Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe
-
Size
62KB
-
MD5
c9e3bbb9266867d3c948075ef6ba9970
-
SHA1
a4e7b0eb15663205ddb60680f7b02bca25c3c607
-
SHA256
569446031209d8a01d40160fd3aedac9b81b934c795037bc5a01f540f04f7bac
-
SHA512
7ec9a5d446baeef05e5c5d0cfb1d87ca7ee3682c4ea334f98cda272697e99a449b1adbcb198e93daef1b83ec080fbdf0f66267303c793f3321c82b7bedae887f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh12d:ymb3NkkiQ3mdBjFIFdJmg
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/3272-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1932-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3884-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4996-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3408-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/544-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1852-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4664-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4360-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3536-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3496-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1604-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3224-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2156-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2480-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4876-72-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4876-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3368-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2388-58-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4844-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1612-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4020-36-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4020-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2060-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4580-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1932 7nnhnn.exe 4580 jvpjd.exe 2060 llfxllx.exe 4020 frrlxrl.exe 1612 bntbtb.exe 4844 5bhbtt.exe 2388 djpdp.exe 3368 5pdvp.exe 4876 xlfxlll.exe 3884 9frlrrf.exe 4996 1tttnt.exe 2480 3pjdp.exe 2156 pdjdp.exe 4940 1rxxxxx.exe 3968 1rxxrlf.exe 3408 ttnhbt.exe 544 bhntbb.exe 3224 pjpvd.exe 2936 jddvp.exe 1604 5fxxllf.exe 3496 fxfxrlf.exe 3536 nnnnhh.exe 3436 3thbnn.exe 2908 jddvj.exe 4836 dvdpp.exe 4360 9rxrlll.exe 2972 fxfffrl.exe 4664 bhntbt.exe 1852 3hhbbt.exe 1268 pdjdp.exe 2412 1vvpp.exe 720 rxflfrx.exe 3716 hbtnnh.exe 224 3dppj.exe 5080 jpdjv.exe 3228 vppjj.exe 2696 frrxrlf.exe 4968 rffrlrl.exe 3416 hbhbtn.exe 4920 bttnbh.exe 2388 pjjdp.exe 4432 dvvpj.exe 4340 lxfxrrl.exe 2420 fxfxxxx.exe 1944 7bhttn.exe 1096 btnnnh.exe 4816 vvddv.exe 1208 lxxlfrl.exe 2660 fxxxxxx.exe 4924 frllfll.exe 4692 thnhnn.exe 636 nhbtht.exe 3688 vjdvj.exe 4064 xlfrlfr.exe 1028 rrrlfxr.exe 4324 htbbhh.exe 3944 7nnhbb.exe 868 ppdvp.exe 8 7vpjv.exe 1704 7lflflf.exe 2832 ffrrflx.exe 4520 tnbbtt.exe 4664 7vjdp.exe 4148 pvjdd.exe -
resource yara_rule behavioral2/memory/3272-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1932-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1932-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3884-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4996-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3408-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/544-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1852-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4664-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4360-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3536-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3496-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1604-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3224-