Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe
-
Size
65KB
-
MD5
d0f12b7854af3212c3613488cd969290
-
SHA1
c46e686a426eeaef004261cc37bc1a0438f15afc
-
SHA256
61c781b01dc729ca062cfa5fe0e94c8c9dcdf705ce618fe03bff74116df1582a
-
SHA512
7e4f5b03ad7d3ffcf2c8a024e9c67aa3bf5b46ce5c8d78ae43b21d5f6d7f142c74e78b1901a61f472f61241f7b115c9085f33d6c220bd1aebb6968e6b6c6cecf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AyXmcx:ymb3NkkiQ3mdBjFI46TQyXmcx
Malware Config
Signatures
-
Detect Blackmoon payload 27 IoCs
resource yara_rule behavioral2/memory/2488-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3028-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1328-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3056-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2908-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3188-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4488-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3932-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2136-63-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2136-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4432-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4700-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1616-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2784-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4704-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1388-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1876-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1980-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4820-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3956-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2212-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3772-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3988-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4428-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2868-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3600-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3056-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3028 jpdvp.exe 1328 5flfxrf.exe 3056 hthbbt.exe 2908 jjpjd.exe 3188 rrrlxrl.exe 4488 xrfxfxl.exe 3932 1bbbnn.exe 2136 dvdvv.exe 4432 lxfxllf.exe 3848 hbbtnn.exe 4700 7hhbtt.exe 1616 jpvpd.exe 2784 5lxxrrx.exe 4704 flrllll.exe 1388 htnbtt.exe 1876 7vddp.exe 4076 xxxrllf.exe 1980 tbbtnn.exe 4820 9ttbbn.exe 3956 dvdvp.exe 2212 xrxxffl.exe 3772 1bhttn.exe 3988 vjjjj.exe 3552 lfrrlxx.exe 4428 xffrfxr.exe 4956 bbtnnh.exe 872 pjjpp.exe 2868 frxlxxl.exe 3600 lfxxrlx.exe 3056 9hnhbh.exe 2432 1dvpj.exe 3668 jdjdd.exe 4268 ffrlfxr.exe 4740 xrrrlff.exe 1776 nbhbhh.exe 4300 bnthbt.exe 2332 ppjdd.exe 1952 rlrrfxl.exe 1672 frrrrll.exe 2256 rflfllx.exe 1448 nhbtnn.exe 988 1bhhtt.exe 3372 jjddp.exe 3468 dvpdv.exe 5040 xrlfxxl.exe 3264 rfffxxl.exe 4804 tthbtt.exe 2176 nhhbnn.exe 1844 vdjdv.exe 4188 1djdj.exe 3756 rllflxf.exe 3112 fxrxrrr.exe 768 9btntt.exe 4520 bbttnt.exe 3988 3pvpp.exe 2800 djppj.exe 4428 rflffff.exe 4956 tthhbb.exe 4464 hbbbhh.exe 2868 ppvpj.exe 1372 vjdpd.exe 2952 flrlxxl.exe 4260 frrfxfx.exe 3668 bnbbnn.exe -
