Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 12:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe
-
Size
73KB
-
MD5
c85067c3dd04ea09ad7bedd9636858b0
-
SHA1
11f83acace07a92a97cec8baac0ea8f3817274c6
-
SHA256
279d50173961a50c7f9e148be3543052fa809f041afefab11d152ff9bd418d66
-
SHA512
93ee451b6f12a65caedc09adde43761bdaeb042af4499e7ee3523ecf6c33cd0faea1fd102e13d72e449da65f1054339c9bb1acced46a4b0354ec529463ebfc28
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAw4Pp:ymb3NkkiQ3mdBjFIpkPcy8qs4Pp
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral2/memory/2032-9-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3788-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4432-27-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/696-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1816-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3312-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3360-49-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2104-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2896-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/968-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5000-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4348-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2324-98-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3108-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3336-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/756-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3892-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3288-152-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4136-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1412-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/556-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4004-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3788 jjjjj.exe 4432 rxlfxxr.exe 696 flxrllf.exe 1816 bnntnn.exe 3312 3tbbnn.exe 3360 pjvpd.exe 968 lffxrrl.exe 2896 hntttb.exe 2104 tthhnn.exe 5000 pjdvj.exe 4348 xlflllf.exe 2908 1btnhn.exe 2324 1vpjd.exe 3184 7fffxff.exe 4200 3fxflfl.exe 4864 hntbtt.exe 3108 vjpvd.exe 1232 9jdjd.exe 3336 xffxrlf.exe 756 ffxrlrf.exe 3892 hbbtnh.exe 3288 nbbthh.exe 4136 jvdvp.exe 732 lfxrffx.exe 1932 flllrrl.exe 1412 bhbnbn.exe 4540 9pjjj.exe 3232 pvvvp.exe 556 xfrrflx.exe 3284 bhhbtn.exe 4004 tntnnn.exe 2264 pjdvp.exe 4272 xrxlllr.exe 4456 nhttbt.exe 1764 hbhhhh.exe 4680 vjpjd.exe 4468 jdpvp.exe 4672 rrlfrrl.exe 4416 9xlfxxr.exe 2216 tttntt.exe 3208 jdpdv.exe 4432 jvdvp.exe 2212 bttnhb.exe 2972 jvvpj.exe 4972 vjdvv.exe 696 7rfxxxx.exe 2856 btnnhh.exe 2616 nnhttn.exe 4308 pjvpd.exe 824 vjvdd.exe 4364 9ffxxfx.exe 784 lxrlfff.exe 2992 tnnbbb.exe 4340 dvvdv.exe 4868 vjjdv.exe 744 xxrrlff.exe 3184 frxrllf.exe 4088 rffflll.exe 1420 tnhbtt.exe 2756 hnnnhh.exe 5068 vdvpd.exe 1792 jdjvv.exe 4428 frllxxr.exe 4048 5xxrllf.exe -
