Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe
Resource
win7-20240419-en
5 signatures
150 seconds
General
-
Target
67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe
-
Size
77KB
-
MD5
67310ab4dcee6eb180abfed55b4a6830
-
SHA1
e452ffc700e5eecbb60c3cc96d19d75de11c3145
-
SHA256
bc30194ebe8ac4292e0ab09f514a273492edf66415f7e98969050278c1731c88
-
SHA512
a07c0e91d63a04205d50c40899e8f8575ed49abbe86e6c59b81830fa5d6b1a6379d7d0138201baab0b64b601ca41cd6fdfbc82eccc7be8fc36d19eea011d2c53
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgygQwKjiawEmB0:ymb3NkkiQ3mdBjFo73thgQ/wEk0
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral2/memory/1940-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1804-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/232-22-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1092-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4468-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3536-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1416-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3224-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3448-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/696-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1540-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1368-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3308-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3476-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/760-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3524-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4832-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4932-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2608-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3560-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3884-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3956-180-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3392-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2104-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1940 nnbnbt.exe 232 dvdvj.exe 1092 nhbttn.exe 4468 bthtnn.exe 3536 fxfxrrr.exe 1416 ttntnb.exe 3224 vvpjv.exe 696 ffllfll.exe 3448 tnnhhh.exe 1360 hnhhbb.exe 5056 vpjdd.exe 1540 lrrllll.exe 1368 bnhntt.exe 4424 ddvdj.exe 3308 fxfxfff.exe 3476 bbhbbh.exe 760 jvpjv.exe 3524 5rxrfff.exe 2968 thnnnt.exe 4832 hbhhht.exe 4932 pjvjd.exe 3656 xrxxxfx.exe 4708 nnnbth.exe 2608 dpvpp.exe 3560 lllxfxl.exe 3884 nthttt.exe 3956 vvddd.exe 4200 llfxxff.exe 3392 tthbtt.exe 2104 ttbbhn.exe 3584 jvjjd.exe 1888 flrfrlx.exe 2944 tnnhhh.exe 436 hbhbbb.exe 3232 vdjvp.exe 2928 lfllxxl.exe 4300 lfllfxr.exe 3556 vdvvd.exe 4968 jdjjv.exe 2004 nbhbnh.exe 1420 jjvpp.exe 4236 thtttt.exe 1904 pjvdj.exe 2396 rlrrfll.exe 2736 tthbnt.exe 1436 lrxrxrl.exe 5100 pdppp.exe 4556 bnbtnh.exe 1940 hbhhth.exe 3452 lrxfxlf.exe 4792 pjppp.exe 4376 dvpjd.exe 2708 7xfrlxr.exe 4504 hnhntn.exe 1632 djvvd.exe 1268 bntnhh.exe 4168 7tbbtt.exe 4620 djdvv.exe 2956 rxfxrrl.exe 5012 tnhbtt.exe 1944 jjppp.exe 3936 xxfxxlf.exe 2932 vvvvp.exe 1924 djvpj.exe -
