Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 12:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe
-
Size
75KB
-
MD5
c87306f395b50f6fe19f9c27b89d3d20
-
SHA1
9593576688529c1e3620a30c24efbc8f9a3fd4fe
-
SHA256
2d92feebe443356fa8feb501fb91785b80f2b9014e4c30861e40b2e114c5b0f8
-
SHA512
1d6888fdffa71bbc3baeebc2bee1d674533b2e658e658976af1846bb274f0f4aa9dac309fbf25d848835ed4f28ce0dc945ca18ededc034617fcd279c5f564e29
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1AP0:ymb3NkkiQ3mdBjFIsIVbpUO0
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/4880-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4908-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/556-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5028-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/456-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1440-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2676-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4884-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5044-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2156-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2156-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5636-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5356-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5184-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5776-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5820-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5988-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3652-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3912-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5520-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5196-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1376-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/6024-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/624-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4796-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4748-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 556 vjjdv.exe 4908 lxxrflx.exe 5028 1nhhbb.exe 1440 vppvv.exe 456 1dddv.exe 2676 xrlrfrl.exe 4884 hbtnhh.exe 5044 pvdvj.exe 5760 dppdj.exe 2156 frxrllf.exe 5636 nnhbtt.exe 5356 pjjjj.exe 5184 fllfffx.exe 5776 thbtnn.exe 5820 hhbbbh.exe 5988 pdjpv.exe 448 lfrxffx.exe 3652 1lrlffx.exe 4788 tntnbb.exe 3912 5vvpd.exe 5520 djpdp.exe 5196 xxrfrlx.exe 1376 btbthb.exe 4704 vddvj.exe 6024 jvjdj.exe 624 lrlrlxr.exe 4796 rfrlfxr.exe 3992 tbnnbn.exe 5484 vddpd.exe 4748 fxfrfxr.exe 796 fffxlrf.exe 4020 bnhbtt.exe 4392 ttbnhb.exe 748 dpvpd.exe 3824 5ppdp.exe 3456 fllxlfr.exe 1572 ntnhbb.exe 1268 hthbhb.exe 1792 djjvp.exe 3120 5ppjd.exe 5556 3frlllx.exe 3516 rxrrllf.exe 6028 hbhhhh.exe 5240 btbhbb.exe 4388 5jvpp.exe 5416 rxrxrfl.exe 2188 bnnhbb.exe 4752 5hntnn.exe 2364 vvjjd.exe 1120 7xrlffx.exe 960 rfxxlrl.exe 2788 htbnhb.exe 1392 nhtnbh.exe 6060 1pvjv.exe 3396 9xxlxxx.exe 5232 rrxrllf.exe 3576 9nhhtb.exe 1916 bnnhtt.exe 3016 thttnn.exe 3792 vdddp.exe 5656 vvpjd.exe 5224 fflllxx.exe 3512 lflfxrf.exe 4404 5thhhh.exe -