resource yara_rule behavioral2/memory/2032-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2032-9-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3788-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4432-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/696-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1816-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3788-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3788-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3312-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3360-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2104-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2896-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/968-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5000-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5000-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4348-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2324-98-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3108-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3336-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/756-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3892-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3288-152-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4136-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1412-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/556-194-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4004-206-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2032 wrote to memory of 3788 2032 c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe 83 PID 2032 wrote to memory of 3788 2032 c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe 83 PID 2032 wrote to memory of 3788 2032 c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe 83 PID 3788 wrote to memory of 4432 3788 jjjjj.exe 84 PID 3788 wrote to memory of 4432 3788 jjjjj.exe 84 PID 3788 wrote to memory of 4432 3788 jjjjj.exe 84 PID 4432 wrote to memory of 696 4432 rxlfxxr.exe 85 PID 4432 wrote to memory of 696 4432 rxlfxxr.exe 85 PID 4432 wrote to memory of 696 4432 rxlfxxr.exe 85 PID 696 wrote to memory of 1816 696 flxrllf.exe 86 PID 696 wrote to memory of 1816 696 flxrllf.exe 86 PID 696 wrote to memory of 1816 696 flxrllf.exe 86 PID 1816 wrote to memory of 3312 1816 bnntnn.exe 87 PID 1816 wrote to memory of 3312 1816 bnntnn.exe 87 PID 1816 wrote to memory of 3312 1816 bnntnn.exe 87 PID 3312 wrote to memory of 3360 3312 3tbbnn.exe 88 PID 3312 wrote to memory of 3360 3312 3tbbnn.exe 88 PID 3312 wrote to memory of 3360 3312 3tbbnn.exe 88 PID 3360 wrote to memory of 968 3360 pjvpd.exe 89 PID 3360 wrote to memory of 968 3360 pjvpd.exe 89 PID 3360 wrote to memory of 968 3360 pjvpd.exe 89 PID 968 wrote to memory of 2896 968 lffxrrl.exe 90 PID 968 wrote to memory of 2896 968 lffxrrl.exe 90 PID 968 wrote to memory of 2896 968 lffxrrl.exe 90 PID 2896 wrote to memory of 2104 2896 hntttb.exe 91 PID 2896 wrote to memory of 2104 2896 hntttb.exe 91 PID 2896 wrote to memory of 2104 2896 hntttb.exe 91 PID 2104 wrote to memory of 5000 2104 tthhnn.exe 92 PID 2104 wrote to memory of 5000 2104 tthhnn.exe 92 PID 2104 wrote to memory of 5000 2104 