Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe
-
Size
92KB
-
MD5
d0f9ed6e4482670221a25ffa25453950
-
SHA1
5945a9b2a881efc7bc7d991403e86947eb85faf8
-
SHA256
cbe5db20299452b1f7bdd6d2d47cc9d119e92fe4462067347223cdb4a27c8f8e
-
SHA512
d56ac2cdfdf72b1f32f2d23cabdfec2c4a034ad74df458feb637b699929eb3af58e7e4b719b4ddc51816a64a129451f3e8cb2ac8eb1a4da05c43c7cc6d4870cd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21y:ymb3NkkiQ3mdBjFo73PYP1lri3K8GI
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral2/memory/2252-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/544-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3684-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4876-27-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3772-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1660-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2856-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2668-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/972-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4020-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4776-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4508-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1476-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5008-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1336-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1420-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4528-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3868-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3920-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3744-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4476-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 544 9llrlxr.exe 3684 httnhh.exe 4876 vpjvd.exe 3772 dvdvv.exe 1660 rffflff.exe 684 tttnnb.exe 2856 vjddv.exe 2668 fxxxrll.exe 972 5lxrxxf.exe 4020 5bhbtt.exe 4776 dvdpd.exe 2852 llflfxx.exe 4508 nhnnhh.exe 1476 ddvpp.exe 5008 lxxrlll.exe 4052 hhhbtt.exe 1336 httnbb.exe 1420 7dddv.exe 1796 fxrlxfx.exe 4764 tntntt.exe 4528 5ntnbb.exe 3868 pvjpj.exe 4036 frxxlff.exe 4248 vjpjj.exe 3920 3xfxxxr.exe 3744 nbhbtt.exe 2576 7djdv.exe 3212 llrlxxf.exe 2364 xxrrfxr.exe 4476 bbhhnn.exe 4580 vpjdv.exe 2024 xlrrrrl.exe 2508 llfxrrl.exe 3516 bbhhbh.exe 2160 dddvv.exe 3112 7xlfffl.exe 5116 rfrrlrr.exe 4268 tbtttb.exe 2536 pppjj.exe 1684 rxfrrxl.exe 2172 nhnbbb.exe 3024 ppjvd.exe 3360 djpjv.exe 3684 9xfxlfx.exe 1808 tnbtbt.exe 1676 hbbtnn.exe 452 dddvv.exe 2320 llfllrl.exe 808 hbhhth.exe 2528 bhnbnb.exe 1360 vpjdj.exe 1452 xrrrllf.exe 972 lfxlfxr.exe 2568 9nbtth.exe 3992 ddjdj.exe 1740 pdvpj.exe 2852 rlrfxxr.exe 2016 rlllfff.exe 1872 thhhbb.exe 2948 1ttnbb.exe 5076 5djdv.exe 4616 flrfxrl.exe 3100 5fffxfx.exe 1560 bnnhbb.exe -