resource yara_rule behavioral2/memory/4880-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/556-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4908-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4908-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/556-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5028-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/456-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/456-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/456-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2676-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1440-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2676-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4884-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5044-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2156-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2156-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2156-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5636-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5356-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5184-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5776-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5820-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5988-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3652-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3912-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5520-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5196-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1376-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/6024-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/624-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4796-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4748-202-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4880 wrote to memory of 556 4880 c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe 82 PID 4880 wrote to memory of 556 4880 c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe 82 PID 4880 wrote to memory of 556 4880 c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe 82 PID 556 wrote to memory of 4908 556 vjjdv.exe 83 PID 556 wrote to memory of 4908 556 vjjdv.exe 83 PID 556 wrote to memory of 4908 556 vjjdv.exe 83 PID 4908 wrote to memory of 5028 4908 lxxrflx.exe 84 PID 4908 wrote to memory of 5028 4908 lxxrflx.exe 84 PID 4908 wrote to memory of 5028 4908 lxxrflx.exe 84 PID 5028 wrote to memory of 1440 5028 1nhhbb.exe 85 PID 5028 wrote to memory of 1440 5028 1nhhbb.exe 85 PID 5028 wrote to memory of 1440 5028 1nhhbb.exe 85 PID 1440 wrote to memory of 456 1440 vppvv.exe 86 PID 1440 wrote to memory of 456 1440 vppvv.exe 86 PID 1440 wrote to memory of 456 1440 vppvv.exe 86 PID 456 wrote to memory of 2676 456 1dddv.exe 87 PID 456 wrote to memory of 2676 456 1dddv.exe 87 PID 456 wrote to memory of 2676 456 1dddv.exe 87 PID 2676 wrote to memory of 4884 2676 xrlrfrl.exe 88 PID 2676 wrote to memory of 4884 2676 xrlrfrl.exe 88 PID 2676 wrote to memory of 4884 2676 xrlrfrl.exe 88 PID 4884 wrote to memory of 5044 4884 hbtnhh.exe 89 PID 4884 wrote to memory of 5044 4884 hbtnhh.exe 89 PID 4884 wrote to memory of 5044 4884 