Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe
-
Size
401KB
-
MD5
65d4b4de56ee85759cbd651ecdeef130
-
SHA1
0b1ee38539ff94ce2f1bbf615356c6023c18fe7d
-
SHA256
9bee78c5f5b4ab82cf53dad99b88b5637799f34e4f39d198598173f61bb3c29a
-
SHA512
fbf83c360efa3aa83fe74db849364928644f0d7674e7ffb06c0d25f2c49cea2311aef1001f24f418abb2aab253c8a4fdef5961d40658e43b747cce55b8001e98
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmX5kr+uIBpkJITEEuR9XTVyXm9:n3C9BRIG0asYFm71mJkr+uIBe1T8Q
Malware Config
Signatures
-
Detect Blackmoon payload 29 IoCs
resource yara_rule behavioral2/memory/3164-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3284-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2180-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2900-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2292-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4296-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3936-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3936-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2420-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2420-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2420-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1020-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1760-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4664-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3728-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1788-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2408-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4920-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1828-125-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3428-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3748-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4864-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4484-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4632-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1992-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3548-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4400-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3584-193-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/436-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3284 fxxxlrx.exe 2180 lxxfflf.exe 2900 vjvdp.exe 512 ttnntn.exe 2292 xflrlrr.exe 4296 bbtnnt.exe 3936 tbnnhn.exe 2420 5jjjd.exe 1020 lfxxxxr.exe 1760 jdvdv.exe 3728 bhntbb.exe 4664 dvjjj.exe 5112 xfxxxfr.exe 1788 rfrfflr.exe 2408 bnnntn.exe 4920 jdjvp.exe 1828 lfrlrxx.exe 3428 vvppj.exe 3916 bbtnbt.exe 3748 htbttb.exe 4864 dpdjj.exe 4632 bthnnn.exe 4484 rrlxxll.exe 1992 vppjv.exe 3548 lrrrxlr.exe 4400 pvppv.exe 4892 vpjjd.exe 3584 flxxxff.exe 436 pvjdd.exe 4392 ffffxxx.exe 5088 rxxrlrr.exe 4124 httbht.exe 1368 flxxxrr.exe 932 nnnhtt.exe 3020 ddjvd.exe 4432 lllllxl.exe 3516 hbtttb.exe 3884 5dpjj.exe 916 frfrxlr.exe 2460 hhnhbn.exe 2180 jddpj.exe 116 frflrxf.exe 4760 ntnnbh.exe 4660 7pdpp.exe 1824 jjpjj.exe 1424 rffxrrl.exe 1556 lxlxrlf.exe 2420 bnhhbn.exe 3296 djdpj.exe 2032 xrlxllf.exe 4848 lfxxlrr.exe 3040 9bbbtt.exe 1592 pvjjj.exe 3016 7xrlffx.exe 4404 hhtttt.exe 1700 xfrrllr.exe 4828 hhbbbb.exe 2052 dvpjj.exe 1988 rxxffxf.exe 5096 bthbht.exe 1088 djjjj.exe 3208 xxrlxfr.exe 3468 ttnttb.exe 3364 djjvp.exe -
