Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
69df7d79a028540c6cd2cf50a4df02a0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
69df7d79a028540c6cd2cf50a4df02a0_NeikiAnalytics.exe
-
Size
443KB
-
MD5
69df7d79a028540c6cd2cf50a4df02a0
-
SHA1
88d5a8b720e753f894d7846164dbaa3eab41685b
-
SHA256
702f26768c41187d5bde38958d92ef80da18847e1e453c405a8e57290e89fbe0
-
SHA512
7768c0859d8d611e434798b55b0c9f107ec91c5001c8feea3b3fe10ee73686b4c6d73d9b0034377afd2c0775ca199e4debc556949b280a067e5b8740ca042bbf
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0p5WI09Jl:n3C9ytvn8whkb4i3e3GFO6Jl
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/3992-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2548-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4904-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2540-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4452-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2344-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2952-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1840-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4736-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1740-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3528-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3400-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1260-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4612-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2352-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5100-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4544-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3168-196-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4080-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1720-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1624-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4392-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/540-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4952-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1380-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4452 fxxxxff.exe 2548 thbttt.exe 4904 nhhbhb.exe 2540 pvvvp.exe 2344 xfrrlrl.exe 4736 htnnnn.exe 1840 vvddd.exe 2952 rfflrxf.exe 1740 3hbbtt.exe 3528 xrffllr.exe 1688 1hhbhb.exe 3400 tbbthh.exe 1260 rrflrxr.exe 4612 ppvvp.exe 2352 xxlrxxf.exe 5100 jpddv.exe 1380 hhhhhh.exe 4952 djvjj.exe 2824 lfflxll.exe 540 tnnnnt.exe 4392 jjdvv.exe 2868 tbnhbb.exe 1624 nhnhnn.exe 1720 dvpjj.exe 2948 lxrrfll.exe 4936 bbbbnt.exe 4080 9vvpp.exe 3844 dpjjv.exe 3168 7rfxrxr.exe 4544 tbttnt.exe 4008 nnntbh.exe 4988 pjppp.exe 528 lrxrrrx.exe 2024 hnnnhn.exe 4000 jjddd.exe 2404 vvvvp.exe 4516 fxllffx.exe 2300 nnhbbh.exe 2312 9hhbbh.exe 3120 ppvpp.exe 1684 rlxrlrl.exe 4480 1hhhhn.exe 2608 3nbbbb.exe 4784 vvdpp.exe 1284 lffllff.exe 2096 bbtttb.exe 4736 jvjjp.exe 4304 xxrrxxf.exe 4684 thtbbb.exe 4156 vdpjv.exe 4696 llrxxxx.exe 3648 btbbhn.exe 3528 pjjjv.exe 4948 1lrllxx.exe 640 lrllflx.exe 1580 fffflrx.exe 3816 hhtttt.exe 4280 djjjj.exe 2480 1fxrrff.exe 1856 nhnntb.exe 3132 pvjdd.exe 1704 5rrffxx.exe 1524 rlrrxff.exe 5068 nbhhnn.exe -
