb.exe 29 PID 1744 wrote to memory of 2780 1744 nbbhhb.exe 29 PID 1744 wrote to memory of 2780 1744 nbbhhb.exe 29 PID 1744 wrote to memory of 2780 1744 nbbhhb.exe 29 PID 2780 wrote to memory of 2600 2780 vpdjv.exe 30 PID 2780 wrote to memory of 2600 2780 vpdjv.exe 30 PID 2780 wrote to memory of 2600 2780 vpdjv.exe 30 PID 2780 wrote to memory of 2600 2780 vpdjv.exe 30 PID 2600 wrote to memory of 2524 2600 lrxxfxx.exe 31 PID 2600 wrote to memory of 2524 2600 lrxxfxx.exe 31 PID 2600 wrote to memory of 2524 2600 lrxxfxx.exe 31 PID 2600 wrote to memory of 2524 2600 lrxxfxx.exe 31 PID 2524 wrote to memory of 2692 2524 3tnbnb.exe 32 PID 2524 wrote to memory of 2692 2524 3tnbnb.exe 32 PID 2524 wrote to memory of 2692 2524 3tnbnb.exe 32 PID 2524 wrote to memory of 2692 2524 3tnbnb.exe 32 PID 2692 wrote to memory of 2556 2692 5bhtbt.exe 33 PID 2692 wrote to memory of 2556 2692 5bhtbt.exe 33 PID 2692 wrote to memory of 2556 2692 5bhtbt.exe 33 PID 2692 wrote to memory of 2556 2692 5bhtbt.exe 33 PID 2556 wrote to memory of 2452 2556 vdpdp.exe 34 PID 2556 wrote to memory of 2452 2556 vdpdp.exe 34 PID 2556 wrote to memory of 2452 2556 vdpdp.exe 34 PID 2556 wrote to memory of 2452 2556 vdpdp.exe 34 PID 2452 wrote to memory of 1232 2452 fxflllf.exe 35 PID 2452 wrote to memory of 1232 2452 fxflllf.exe 35 PID 2452 wrote to memory of 1232 2452 fxflllf.exe 35 PID 2452 wrote to memory of 1232 2452 fxflllf.exe 35 PID 1232 wrote to memory of 352 1232 tthbht.exe 36 PID 1232 wrote to memory of 352 1232 tthbht.exe 36 PID 1232 wrote to memory of 352 1232 tthbht.exe 36 PID 1232 wrote to memory of 352 1232 tthbht.exe 36 PID 352 wrote to memory of 1184 352 pjvpj.exe 37 PID 352 wrote to memory of 1184 352 pjvpj.exe 37 PID 352 wrote to memory of 1184 352 pjvpj.exe 37 PID 352 wrote to memory of 1184 352 pjvpj.exe 37 PID 1184 wrote to memory of 2676 1184 pjdpd.exe 38 PID 1184 wrote to memory of 2676 1184 pjdpd.exe 38 PID 1184 wrote to memory of 2676 1184 pjdpd.exe 38 PID 1184 wrote to memory of 2676 1184 pjdpd.exe 38 PID 2676 wrote to memory of 2648 2676 frrrxxf.exe 39 PID 2676 wrote to memory of 2648 2676 frrrxxf.exe 39 PID 2676 wrote to memory of 2648 2676 frrrxxf.exe 39 PID 2676 wrote to memory of 2648 2676 frrrxxf.exe 39 PID 2648 wrote to memory of 2136 2648 lxffrxl.exe 40 PID 2648 wrote to memory of 2136 2648 lxffrxl.exe 40 PID 2648 wrote to memory of 2136 2648 lxffrxl.exe 40 PID 2648 wrote to memory of 2136 2648 lxffrxl.exe 40 PID 2136 wrote to memory of 360 2136 nhbntb.exe 41 PID 2136 wrote to memory of 360 2136 nhbntb.exe 41 PID 2136 wrote to