tthhnn.exe 92 PID 5000 wrote to memory of 4348 5000 pjdvj.exe 93 PID 5000 wrote to memory of 4348 5000 pjdvj.exe 93 PID 5000 wrote to memory of 4348 5000 pjdvj.exe 93 PID 4348 wrote to memory of 2908 4348 xlflllf.exe 94 PID 4348 wrote to memory of 2908 4348 xlflllf.exe 94 PID 4348 wrote to memory of 2908 4348 xlflllf.exe 94 PID 2908 wrote to memory of 2324 2908 1btnhn.exe 95 PID 2908 wrote to memory of 2324 2908 1btnhn.exe 95 PID 2908 wrote to memory of 2324 2908 1btnhn.exe 95 PID 2324 wrote to memory of 3184 2324 1vpjd.exe 96 PID 2324 wrote to memory of 3184 2324 1vpjd.exe 96 PID 2324 wrote to memory of 3184 2324 1vpjd.exe 96 PID 3184 wrote to memory of 4200 3184 7fffxff.exe 97 PID 3184 wrote to memory of 4200 3184 7fffxff.exe 97 PID 3184 wrote to memory of 4200 3184 7fffxff.exe 97 PID 4200 wrote to memory of 4864 4200 3fxflfl.exe 98 PID 4200 wrote to memory of 4864 4200 3fxflfl.exe 98 PID 4200 wrote to memory of 4864 4200 3fxflfl.exe 98 PID 4864 wrote to memory of 3108 4864 hntbtt.exe 99 PID 4864 wrote to memory of 3108 4864 hntbtt.exe 99 PID 4864 wrote to memory of 3108 4864 hntbtt.exe 99 PID 3108 wrote to memory of 1232 3108 vjpvd.exe 100 PID 3108 wrote to memory of 1232 3108 vjpvd.exe 100 PID 3108 wrote to memory of 1232 3108 vjpvd.exe 100 PID 1232 wrote to memory of 3336 1232 9jdjd.exe 101 PID 1232 wrote to memory of 3336 1232 9jdjd.exe 101 PID 1232 wrote to memory of 3336 1232 9jdjd.exe 101 PID 3336 wrote to memory of 756 3336 xffxrlf.exe 102 PID 3336 wrote to memory of 756 3336 xffxrlf.exe 102 PID 3336 wrote to memory of 756 3336 xffxrlf.exe 102 PID 756 wrote to memory of 3892 756 ffxrlrf.exe 103 PID 756 wrote to memory of 3892 756 ffxrlrf.exe 103 PID 756 wrote to memory of 3892 756 ffxrlrf.exe 103 PID 3892 wrote to memory of 3288 3892 hbbtnh.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c85067c3dd04ea09ad7bedd9636858b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
\??\c:\jjjjj.exec:\jjjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3788 -
\??\c:\rxlfxxr.exec:\rxlfxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4432 -
\??\c:\flxrllf.exec:\flxrllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:696 -
\??\c:\bnntnn.exec:\bnntnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1816 -
\??\c:\3tbbnn.exec:\3tbbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3312 -
\??\c:\pjvpd.exec:\pjvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3360 -
\??\c:\lffxrrl.exec:\lffxrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:968 -
\??\c:\hntttb.exec:\hntttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\tthhnn.exec:\tthhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2104 -
\??\c:\pjdvj.exec:\pjdvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5000 -
\??\c:\xlflllf.exec:\xlflllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4348 -
\??\c:\1btnhn.exec:\1btnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2908 -
\??\c:\1vpjd.exec:\1vpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2324 -
\??\c:\7fffxff.exec:\7fffxff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3184 -