resource yara_rule behavioral2/memory/2252-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/544-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3684-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4876-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4876-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4876-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3772-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1660-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2856-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2856-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2668-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/972-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4020-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4776-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4508-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1476-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5008-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1336-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1420-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4528-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3868-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3920-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3744-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4476-200-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2252 wrote to memory of 544 2252 d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe 82 PID 2252 wrote to memory of 544 2252 d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe 82 PID 2252 wrote to memory of 544 2252 d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe 82 PID 544 wrote to memory of 3684 544 9llrlxr.exe 83 PID 544 wrote to memory of 3684 544 9llrlxr.exe 83 PID 544 wrote to memory of 3684 544 9llrlxr.exe 83 PID 3684 wrote to memory of 4876 3684 httnhh.exe 84 PID 3684 wrote to memory of 4876 3684 httnhh.exe 84 PID 3684 wrote to memory of 4876 3684 httnhh.exe 84 PID 4876 wrote to memory of 3772 4876 vpjvd.exe 85 PID 4876 wrote to memory of 3772 4876 vpjvd.exe 85 PID 4876 wrote to memory of 3772 4876 vpjvd.exe 85 PID 3772 wrote to memory of 1660 3772 dvdvv.exe 86 PID 3772 wrote to memory of 1660 3772 dvdvv.exe 86 PID 3772 wrote to memory of 1660 3772 dvdvv.exe 86 PID 1660 wrote to memory of 684 1660 rffflff.exe 87 PID 1660 wrote to memory of 684 1660 rffflff.exe 87 PID 1660 wrote to memory of 684 1660 rffflff.exe 87 PID 684 wrote to memory of 2856 684 tttnnb.exe 88 PID 684 wrote to memory of 2856 684 tttnnb.exe 88 PID 684 wrote to memory of 2856 684 tttnnb.exe 88 PID 2856 wrote to memory of 2668 2856 vjddv.exe 89 PID 2856 wrote to memory of 2668 2856 vjddv.exe 89 PID 2856 wrote to memory of 2668 2856 vjddv.exe 89 PID 2668 wrote to memory of 972 2668 fxxxrll.exe 90 PID 2668 wrote to memory of 972 2668 fxxxrll.exe 90 PID 2668 wrote to memory of 972 2668 fxxxrll.exe 90 PID 972 wrote to memory of 4020 972 5lxrxxf.exe 91 PID 972 wrote to memory of 4020 972 5lxrxxf.exe 91 PID 972 wrote to memory of 4020 972 5lxrxxf.exe 91 PID 4020 wrote to memory of 4776 4020 5bhbtt.exe 92 PID 4020 wrote to memory of 4776 4020 5bhbtt.exe 92 PID 4020 wrote to memory of 4776 4020 5bhbtt.exe 92 PID 4776 