memory of 360 2136 nhbntb.exe 41 PID 2136 wrote to memory of 360 2136 nhbntb.exe 41 PID 360 wrote to memory of 112 360 vddjv.exe 42 PID 360 wrote to memory of 112 360 vddjv.exe 42 PID 360 wrote to memory of 112 360 vddjv.exe 42 PID 360 wrote to memory of 112 360 vddjv.exe 42 PID 112 wrote to memory of 2308 112 vpjpj.exe 43 PID 112 wrote to memory of 2308 112 vpjpj.exe 43 PID 112 wrote to memory of 2308 112 vpjpj.exe 43 PID 112 wrote to memory of 2308 112 vpjpj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1636 -
\??\c:\nbbhhb.exec:\nbbhhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1744 -
\??\c:\vpdjv.exec:\vpdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\lrxxfxx.exec:\lrxxfxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\3tnbnb.exec:\3tnbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\5bhtbt.exec:\5bhtbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\vdpdp.exec:\vdpdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2556 -
\??\c:\fxflllf.exec:\fxflllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\tthbht.exec:\tthbht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1232 -
\??\c:\pjvpj.exec:\pjvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:352 -
\??\c:\pjdpd.exec:\pjdpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1184 -
\??\c:\frrrxxf.exec:\frrrxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2676 -
\??\c:\lxffrxl.exec:\lxffrxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\nhbntb.exec:\nhbntb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2136 -
\??\c:\vddjv.exec:\vddjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:360 -
\??\c:\vpjpj.exec:\vpjpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:112 -
\??\c:\rrxxlxf.exec:\rrxxlxf.exe17⤵
- Executes dropped EXE
PID:2308 -
\??\c:\9lrrlff.exec:\9lrrlff.exe18⤵
- Executes dropped EXE
PID:1180 -
\??\c:\btntbb.exec:\btntbb.exe19⤵
- Executes dropped EXE
PID:2848 -
\??\c:\vjppp.exec:\vjppp.exe20⤵
- Executes dropped EXE
PID:1928 -
\??\c:\5lflxlx.exec:\5lflxlx.exe21⤵
- Executes dropped EXE
PID:1956 -
\??\c:\flxrflr.exec:\flxrflr.exe22⤵
- Executes dropped EXE
PID:268 -
\??\c:\nnhnth.exec:\nnhnth.exe23⤵
- Executes dropped EXE
PID:596 -
\??\c:\7tntth.exec:\7tntth.exe24⤵
- Executes dropped EXE
PID:560 -
\??\c:\pppvd.exec:\pppvd.exe25⤵
- Executes dropped EXE
PID:1172 -
\??\c:\jjdpd.exec:\jjdpd.exe26⤵
- Executes dropped EXE
PID:2080 -
\??\c:\9lrlrrf.exec:\9lrlrrf.exe27⤵
- Executes dropped EXE
PID:1676 -
\??\c:\hbthtb.exec:\hbthtb.exe28⤵
- Executes dropped EXE
PID:580 -
\??\c:\bttbtn.exec:\bttbtn.exe29⤵