resource yara_rule behavioral2/memory/2488-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3028-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1328-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3056-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2908-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3188-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4488-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3932-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2136-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4432-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4700-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1616-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2784-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4704-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1388-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1876-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1980-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4820-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3956-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2212-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3772-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3988-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4428-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2868-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3600-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3056-199-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2488 wrote to memory of 3028 2488 d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe 93 PID 2488 wrote to memory of 3028 2488 d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe 93 PID 2488 wrote to memory of 3028 2488 d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe 93 PID 3028 wrote to memory of 1328 3028 jpdvp.exe 94 PID 3028 wrote to memory of 1328 3028 jpdvp.exe 94 PID 3028 wrote to memory of 1328 3028 jpdvp.exe 94 PID 1328 wrote to memory of 3056 1328 5flfxrf.exe 95 PID 1328 wrote to memory of 3056 1328 5flfxrf.exe 95 PID 1328 wrote to memory of 3056 1328 5flfxrf.exe 95 PID 3056 wrote to memory of 2908 3056 hthbbt.exe 96 PID 3056 wrote to memory of 2908 3056 hthbbt.exe 96 PID 3056 wrote to memory of 2908 3056 hthbbt.exe 96 PID 2908 wrote to memory of 3188 2908 jjpjd.exe 97 PID 2908 wrote to memory of 3188 2908 jjpjd.exe 97 PID 2908 wrote to memory of 3188 2908 jjpjd.exe 97 PID 3188 wrote to memory of 4488 3188 rrrlxrl.exe 98 PID 3188 wrote to memory of 4488 3188 rrrlxrl.exe 98 PID 3188 wrote to memory of 4488 3188 rrrlxrl.exe 98 PID 4488 wrote to memory of 3932 4488 xrfxfxl.exe 99 PID 4488 wrote to memory of 3932 4488 xrfxfxl.exe 99 PID 4488 wrote to memory of 3932 4488 xrfxfxl.exe 99 PID 3932 wrote to memory of 2136 3932 1bbbnn.exe 100 PID 3932 wrote to memory of 2136 3932 1bbbnn.exe 100 PID 3932 wrote to memory of 2136 3932 1bbbnn.exe 100 PID 2136 wrote to memory of 4432 2136 dvdvv.exe 101 PID 2136 wrote to memory of 4432 2136 dvdvv.exe 101 PID 2136 wrote to memory of 4432 2136 dvdvv.exe 101 PID 4432 wrote to