resource yara_rule behavioral2/memory/3992-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2548-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4904-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2540-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4452-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2344-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2952-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1840-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4736-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1740-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3528-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3528-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3528-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3400-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1260-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4612-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2352-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5100-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4544-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3168-196-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4080-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1720-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1624-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4392-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/540-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4952-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1380-120-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3992 wrote to memory of 4452 3992 69df7d79a028540c6cd2cf50a4df02a0_NeikiAnalytics.exe 82 PID 3992 wrote to memory of 4452 3992 69df7d79a028540c6cd2cf50a4df02a0_NeikiAnalytics.exe 82 PID 3992 wrote to memory of 4452 3992 69df7d79a028540c6cd2cf50a4df02a0_NeikiAnalytics.exe 82 PID 4452 wrote to memory of 2548 4452 fxxxxff.exe 83 PID 4452 wrote to memory of 2548 4452 fxxxxff.exe 83 PID 4452 wrote to memory of 2548 4452 fxxxxff.exe 83 PID 2548 wrote to memory of 4904 2548 thbttt.exe 84 PID 2548 wrote to memory of 4904 2548 thbttt.exe 84 PID 2548 wrote to memory of 4904 2548 thbttt.exe 84 PID 4904 wrote to memory of 2540 4904 nhhbhb.exe 85 PID 4904 wrote to memory of 2540 4904 nhhbhb.exe 85 PID 4904 wrote to memory of 2540 4904 nhhbhb.exe 85 PID 2540 wrote to memory of 2344 2540 pvvvp.exe 86 PID 2540 wrote to memory of 2344 2540 pvvvp.exe 86 PID 2540 wrote to memory of 2344 2540 pvvvp.exe 86 PID 2344 wrote to memory of 4736 2344 xfrrlrl.exe 130 PID 2344 wrote to memory of 4736 2344 xfrrlrl.exe 130 PID 2344 wrote to memory of 4736 2344 xfrrlrl.exe 130 PID 4736 wrote to memory of 1840 4736 htnnnn.exe 88 PID 4736 wrote to memory of 1840 4736 htnnnn.exe 88 PID 4736 wrote to memory of 1840 4736 htnnnn.exe 88 PID 1840 wrote to memory of 2952 1840 vvddd.exe 89 PID 1840 wrote to memory of 2952 1840 vvddd.exe 89 PID 1840 wrote to memory of 2952 1840 vvddd.exe 89 PID 2952 wrote to memory of 1740 2952 rfflrxf.exe 90 PID 2952 wrote to memory of 1740 2952 rfflrxf.exe 90 PID 2952 wrote to memory of 1740 2952 rfflrxf.exe 90 PID 1740 wrote to memory of 