hbtnhh.exe 89 PID 5044 wrote to memory of 5760 5044 pvdvj.exe 90 PID 5044 wrote to memory of 5760 5044 pvdvj.exe 90 PID 5044 wrote to memory of 5760 5044 pvdvj.exe 90 PID 5760 wrote to memory of 2156 5760 dppdj.exe 91 PID 5760 wrote to memory of 2156 5760 dppdj.exe 91 PID 5760 wrote to memory of 2156 5760 dppdj.exe 91 PID 2156 wrote to memory of 5636 2156 frxrllf.exe 92 PID 2156 wrote to memory of 5636 2156 frxrllf.exe 92 PID 2156 wrote to memory of 5636 2156 frxrllf.exe 92 PID 5636 wrote to memory of 5356 5636 nnhbtt.exe 93 PID 5636 wrote to memory of 5356 5636 nnhbtt.exe 93 PID 5636 wrote to memory of 5356 5636 nnhbtt.exe 93 PID 5356 wrote to memory of 5184 5356 pjjjj.exe 94 PID 5356 wrote to memory of 5184 5356 pjjjj.exe 94 PID 5356 wrote to memory of 5184 5356 pjjjj.exe 94 PID 5184 wrote to memory of 5776 5184 fllfffx.exe 95 PID 5184 wrote to memory of 5776 5184 fllfffx.exe 95 PID 5184 wrote to memory of 5776 5184 fllfffx.exe 95 PID 5776 wrote to memory of 5820 5776 thbtnn.exe 96 PID 5776 wrote to memory of 5820 5776 thbtnn.exe 96 PID 5776 wrote to memory of 5820 5776 thbtnn.exe 96 PID 5820 wrote to memory of 5988 5820 hhbbbh.exe 97 PID 5820 wrote to memory of 5988 5820 hhbbbh.exe 97 PID 5820 wrote to memory of 5988 5820 hhbbbh.exe 97 PID 5988 wrote to memory of 448 5988 pdjpv.exe 98 PID 5988 wrote to memory of 448 5988 pdjpv.exe 98 PID 5988 wrote to memory of 448 5988 pdjpv.exe 98 PID 448 wrote to memory of 3652 448 lfrxffx.exe 99 PID 448 wrote to memory of 3652 448 lfrxffx.exe 99 PID 448 wrote to memory of 3652 448 lfrxffx.exe 99 PID 3652 wrote to memory of 4788 3652 1lrlffx.exe 100 PID 3652 wrote to memory of 4788 3652 1lrlffx.exe 100 PID 3652 wrote to memory of 4788 3652 1lrlffx.exe 100 PID 4788 wrote to memory of 3912 4788 tntnbb.exe 101 PID 4788 wrote to memory of 3912 4788 tntnbb.exe 101 PID 4788 wrote to memory of 3912 4788 tntnbb.exe 101 PID 3912 wrote to memory of 5520 3912 5vvpd.exe 102 PID 3912 wrote to memory of 5520 3912 5vvpd.exe 102 PID 3912 wrote to memory of 5520 3912 5vvpd.exe 102 PID 5520 wrote to memory of 5196 5520 djpdp.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c87306f395b50f6fe19f9c27b89d3d20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4880 -
\??\c:\vjjdv.exec:\vjjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:556 -
\??\c:\lxxrflx.exec:\lxxrflx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4908 -
\??\c:\1nhhbb.exec:\1nhhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5028 -
\??\c:\vppvv.exec:\vppvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1440 -
\??\c:\1dddv.exec:\1dddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:456 -
\??\c:\xrlrfrl.exec:\xrlrfrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2676 -
\??\c:\hbtnhh.exec:\hbtnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4884 -
\??\c:\pvdvj.exec:\pvdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5044 -
\??\c:\dppdj.exec:\dppdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5760 -
\??\c:\frxrllf.exec:\frxrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2156 -
\??\c:\nnhbtt.exec:\nnhbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5636 -