wrote to memory of 2852 4776 dvdpd.exe 93 PID 4776 wrote to memory of 2852 4776 dvdpd.exe 93 PID 4776 wrote to memory of 2852 4776 dvdpd.exe 93 PID 2852 wrote to memory of 4508 2852 llflfxx.exe 94 PID 2852 wrote to memory of 4508 2852 llflfxx.exe 94 PID 2852 wrote to memory of 4508 2852 llflfxx.exe 94 PID 4508 wrote to memory of 1476 4508 nhnnhh.exe 95 PID 4508 wrote to memory of 1476 4508 nhnnhh.exe 95 PID 4508 wrote to memory of 1476 4508 nhnnhh.exe 95 PID 1476 wrote to memory of 5008 1476 ddvpp.exe 96 PID 1476 wrote to memory of 5008 1476 ddvpp.exe 96 PID 1476 wrote to memory of 5008 1476 ddvpp.exe 96 PID 5008 wrote to memory of 4052 5008 lxxrlll.exe 97 PID 5008 wrote to memory of 4052 5008 lxxrlll.exe 97 PID 5008 wrote to memory of 4052 5008 lxxrlll.exe 97 PID 4052 wrote to memory of 1336 4052 hhhbtt.exe 98 PID 4052 wrote to memory of 1336 4052 hhhbtt.exe 98 PID 4052 wrote to memory of 1336 4052 hhhbtt.exe 98 PID 1336 wrote to memory of 1420 1336 httnbb.exe 99 PID 1336 wrote to memory of 1420 1336 httnbb.exe 99 PID 1336 wrote to memory of 1420 1336 httnbb.exe 99 PID 1420 wrote to memory of 1796 1420 7dddv.exe 100 PID 1420 wrote to memory of 1796 1420 7dddv.exe 100 PID 1420 wrote to memory of 1796 1420 7dddv.exe 100 PID 1796 wrote to memory of 4764 1796 fxrlxfx.exe 101 PID 1796 wrote to memory of 4764 1796 fxrlxfx.exe 101 PID 1796 wrote to memory of 4764 1796 fxrlxfx.exe 101 PID 4764 wrote to memory of 4528 4764 tntntt.exe 102 PID 4764 wrote to memory of 4528 4764 tntntt.exe 102 PID 4764 wrote to memory of 4528 4764 tntntt.exe 102 PID 4528 wrote to memory of 3868 4528 5ntnbb.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d0f9ed6e4482670221a25ffa25453950_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2252 -
\??\c:\9llrlxr.exec:\9llrlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:544 -
\??\c:\httnhh.exec:\httnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3684 -
\??\c:\vpjvd.exec:\vpjvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4876 -
\??\c:\dvdvv.exec:\dvdvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3772 -
\??\c:\rffflff.exec:\rffflff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1660 -
\??\c:\tttnnb.exec:\tttnnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:684 -
\??\c:\vjddv.exec:\vjddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2856 -
\??\c:\fxxxrll.exec:\fxxxrll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2668 -
\??\c:\5lxrxxf.exec:\5lxrxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:972 -
\??\c:\5bhbtt.exec:\5bhbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4020 -
\??\c:\dvdpd.exec:\dvdpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4776 -
\??\c:\llflfxx.exec:\llflfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2852 -
\??\c:\nhnnhh.exec:\nhnnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4508 -
\??\c:\ddvpp.exec:\ddvpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1476 -
\??\c:\lxxrlll.exec:\lxxrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5008 -