- Executes dropped EXE
PID:2260 -
\??\c:\7vpdd.exec:\7vpdd.exe30⤵
- Executes dropped EXE
PID:1796 -
\??\c:\xxlrrxl.exec:\xxlrrxl.exe31⤵
- Executes dropped EXE
PID:1120 -
\??\c:\xlflffr.exec:\xlflffr.exe32⤵
- Executes dropped EXE
PID:1580 -
\??\c:\nttnbn.exec:\nttnbn.exe33⤵
- Executes dropped EXE
PID:1636 -
\??\c:\bbnttt.exec:\bbnttt.exe34⤵
- Executes dropped EXE
PID:2932 -
\??\c:\jdpdv.exec:\jdpdv.exe35⤵
- Executes dropped EXE
PID:1536 -
\??\c:\flxlrrf.exec:\flxlrrf.exe36⤵
- Executes dropped EXE
PID:2712 -
\??\c:\xxlxlfx.exec:\xxlxlfx.exe37⤵
- Executes dropped EXE
PID:2792 -
\??\c:\3nttbt.exec:\3nttbt.exe38⤵
- Executes dropped EXE
PID:2600 -
\??\c:\5pvdp.exec:\5pvdp.exe39⤵
- Executes dropped EXE
PID:2396 -
\??\c:\3llxfrl.exec:\3llxfrl.exe40⤵
- Executes dropped EXE
PID:2720 -
\??\c:\rflrfll.exec:\rflrfll.exe41⤵
- Executes dropped EXE
PID:2624 -
\??\c:\nhntnb.exec:\nhntnb.exe42⤵
- Executes dropped EXE
PID:2384 -
\??\c:\tthnbh.exec:\tthnbh.exe43⤵
- Executes dropped EXE
PID:1728 -
\??\c:\djjdp.exec:\djjdp.exe44⤵
- Executes dropped EXE
PID:2856 -
\??\c:\pvdpd.exec:\pvdpd.exe45⤵
- Executes dropped EXE
PID:632 -
\??\c:\rrlxffr.exec:\rrlxffr.exe46⤵
- Executes dropped EXE
PID:352 -
\??\c:\xlxlxxr.exec:\xlxlxxr.exe47⤵
- Executes dropped EXE
PID:2568 -
\??\c:\bbnbhh.exec:\bbnbhh.exe48⤵
- Executes dropped EXE
PID:2156 -
\??\c:\ddddd.exec:\ddddd.exe49⤵
- Executes dropped EXE
PID:2640 -
\??\c:\vjvvv.exec:\vjvvv.exe50⤵
- Executes dropped EXE
PID:2312 -
\??\c:\xffrfrx.exec:\xffrfrx.exe51⤵
- Executes dropped EXE
PID:1016 -
\??\c:\lxffffl.exec:\lxffffl.exe52⤵
- Executes dropped EXE
PID:2304 -
\??\c:\htnbnt.exec:\htnbnt.exe53⤵
- Executes dropped EXE
PID:2300 -
\??\c:\nnbttb.exec:\nnbttb.exe54⤵
- Executes dropped EXE
PID:1888 -
\??\c:\vdpjd.exec:\vdpjd.exe55⤵
- Executes dropped EXE
PID:2004 -
\??\c:\rfrrflx.exec:\rfrrflx.exe56⤵
- Executes dropped EXE
PID:1180 -
\??\c:\rfrflff.exec:\rfrflff.exe57⤵
- Executes dropped EXE
PID:1940 -
\??\c:\bhtttt.exec:\bhtttt.exe58⤵
- Executes dropped EXE
PID:1904 -
\??\c:\pvvpv.exec:\pvvpv.exe59⤵
- Executes dropped EXE
PID:2120 -
\??\c:\9vjdv.exec:\9vjdv.exe60⤵
- Executes dropped EXE
PID:788 -
\??\c:\lfxxfll.exec:\lfxxfll.exe61⤵
- Executes dropped EXE
PID:600 -
\??\c:\flxrfxl.exec:\flxrfxl.exe62⤵
- Executes dropped EXE
PID:596 -
\??\c:\nnhtnt.exec:\nnhtnt.exe63⤵
- Executes dropped EXE
PID:2340 -
\??\c:\vpvdj.exec:\vpvdj.exe64⤵
- Executes dropped EXE
PID:2980 -
\??\c:\jdvjv.exec:\jdvjv.exe65⤵
- Executes dropped EXE
PID:808 -
\??\c:\xrlxllr.exec:\xrlxllr.exe66⤵PID:952
-
\??\c:\fllrxfx.exec:\fllrxfx.exe67⤵PID:1676