\??\c:\pjjjj.exec:\pjjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5356 -
\??\c:\fllfffx.exec:\fllfffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5184 -
\??\c:\thbtnn.exec:\thbtnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5776 -
\??\c:\hhbbbh.exec:\hhbbbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5820 -
\??\c:\pdjpv.exec:\pdjpv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5988 -
\??\c:\lfrxffx.exec:\lfrxffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:448 -
\??\c:\1lrlffx.exec:\1lrlffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3652 -
\??\c:\tntnbb.exec:\tntnbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4788 -
\??\c:\5vvpd.exec:\5vvpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3912 -
\??\c:\djpdp.exec:\djpdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5520 -
\??\c:\xxrfrlx.exec:\xxrfrlx.exe23⤵
- Executes dropped EXE
PID:5196 -
\??\c:\btbthb.exec:\btbthb.exe24⤵
- Executes dropped EXE
PID:1376 -
\??\c:\vddvj.exec:\vddvj.exe25⤵
- Executes dropped EXE
PID:4704 -
\??\c:\jvjdj.exec:\jvjdj.exe26⤵
- Executes dropped EXE
PID:6024 -
\??\c:\lrlrlxr.exec:\lrlrlxr.exe27⤵
- Executes dropped EXE
PID:624 -
\??\c:\rfrlfxr.exec:\rfrlfxr.exe28⤵
- Executes dropped EXE
PID:4796 -
\??\c:\tbnnbn.exec:\tbnnbn.exe29⤵
- Executes dropped EXE
PID:3992 -
\??\c:\vddpd.exec:\vddpd.exe30⤵
- Executes dropped EXE
PID:5484 -
\??\c:\fxfrfxr.exec:\fxfrfxr.exe31⤵
- Executes dropped EXE
PID:4748 -
\??\c:\fffxlrf.exec:\fffxlrf.exe32⤵
- Executes dropped EXE
PID:796 -
\??\c:\bnhbtt.exec:\bnhbtt.exe33⤵
- Executes dropped EXE
PID:4020 -
\??\c:\ttbnhb.exec:\ttbnhb.exe34⤵
- Executes dropped EXE
PID:4392 -
\??\c:\dpvpd.exec:\dpvpd.exe35⤵
- Executes dropped EXE
PID:748 -
\??\c:\5ppdp.exec:\5ppdp.exe36⤵
- Executes dropped EXE
PID:3824 -
\??\c:\fllxlfr.exec:\fllxlfr.exe37⤵
- Executes dropped EXE
PID:3456 -
\??\c:\ntnhbb.exec:\ntnhbb.exe38⤵
- Executes dropped EXE
PID:1572 -
\??\c:\hthbhb.exec:\hthbhb.exe39⤵
- Executes dropped EXE
PID:1268 -
\??\c:\djjvp.exec:\djjvp.exe40⤵
- Executes dropped EXE
PID:1792 -
\??\c:\5ppjd.exec:\5ppjd.exe41⤵
- Executes dropped EXE
PID:3120 -
\??\c:\3frlllx.exec:\3frlllx.exe42⤵
- Executes dropped EXE
PID:5556 -
\??\c:\rxrrllf.exec:\rxrrllf.exe43⤵
- Executes dropped EXE
PID:3516 -
\??\c:\hbhhhh.exec:\hbhhhh.exe44⤵
- Executes dropped EXE
PID:6028 -
\??\c:\btbhbb.exec:\btbhbb.exe45⤵
- Executes dropped EXE
PID:5240 -
\??\c:\5jvpp.exec:\5jvpp.exe46⤵
- Executes dropped EXE
PID:4388 -
\??\c:\rxrxrfl.exec:\rxrxrfl.exe47⤵
- Executes dropped EXE
PID:5416 -
\??\c:\bnnhbb.exec:\bnnhbb.exe48⤵
- Executes dropped EXE
PID:2188 -
\??\c:\5hntnn.exec:\5hntnn.exe49⤵
- Executes dropped EXE
PID:4752 -
\??\c:\vvjjd.exec:\vvjjd.exe50⤵
- Executes dropped EXE
PID:2364 -
\??\c:\7xrlffx.exec:\7xrlffx.exe51⤵
- Executes dropped EXE
PID:1120 -
\??\c:\rfxxlrl.exec:\rfxxlrl.exe52⤵
- Executes dropped EXE
PID:960 -
\??\c:\htbnhb.exec:\htbnhb.exe53⤵
- Executes dropped EXE
PID:2788 -
\??\c:\nhtnbh.exec:\nhtnbh.exe54⤵
- Executes dropped EXE
PID:1392 -
\??\c:\1pvjv.exec:\1pvjv.exe55⤵
- Executes dropped EXE
PID:6060 -
\??\c:\9xxlxxx.exec:\9xxlxxx.exe56⤵
- Executes dropped EXE
PID:3396 -
\??\c:\rrxrllf.exec:\rrxrllf.exe57⤵