3528 1740 3hbbtt.exe 91 PID 1740 wrote to memory of 3528 1740 3hbbtt.exe 91 PID 1740 wrote to memory of 3528 1740 3hbbtt.exe 91 PID 3528 wrote to memory of 1688 3528 xrffllr.exe 92 PID 3528 wrote to memory of 1688 3528 xrffllr.exe 92 PID 3528 wrote to memory of 1688 3528 xrffllr.exe 92 PID 1688 wrote to memory of 3400 1688 1hhbhb.exe 94 PID 1688 wrote to memory of 3400 1688 1hhbhb.exe 94 PID 1688 wrote to memory of 3400 1688 1hhbhb.exe 94 PID 3400 wrote to memory of 1260 3400 tbbthh.exe 95 PID 3400 wrote to memory of 1260 3400 tbbthh.exe 95 PID 3400 wrote to memory of 1260 3400 tbbthh.exe 95 PID 1260 wrote to memory of 4612 1260 rrflrxr.exe 96 PID 1260 wrote to memory of 4612 1260 rrflrxr.exe 96 PID 1260 wrote to memory of 4612 1260 rrflrxr.exe 96 PID 4612 wrote to memory of 2352 4612 ppvvp.exe 97 PID 4612 wrote to memory of 2352 4612 ppvvp.exe 97 PID 4612 wrote to memory of 2352 4612 ppvvp.exe 97 PID 2352 wrote to memory of 5100 2352 xxlrxxf.exe 99 PID 2352 wrote to memory of 5100 2352 xxlrxxf.exe 99 PID 2352 wrote to memory of 5100 2352 xxlrxxf.exe 99 PID 5100 wrote to memory of 1380 5100 jpddv.exe 100 PID 5100 wrote to memory of 1380 5100 jpddv.exe 100 PID 5100 wrote to memory of 1380 5100 jpddv.exe 100 PID 1380 wrote to memory of 4952 1380 hhhhhh.exe 101 PID 1380 wrote to memory of 4952 1380 hhhhhh.exe 101 PID 1380 wrote to memory of 4952 1380 hhhhhh.exe 101 PID 4952 wrote to memory of 2824 4952 djvjj.exe 102 PID 4952 wrote to memory of 2824 4952 djvjj.exe 102 PID 4952 wrote to memory of 2824 4952 djvjj.exe 102 PID 2824 wrote to memory of 540 2824 lfflxll.exe 103 PID 2824 wrote to memory of 540 2824 lfflxll.exe 103 PID 2824 wrote to memory of 540 2824 lfflxll.exe 103 PID 540 wrote to memory of 4392 540 tnnnnt.exe 104 PID 540 wrote to memory of 4392 540 tnnnnt.exe 104 PID 540 wrote to memory of 4392 540 tnnnnt.exe 104 PID 4392 wrote to memory of 2868 4392 jjdvv.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\69df7d79a028540c6cd2cf50a4df02a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\69df7d79a028540c6cd2cf50a4df02a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3992 -
\??\c:\fxxxxff.exec:\fxxxxff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4452 -
\??\c:\thbttt.exec:\thbttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\nhhbhb.exec:\nhhbhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4904 -
\??\c:\pvvvp.exec:\pvvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2540 -
\??\c:\xfrrlrl.exec:\xfrrlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2344 -
\??\c:\htnnnn.exec:\htnnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4736 -
\??\c:\vvddd.exec:\vvddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1840 -
\??\c:\rfflrxf.exec:\rfflrxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2952 -
\??\c:\3hbbtt.exec:\3hbbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1740 -
\??\c:\xrffllr.exec:\xrffllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3528 -
\??\c:\1hhbhb.exec:\1hhbhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1688 -
\??\c:\tbbthh.exec:\tbbthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3400 -