\??\c:\3fxflfl.exec:\3fxflfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4200 -
\??\c:\hntbtt.exec:\hntbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4864 -
\??\c:\vjpvd.exec:\vjpvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3108 -
\??\c:\9jdjd.exec:\9jdjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1232 -
\??\c:\xffxrlf.exec:\xffxrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3336 -
\??\c:\ffxrlrf.exec:\ffxrlrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:756 -
\??\c:\hbbtnh.exec:\hbbtnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3892 -
\??\c:\nbbthh.exec:\nbbthh.exe23⤵
- Executes dropped EXE
PID:3288 -
\??\c:\jvdvp.exec:\jvdvp.exe24⤵
- Executes dropped EXE
PID:4136 -
\??\c:\lfxrffx.exec:\lfxrffx.exe25⤵
- Executes dropped EXE
PID:732 -
\??\c:\flllrrl.exec:\flllrrl.exe26⤵
- Executes dropped EXE
PID:1932 -
\??\c:\bhbnbn.exec:\bhbnbn.exe27⤵
- Executes dropped EXE
PID:1412 -
\??\c:\9pjjj.exec:\9pjjj.exe28⤵
- Executes dropped EXE
PID:4540 -
\??\c:\pvvvp.exec:\pvvvp.exe29⤵
- Executes dropped EXE
PID:3232 -
\??\c:\xfrrflx.exec:\xfrrflx.exe30⤵
- Executes dropped EXE
PID:556 -
\??\c:\bhhbtn.exec:\bhhbtn.exe31⤵
- Executes dropped EXE
PID:3284 -
\??\c:\tntnnn.exec:\tntnnn.exe32⤵
- Executes dropped EXE
PID:4004 -
\??\c:\pjdvp.exec:\pjdvp.exe33⤵
- Executes dropped EXE
PID:2264 -
\??\c:\xrxlllr.exec:\xrxlllr.exe34⤵
- Executes dropped EXE
PID:4272 -
\??\c:\nhttbt.exec:\nhttbt.exe35⤵
- Executes dropped EXE
PID:4456 -
\??\c:\hbhhhh.exec:\hbhhhh.exe36⤵
- Executes dropped EXE
PID:1764 -
\??\c:\vjpjd.exec:\vjpjd.exe37⤵
- Executes dropped EXE
PID:4680 -
\??\c:\jdpvp.exec:\jdpvp.exe38⤵
- Executes dropped EXE
PID:4468 -
\??\c:\rrlfrrl.exec:\rrlfrrl.exe39⤵
- Executes dropped EXE
PID:4672 -
\??\c:\9xlfxxr.exec:\9xlfxxr.exe40⤵
- Executes dropped EXE
PID:4416 -
\??\c:\tttntt.exec:\tttntt.exe41⤵
- Executes dropped EXE
PID:2216 -
\??\c:\jdpdv.exec:\jdpdv.exe42⤵
- Executes dropped EXE
PID:3208 -
\??\c:\jvdvp.exec:\jvdvp.exe43⤵
- Executes dropped EXE
PID:4432 -
\??\c:\bttnhb.exec:\bttnhb.exe44⤵
- Executes dropped EXE
PID:2212 -
\??\c:\jvvpj.exec:\jvvpj.exe45⤵
- Executes dropped EXE
PID:2972 -
\??\c:\vjdvv.exec:\vjdvv.exe46⤵
- Executes dropped EXE
PID:4972 -
\??\c:\7rfxxxx.exec:\7rfxxxx.exe47⤵
- Executes dropped EXE
PID:696 -
\??\c:\btnnhh.exec:\btnnhh.exe48⤵
- Executes dropped EXE
PID:2856 -
\??\c:\nnhttn.exec:\nnhttn.exe49⤵
- Executes dropped EXE
PID:2616 -
\??\c:\pjvpd.exec:\pjvpd.exe50⤵
- Executes dropped EXE
PID:4308 -
\??\c:\vjvdd.exec:\vjvdd.exe51⤵
- Executes dropped EXE
PID:824 -
\??\c:\9ffxxfx.exec:\9ffxxfx.exe52⤵
- Executes dropped EXE
PID:4364 -
\??\c:\lxrlfff.exec:\lxrlfff.exe53⤵
- Executes dropped EXE
PID:784 -
\??\c:\tnnbbb.exec:\tnnbbb.exe54⤵
- Executes dropped EXE
PID:2992 -
\??\c:\dvvdv.exec:\dvvdv.exe55⤵
- Executes dropped EXE
PID:4340 -
\??\c:\vjjdv.exec:\vjjdv.exe56⤵
- Executes dropped EXE
PID:4868 -
\??\c:\xxrrlff.exec:\xxrrlff.exe57⤵
- Executes dropped EXE
PID:744 -
\??\c:\frxrllf.exec:\frxrllf.exe58⤵
- Executes dropped EXE
PID:3184 -