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2156-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2480-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4876-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3368-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4844-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1612-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4020-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2060-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4580-19-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3272 wrote to memory of 1932 3272 c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe 85 PID 3272 wrote to memory of 1932 3272 c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe 85 PID 3272 wrote to memory of 1932 3272 c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe 85 PID 1932 wrote to memory of 4580 1932 7nnhnn.exe 86 PID 1932 wrote to memory of 4580 1932 7nnhnn.exe 86 PID 1932 wrote to memory of 4580 1932 7nnhnn.exe 86 PID 4580 wrote to memory of 2060 4580 jvpjd.exe 87 PID 4580 wrote to memory of 2060 4580 jvpjd.exe 87 PID 4580 wrote to memory of 2060 4580 jvpjd.exe 87 PID 2060 wrote to memory of 4020 2060 llfxllx.exe 88 PID 2060 wrote to memory of 4020 2060 llfxllx.exe 88 PID 2060 wrote to memory of 4020 2060 llfxllx.exe 88 PID 4020 wrote to memory of 1612 4020 frrlxrl.exe 89 PID 4020 wrote to memory of 1612 4020 frrlxrl.exe 89 PID 4020 wrote to memory of 1612 4020 frrlxrl.exe 89 PID 1612 wrote to memory of 4844 1612 bntbtb.exe 90 PID 1612 wrote to memory of 4844 1612 bntbtb.exe 90 PID 1612 wrote to memory of 4844 1612 bntbtb.exe 90 PID 4844 wrote to memory of 2388 4844 5bhbtt.exe 91 PID 4844 wrote to memory of 2388 4844 5bhbtt.exe 91 PID 4844 wrote to memory of 2388 4844 5bhbtt.exe 91 PID 2388 wrote to memory of 3368 2388 djpdp.exe 92 PID 2388 wrote to memory of 3368 2388 djpdp.exe 92 PID 2388 wrote to memory of 3368 2388 djpdp.exe 92 PID 3368 wrote to memory of 4876 3368 5pdvp.exe 93 PID 3368 wrote to memory of 4876 3368 5pdvp.exe 93 PID 3368 wrote to memory of 4876 3368 5pdvp.exe 93 PID 4876 wrote to memory of 3884 4876 xlfxlll.exe 94 PID 4876 wrote to memory of 3884 4876 xlfxlll.exe 94 PID 4876 wrote to memory of 3884 4876 xlfxlll.exe 94 PID 3884 wrote to memory of 4996 3884 9frlrrf.exe 95 PID 3884 wrote to memory of 4996 3884 9frlrrf.exe 95 PID 3884 wrote to memory of 4996 3884 9frlrrf.exe 95 PID 4996 wrote to memory of 2480 4996 1tttnt.exe 96 PID 4996 wrote to memory of 2480 4996 1tttnt.exe 96 PID 4996 wrote to memory of 2480 4996 1tttnt.exe 96 PID 2480 wrote to memory of 2156 2480 3pjdp.exe 97 PID 2480 wrote to memory of 2156 2480 3pjdp.exe 97 PID 2480 wrote to memory of 2156 2480 3pjdp.exe 97 PID 2156 wrote to memory of 4940 2156 pdjdp.exe 98 PID 2156 wrote to memory of 4940 2156 pdjdp.exe 98 PID 2156 wrote to memory of 4940 2156 pdjdp.exe 98 PID 4940 wrote to memory of 3968 4940 1rxxxxx.exe 99 PID 4940 wrote to memory of 3968 4940 1rxxxxx.exe 99 PID 4940 wrote to memory of 3968 4940 1rxxxxx.exe 99 PID 3968 wrote to memory of 3408 3968 1rxxrlf.exe 100 PID 3968 wrote to memory of 3408 3968 1rxxrlf.exe 100 PID 3968 wrote to memory of 3408 3968 1rxxrlf.exe 100 PID 3408 wrote to memory of 544 3408 ttnhbt.exe 101 PID 3408 wrote to memory of 544 3408 ttnhbt.exe 101 PID 3408 wrote to memory of 544 3408 ttnhbt.exe 101 PID 544 wrote to memory of 3224 544 bhntbb.exe 102 PID 544 wrote to memory of 3224 544 bhntbb.exe 102 PID 544 wrote to memory of 3224 544 bhntbb.exe 102 PID 3224 wrote to memory of 2936 3224 pjpvd.exe 103 PID 3224 wrote to memory of 2936 3224 pjpvd.exe 103 PID 3224 wrote to memory of 2936 3224 pjpvd.exe 103 PID 2936 wrote to memory of 1604 2936 jddvp.exe 104 PID 2936 wrote to memory of 1604 2936 jddvp.exe 104 PID 2936 wrote to memory of 1604 2936 jddvp.exe 104 PID 1604 wrote to memory of 3496 1604 5fxxllf.exe 105 PID 1604 wrote to memory of 3496 1604 5fxxllf.exe 105 PID 1604 wrote to memory of 3496 1604 5fxxllf.exe 105 PID 3496 wrote to memory of 3536 3496 fxfxrlf.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c9e3bbb9266867d3c948075ef6ba9970_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3272 -
