Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe
-
Size
78KB
-
MD5
659e1f2ab56f7df4960fcd0b74b5de10
-
SHA1
adb350da8d145bcf06df1bfa8841804f466923bf
-
SHA256
ef3ddee9fe87227aafe046dfd48a83b093da8c381a206c251ce785552edafb25
-
SHA512
c318c26f0d426a8467d0be493110fa3e500e23eb098371b5f0b1c611eebc145cc681c16dc488f1debda021af7e262c22e14105cc15e024b56e128b671f334bfc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2wVEJjOBo9P:ymb3NkkiQ3mdBjF+3TU2KEJjE6P
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/1772-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/548-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2948-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/392-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4080-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1316-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2080-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4068-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3500-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1736-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1616-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4864-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1632-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4568-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3700-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4728-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3972-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4336-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3192-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4116-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1016-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3552-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/852-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4904-198-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4652-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 548 hnhnbh.exe 2948 dpddp.exe 4080 xflffff.exe 392 nhtnnn.exe 1316 jpvpp.exe 2080 9vjjj.exe 3500 rrffxff.exe 4068 hbnnnt.exe 1736 hhtbbh.exe 1616 ppvvp.exe 2064 fxllrrx.exe 4864 tnthhn.exe 1632 vppjj.exe 4568 fxxxxxx.exe 3700 xlxxxfl.exe 4728 nbnntt.exe 3972 pvppj.exe 1344 rlrllll.exe 4336 lxfllll.exe 3192 3jppp.exe 4116 lrffxff.exe 4384 ffrxxfl.exe 1016 nbhbbb.exe 2028 jvpdd.exe 1404 lxfrrrl.exe 3552 bhbthn.exe 1412 ntbbbb.exe 852 1jppd.exe 3448 xxfrfxf.exe 4904 nntnnt.exe 4652 vpppv.exe 616 5rlxrxx.exe 1776 hnbhtb.exe 1040 hnbhnt.exe 3344 7ddjd.exe 3076 pjdvj.exe 4744 fffxrrr.exe 4188 hnbhhb.exe 1584 tnbtth.exe 4624 dvvvv.exe 4412 3rxxrxx.exe 2588 7hhnnn.exe 3404 bnhhhn.exe 2708 pjvpv.exe 1732 9xxfrxf.exe 628 7rxrllf.exe 3964 bbtnhn.exe 1568 nhhbbb.exe 1316 9vddp.exe 1048 1rxrllf.exe 2448 flfrxxr.exe 984 bhbnhn.exe 64 dppjd.exe 1984 7lfxrrl.exe 2472 rfrrlfl.exe 4424 ththbb.exe 2176 vvpvv.exe 3992 dvvjj.exe 5020 frrlfff.exe 3768 ttbtnn.exe 2592 3hbttt.exe 4688 jdvjd.exe 3700 lfxfrxl.exe 1052 nhnhhn.exe -