resource yara_rule behavioral2/memory/3164-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3284-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3284-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2180-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2900-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2292-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4296-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3936-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3936-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2420-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2420-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2420-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1020-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1020-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1020-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1020-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1760-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4664-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3728-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1788-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2408-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4920-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1828-125-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3428-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3748-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4864-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4484-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4632-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1992-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3548-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4400-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3584-193-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/436-197-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3164 wrote to memory of 3284 3164 65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe 82 PID 3164 wrote to memory of 3284 3164 65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe 82 PID 3164 wrote to memory of 3284 3164 65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe 82 PID 3284 wrote to memory of 2180 3284 fxxxlrx.exe 83 PID 3284 wrote to memory of 2180 3284 fxxxlrx.exe 83 PID 3284 wrote to memory of 2180 3284 fxxxlrx.exe 83 PID 2180 wrote to memory of 2900 2180 lxxfflf.exe 84 PID 2180 wrote to memory of 2900 2180 lxxfflf.exe 84 PID 2180 wrote to memory of 2900 2180 lxxfflf.exe 84 PID 2900 wrote to memory of 512 2900 vjvdp.exe 85 PID 2900 wrote to memory of 512 2900 vjvdp.exe 85 PID 2900 wrote to memory of 512 2900 vjvdp.exe 85 PID 512 wrote to memory of 2292 512 ttnntn.exe 86 PID 512 wrote to memory of 2292 512 ttnntn.exe 86 PID 512 wrote to memory of 2292 512 ttnntn.exe 86 PID 2292 wrote to memory of 4296 2292 xflrlrr.exe 87 PID 2292 wrote to memory of 4296 2292 xflrlrr.exe 87 PID 2292 wrote to memory of 4296 2292 xflrlrr.exe 87 PID 4296 wrote to memory of 3936 4296 bbtnnt.exe 89 PID 4296 wrote to memory of 3936 4296 bbtnnt.exe 89 PID 4296 wrote to memory of 