-
\??\c:\tthtbb.exec:\tthtbb.exe68⤵PID:2240
-
\??\c:\nthnbb.exec:\nthnbb.exe69⤵PID:2268
-
\??\c:\pjpvd.exec:\pjpvd.exe70⤵PID:332
-
\??\c:\3vddv.exec:\3vddv.exe71⤵PID:2324
-
\??\c:\xxflffr.exec:\xxflffr.exe72⤵PID:2144
-
\??\c:\fxllxfr.exec:\fxllxfr.exe73⤵PID:1580
-
\??\c:\3nnhnb.exec:\3nnhnb.exe74⤵PID:2500
-
\??\c:\tnntbh.exec:\tnntbh.exe75⤵PID:1504
-
\??\c:\pppjp.exec:\pppjp.exe76⤵PID:2604
-
\??\c:\rxffrlx.exec:\rxffrlx.exe77⤵PID:2616
-
\??\c:\lffrfrf.exec:\lffrfrf.exe78⤵PID:2548
-
\??\c:\btnttt.exec:\btnttt.exe79⤵PID:2636
-
\??\c:\tthhhh.exec:\tthhhh.exe80⤵PID:2644
-
\??\c:\vpdjp.exec:\vpdjp.exe81⤵PID:2704
-
\??\c:\7jpvj.exec:\7jpvj.exe82⤵PID:2700
-
\??\c:\vpvdp.exec:\vpvdp.exe83⤵PID:2512
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe84⤵PID:2876
-
\??\c:\3rlrfxx.exec:\3rlrfxx.exe85⤵PID:2880
-
\??\c:\hhhbhb.exec:\hhhbhb.exe86⤵PID:856
-
\??\c:\bhhbhh.exec:\bhhbhh.exe87⤵PID:1224
-
\??\c:\pvdpv.exec:\pvdpv.exe88⤵PID:2376
-
\??\c:\vdpjv.exec:\vdpjv.exe89⤵PID:2316
-
\??\c:\3frllrf.exec:\3frllrf.exe90⤵PID:1444
-
\??\c:\rlfrfrx.exec:\rlfrfrx.exe91⤵PID:768
-
\??\c:\3hbthb.exec:\3hbthb.exe92⤵PID:320
-
\??\c:\tnbbhh.exec:\tnbbhh.exe93⤵PID:1540
-
\??\c:\5jjvj.exec:\5jjvj.exe94⤵PID:2028
-
\??\c:\jdpdp.exec:\jdpdp.exe95⤵PID:2040
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe96⤵PID:2744
-
\??\c:\tthtbb.exec:\tthtbb.exe97⤵PID:2740
-
\??\c:\tnnthh.exec:\tnnthh.exe98⤵PID:2848
-
\??\c:\dpvvv.exec:\dpvvv.exe99⤵PID:3024
-
\??\c:\pdppv.exec:\pdppv.exe100⤵PID:1952
-
\??\c:\ddvjv.exec:\ddvjv.exe101⤵PID:1404
-
\??\c:\lfxfxxl.exec:\lfxfxxl.exe102⤵PID:1836
-
\??\c:\xxrlrlf.exec:\xxrlrlf.exe103⤵PID:2664
-
\??\c:\hnbthn.exec:\hnbthn.exe104⤵PID:1128
-
\??\c:\ntnthh.exec:\ntnthh.exe105⤵PID:296
-
\??\c:\vdpjv.exec:\vdpjv.exe106⤵PID:872
-
\??\c:\vjjpd.exec:\vjjpd.exe107⤵PID:452
-
\??\c:\rrlrllr.exec:\rrlrllr.exe108⤵PID:1948
-
\??\c:\llfrlfr.exec:\llfrlfr.exe109⤵PID:1704
-
\??\c:\7hhtnb.exec:\7hhtnb.exe110⤵PID:2260
-
\??\c:\hhbnhn.exec:\hhbnhn.exe111⤵PID:1796
-
\??\c:\dvdvp.exec:\dvdvp.exe112⤵PID:2192
-
\??\c:\5pjvd.exec:\5pjvd.exe113⤵PID:2812
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe114⤵PID:892
-
\??\c:\rrffrfr.exec:\rrffrfr.exe115⤵PID:1580
-
\??\c:\xlflrxf.exec:\xlflrxf.exe116⤵PID:2500
-
\??\c:\tnhnbb.exec:\tnhnbb.exe117⤵PID:1504
-
\??\c:\httbbn.exec:\httbbn.exe118⤵PID:2936
-
\??\c:\vvppv.exec:\vvppv.exe119⤵PID:2780
-
\??\c:\vjjpv.exec:\vjjpv.exe120⤵PID:2776
-
\??\c:\xrffrxl.exec:\xrffrxl.exe121⤵PID:2636
-
\??\c:\rlxfrlx.exec:\rlxfrlx.exe122⤵PID:2392
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-