resource yara_rule behavioral2/memory/1772-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/548-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2948-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/392-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4080-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1316-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2080-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4068-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3500-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1736-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1616-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1616-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4864-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1632-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4568-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3700-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4728-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3972-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4336-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3192-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4116-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1016-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3552-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/852-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4904-198-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4652-204-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1772 wrote to memory of 548 1772 659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe 83 PID 1772 wrote to memory of 548 1772 659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe 83 PID 1772 wrote to memory of 548 1772 659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe 83 PID 548 wrote to memory of 2948 548 hnhnbh.exe 84 PID 548 wrote to memory of 2948 548 hnhnbh.exe 84 PID 548 wrote to memory of 2948 548 hnhnbh.exe 84 PID 2948 wrote to memory of 4080 2948 dpddp.exe 85 PID 2948 wrote to memory of 4080 2948 dpddp.exe 85 PID 2948 wrote to memory of 4080 2948 dpddp.exe 85 PID 4080 wrote to memory of 392 4080 xflffff.exe 86 PID 4080 wrote to memory of 392 4080 xflffff.exe 86 PID 4080 wrote to memory of 392 4080 xflffff.exe 86 PID 392 wrote to memory of 1316 392 nhtnnn.exe 87 PID 392 wrote to memory of 1316 392 nhtnnn.exe 87 PID 392 wrote to memory of 1316 392 nhtnnn.exe 87 PID 1316 wrote to memory of 2080 1316 jpvpp.exe 88 PID 1316 wrote to memory of 2080 1316 jpvpp.exe 88 PID 1316 wrote to memory of 2080 1316 jpvpp.exe 88 PID 2080 wrote to memory of 3500 2080 9vjjj.exe 89 PID 2080 wrote to memory of 3500 2080 9vjjj.exe 89 PID 2080 wrote to memory of 3500 2080 9vjjj.exe 89 PID 3500 wrote to memory of 4068 3500 rrffxff.exe 90 PID 3500 wrote to memory of 4068 3500 rrffxff.exe 90 PID 3500 wrote to memory of 4068 3500 rrffxff.exe 90 PID 4068 wrote to memory of 1736 4068 hbnnnt.exe 91 PID 4068 wrote to memory of 1736 4068 hbnnnt.exe 91 PID 4068 wrote to memory of 1736 4068 hbnnnt.exe 91 PID 1736 wrote to memory of 1616 1736 hhtbbh.exe 92 PID 1736 wrote to memory of 1616 1736 hhtbbh.exe 92 PID 1736 