\??\c:\rrflrxr.exec:\rrflrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1260 -
\??\c:\ppvvp.exec:\ppvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4612 -
\??\c:\xxlrxxf.exec:\xxlrxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2352 -
\??\c:\jpddv.exec:\jpddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5100 -
\??\c:\hhhhhh.exec:\hhhhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1380 -
\??\c:\djvjj.exec:\djvjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4952 -
\??\c:\lfflxll.exec:\lfflxll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2824 -
\??\c:\tnnnnt.exec:\tnnnnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:540 -
\??\c:\jjdvv.exec:\jjdvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4392 -
\??\c:\tbnhbb.exec:\tbnhbb.exe23⤵
- Executes dropped EXE
PID:2868 -
\??\c:\nhnhnn.exec:\nhnhnn.exe24⤵
- Executes dropped EXE
PID:1624 -
\??\c:\dvpjj.exec:\dvpjj.exe25⤵
- Executes dropped EXE
PID:1720 -
\??\c:\lxrrfll.exec:\lxrrfll.exe26⤵
- Executes dropped EXE
PID:2948 -
\??\c:\bbbbnt.exec:\bbbbnt.exe27⤵
- Executes dropped EXE
PID:4936 -
\??\c:\9vvpp.exec:\9vvpp.exe28⤵
- Executes dropped EXE
PID:4080 -
\??\c:\dpjjv.exec:\dpjjv.exe29⤵
- Executes dropped EXE
PID:3844 -
\??\c:\7rfxrxr.exec:\7rfxrxr.exe30⤵
- Executes dropped EXE
PID:3168 -
\??\c:\tbttnt.exec:\tbttnt.exe31⤵
- Executes dropped EXE
PID:4544 -
\??\c:\nnntbh.exec:\nnntbh.exe32⤵
- Executes dropped EXE
PID:4008 -
\??\c:\pjppp.exec:\pjppp.exe33⤵
- Executes dropped EXE
PID:4988 -
\??\c:\lrxrrrx.exec:\lrxrrrx.exe34⤵
- Executes dropped EXE
PID:528 -
\??\c:\hnnnhn.exec:\hnnnhn.exe35⤵
- Executes dropped EXE
PID:2024 -
\??\c:\jjddd.exec:\jjddd.exe36⤵
- Executes dropped EXE
PID:4000 -
\??\c:\vvvvp.exec:\vvvvp.exe37⤵
- Executes dropped EXE
PID:2404 -
\??\c:\fxllffx.exec:\fxllffx.exe38⤵
- Executes dropped EXE
PID:4516 -
\??\c:\nnhbbh.exec:\nnhbbh.exe39⤵
- Executes dropped EXE
PID:2300 -
\??\c:\9hhbbh.exec:\9hhbbh.exe40⤵
- Executes dropped EXE
PID:2312 -
\??\c:\ppvpp.exec:\ppvpp.exe41⤵
- Executes dropped EXE
PID:3120 -
\??\c:\rlxrlrl.exec:\rlxrlrl.exe42⤵
- Executes dropped EXE
PID:1684 -
\??\c:\1hhhhn.exec:\1hhhhn.exe43⤵
- Executes dropped EXE
PID:4480 -
\??\c:\3nbbbb.exec:\3nbbbb.exe44⤵
- Executes dropped EXE
PID:2608 -
\??\c:\vvdpp.exec:\vvdpp.exe45⤵
- Executes dropped EXE
PID:4784 -
\??\c:\lffllff.exec:\lffllff.exe46⤵
- Executes dropped EXE
PID:1284 -
\??\c:\bbtttb.exec:\bbtttb.exe47⤵
- Executes dropped EXE
PID:2096 -
\??\c:\jvjjp.exec:\jvjjp.exe48⤵
- Executes dropped EXE
PID:4736 -
\??\c:\xxrrxxf.exec:\xxrrxxf.exe49⤵
- Executes dropped EXE
PID:4304 -
\??\c:\thtbbb.exec:\thtbbb.exe50⤵
- Executes dropped EXE
PID:4684 -
\??\c:\vdpjv.exec:\vdpjv.exe51⤵
- Executes dropped EXE
PID:4156 -
\??\c:\llrxxxx.exec:\llrxxxx.exe52⤵
- Executes dropped EXE
PID:4696 -
\??\c:\btbbhn.exec:\btbbhn.exe53⤵
- Executes dropped EXE
PID:3648 -
\??\c:\pjjjv.exec:\pjjjv.exe54⤵
- Executes dropped EXE
PID:3528 -
\??\c:\1lrllxx.exec:\1lrllxx.exe55⤵
- Executes dropped EXE
PID:4948 -
\??\c:\lrllflx.exec:\lrllflx.exe56⤵
- Executes dropped EXE
PID:640 -
\??\c:\fffflrx.exec:\fffflrx.exe57⤵
- Executes dropped EXE
PID:1580 -
\??\c:\hhtttt.exec:\hhtttt.exe58⤵