memory of 3848 4432 lxfxllf.exe 102 PID 4432 wrote to memory of 3848 4432 lxfxllf.exe 102 PID 4432 wrote to memory of 3848 4432 lxfxllf.exe 102 PID 3848 wrote to memory of 4700 3848 hbbtnn.exe 103 PID 3848 wrote to memory of 4700 3848 hbbtnn.exe 103 PID 3848 wrote to memory of 4700 3848 hbbtnn.exe 103 PID 4700 wrote to memory of 1616 4700 7hhbtt.exe 104 PID 4700 wrote to memory of 1616 4700 7hhbtt.exe 104 PID 4700 wrote to memory of 1616 4700 7hhbtt.exe 104 PID 1616 wrote to memory of 2784 1616 jpvpd.exe 105 PID 1616 wrote to memory of 2784 1616 jpvpd.exe 105 PID 1616 wrote to memory of 2784 1616 jpvpd.exe 105 PID 2784 wrote to memory of 4704 2784 5lxxrrx.exe 106 PID 2784 wrote to memory of 4704 2784 5lxxrrx.exe 106 PID 2784 wrote to memory of 4704 2784 5lxxrrx.exe 106 PID 4704 wrote to memory of 1388 4704 flrllll.exe 107 PID 4704 wrote to memory of 1388 4704 flrllll.exe 107 PID 4704 wrote to memory of 1388 4704 flrllll.exe 107 PID 1388 wrote to memory of 1876 1388 htnbtt.exe 108 PID 1388 wrote to memory of 1876 1388 htnbtt.exe 108 PID 1388 wrote to memory of 1876 1388 htnbtt.exe 108 PID 1876 wrote to memory of 4076 1876 7vddp.exe 109 PID 1876 wrote to memory of 4076 1876 7vddp.exe 109 PID 1876 wrote to memory of 4076 1876 7vddp.exe 109 PID 4076 wrote to memory of 1980 4076 xxxrllf.exe 110 PID 4076 wrote to memory of 1980 4076 xxxrllf.exe 110 PID 4076 wrote to memory of 1980 4076 xxxrllf.exe 110 PID 1980 wrote to memory of 4820 1980 tbbtnn.exe 111 PID 1980 wrote to memory of 4820 1980 tbbtnn.exe 111 PID 1980 wrote to memory of 4820 1980 tbbtnn.exe 111 PID 4820 wrote to memory of 3956 4820 9ttbbn.exe 112 PID 4820 wrote to memory of 3956 4820 9ttbbn.exe 112 PID 4820 wrote to memory of 3956 4820 9ttbbn.exe 112 PID 3956 wrote to memory of 2212 3956 dvdvp.exe 113 PID 3956 wrote to memory of 2212 3956 dvdvp.exe 113 PID 3956 wrote to memory of 2212 3956 dvdvp.exe 113 PID 2212 wrote to memory of 3772 2212 xrxxffl.exe 114
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d0f12b7854af3212c3613488cd969290_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2488 -
\??\c:\jpdvp.exec:\jpdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\5flfxrf.exec:\5flfxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1328 -
\??\c:\hthbbt.exec:\hthbbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3056 -
\??\c:\jjpjd.exec:\jjpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2908 -
\??\c:\rrrlxrl.exec:\rrrlxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3188 -
\??\c:\xrfxfxl.exec:\xrfxfxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4488 -
\??\c:\1bbbnn.exec:\1bbbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3932 -
\??\c:\dvdvv.exec:\dvdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2136 -
\??\c:\lxfxllf.exec:\lxfxllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4432 -
\??\c:\hbbtnn.exec:\hbbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3848 -
\??\c:\7hhbtt.exec:\7hhbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4700 -
\??\c:\jpvpd.exec:\jpvpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1616 -