wrote to memory of 1616 1736 hhtbbh.exe 92 PID 1616 wrote to memory of 2064 1616 ppvvp.exe 93 PID 1616 wrote to memory of 2064 1616 ppvvp.exe 93 PID 1616 wrote to memory of 2064 1616 ppvvp.exe 93 PID 2064 wrote to memory of 4864 2064 fxllrrx.exe 94 PID 2064 wrote to memory of 4864 2064 fxllrrx.exe 94 PID 2064 wrote to memory of 4864 2064 fxllrrx.exe 94 PID 4864 wrote to memory of 1632 4864 tnthhn.exe 95 PID 4864 wrote to memory of 1632 4864 tnthhn.exe 95 PID 4864 wrote to memory of 1632 4864 tnthhn.exe 95 PID 1632 wrote to memory of 4568 1632 vppjj.exe 96 PID 1632 wrote to memory of 4568 1632 vppjj.exe 96 PID 1632 wrote to memory of 4568 1632 vppjj.exe 96 PID 4568 wrote to memory of 3700 4568 fxxxxxx.exe 97 PID 4568 wrote to memory of 3700 4568 fxxxxxx.exe 97 PID 4568 wrote to memory of 3700 4568 fxxxxxx.exe 97 PID 3700 wrote to memory of 4728 3700 xlxxxfl.exe 98 PID 3700 wrote to memory of 4728 3700 xlxxxfl.exe 98 PID 3700 wrote to memory of 4728 3700 xlxxxfl.exe 98 PID 4728 wrote to memory of 3972 4728 nbnntt.exe 99 PID 4728 wrote to memory of 3972 4728 nbnntt.exe 99 PID 4728 wrote to memory of 3972 4728 nbnntt.exe 99 PID 3972 wrote to memory of 1344 3972 pvppj.exe 100 PID 3972 wrote to memory of 1344 3972 pvppj.exe 100 PID 3972 wrote to memory of 1344 3972 pvppj.exe 100 PID 1344 wrote to memory of 4336 1344 rlrllll.exe 101 PID 1344 wrote to memory of 4336 1344 rlrllll.exe 101 PID 1344 wrote to memory of 4336 1344 rlrllll.exe 101 PID 4336 wrote to memory of 3192 4336 lxfllll.exe 102 PID 4336 wrote to memory of 3192 4336 lxfllll.exe 102 PID 4336 wrote to memory of 3192 4336 lxfllll.exe 102 PID 3192 wrote to memory of 4116 3192 3jppp.exe 103 PID 3192 wrote to memory of 4116 3192 3jppp.exe 103 PID 3192 wrote to memory of 4116 3192 3jppp.exe 103 PID 4116 wrote to memory of 4384 4116 lrffxff.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\659e1f2ab56f7df4960fcd0b74b5de10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1772 -
\??\c:\hnhnbh.exec:\hnhnbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:548 -
\??\c:\dpddp.exec:\dpddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2948 -
\??\c:\xflffff.exec:\xflffff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4080 -
\??\c:\nhtnnn.exec:\nhtnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:392 -
\??\c:\jpvpp.exec:\jpvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1316 -
\??\c:\9vjjj.exec:\9vjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2080 -
\??\c:\rrffxff.exec:\rrffxff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3500 -
\??\c:\hbnnnt.exec:\hbnnnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4068 -
\??\c:\hhtbbh.exec:\hhtbbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1736 -
\??\c:\ppvvp.exec:\ppvvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1616 -
\??\c:\fxllrrx.exec:\fxllrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2064 -
\??\c:\tnthhn.exec:\tnthhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4864 -
\??\c:\vppjj.exec:\vppjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1632 -