3936 4296 bbtnnt.exe 89 PID 3936 wrote to memory of 2420 3936 tbnnhn.exe 90 PID 3936 wrote to memory of 2420 3936 tbnnhn.exe 90 PID 3936 wrote to memory of 2420 3936 tbnnhn.exe 90 PID 2420 wrote to memory of 1020 2420 5jjjd.exe 92 PID 2420 wrote to memory of 1020 2420 5jjjd.exe 92 PID 2420 wrote to memory of 1020 2420 5jjjd.exe 92 PID 1020 wrote to memory of 1760 1020 lfxxxxr.exe 93 PID 1020 wrote to memory of 1760 1020 lfxxxxr.exe 93 PID 1020 wrote to memory of 1760 1020 lfxxxxr.exe 93 PID 1760 wrote to memory of 3728 1760 jdvdv.exe 95 PID 1760 wrote to memory of 3728 1760 jdvdv.exe 95 PID 1760 wrote to memory of 3728 1760 jdvdv.exe 95 PID 3728 wrote to memory of 4664 3728 bhntbb.exe 96 PID 3728 wrote to memory of 4664 3728 bhntbb.exe 96 PID 3728 wrote to memory of 4664 3728 bhntbb.exe 96 PID 4664 wrote to memory of 5112 4664 dvjjj.exe 97 PID 4664 wrote to memory of 5112 4664 dvjjj.exe 97 PID 4664 wrote to memory of 5112 4664 dvjjj.exe 97 PID 5112 wrote to memory of 1788 5112 xfxxxfr.exe 98 PID 5112 wrote to memory of 1788 5112 xfxxxfr.exe 98 PID 5112 wrote to memory of 1788 5112 xfxxxfr.exe 98 PID 1788 wrote to memory of 2408 1788 rfrfflr.exe 99 PID 1788 wrote to memory of 2408 1788 rfrfflr.exe 99 PID 1788 wrote to memory of 2408 1788 rfrfflr.exe 99 PID 2408 wrote to memory of 4920 2408 bnnntn.exe 100 PID 2408 wrote to memory of 4920 2408 bnnntn.exe 100 PID 2408 wrote to memory of 4920 2408 bnnntn.exe 100 PID 4920 wrote to memory of 1828 4920 jdjvp.exe 101 PID 4920 wrote to memory of 1828 4920 jdjvp.exe 101 PID 4920 wrote to memory of 1828 4920 jdjvp.exe 101 PID 1828 wrote to memory of 3428 1828 lfrlrxx.exe 102 PID 1828 wrote to memory of 3428 1828 lfrlrxx.exe 102 PID 1828 wrote to memory of 3428 1828 lfrlrxx.exe 102 PID 3428 wrote to memory of 3916 3428 vvppj.exe 103 PID 3428 wrote to memory of 3916 3428 vvppj.exe 103 PID 3428 wrote to memory of 3916 3428 vvppj.exe 103 PID 3916 wrote to memory of 3748 3916 bbtnbt.exe 104 PID 3916 wrote to memory of 3748 3916 bbtnbt.exe 104 PID 3916 wrote to memory of 3748 3916 bbtnbt.exe 104 PID 3748 wrote to memory of 4864 3748 htbttb.exe 105 PID 3748 wrote to memory of 4864 3748 htbttb.exe 105 PID 3748 wrote to memory of 4864 3748 htbttb.exe 105 PID 4864 wrote to memory of 4632 4864 dpdjj.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\65d4b4de56ee85759cbd651ecdeef130_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3164 -
\??\c:\fxxxlrx.exec:\fxxxlrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3284 -
\??\c:\lxxfflf.exec:\lxxfflf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2180 -
\??\c:\vjvdp.exec:\vjvdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\ttnntn.exec:\ttnntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:512 -
\??\c:\xflrlrr.exec:\xflrlrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2292 -
\??\c:\bbtnnt.exec:\bbtnnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4296 -
\??\c:\tbnnhn.exec:\tbnnhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3936 -
\??\c:\5jjjd.exec:\5jjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\lfxxxxr.exec:\lfxxxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1020 -
\??\c:\jdvdv.exec:\jdvdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1760 -