\??\c:\5lxxrrx.exec:\5lxxrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\flrllll.exec:\flrllll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4704 -
\??\c:\htnbtt.exec:\htnbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1388 -
\??\c:\7vddp.exec:\7vddp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1876 -
\??\c:\xxxrllf.exec:\xxxrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4076 -
\??\c:\tbbtnn.exec:\tbbtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1980 -
\??\c:\9ttbbn.exec:\9ttbbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4820 -
\??\c:\dvdvp.exec:\dvdvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3956 -
\??\c:\xrxxffl.exec:\xrxxffl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\1bhttn.exec:\1bhttn.exe23⤵
- Executes dropped EXE
PID:3772 -
\??\c:\vjjjj.exec:\vjjjj.exe24⤵
- Executes dropped EXE
PID:3988 -
\??\c:\lfrrlxx.exec:\lfrrlxx.exe25⤵
- Executes dropped EXE
PID:3552 -
\??\c:\xffrfxr.exec:\xffrfxr.exe26⤵
- Executes dropped EXE
PID:4428 -
\??\c:\bbtnnh.exec:\bbtnnh.exe27⤵
- Executes dropped EXE
PID:4956 -
\??\c:\pjjpp.exec:\pjjpp.exe28⤵
- Executes dropped EXE
PID:872 -
\??\c:\frxlxxl.exec:\frxlxxl.exe29⤵
- Executes dropped EXE
PID:2868 -
\??\c:\lfxxrlx.exec:\lfxxrlx.exe30⤵
- Executes dropped EXE
PID:3600 -
\??\c:\9hnhbh.exec:\9hnhbh.exe31⤵
- Executes dropped EXE
PID:3056 -
\??\c:\1dvpj.exec:\1dvpj.exe32⤵
- Executes dropped EXE
PID:2432 -
\??\c:\jdjdd.exec:\jdjdd.exe33⤵
- Executes dropped EXE
PID:3668 -
\??\c:\ffrlfxr.exec:\ffrlfxr.exe34⤵
- Executes dropped EXE
PID:4268 -
\??\c:\xrrrlff.exec:\xrrrlff.exe35⤵
- Executes dropped EXE
PID:4740 -
\??\c:\nbhbhh.exec:\nbhbhh.exe36⤵
- Executes dropped EXE
PID:1776 -
\??\c:\bnthbt.exec:\bnthbt.exe37⤵
- Executes dropped EXE
PID:4300 -
\??\c:\ppjdd.exec:\ppjdd.exe38⤵
- Executes dropped EXE
PID:2332 -
\??\c:\rlrrfxl.exec:\rlrrfxl.exe39⤵
- Executes dropped EXE
PID:1952 -
\??\c:\frrrrll.exec:\frrrrll.exe40⤵
- Executes dropped EXE
PID:1672 -
\??\c:\rflfllx.exec:\rflfllx.exe41⤵
- Executes dropped EXE
PID:2256 -
\??\c:\nhbtnn.exec:\nhbtnn.exe42⤵
- Executes dropped EXE
PID:1448 -
\??\c:\1bhhtt.exec:\1bhhtt.exe43⤵
- Executes dropped EXE
PID:988 -
\??\c:\jjddp.exec:\jjddp.exe44⤵
- Executes dropped EXE
PID:3372 -
\??\c:\dvpdv.exec:\dvpdv.exe45⤵
- Executes dropped EXE
PID:3468 -
\??\c:\xrlfxxl.exec:\xrlfxxl.exe46⤵
- Executes dropped EXE
PID:5040 -
\??\c:\rfffxxl.exec:\rfffxxl.exe47⤵
- Executes dropped EXE
PID:3264 -
\??\c:\tthbtt.exec:\tthbtt.exe48⤵
- Executes dropped EXE
PID:4804 -
\??\c:\nhhbnn.exec:\nhhbnn.exe49⤵
- Executes dropped EXE
PID:2176 -
\??\c:\vdjdv.exec:\vdjdv.exe50⤵
- Executes dropped EXE
PID:1844 -
\??\c:\1djdj.exec:\1djdj.exe51⤵
- Executes dropped EXE
PID:4188 -
\??\c:\rllflxf.exec:\rllflxf.exe52⤵
- Executes dropped EXE
PID:3756 -
\??\c:\fxrxrrr.exec:\fxrxrrr.exe53⤵
- Executes dropped EXE
PID:3112 -
\??\c:\9btntt.exec:\9btntt.exe54⤵
- Executes dropped EXE
PID:768 -
\??\c:\bbttnt.exec:\bbttnt.exe55⤵
- Executes dropped EXE
PID:4520 -
\??\c:\3pvpp.exec:\3pvpp.exe56⤵
- Executes dropped EXE
PID:3988 -
\??\c:\djppj.exec:\djppj.exe57⤵
- Executes dropped EXE
PID:2800 -
\??\c:\rflffff.exec:\rflffff.exe58⤵
- Executes dropped EXE