- Executes dropped EXE
PID:3816 -
\??\c:\djjjj.exec:\djjjj.exe59⤵
- Executes dropped EXE
PID:4280 -
\??\c:\1fxrrff.exec:\1fxrrff.exe60⤵
- Executes dropped EXE
PID:2480 -
\??\c:\nhnntb.exec:\nhnntb.exe61⤵
- Executes dropped EXE
PID:1856 -
\??\c:\pvjdd.exec:\pvjdd.exe62⤵
- Executes dropped EXE
PID:3132 -
\??\c:\5rrffxx.exec:\5rrffxx.exe63⤵
- Executes dropped EXE
PID:1704 -
\??\c:\rlrrxff.exec:\rlrrxff.exe64⤵
- Executes dropped EXE
PID:1524 -
\??\c:\nbhhnn.exec:\nbhhnn.exe65⤵
- Executes dropped EXE
PID:5068 -
\??\c:\jjjdd.exec:\jjjdd.exe66⤵PID:1044
-
\??\c:\fffflrr.exec:\fffflrr.exe67⤵PID:1244
-
\??\c:\hhhhnn.exec:\hhhhnn.exe68⤵PID:2844
-
\??\c:\dvppj.exec:\dvppj.exe69⤵PID:1020
-
\??\c:\5rrrlrr.exec:\5rrrlrr.exe70⤵PID:4940
-
\??\c:\djdjd.exec:\djdjd.exe71⤵PID:856
-
\??\c:\ffrlfxr.exec:\ffrlfxr.exe72⤵PID:3168
-
\??\c:\hbbhht.exec:\hbbhht.exe73⤵PID:4592
-
\??\c:\llfllll.exec:\llfllll.exe74⤵PID:2476
-
\??\c:\btnhhb.exec:\btnhhb.exe75⤵PID:2068
-
\??\c:\vppdp.exec:\vppdp.exe76⤵PID:2244
-
\??\c:\xrllrrx.exec:\xrllrrx.exe77⤵PID:3136
-
\??\c:\ttbbht.exec:\ttbbht.exe78⤵PID:436
-
\??\c:\9dddd.exec:\9dddd.exe79⤵PID:4888
-
\??\c:\rflflll.exec:\rflflll.exe80⤵PID:4760
-
\??\c:\tbhhhn.exec:\tbhhhn.exe81⤵PID:4424
-
\??\c:\9jppv.exec:\9jppv.exe82⤵PID:2308
-
\??\c:\lxfxxlx.exec:\lxfxxlx.exe83⤵PID:3240
-
\??\c:\bnthbh.exec:\bnthbh.exe84⤵PID:4876
-
\??\c:\jjppv.exec:\jjppv.exe85⤵PID:3908
-
\??\c:\rlrrxlr.exec:\rlrrxlr.exe86⤵PID:4480
-
\??\c:\bnttnb.exec:\bnttnb.exe87⤵PID:4616
-
\??\c:\ddjvd.exec:\ddjvd.exe88⤵PID:4104
-
\??\c:\lflrrrf.exec:\lflrrrf.exe89⤵PID:2152
-
\??\c:\hhnttt.exec:\hhnttt.exe90⤵PID:4784
-
\??\c:\ddvdd.exec:\ddvdd.exe91⤵PID:4572
-
\??\c:\3vjjp.exec:\3vjjp.exe92⤵PID:2096
-
\??\c:\xllfrxl.exec:\xllfrxl.exe93⤵PID:4736
-
\??\c:\hhhhhh.exec:\hhhhhh.exe94⤵PID:1392
-
\??\c:\bthbbt.exec:\bthbbt.exe95⤵PID:2952
-
\??\c:\lrrllll.exec:\lrrllll.exe96⤵PID:4156
-
\??\c:\nhhhbb.exec:\nhhhbb.exe97⤵PID:944
-
\??\c:\7djjd.exec:\7djjd.exe98⤵PID:4696
-
\??\c:\xxllrrx.exec:\xxllrrx.exe99⤵PID:3648
-
\??\c:\xflrxff.exec:\xflrxff.exe100⤵PID:2008
-
\??\c:\thnbbt.exec:\thnbbt.exe101⤵PID:3128
-
\??\c:\vjppj.exec:\vjppj.exe102⤵PID:4856
-
\??\c:\lffffff.exec:\lffffff.exe103⤵PID:1108
-
\??\c:\btbbtt.exec:\btbbtt.exe104⤵PID:772
-
\??\c:\tbtttt.exec:\tbtttt.exe105⤵PID:4172
-
\??\c:\jpdpj.exec:\jpdpj.exe106⤵PID:1380
-
\??\c:\fxffflf.exec:\fxffflf.exe107⤵PID:2276
-
\??\c:\tthhnt.exec:\tthhnt.exe108⤵PID:3148
-
\??\c:\hbhntb.exec:\hbhntb.exe109⤵PID:1876
-
\??\c:\jvdjj.exec:\jvdjj.exe110⤵PID:2776
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe111⤵PID:2076
-
\??\c:\1htttt.exec:\1htttt.exe112⤵PID:4756
-
\??\c:\pdjjj.exec:\pdjjj.exe113⤵PID:3516
-
\??\c:\pjvdd.exec:\pjvdd.exe114⤵PID:3844
-
\??\c:\lrxxxxr.exec:\lrxxxxr.exe115⤵PID:3572
-
\??\c:\hnhhhh.exec:\hnhhhh.exe116⤵PID:2288
-
\??\c:\jdjjj.exec:\jdjjj.exe117⤵PID:528
-
\??\c:\hbnhbn.exec:\hbnhbn.exe118⤵PID:4000
-
\??\c:\vjppj.exec:\vjppj.exe119⤵PID:4512
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe120⤵PID:1792
-
\??\c:\fxlllrr.exec:\fxlllrr.exe121⤵PID:2312
-
\??\c:\thnhnn.exec:\thnhnn.exe122⤵PID:4564
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-