\??\c:\fxxxxxx.exec:\fxxxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4568 -
\??\c:\xlxxxfl.exec:\xlxxxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3700 -
\??\c:\nbnntt.exec:\nbnntt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4728 -
\??\c:\pvppj.exec:\pvppj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3972 -
\??\c:\rlrllll.exec:\rlrllll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\lxfllll.exec:\lxfllll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4336 -
\??\c:\3jppp.exec:\3jppp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3192 -
\??\c:\lrffxff.exec:\lrffxff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4116 -
\??\c:\ffrxxfl.exec:\ffrxxfl.exe23⤵
- Executes dropped EXE
PID:4384 -
\??\c:\nbhbbb.exec:\nbhbbb.exe24⤵
- Executes dropped EXE
PID:1016 -
\??\c:\jvpdd.exec:\jvpdd.exe25⤵
- Executes dropped EXE
PID:2028 -
\??\c:\lxfrrrl.exec:\lxfrrrl.exe26⤵
- Executes dropped EXE
PID:1404 -
\??\c:\bhbthn.exec:\bhbthn.exe27⤵
- Executes dropped EXE
PID:3552 -
\??\c:\ntbbbb.exec:\ntbbbb.exe28⤵
- Executes dropped EXE
PID:1412 -
\??\c:\1jppd.exec:\1jppd.exe29⤵
- Executes dropped EXE
PID:852 -
\??\c:\xxfrfxf.exec:\xxfrfxf.exe30⤵
- Executes dropped EXE
PID:3448 -
\??\c:\nntnnt.exec:\nntnnt.exe31⤵
- Executes dropped EXE
PID:4904 -
\??\c:\vpppv.exec:\vpppv.exe32⤵
- Executes dropped EXE
PID:4652 -
\??\c:\5rlxrxx.exec:\5rlxrxx.exe33⤵
- Executes dropped EXE
PID:616 -
\??\c:\hnbhtb.exec:\hnbhtb.exe34⤵
- Executes dropped EXE
PID:1776 -
\??\c:\hnbhnt.exec:\hnbhnt.exe35⤵
- Executes dropped EXE
PID:1040 -
\??\c:\7ddjd.exec:\7ddjd.exe36⤵
- Executes dropped EXE
PID:3344 -
\??\c:\pjdvj.exec:\pjdvj.exe37⤵
- Executes dropped EXE
PID:3076 -
\??\c:\fffxrrr.exec:\fffxrrr.exe38⤵
- Executes dropped EXE
PID:4744 -
\??\c:\hnbhhb.exec:\hnbhhb.exe39⤵
- Executes dropped EXE
PID:4188 -
\??\c:\tnbtth.exec:\tnbtth.exe40⤵
- Executes dropped EXE
PID:1584 -
\??\c:\dvvvv.exec:\dvvvv.exe41⤵
- Executes dropped EXE
PID:4624 -
\??\c:\3rxxrxx.exec:\3rxxrxx.exe42⤵
- Executes dropped EXE
PID:4412 -
\??\c:\7hhnnn.exec:\7hhnnn.exe43⤵
- Executes dropped EXE
PID:2588 -
\??\c:\bnhhhn.exec:\bnhhhn.exe44⤵
- Executes dropped EXE
PID:3404 -
\??\c:\pjvpv.exec:\pjvpv.exe45⤵
- Executes dropped EXE
PID:2708 -
\??\c:\9xxfrxf.exec:\9xxfrxf.exe46⤵
- Executes dropped EXE
PID:1732 -
\??\c:\7rxrllf.exec:\7rxrllf.exe47⤵
- Executes dropped EXE
PID:628 -
\??\c:\bbtnhn.exec:\bbtnhn.exe48⤵
- Executes dropped EXE
PID:3964 -
\??\c:\nhhbbb.exec:\nhhbbb.exe49⤵
- Executes dropped EXE
PID:1568 -
\??\c:\9vddp.exec:\9vddp.exe50⤵
- Executes dropped EXE
PID:1316 -
\??\c:\1rxrllf.exec:\1rxrllf.exe51⤵
- Executes dropped EXE
PID:1048 -
\??\c:\flfrxxr.exec:\flfrxxr.exe52⤵
- Executes dropped EXE
PID:2448 -
\??\c:\bhbnhn.exec:\bhbnhn.exe53⤵
- Executes dropped EXE
PID:984 -
\??\c:\dppjd.exec:\dppjd.exe54⤵
- Executes dropped EXE
PID:64 -
\??\c:\7lfxrrl.exec:\7lfxrrl.exe55⤵
- Executes dropped EXE
PID:1984 -
\??\c:\rfrrlfl.exec:\rfrrlfl.exe56⤵
- Executes dropped EXE
PID:2472 -
\??\c:\ththbb.exec:\ththbb.exe57⤵
- Executes dropped EXE
PID:4424 -
\??\c:\vvpvv.exec:\vvpvv.exe58⤵
- Executes dropped EXE