resource yara_rule behavioral2/memory/1804-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1940-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1804-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/232-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1092-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4468-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3536-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3536-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1416-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3224-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1360-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3448-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/696-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1540-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1368-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3308-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3476-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/760-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3524-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4832-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4932-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2608-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3560-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3884-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3956-180-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3392-194-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2104-199-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1804 wrote to memory of 1940 1804 67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe 82 PID 1804 wrote to memory of 1940 1804 67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe 82 PID 1804 wrote to memory of 1940 1804 67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe 82 PID 1940 wrote to memory of 232 1940 nnbnbt.exe 83 PID 1940 wrote to memory of 232 1940 nnbnbt.exe 83 PID 1940 wrote to memory of 232 1940 nnbnbt.exe 83 PID 232 wrote to memory of 1092 232 dvdvj.exe 84 PID 232 wrote to memory of 1092 232 dvdvj.exe 84 PID 232 wrote to memory of 1092 232 dvdvj.exe 84 PID 1092 wrote to memory of 4468 1092 nhbttn.exe 85 PID 1092 wrote to memory of 4468 1092 nhbttn.exe 85 PID 1092 wrote to memory of 4468 1092 nhbttn.exe 85 PID 4468 wrote to memory of 3536 4468 bthtnn.exe 86 PID 4468 wrote to memory of 3536 4468 bthtnn.exe 86 PID 4468 wrote to memory of 3536 4468 bthtnn.exe 86 PID 3536 wrote to memory of 1416 3536 fxfxrrr.exe 87 PID 3536 wrote to memory of 1416 3536 fxfxrrr.exe 87 PID 3536 wrote to memory of 1416 3536 fxfxrrr.exe 87 PID 1416 wrote to memory of 3224 1416 ttntnb.exe 88 PID 1416 wrote to memory of 3224 1416 ttntnb.exe 88 PID 1416 wrote to memory of 3224 1416 ttntnb.exe 88 PID 3224 wrote to memory of 696 3224 vvpjv.exe 89 PID 3224 wrote to memory of 696 3224 vvpjv.exe 89 PID 3224 wrote to memory of 696 3224 vvpjv.exe 89 PID 696 wrote to memory of 3448 696 ffllfll.exe 90 PID 696 wrote to memory of 3448 696 ffllfll.exe 90 PID 696 wrote to memory of 3448 696 ffllfll.exe 90 PID 3448 wrote