- Executes dropped EXE
PID:5232 -
\??\c:\9nhhtb.exec:\9nhhtb.exe58⤵
- Executes dropped EXE
PID:3576 -
\??\c:\bnnhtt.exec:\bnnhtt.exe59⤵
- Executes dropped EXE
PID:1916 -
\??\c:\thttnn.exec:\thttnn.exe60⤵
- Executes dropped EXE
PID:3016 -
\??\c:\vdddp.exec:\vdddp.exe61⤵
- Executes dropped EXE
PID:3792 -
\??\c:\vvpjd.exec:\vvpjd.exe62⤵
- Executes dropped EXE
PID:5656 -
\??\c:\fflllxx.exec:\fflllxx.exe63⤵
- Executes dropped EXE
PID:5224 -
\??\c:\lflfxrf.exec:\lflfxrf.exe64⤵
- Executes dropped EXE
PID:3512 -
\??\c:\5thhhh.exec:\5thhhh.exe65⤵
- Executes dropped EXE
PID:4404 -
\??\c:\hhnntt.exec:\hhnntt.exe66⤵PID:4576
-
\??\c:\vpdvp.exec:\vpdvp.exe67⤵PID:5340
-
\??\c:\ppdvp.exec:\ppdvp.exe68⤵PID:4532
-
\??\c:\rrxrrrx.exec:\rrxrrrx.exe69⤵PID:4528
-
\??\c:\xlllfff.exec:\xlllfff.exe70⤵PID:2980
-
\??\c:\3ntnhh.exec:\3ntnhh.exe71⤵PID:664
-
\??\c:\hbbtnn.exec:\hbbtnn.exe72⤵PID:552
-
\??\c:\nhnhhh.exec:\nhnhhh.exe73⤵PID:3932
-
\??\c:\vdjdd.exec:\vdjdd.exe74⤵PID:2292
-
\??\c:\7fxxrrr.exec:\7fxxrrr.exe75⤵PID:2312
-
\??\c:\rflrlll.exec:\rflrlll.exe76⤵PID:4176
-
\??\c:\tthnbb.exec:\tthnbb.exe77⤵PID:5100
-
\??\c:\htthbt.exec:\htthbt.exe78⤵PID:4888
-
\??\c:\pddvp.exec:\pddvp.exe79⤵PID:4448
-
\??\c:\rlllxfx.exec:\rlllxfx.exe80⤵PID:5748
-
\??\c:\tntnhh.exec:\tntnhh.exe81⤵PID:5764
-
\??\c:\bbnhbn.exec:\bbnhbn.exe82⤵PID:5724
-
\??\c:\nhnhtt.exec:\nhnhtt.exe83⤵PID:5760
-
\??\c:\djppj.exec:\djppj.exe84⤵PID:4540
-
\??\c:\lffxrlx.exec:\lffxrlx.exe85⤵PID:5052
-
\??\c:\htbttt.exec:\htbttt.exe86⤵PID:3952
-
\??\c:\thbthb.exec:\thbthb.exe87⤵PID:5184
-
\??\c:\djvvv.exec:\djvvv.exe88⤵PID:5568
-
\??\c:\vjdjj.exec:\vjdjj.exe89⤵PID:3472
-
\??\c:\3rlllrr.exec:\3rlllrr.exe90⤵PID:2512
-
\??\c:\lffffff.exec:\lffffff.exe91⤵PID:4100
-
\??\c:\rrllrrl.exec:\rrllrrl.exe92⤵PID:2440
-
\??\c:\vpjjd.exec:\vpjjd.exe93⤵PID:2384
-
\??\c:\vddvj.exec:\vddvj.exe94⤵PID:3564
-
\??\c:\lfffffl.exec:\lfffffl.exe95⤵PID:3148
-
\??\c:\rxxxxfx.exec:\rxxxxfx.exe96⤵PID:1624
-
\??\c:\7hhbbb.exec:\7hhbbb.exe97⤵PID:756
-
\??\c:\hhnhbb.exec:\hhnhbb.exe98⤵PID:5352
-
\??\c:\1pvpj.exec:\1pvpj.exe99⤵PID:3736
-
\??\c:\vpvvp.exec:\vpvvp.exe100⤵PID:5524
-
\??\c:\3xrlffr.exec:\3xrlffr.exe101⤵PID:5508
-
\??\c:\xrlffff.exec:\xrlffff.exe102⤵PID:1544
-
\??\c:\tbntbt.exec:\tbntbt.exe103⤵PID:2272
-
\??\c:\hbhtbt.exec:\hbhtbt.exe104⤵PID:3292
-
\??\c:\jdddv.exec:\jdddv.exe105⤵PID:5096
-
\??\c:\1fffrrf.exec:\1fffrrf.exe106⤵PID:3332
-
\??\c:\xxlrlxx.exec:\xxlrlxx.exe107⤵PID:3628
-
\??\c:\3ffxrfx.exec:\3ffxrfx.exe108⤵PID:3804
-
\??\c:\nhbbbb.exec:\nhbbbb.exe109⤵PID:704
-
\??\c:\jdvvj.exec:\jdvvj.exe110⤵PID:5160
-
\??\c:\ppjdj.exec:\ppjdj.exe111⤵PID:1704
-
\??\c:\ppdvv.exec:\ppdvv.exe112⤵PID:5336
-
\??\c:\xrxrfff.exec:\xrxrfff.exe113⤵PID:5264
-
\??\c:\ffrrllf.exec:\ffrrllf.exe114⤵PID:3200
-
\??\c:\hnbtnb.exec:\hnbtnb.exe115⤵PID:2164
-
\??\c:\5dppp.exec:\5dppp.exe116⤵PID:5996
-
\??\c:\vvdpj.exec:\vvdpj.exe117⤵PID:1056
-
\??\c:\rlrrlff.exec:\rlrrlff.exe118⤵PID:5332
-
\??\c:\9llfrlx.exec:\9llfrlx.exe119⤵PID:4624
-
\??\c:\7ntntb.exec:\7ntntb.exe120⤵PID:5692
-
\??\c:\tbbtnt.exec:\tbbtnt.exe121⤵PID:856
-
\??\c:\jjppv.exec:\jjppv.exe122⤵PID:2160
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-