PID:2176 -
\??\c:\dvvjj.exec:\dvvjj.exe59⤵
- Executes dropped EXE
PID:3992 -
\??\c:\frrlfff.exec:\frrlfff.exe60⤵
- Executes dropped EXE
PID:5020 -
\??\c:\ttbtnn.exec:\ttbtnn.exe61⤵
- Executes dropped EXE
PID:3768 -
\??\c:\3hbttt.exec:\3hbttt.exe62⤵
- Executes dropped EXE
PID:2592 -
\??\c:\jdvjd.exec:\jdvjd.exe63⤵
- Executes dropped EXE
PID:4688 -
\??\c:\lfxfrxl.exec:\lfxfrxl.exe64⤵
- Executes dropped EXE
PID:3700 -
\??\c:\nhnhhn.exec:\nhnhhn.exe65⤵
- Executes dropped EXE
PID:1052 -
\??\c:\nhbtnn.exec:\nhbtnn.exe66⤵PID:4940
-
\??\c:\jpvpv.exec:\jpvpv.exe67⤵PID:1912
-
\??\c:\lfxrrrr.exec:\lfxrrrr.exe68⤵PID:3660
-
\??\c:\bbhnnh.exec:\bbhnnh.exe69⤵PID:3096
-
\??\c:\pvvpp.exec:\pvvpp.exe70⤵PID:2396
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe71⤵PID:1640
-
\??\c:\bnnhth.exec:\bnnhth.exe72⤵PID:4784
-
\??\c:\bhtnhb.exec:\bhtnhb.exe73⤵PID:4488
-
\??\c:\xxrlxlf.exec:\xxrlxlf.exe74⤵PID:3680
-
\??\c:\hbthhn.exec:\hbthhn.exe75⤵PID:2736
-
\??\c:\1jpjj.exec:\1jpjj.exe76⤵PID:384
-
\??\c:\dppjd.exec:\dppjd.exe77⤵PID:2512
-
\??\c:\rlrrfff.exec:\rlrrfff.exe78⤵PID:4956
-
\??\c:\nbnnnt.exec:\nbnnnt.exe79⤵PID:3664
-
\??\c:\vddvv.exec:\vddvv.exe80⤵PID:3752
-
\??\c:\5fllrrf.exec:\5fllrrf.exe81⤵PID:2168
-
\??\c:\fffxxlf.exec:\fffxxlf.exe82⤵PID:212
-
\??\c:\rffffxl.exec:\rffffxl.exe83⤵PID:1352
-
\??\c:\tttnbt.exec:\tttnbt.exe84⤵PID:2980
-
\??\c:\3vpjd.exec:\3vpjd.exe85⤵PID:4720
-
\??\c:\vddjv.exec:\vddjv.exe86⤵PID:4180
-
\??\c:\lfxrffx.exec:\lfxrffx.exe87⤵PID:3428
-
\??\c:\lfflflf.exec:\lfflflf.exe88⤵PID:4420
-
\??\c:\5flffff.exec:\5flffff.exe89⤵PID:4604
-
\??\c:\hnbtnh.exec:\hnbtnh.exe90⤵PID:3016
-
\??\c:\hbtthh.exec:\hbtthh.exe91⤵PID:2860
-
\??\c:\jdjjj.exec:\jdjjj.exe92⤵PID:4596
-
\??\c:\vjppj.exec:\vjppj.exe93⤵PID:3824
-
\??\c:\rlfllfl.exec:\rlfllfl.exe94⤵PID:392
-
\??\c:\fxrfxrr.exec:\fxrfxrr.exe95⤵PID:3216
-
\??\c:\hnnhhb.exec:\hnnhhb.exe96⤵PID:800
-
\??\c:\htthhh.exec:\htthhh.exe97⤵PID:3500
-
\??\c:\jddvp.exec:\jddvp.exe98⤵PID:2404
-
\??\c:\dvvvd.exec:\dvvvd.exe99⤵PID:3844
-
\??\c:\rxxrlrr.exec:\rxxrlrr.exe100⤵PID:1668
-
\??\c:\xlxxrrl.exec:\xlxxrrl.exe101⤵PID:1524
-
\??\c:\7hnnnn.exec:\7hnnnn.exe102⤵PID:1328
-
\??\c:\9tnnhh.exec:\9tnnhh.exe103⤵PID:3648
-
\??\c:\3ddjj.exec:\3ddjj.exe104⤵PID:2848
-
\??\c:\vppjd.exec:\vppjd.exe105⤵PID:2352
-
\??\c:\llxrlfl.exec:\llxrlfl.exe106⤵PID:2760
-
\??\c:\hnbtnn.exec:\hnbtnn.exe107⤵PID:3332
-
\??\c:\nhhbtt.exec:\nhhbtt.exe108⤵PID:5072
-
\??\c:\jvvpd.exec:\jvvpd.exe109⤵PID:1344
-
\??\c:\dvvjj.exec:\dvvjj.exe110⤵PID:5028
-
\??\c:\rfrllff.exec:\rfrllff.exe111⤵PID:4852
-
\??\c:\lxxfxxr.exec:\lxxfxxr.exe112⤵PID:2576
-
\??\c:\7tnnnb.exec:\7tnnnb.exe113⤵PID:936
-
\??\c:\bnnhhh.exec:\bnnhhh.exe114⤵PID:3672
-
\??\c:\dpvpd.exec:\dpvpd.exe115⤵PID:3944
-
\??\c:\dvjdj.exec:\dvjdj.exe116⤵PID:1688
-
\??\c:\fxllflf.exec:\fxllflf.exe117⤵PID:4912
-
\??\c:\rlxfxff.exec:\rlxfxff.exe118⤵PID:2820
-
\??\c:\tnnhnh.exec:\tnnhnh.exe119⤵PID:1956
-
\??\c:\vvddv.exec:\vvddv.exe120⤵PID:1944
-
\??\c:\jjdpj.exec:\jjdpj.exe121⤵PID:2712
-
\??\c:\frxxrrl.exec:\frxxrrl.exe122⤵PID:2376
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-