to memory of 1360 3448 tnnhhh.exe 91 PID 3448 wrote to memory of 1360 3448 tnnhhh.exe 91 PID 3448 wrote to memory of 1360 3448 tnnhhh.exe 91 PID 1360 wrote to memory of 5056 1360 hnhhbb.exe 92 PID 1360 wrote to memory of 5056 1360 hnhhbb.exe 92 PID 1360 wrote to memory of 5056 1360 hnhhbb.exe 92 PID 5056 wrote to memory of 1540 5056 vpjdd.exe 93 PID 5056 wrote to memory of 1540 5056 vpjdd.exe 93 PID 5056 wrote to memory of 1540 5056 vpjdd.exe 93 PID 1540 wrote to memory of 1368 1540 lrrllll.exe 94 PID 1540 wrote to memory of 1368 1540 lrrllll.exe 94 PID 1540 wrote to memory of 1368 1540 lrrllll.exe 94 PID 1368 wrote to memory of 4424 1368 bnhntt.exe 95 PID 1368 wrote to memory of 4424 1368 bnhntt.exe 95 PID 1368 wrote to memory of 4424 1368 bnhntt.exe 95 PID 4424 wrote to memory of 3308 4424 ddvdj.exe 96 PID 4424 wrote to memory of 3308 4424 ddvdj.exe 96 PID 4424 wrote to memory of 3308 4424 ddvdj.exe 96 PID 3308 wrote to memory of 3476 3308 fxfxfff.exe 97 PID 3308 wrote to memory of 3476 3308 fxfxfff.exe 97 PID 3308 wrote to memory of 3476 3308 fxfxfff.exe 97 PID 3476 wrote to memory of 760 3476 bbhbbh.exe 98 PID 3476 wrote to memory of 760 3476 bbhbbh.exe 98 PID 3476 wrote to memory of 760 3476 bbhbbh.exe 98 PID 760 wrote to memory of 3524 760 jvpjv.exe 99 PID 760 wrote to memory of 3524 760 jvpjv.exe 99 PID 760 wrote to memory of 3524 760 jvpjv.exe 99 PID 3524 wrote to memory of 2968 3524 5rxrfff.exe 100 PID 3524 wrote to memory of 2968 3524 5rxrfff.exe 100 PID 3524 wrote to memory of 2968 3524 5rxrfff.exe 100 PID 2968 wrote to memory of 4832 2968 thnnnt.exe 101 PID 2968 wrote to memory of 4832 2968 thnnnt.exe 101 PID 2968 wrote to memory of 4832 2968 thnnnt.exe 101 PID 4832 wrote to memory of 4932 4832 hbhhht.exe 102 PID 4832 wrote to memory of 4932 4832 hbhhht.exe 102 PID 4832 wrote to memory of 4932 4832 hbhhht.exe 102 PID 4932 wrote to memory of 3656 4932 pjvjd.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\67310ab4dcee6eb180abfed55b4a6830_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1804 -
\??\c:\nnbnbt.exec:\nnbnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1940 -
\??\c:\dvdvj.exec:\dvdvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:232 -
\??\c:\nhbttn.exec:\nhbttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1092 -
\??\c:\bthtnn.exec:\bthtnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4468 -
\??\c:\fxfxrrr.exec:\fxfxrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3536 -
\??\c:\ttntnb.exec:\ttntnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1416 -
\??\c:\vvpjv.exec:\vvpjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3224 -
\??\c:\ffllfll.exec:\ffllfll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:696 -
\??\c:\tnnhhh.exec:\tnnhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3448 -
\??\c:\hnhhbb.exec:\hnhhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1360 -
\??\c:\vpjdd.exec:\vpjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5056 -
\??\c:\lrrllll.exec:\lrrllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1540 -
\??\c:\bnhntt.exec:\bnhntt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1368 -