\??\c:\bhntbb.exec:\bhntbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3728 -
\??\c:\dvjjj.exec:\dvjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4664 -
\??\c:\xfxxxfr.exec:\xfxxxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5112 -
\??\c:\rfrfflr.exec:\rfrfflr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1788 -
\??\c:\bnnntn.exec:\bnnntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\jdjvp.exec:\jdjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4920 -
\??\c:\lfrlrxx.exec:\lfrlrxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1828 -
\??\c:\vvppj.exec:\vvppj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3428 -
\??\c:\bbtnbt.exec:\bbtnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3916 -
\??\c:\htbttb.exec:\htbttb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3748 -
\??\c:\dpdjj.exec:\dpdjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4864 -
\??\c:\bthnnn.exec:\bthnnn.exe23⤵
- Executes dropped EXE
PID:4632 -
\??\c:\rrlxxll.exec:\rrlxxll.exe24⤵
- Executes dropped EXE
PID:4484 -
\??\c:\vppjv.exec:\vppjv.exe25⤵
- Executes dropped EXE
PID:1992 -
\??\c:\lrrrxlr.exec:\lrrrxlr.exe26⤵
- Executes dropped EXE
PID:3548 -
\??\c:\pvppv.exec:\pvppv.exe27⤵
- Executes dropped EXE
PID:4400 -
\??\c:\vpjjd.exec:\vpjjd.exe28⤵
- Executes dropped EXE
PID:4892 -
\??\c:\flxxxff.exec:\flxxxff.exe29⤵
- Executes dropped EXE
PID:3584 -
\??\c:\pvjdd.exec:\pvjdd.exe30⤵
- Executes dropped EXE
PID:436 -
\??\c:\ffffxxx.exec:\ffffxxx.exe31⤵
- Executes dropped EXE
PID:4392 -
\??\c:\rxxrlrr.exec:\rxxrlrr.exe32⤵
- Executes dropped EXE
PID:5088 -
\??\c:\httbht.exec:\httbht.exe33⤵
- Executes dropped EXE
PID:4124 -
\??\c:\flxxxrr.exec:\flxxxrr.exe34⤵
- Executes dropped EXE
PID:1368 -
\??\c:\nnnhtt.exec:\nnnhtt.exe35⤵
- Executes dropped EXE
PID:932 -
\??\c:\ddjvd.exec:\ddjvd.exe36⤵
- Executes dropped EXE
PID:3020 -
\??\c:\lllllxl.exec:\lllllxl.exe37⤵
- Executes dropped EXE
PID:4432 -
\??\c:\hbtttb.exec:\hbtttb.exe38⤵
- Executes dropped EXE
PID:3516 -
\??\c:\5dpjj.exec:\5dpjj.exe39⤵
- Executes dropped EXE
PID:3884 -
\??\c:\frfrxlr.exec:\frfrxlr.exe40⤵
- Executes dropped EXE
PID:916 -
\??\c:\hhnhbn.exec:\hhnhbn.exe41⤵
- Executes dropped EXE
PID:2460 -
\??\c:\jddpj.exec:\jddpj.exe42⤵
- Executes dropped EXE
PID:2180 -
\??\c:\frflrxf.exec:\frflrxf.exe43⤵
- Executes dropped EXE
PID:116 -
\??\c:\ntnnbh.exec:\ntnnbh.exe44⤵
- Executes dropped EXE
PID:4760 -
\??\c:\7pdpp.exec:\7pdpp.exe45⤵
- Executes dropped EXE
PID:4660 -
\??\c:\jjpjj.exec:\jjpjj.exe46⤵
- Executes dropped EXE
PID:1824 -
\??\c:\rffxrrl.exec:\rffxrrl.exe47⤵
- Executes dropped EXE
PID:1424 -
\??\c:\lxlxrlf.exec:\lxlxrlf.exe48⤵
- Executes dropped EXE
PID:1556 -
\??\c:\bnhhbn.exec:\bnhhbn.exe49⤵
- Executes dropped EXE
PID:2420 -
\??\c:\djdpj.exec:\djdpj.exe50⤵
- Executes dropped EXE
PID:3296 -
\??\c:\xrlxllf.exec:\xrlxllf.exe51⤵
- Executes dropped EXE
PID:2032 -
\??\c:\lfxxlrr.exec:\lfxxlrr.exe52⤵
- Executes dropped EXE
PID:4848 -
\??\c:\9bbbtt.exec:\9bbbtt.exe53⤵
- Executes dropped EXE
PID:3040 -
\??\c:\pvjjj.exec:\pvjjj.exe54⤵
- Executes dropped EXE
PID:1592 -
\??\c:\7xrlffx.exec:\7xrlffx.exe55⤵
- Executes dropped EXE
PID:3016 -
\??\c:\hhtttt.exec:\hhtttt.exe56⤵
- Executes dropped EXE