\??\c:\hhhbtt.exec:\hhhbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4052 -
\??\c:\httnbb.exec:\httnbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1336 -
\??\c:\7dddv.exec:\7dddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1420 -
\??\c:\fxrlxfx.exec:\fxrlxfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1796 -
\??\c:\tntntt.exec:\tntntt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4764 -
\??\c:\5ntnbb.exec:\5ntnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4528 -
\??\c:\pvjpj.exec:\pvjpj.exe23⤵
- Executes dropped EXE
PID:3868 -
\??\c:\frxxlff.exec:\frxxlff.exe24⤵
- Executes dropped EXE
PID:4036 -
\??\c:\vjpjj.exec:\vjpjj.exe25⤵
- Executes dropped EXE
PID:4248 -
\??\c:\3xfxxxr.exec:\3xfxxxr.exe26⤵
- Executes dropped EXE
PID:3920 -
\??\c:\nbhbtt.exec:\nbhbtt.exe27⤵
- Executes dropped EXE
PID:3744 -
\??\c:\7djdv.exec:\7djdv.exe28⤵
- Executes dropped EXE
PID:2576 -
\??\c:\llrlxxf.exec:\llrlxxf.exe29⤵
- Executes dropped EXE
PID:3212 -
\??\c:\xxrrfxr.exec:\xxrrfxr.exe30⤵
- Executes dropped EXE
PID:2364 -
\??\c:\bbhhnn.exec:\bbhhnn.exe31⤵
- Executes dropped EXE
PID:4476 -
\??\c:\vpjdv.exec:\vpjdv.exe32⤵
- Executes dropped EXE
PID:4580 -
\??\c:\xlrrrrl.exec:\xlrrrrl.exe33⤵
- Executes dropped EXE
PID:2024 -
\??\c:\llfxrrl.exec:\llfxrrl.exe34⤵
- Executes dropped EXE
PID:2508 -
\??\c:\bbhhbh.exec:\bbhhbh.exe35⤵
- Executes dropped EXE
PID:3516 -
\??\c:\dddvv.exec:\dddvv.exe36⤵
- Executes dropped EXE
PID:2160 -
\??\c:\7xlfffl.exec:\7xlfffl.exe37⤵
- Executes dropped EXE
PID:3112 -
\??\c:\rfrrlrr.exec:\rfrrlrr.exe38⤵
- Executes dropped EXE
PID:5116 -
\??\c:\tbtttb.exec:\tbtttb.exe39⤵
- Executes dropped EXE
PID:4268 -
\??\c:\pppjj.exec:\pppjj.exe40⤵
- Executes dropped EXE
PID:2536 -
\??\c:\rxfrrxl.exec:\rxfrrxl.exe41⤵
- Executes dropped EXE
PID:1684 -
\??\c:\nhnbbb.exec:\nhnbbb.exe42⤵
- Executes dropped EXE
PID:2172 -
\??\c:\ppjvd.exec:\ppjvd.exe43⤵
- Executes dropped EXE
PID:3024 -
\??\c:\djpjv.exec:\djpjv.exe44⤵
- Executes dropped EXE
PID:3360 -
\??\c:\9xfxlfx.exec:\9xfxlfx.exe45⤵
- Executes dropped EXE
PID:3684 -
\??\c:\tnbtbt.exec:\tnbtbt.exe46⤵
- Executes dropped EXE
PID:1808 -
\??\c:\hbbtnn.exec:\hbbtnn.exe47⤵
- Executes dropped EXE
PID:1676 -
\??\c:\dddvv.exec:\dddvv.exe48⤵
- Executes dropped EXE
PID:452 -
\??\c:\llfllrl.exec:\llfllrl.exe49⤵
- Executes dropped EXE
PID:2320 -
\??\c:\hbhhth.exec:\hbhhth.exe50⤵
- Executes dropped EXE
PID:808 -
\??\c:\bhnbnb.exec:\bhnbnb.exe51⤵
- Executes dropped EXE
PID:2528 -
\??\c:\vpjdj.exec:\vpjdj.exe52⤵
- Executes dropped EXE
PID:1360 -
\??\c:\xrrrllf.exec:\xrrrllf.exe53⤵
- Executes dropped EXE
PID:1452 -
\??\c:\lfxlfxr.exec:\lfxlfxr.exe54⤵
- Executes dropped EXE
PID:972 -
\??\c:\9nbtth.exec:\9nbtth.exe55⤵
- Executes dropped EXE
PID:2568 -
\??\c:\ddjdj.exec:\ddjdj.exe56⤵
- Executes dropped EXE
PID:3992 -
\??\c:\pdvpj.exec:\pdvpj.exe57⤵
- Executes dropped EXE
PID:1740 -
\??\c:\rlrfxxr.exec:\rlrfxxr.exe58⤵
- Executes dropped EXE
PID:2852 -
\??\c:\rlllfff.exec:\rlllfff.exe59⤵
- Executes dropped EXE