\??\c:\ddvdj.exec:\ddvdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4424 -
\??\c:\fxfxfff.exec:\fxfxfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3308 -
\??\c:\bbhbbh.exec:\bbhbbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3476 -
\??\c:\jvpjv.exec:\jvpjv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:760 -
\??\c:\5rxrfff.exec:\5rxrfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3524 -
\??\c:\thnnnt.exec:\thnnnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\hbhhht.exec:\hbhhht.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4832 -
\??\c:\pjvjd.exec:\pjvjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4932 -
\??\c:\xrxxxfx.exec:\xrxxxfx.exe23⤵
- Executes dropped EXE
PID:3656 -
\??\c:\nnnbth.exec:\nnnbth.exe24⤵
- Executes dropped EXE
PID:4708 -
\??\c:\dpvpp.exec:\dpvpp.exe25⤵
- Executes dropped EXE
PID:2608 -
\??\c:\lllxfxl.exec:\lllxfxl.exe26⤵
- Executes dropped EXE
PID:3560 -
\??\c:\nthttt.exec:\nthttt.exe27⤵
- Executes dropped EXE
PID:3884 -
\??\c:\vvddd.exec:\vvddd.exe28⤵
- Executes dropped EXE
PID:3956 -
\??\c:\llfxxff.exec:\llfxxff.exe29⤵
- Executes dropped EXE
PID:4200 -
\??\c:\tthbtt.exec:\tthbtt.exe30⤵
- Executes dropped EXE
PID:3392 -
\??\c:\ttbbhn.exec:\ttbbhn.exe31⤵
- Executes dropped EXE
PID:2104 -
\??\c:\jvjjd.exec:\jvjjd.exe32⤵
- Executes dropped EXE
PID:3584 -
\??\c:\flrfrlx.exec:\flrfrlx.exe33⤵
- Executes dropped EXE
PID:1888 -
\??\c:\tnnhhh.exec:\tnnhhh.exe34⤵
- Executes dropped EXE
PID:2944 -
\??\c:\hbhbbb.exec:\hbhbbb.exe35⤵
- Executes dropped EXE
PID:436 -
\??\c:\vdjvp.exec:\vdjvp.exe36⤵
- Executes dropped EXE
PID:3232 -
\??\c:\lfllxxl.exec:\lfllxxl.exe37⤵
- Executes dropped EXE
PID:2928 -
\??\c:\lfllfxr.exec:\lfllfxr.exe38⤵
- Executes dropped EXE
PID:4300 -
\??\c:\vdvvd.exec:\vdvvd.exe39⤵
- Executes dropped EXE
PID:3556 -
\??\c:\jdjjv.exec:\jdjjv.exe40⤵
- Executes dropped EXE
PID:4968 -
\??\c:\nbhbnh.exec:\nbhbnh.exe41⤵
- Executes dropped EXE
PID:2004 -
\??\c:\jjvpp.exec:\jjvpp.exe42⤵
- Executes dropped EXE
PID:1420 -
\??\c:\thtttt.exec:\thtttt.exe43⤵
- Executes dropped EXE
PID:4236 -
\??\c:\pjvdj.exec:\pjvdj.exe44⤵
- Executes dropped EXE
PID:1904 -
\??\c:\rlrrfll.exec:\rlrrfll.exe45⤵
- Executes dropped EXE
PID:2396 -
\??\c:\tthbnt.exec:\tthbnt.exe46⤵
- Executes dropped EXE
PID:2736 -
\??\c:\lrxrxrl.exec:\lrxrxrl.exe47⤵
- Executes dropped EXE
PID:1436 -
\??\c:\thnhhh.exec:\thnhhh.exe48⤵PID:4748
-
\??\c:\pdppp.exec:\pdppp.exe49⤵
- Executes dropped EXE
PID:5100 -
\??\c:\bnbtnh.exec:\bnbtnh.exe50⤵
- Executes dropped EXE
PID:4556 -
\??\c:\hbhhth.exec:\hbhhth.exe51⤵
- Executes dropped EXE
PID:1940 -
\??\c:\lrxfxlf.exec:\lrxfxlf.exe52⤵
- Executes dropped EXE
PID:3452 -
\??\c:\pjppp.exec:\pjppp.exe53⤵
- Executes dropped EXE
PID:4792 -
\??\c:\dvpjd.exec:\dvpjd.exe54⤵
- Executes dropped EXE
PID:4376 -
\??\c:\7xfrlxr.exec:\7xfrlxr.exe55⤵
- Executes dropped EXE
PID:2708 -
\??\c:\hnhntn.exec:\hnhntn.exe56⤵
- Executes dropped EXE
PID:4504 -
\??\c:\djvvd.exec:\djvvd.exe57⤵
- Executes dropped EXE
PID:1632 -
\??\c:\bntnhh.exec:\bntnhh.exe58⤵
- Executes dropped EXE