PID:4404 -
\??\c:\xfrrllr.exec:\xfrrllr.exe57⤵
- Executes dropped EXE
PID:1700 -
\??\c:\hhbbbb.exec:\hhbbbb.exe58⤵
- Executes dropped EXE
PID:4828 -
\??\c:\dvpjj.exec:\dvpjj.exe59⤵
- Executes dropped EXE
PID:2052 -
\??\c:\rxxffxf.exec:\rxxffxf.exe60⤵
- Executes dropped EXE
PID:1988 -
\??\c:\bthbht.exec:\bthbht.exe61⤵
- Executes dropped EXE
PID:5096 -
\??\c:\djjjj.exec:\djjjj.exe62⤵
- Executes dropped EXE
PID:1088 -
\??\c:\xxrlxfr.exec:\xxrlxfr.exe63⤵
- Executes dropped EXE
PID:3208 -
\??\c:\ttnttb.exec:\ttnttb.exe64⤵
- Executes dropped EXE
PID:3468 -
\??\c:\djjvp.exec:\djjvp.exe65⤵
- Executes dropped EXE
PID:3364 -
\??\c:\xrxlfxr.exec:\xrxlfxr.exe66⤵PID:1652
-
\??\c:\3tnbht.exec:\3tnbht.exe67⤵PID:1804
-
\??\c:\pdjjp.exec:\pdjjp.exe68⤵PID:2660
-
\??\c:\ddpjj.exec:\ddpjj.exe69⤵PID:3264
-
\??\c:\xxfflll.exec:\xxfflll.exe70⤵PID:4860
-
\??\c:\1vddd.exec:\1vddd.exe71⤵PID:2204
-
\??\c:\djjjp.exec:\djjjp.exe72⤵PID:2424
-
\??\c:\9btbbn.exec:\9btbbn.exe73⤵PID:5076
-
\??\c:\dpvdv.exec:\dpvdv.exe74⤵PID:2952
-
\??\c:\flxfxff.exec:\flxfxff.exe75⤵PID:4996
-
\??\c:\thnhhn.exec:\thnhhn.exe76⤵PID:1676
-
\??\c:\thnhnh.exec:\thnhnh.exe77⤵PID:3476
-
\??\c:\xxllrfr.exec:\xxllrfr.exe78⤵PID:1288
-
\??\c:\flrlllf.exec:\flrlllf.exe79⤵PID:1104
-
\??\c:\nbbtnh.exec:\nbbtnh.exe80⤵PID:2088
-
\??\c:\vdpjd.exec:\vdpjd.exe81⤵PID:2000
-
\??\c:\xrrlflf.exec:\xrrlflf.exe82⤵PID:4324
-
\??\c:\httntn.exec:\httntn.exe83⤵PID:4636
-
\??\c:\pjdvp.exec:\pjdvp.exe84⤵PID:900
-
\??\c:\3jpdd.exec:\3jpdd.exe85⤵PID:4780
-
\??\c:\bthntn.exec:\bthntn.exe86⤵PID:2168
-
\??\c:\dvvjd.exec:\dvvjd.exe87⤵PID:1432
-
\??\c:\rrxllrx.exec:\rrxllrx.exe88⤵PID:2288
-
\??\c:\fflfxxr.exec:\fflfxxr.exe89⤵PID:3328
-
\??\c:\nbthtt.exec:\nbthtt.exe90⤵PID:2300
-
\??\c:\jpdpv.exec:\jpdpv.exe91⤵PID:1824
-
\??\c:\xrxrrll.exec:\xrxrrll.exe92⤵PID:2516
-
\??\c:\hbhhhh.exec:\hbhhhh.exe93⤵PID:1176
-
\??\c:\7vddd.exec:\7vddd.exe94⤵PID:1020
-
\??\c:\lxrxxfr.exec:\lxrxxfr.exe95⤵PID:2096
-
\??\c:\lffrllr.exec:\lffrllr.exe96⤵PID:3304
-
\??\c:\bhnntt.exec:\bhnntt.exe97⤵PID:4980
-
\??\c:\jpddd.exec:\jpddd.exe98⤵PID:3088
-
\??\c:\rllfxxr.exec:\rllfxxr.exe99⤵PID:1076
-
\??\c:\fxlffff.exec:\fxlffff.exe100⤵PID:4828
-
\??\c:\bbhbhh.exec:\bbhbhh.exe101⤵PID:2960
-
\??\c:\jvddv.exec:\jvddv.exe102⤵PID:8
-
\??\c:\rffxrll.exec:\rffxrll.exe103⤵PID:2336
-
\??\c:\ppjvv.exec:\ppjvv.exe104⤵PID:4752
-
\??\c:\5jdvd.exec:\5jdvd.exe105⤵PID:1360
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe106⤵PID:3080
-
\??\c:\btnntb.exec:\btnntb.exe107⤵PID:4836
-
\??\c:\ppjpj.exec:\ppjpj.exe108⤵PID:2780
-
\??\c:\rlllfff.exec:\rlllfff.exe109⤵PID:1756
-
\??\c:\fxlllrf.exec:\fxlllrf.exe110⤵PID:4620
-
\??\c:\jdjdj.exec:\jdjdj.exe111⤵PID:3548
-
\??\c:\lxrflrf.exec:\lxrflrf.exe112⤵PID:4572
-
\??\c:\hnbhht.exec:\hnbhht.exe113⤵PID:4892
-
\??\c:\jdjpp.exec:\jdjpp.exe114⤵PID:4644
-
\??\c:\rxxfrlf.exec:\rxxfrlf.exe115⤵PID:2224
-
\??\c:\nnnbth.exec:\nnnbth.exe116⤵PID:4464
-
\??\c:\dppvp.exec:\dppvp.exe117⤵PID:1124
-
\??\c:\xlrrlff.exec:\xlrrlff.exe118⤵PID:5080
-
\??\c:\7tbnbn.exec:\7tbnbn.exe119⤵PID:184
-
\??\c:\jvddj.exec:\jvddj.exe120⤵PID:3480
-
\??\c:\lfllxxr.exec:\lfllxxr.exe121⤵PID:2448
-
\??\c:\1hnbtn.exec:\1hnbtn.exe122⤵PID:4348
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-