\??\c:\rffflll.exec:\rffflll.exe59⤵
- Executes dropped EXE
PID:4088 -
\??\c:\tnhbtt.exec:\tnhbtt.exe60⤵
- Executes dropped EXE
PID:1420 -
\??\c:\hnnnhh.exec:\hnnnhh.exe61⤵
- Executes dropped EXE
PID:2756 -
\??\c:\vdvpd.exec:\vdvpd.exe62⤵
- Executes dropped EXE
PID:5068 -
\??\c:\jdjvv.exec:\jdjvv.exe63⤵
- Executes dropped EXE
PID:1792 -
\??\c:\frllxxr.exec:\frllxxr.exe64⤵
- Executes dropped EXE
PID:4428 -
\??\c:\5xxrllf.exec:\5xxrllf.exe65⤵
- Executes dropped EXE
PID:4048 -
\??\c:\xrfxrrl.exec:\xrfxrrl.exe66⤵PID:1268
-
\??\c:\tbhhbb.exec:\tbhhbb.exe67⤵PID:944
-
\??\c:\hbbthh.exec:\hbbthh.exe68⤵PID:560
-
\??\c:\pdjdv.exec:\pdjdv.exe69⤵PID:4396
-
\??\c:\7pvpv.exec:\7pvpv.exe70⤵PID:2788
-
\??\c:\7xffffx.exec:\7xffffx.exe71⤵PID:1932
-
\??\c:\xlrlllf.exec:\xlrlllf.exe72⤵PID:4980
-
\??\c:\tnhhbn.exec:\tnhhbn.exe73⤵PID:3448
-
\??\c:\tnttnn.exec:\tnttnn.exe74⤵PID:484
-
\??\c:\bnnhtt.exec:\bnnhtt.exe75⤵PID:884
-
\??\c:\djddd.exec:\djddd.exe76⤵PID:1416
-
\??\c:\pjdjj.exec:\pjdjj.exe77⤵PID:3844
-
\??\c:\1flfxrr.exec:\1flfxrr.exe78⤵PID:2552
-
\??\c:\rlllxxx.exec:\rlllxxx.exe79⤵PID:2600
-
\??\c:\tbhbtt.exec:\tbhbtt.exe80⤵PID:4820
-
\??\c:\bnbbtt.exec:\bnbbtt.exe81⤵PID:4556
-
\??\c:\jdvvv.exec:\jdvvv.exe82⤵PID:4424
-
\??\c:\djddd.exec:\djddd.exe83⤵PID:4008
-
\??\c:\dddvv.exec:\dddvv.exe84⤵PID:4736
-
\??\c:\5rfxlll.exec:\5rfxlll.exe85⤵PID:2512
-
\??\c:\fxrrlll.exec:\fxrrlll.exe86⤵PID:4292
-
\??\c:\bbnnnh.exec:\bbnnnh.exe87⤵PID:1340
-
\??\c:\httnnn.exec:\httnnn.exe88⤵PID:3228
-
\??\c:\vjjdv.exec:\vjjdv.exe89⤵PID:3504
-
\??\c:\vpdjd.exec:\vpdjd.exe90⤵PID:3116
-
\??\c:\fllfrrx.exec:\fllfrrx.exe91⤵PID:2112
-
\??\c:\hbbtbb.exec:\hbbtbb.exe92⤵PID:2988
-
\??\c:\xllfrrr.exec:\xllfrrr.exe93⤵PID:3204
-
\??\c:\rlfrfxr.exec:\rlfrfxr.exe94⤵PID:216
-
\??\c:\hnnnhh.exec:\hnnnhh.exe95⤵PID:2124
-
\??\c:\jddvp.exec:\jddvp.exe96⤵PID:4508
-
\??\c:\1vdvd.exec:\1vdvd.exe97⤵PID:2944
-
\??\c:\1lrrffx.exec:\1lrrffx.exe98⤵PID:1332
-
\??\c:\hbnnhh.exec:\hbnnhh.exe99⤵PID:1652
-
\??\c:\ddddd.exec:\ddddd.exe100⤵PID:228
-
\??\c:\vpppv.exec:\vpppv.exe101⤵PID:3052
-
\??\c:\rfrxlrl.exec:\rfrxlrl.exe102⤵PID:4340
-
\??\c:\lrxrxxf.exec:\lrxrxxf.exe103⤵PID:3524
-
\??\c:\xfllffx.exec:\xfllffx.exe104⤵PID:4216
-
\??\c:\bttttt.exec:\bttttt.exe105⤵PID:2004
-
\??\c:\bbbhht.exec:\bbbhht.exe106⤵PID:1596
-
\??\c:\jdvjv.exec:\jdvjv.exe107⤵PID:4864
-
\??\c:\9vjvv.exec:\9vjvv.exe108⤵PID:1500
-
\??\c:\rflxffl.exec:\rflxffl.exe109⤵PID:1120
-
\??\c:\ffrrlll.exec:\ffrrlll.exe110⤵PID:3336
-
\??\c:\bttnnn.exec:\bttnnn.exe111⤵PID:756
-
\??\c:\bnnhtn.exec:\bnnhtn.exe112⤵PID:492
-
\??\c:\djjdp.exec:\djjdp.exe113⤵PID:3296
-
\??\c:\vdjpj.exec:\vdjpj.exe114⤵PID:1364
-
\??\c:\lxlfxxf.exec:\lxlfxxf.exe115⤵PID:4696
-
\??\c:\xfxrrrx.exec:\xfxrrrx.exe116⤵PID:4220
-
\??\c:\hbhbbb.exec:\hbhbbb.exe117⤵PID:3276
-
\??\c:\tbnnnn.exec:\tbnnnn.exe118⤵PID:3604
-
\??\c:\pjpjj.exec:\pjpjj.exe119⤵PID:2640
-
\??\c:\jddvv.exec:\jddvv.exe120⤵PID:2964
-
\??\c:\jjppd.exec:\jjppd.exe121⤵PID:2108
-
\??\c:\rlfxfff.exec:\rlfxfff.exe122⤵PID:4560
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-