PID:2016 -
\??\c:\thhhbb.exec:\thhhbb.exe60⤵
- Executes dropped EXE
PID:1872 -
\??\c:\1ttnbb.exec:\1ttnbb.exe61⤵
- Executes dropped EXE
PID:2948 -
\??\c:\5djdv.exec:\5djdv.exe62⤵
- Executes dropped EXE
PID:5076 -
\??\c:\flrfxrl.exec:\flrfxrl.exe63⤵
- Executes dropped EXE
PID:4616 -
\??\c:\5fffxfx.exec:\5fffxfx.exe64⤵
- Executes dropped EXE
PID:3100 -
\??\c:\bnnhbb.exec:\bnnhbb.exe65⤵
- Executes dropped EXE
PID:1560 -
\??\c:\nnntnt.exec:\nnntnt.exe66⤵PID:3968
-
\??\c:\jjpjd.exec:\jjpjd.exe67⤵PID:3520
-
\??\c:\dvdvd.exec:\dvdvd.exe68⤵PID:1928
-
\??\c:\lllfrrf.exec:\lllfrrf.exe69⤵PID:4528
-
\??\c:\ffffxxr.exec:\ffffxxr.exe70⤵PID:3868
-
\??\c:\nbbthh.exec:\nbbthh.exe71⤵PID:4884
-
\??\c:\dvjdj.exec:\dvjdj.exe72⤵PID:1668
-
\??\c:\vddvp.exec:\vddvp.exe73⤵PID:1104
-
\??\c:\lfrlxrf.exec:\lfrlxrf.exe74⤵PID:4216
-
\??\c:\ffxxrrl.exec:\ffxxrrl.exe75⤵PID:3332
-
\??\c:\nhbbtt.exec:\nhbbtt.exe76⤵PID:2576
-
\??\c:\3hnhnn.exec:\3hnhnn.exe77⤵PID:4608
-
\??\c:\vvdvp.exec:\vvdvp.exe78⤵PID:2516
-
\??\c:\rffxrll.exec:\rffxrll.exe79⤵PID:4584
-
\??\c:\xfrlffx.exec:\xfrlffx.exe80⤵PID:3692
-
\??\c:\tnnhbt.exec:\tnnhbt.exe81⤵PID:1456
-
\??\c:\5btnnn.exec:\5btnnn.exe82⤵PID:4772
-
\??\c:\1dvpj.exec:\1dvpj.exe83⤵PID:3720
-
\??\c:\xlflfxx.exec:\xlflfxx.exe84⤵PID:3256
-
\??\c:\xfxrfxl.exec:\xfxrfxl.exe85⤵PID:3728
-
\??\c:\nhtnnn.exec:\nhtnnn.exe86⤵PID:2552
-
\??\c:\ddppd.exec:\ddppd.exe87⤵PID:3884
-
\??\c:\jvdvp.exec:\jvdvp.exe88⤵PID:4524
-
\??\c:\ffxrffx.exec:\ffxrffx.exe89⤵PID:1036
-
\??\c:\5lrllff.exec:\5lrllff.exe90⤵PID:4356
-
\??\c:\bhtnhb.exec:\bhtnhb.exe91⤵PID:2692
-
\??\c:\btnhth.exec:\btnhth.exe92⤵PID:4092
-
\??\c:\jvvvp.exec:\jvvvp.exe93⤵PID:1460
-
\??\c:\vpjjv.exec:\vpjjv.exe94⤵PID:3280
-
\??\c:\jdjdj.exec:\jdjdj.exe95⤵PID:3504
-
\??\c:\lffxlff.exec:\lffxlff.exe96⤵PID:3772
-
\??\c:\hhhttn.exec:\hhhttn.exe97⤵PID:848
-
\??\c:\nhtnhb.exec:\nhtnhb.exe98⤵PID:560
-
\??\c:\7vddv.exec:\7vddv.exe99⤵PID:3364
-
\??\c:\jddvp.exec:\jddvp.exe100⤵PID:2320
-
\??\c:\1lrlffx.exec:\1lrlffx.exe101⤵PID:3872
-
\??\c:\xfrlfxl.exec:\xfrlfxl.exe102⤵PID:2684
-
\??\c:\bttnhb.exec:\bttnhb.exe103⤵PID:4040
-
\??\c:\thtnhh.exec:\thtnhh.exe104⤵PID:4316
-
\??\c:\vpjpd.exec:\vpjpd.exe105⤵PID:716
-
\??\c:\9ddvj.exec:\9ddvj.exe106⤵PID:3512
-
\??\c:\5xllllr.exec:\5xllllr.exe107⤵PID:2632
-
\??\c:\lfxrllx.exec:\lfxrllx.exe108⤵PID:2456
-
\??\c:\bthtnb.exec:\bthtnb.exe109⤵PID:1568
-
\??\c:\tnhbtn.exec:\tnhbtn.exe110⤵PID:1688
-
\??\c:\jvjjv.exec:\jvjjv.exe111⤵PID:1396
-
\??\c:\flllxrr.exec:\flllxrr.exe112⤵PID:1028
-
\??\c:\xrllflf.exec:\xrllflf.exe113⤵PID:4552
-
\??\c:\5bnhbb.exec:\5bnhbb.exe114⤵PID:2676
-
\??\c:\dvjdj.exec:\dvjdj.exe115⤵PID:4556
-
\??\c:\vpvpj.exec:\vpvpj.exe116⤵PID:756
-
\??\c:\lrxlffr.exec:\lrxlffr.exe117⤵PID:4628
-
\??\c:\bnbttn.exec:\bnbttn.exe118⤵PID:5068
-
\??\c:\3jppp.exec:\3jppp.exe119⤵PID:376
-
\??\c:\jvpvp.exec:\jvpvp.exe120⤵PID:3740
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe121⤵PID:4652
-
\??\c:\vpjpj.exec:\vpjpj.exe122⤵PID:4248
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-