PID:4428 -
\??\c:\tthhbb.exec:\tthhbb.exe59⤵
- Executes dropped EXE
PID:4956 -
\??\c:\hbbbhh.exec:\hbbbhh.exe60⤵
- Executes dropped EXE
PID:4464 -
\??\c:\ppvpj.exec:\ppvpj.exe61⤵
- Executes dropped EXE
PID:2868 -
\??\c:\vjdpd.exec:\vjdpd.exe62⤵
- Executes dropped EXE
PID:1372 -
\??\c:\flrlxxl.exec:\flrlxxl.exe63⤵
- Executes dropped EXE
PID:2952 -
\??\c:\frrfxfx.exec:\frrfxfx.exe64⤵
- Executes dropped EXE
PID:4260 -
\??\c:\bnbbnn.exec:\bnbbnn.exe65⤵
- Executes dropped EXE
PID:3668 -
\??\c:\ttttnn.exec:\ttttnn.exe66⤵PID:4832
-
\??\c:\jjpjv.exec:\jjpjv.exe67⤵PID:5000
-
\??\c:\xrlfffl.exec:\xrlfffl.exe68⤵PID:2124
-
\??\c:\fxllllx.exec:\fxllllx.exe69⤵PID:2136
-
\??\c:\hhhnnt.exec:\hhhnnt.exe70⤵PID:916
-
\??\c:\nhhhbt.exec:\nhhhbt.exe71⤵PID:3508
-
\??\c:\vddvj.exec:\vddvj.exe72⤵PID:4548
-
\??\c:\pddvj.exec:\pddvj.exe73⤵PID:4700
-
\??\c:\1xxrxxl.exec:\1xxrxxl.exe74⤵PID:4960
-
\??\c:\thtntn.exec:\thtntn.exe75⤵PID:5108
-
\??\c:\5tnhtt.exec:\5tnhtt.exe76⤵PID:4220
-
\??\c:\djddv.exec:\djddv.exe77⤵PID:3372
-
\??\c:\rflfrrl.exec:\rflfrrl.exe78⤵PID:3468
-
\??\c:\fffffxx.exec:\fffffxx.exe79⤵PID:1272
-
\??\c:\7bttnn.exec:\7bttnn.exe80⤵PID:4764
-
\??\c:\thbnhh.exec:\thbnhh.exe81⤵PID:116
-
\??\c:\vpvdj.exec:\vpvdj.exe82⤵PID:4820
-
\??\c:\jvpjd.exec:\jvpjd.exe83⤵PID:3400
-
\??\c:\fxxrflf.exec:\fxxrflf.exe84⤵PID:884
-
\??\c:\lllfxrr.exec:\lllfxrr.exe85⤵PID:3772
-
\??\c:\5hhtnn.exec:\5hhtnn.exe86⤵PID:4520
-
\??\c:\nbhhnt.exec:\nbhhnt.exe87⤵PID:4440
-
\??\c:\hnnnbb.exec:\hnnnbb.exe88⤵PID:2800
-
\??\c:\vvdpj.exec:\vvdpj.exe89⤵PID:3972
-
\??\c:\5pjpd.exec:\5pjpd.exe90⤵PID:1228
-
\??\c:\1rfxxff.exec:\1rfxxff.exe91⤵PID:4464
-
\??\c:\htttbh.exec:\htttbh.exe92⤵PID:3020
-
\??\c:\3hnnbb.exec:\3hnnbb.exe93⤵PID:4860
-
\??\c:\djddp.exec:\djddp.exe94⤵PID:3012
-
\??\c:\jpvpj.exec:\jpvpj.exe95⤵PID:3216
-
\??\c:\lrrrlxx.exec:\lrrrlxx.exe96⤵PID:4988
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe97⤵PID:4268
-
\??\c:\tnnnhh.exec:\tnnnhh.exe98⤵PID:436
-
\??\c:\htbbnn.exec:\htbbnn.exe99⤵PID:5000
-
\??\c:\1vddd.exec:\1vddd.exe100⤵PID:2124
-
\??\c:\3pddd.exec:\3pddd.exe101⤵PID:2136
-
\??\c:\dvpjd.exec:\dvpjd.exe102⤵PID:916
-
\??\c:\lfllllx.exec:\lfllllx.exe103⤵PID:3508
-
\??\c:\flrrlll.exec:\flrrlll.exe104⤵PID:5052
-
\??\c:\btttnn.exec:\btttnn.exe105⤵PID:4700
-
\??\c:\hntnhh.exec:\hntnhh.exe106⤵PID:4960
-
\??\c:\vjjdv.exec:\vjjdv.exe107⤵PID:5108
-
\??\c:\dvddd.exec:\dvddd.exe108⤵PID:2052
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe109⤵PID:936
-
\??\c:\nbnnnn.exec:\nbnnnn.exe110⤵PID:1296
-
\??\c:\nhbbtb.exec:\nhbbtb.exe111⤵PID:1244
-
\??\c:\dvvpj.exec:\dvvpj.exe112⤵PID:220
-
\??\c:\dpvpd.exec:\dpvpd.exe113⤵PID:2320
-
\??\c:\1rxrrrr.exec:\1rxrrrr.exe114⤵PID:656
-
\??\c:\rlxxflr.exec:\rlxxflr.exe115⤵PID:4436
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe116⤵PID:3948
-
\??\c:\7nttth.exec:\7nttth.exe117⤵PID:380
-
\??\c:\hbbbbb.exec:\hbbbbb.exe118⤵PID:4332
-
\??\c:\3vvdp.exec:\3vvdp.exe119⤵PID:4288
-
\??\c:\7vvpd.exec:\7vvpd.exe120⤵PID:3484
-
\??\c:\lrxrlll.exec:\lrxrlll.exe121⤵PID:4752
-
\??\c:\1xrrxxx.exec:\1xrrxxx.exe122⤵PID:2992
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-