PID:1268 -
\??\c:\7tbbtt.exec:\7tbbtt.exe59⤵
- Executes dropped EXE
PID:4168 -
\??\c:\djdvv.exec:\djdvv.exe60⤵
- Executes dropped EXE
PID:4620 -
\??\c:\rxfxrrl.exec:\rxfxrrl.exe61⤵
- Executes dropped EXE
PID:2956 -
\??\c:\tnhbtt.exec:\tnhbtt.exe62⤵
- Executes dropped EXE
PID:5012 -
\??\c:\jjppp.exec:\jjppp.exe63⤵
- Executes dropped EXE
PID:1944 -
\??\c:\xxfxxlf.exec:\xxfxxlf.exe64⤵
- Executes dropped EXE
PID:3936 -
\??\c:\vvvvp.exec:\vvvvp.exe65⤵
- Executes dropped EXE
PID:2932 -
\??\c:\djvpj.exec:\djvpj.exe66⤵
- Executes dropped EXE
PID:1924 -
\??\c:\xxrrffr.exec:\xxrrffr.exe67⤵PID:2484
-
\??\c:\nbhhhh.exec:\nbhhhh.exe68⤵PID:2936
-
\??\c:\pjpjd.exec:\pjpjd.exe69⤵PID:4580
-
\??\c:\llrrrxx.exec:\llrrrxx.exe70⤵PID:4884
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe71⤵PID:2072
-
\??\c:\thnnnn.exec:\thnnnn.exe72⤵PID:760
-
\??\c:\jvppv.exec:\jvppv.exe73⤵PID:2564
-
\??\c:\jdvvv.exec:\jdvvv.exe74⤵PID:2968
-
\??\c:\5lxfllr.exec:\5lxfllr.exe75⤵PID:1896
-
\??\c:\bhbhhn.exec:\bhbhhn.exe76⤵PID:4780
-
\??\c:\dpppp.exec:\dpppp.exe77⤵PID:2964
-
\??\c:\3rllllx.exec:\3rllllx.exe78⤵PID:548
-
\??\c:\fxfrrff.exec:\fxfrrff.exe79⤵PID:4864
-
\??\c:\btnnth.exec:\btnnth.exe80⤵PID:4944
-
\??\c:\dpdvv.exec:\dpdvv.exe81⤵PID:4644
-
\??\c:\jdjjv.exec:\jdjjv.exe82⤵PID:1960
-
\??\c:\lxrffxr.exec:\lxrffxr.exe83⤵PID:3480
-
\??\c:\thtbbb.exec:\thtbbb.exe84⤵PID:4744
-
\??\c:\pjppj.exec:\pjppj.exe85⤵PID:4200
-
\??\c:\xrrrlll.exec:\xrrrlll.exe86⤵PID:5028
-
\??\c:\flrlfxl.exec:\flrlfxl.exe87⤵PID:400
-
\??\c:\nthbbn.exec:\nthbbn.exe88⤵PID:2104
-
\??\c:\vjdvp.exec:\vjdvp.exe89⤵PID:3464
-
\??\c:\jvpjv.exec:\jvpjv.exe90⤵PID:4536
-
\??\c:\xxrrlll.exec:\xxrrlll.exe91⤵PID:1928
-
\??\c:\7bnhtt.exec:\7bnhtt.exe92⤵PID:3668
-
\??\c:\jjddd.exec:\jjddd.exe93⤵PID:3232
-
\??\c:\dppvv.exec:\dppvv.exe94⤵PID:4300
-
\??\c:\xllllll.exec:\xllllll.exe95⤵PID:3556
-
\??\c:\rlxrlxl.exec:\rlxrlxl.exe96⤵PID:4652
-
\??\c:\hthhbh.exec:\hthhbh.exe97⤵PID:4756
-
\??\c:\jdpdp.exec:\jdpdp.exe98⤵PID:3320
-
\??\c:\jvddv.exec:\jvddv.exe99⤵PID:4964
-
\??\c:\xrlrrll.exec:\xrlrrll.exe100⤵PID:4324
-
\??\c:\llffffl.exec:\llffffl.exe101⤵PID:4748
-
\??\c:\thnhnn.exec:\thnhnn.exe102⤵PID:32
-
\??\c:\bhbhbt.exec:\bhbhbt.exe103⤵PID:4556
-
\??\c:\dvvpp.exec:\dvvpp.exe104⤵PID:2572
-
\??\c:\xxrrlll.exec:\xxrrlll.exe105⤵PID:4024
-
\??\c:\ntnbbh.exec:\ntnbbh.exe106⤵PID:4264
-
\??\c:\hhtntt.exec:\hhtntt.exe107⤵PID:2664
-
\??\c:\frxrfll.exec:\frxrfll.exe108⤵PID:3536
-
\??\c:\5thhhn.exec:\5thhhn.exe109⤵PID:1632
-
\??\c:\nhbnht.exec:\nhbnht.exe110⤵PID:2076
-
\??\c:\jdppp.exec:\jdppp.exe111⤵PID:4916
-
\??\c:\1lrlllf.exec:\1lrlllf.exe112⤵PID:3432
-
\??\c:\xrfxrrf.exec:\xrfxrrf.exe113⤵PID:2956
-
\??\c:\nhnnbb.exec:\nhnnbb.exe114⤵PID:4924
-
\??\c:\vjdvv.exec:\vjdvv.exe115⤵PID:4776
-
\??\c:\ppjjj.exec:\ppjjj.exe116⤵PID:3296
-
\??\c:\rlrlfff.exec:\rlrlfff.exe117⤵PID:2932
-
\??\c:\bnnhhh.exec:\bnnhhh.exe118⤵PID:3180
-
\??\c:\ppjjj.exec:\ppjjj.exe119⤵PID:3184
-
\??\c:\ppppp.exec:\ppppp.exe120⤵PID:4424
-
\??\c:\nnbhtb.exec:\nnbhtb.exe121⤵PID:2972
-
\??\c:\3vvdd.exec:\3vvdd.exe122⤵PID:3476
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-