\??\c:\7nnhnn.exec:\7nnhnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1932 -
\??\c:\jvpjd.exec:\jvpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4580 -
\??\c:\llfxllx.exec:\llfxllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2060 -
\??\c:\frrlxrl.exec:\frrlxrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4020 -
\??\c:\bntbtb.exec:\bntbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1612 -
\??\c:\5bhbtt.exec:\5bhbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4844 -
\??\c:\djpdp.exec:\djpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\5pdvp.exec:\5pdvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3368 -
\??\c:\xlfxlll.exec:\xlfxlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4876 -
\??\c:\9frlrrf.exec:\9frlrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3884 -
\??\c:\1tttnt.exec:\1tttnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4996 -
\??\c:\3pjdp.exec:\3pjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\pdjdp.exec:\pdjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2156 -
\??\c:\1rxxxxx.exec:\1rxxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4940 -
\??\c:\1rxxrlf.exec:\1rxxrlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3968 -
\??\c:\ttnhbt.exec:\ttnhbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3408 -
\??\c:\bhntbb.exec:\bhntbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:544 -
\??\c:\pjpvd.exec:\pjpvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3224 -
\??\c:\jddvp.exec:\jddvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2936 -
\??\c:\5fxxllf.exec:\5fxxllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1604 -
\??\c:\fxfxrlf.exec:\fxfxrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3496 -
\??\c:\nnnnhh.exec:\nnnnhh.exe23⤵
- Executes dropped EXE
PID:3536 -
\??\c:\3thbnn.exec:\3thbnn.exe24⤵
- Executes dropped EXE
PID:3436 -
\??\c:\jddvj.exec:\jddvj.exe25⤵
- Executes dropped EXE
PID:2908 -
\??\c:\dvdpp.exec:\dvdpp.exe26⤵
- Executes dropped EXE
PID:4836 -
\??\c:\9rxrlll.exec:\9rxrlll.exe27⤵
- Executes dropped EXE
PID:4360 -
\??\c:\fxfffrl.exec:\fxfffrl.exe28⤵
- Executes dropped EXE
PID:2972 -
\??\c:\bhntbt.exec:\bhntbt.exe29⤵
- Executes dropped EXE
PID:4664 -
\??\c:\3hhbbt.exec:\3hhbbt.exe30⤵
- Executes dropped EXE
PID:1852 -
\??\c:\pdjdp.exec:\pdjdp.exe31⤵
- Executes dropped EXE
PID:1268 -
\??\c:\1vvpp.exec:\1vvpp.exe32⤵
- Executes dropped EXE
PID:2412 -
\??\c:\rxflfrx.exec:\rxflfrx.exe33⤵
- Executes dropped EXE
PID:720 -
\??\c:\hbtnnh.exec:\hbtnnh.exe34⤵
- Executes dropped EXE
PID:3716 -
\??\c:\3dppj.exec:\3dppj.exe35⤵
- Executes dropped EXE
PID:224 -
\??\c:\jpdjv.exec:\jpdjv.exe36⤵
- Executes dropped EXE
PID:5080 -
\??\c:\vppjj.exec:\vppjj.exe37⤵
- Executes dropped EXE
PID:3228 -
\??\c:\frrxrlf.exec:\frrxrlf.exe38⤵
- Executes dropped EXE
PID:2696 -
\??\c:\rffrlrl.exec:\rffrlrl.exe39⤵
- Executes dropped EXE
PID:4968 -
\??\c:\hbhbtn.exec:\hbhbtn.exe40⤵
- Executes dropped EXE
PID:3416 -
\??\c:\bttnbh.exec:\bttnbh.exe41⤵
- Executes dropped EXE
PID:4920 -
\??\c:\pjjdp.exec:\pjjdp.exe42⤵
- Executes dropped EXE
PID:2388 -
\??\c:\dvvpj.exec:\dvvpj.exe43⤵
- Executes dropped EXE
PID:4432 -
\??\c:\lxfxrrl.exec:\lxfxrrl.exe44⤵
- Executes dropped EXE
PID:4340 -
\??\c:\fxfxxxx.exec:\fxfxxxx.exe45⤵
- Executes dropped EXE
PID:2420 -
\??\c:\7bhttn.exec:\7bhttn.exe46⤵
- Executes dropped EXE
PID:1944 -
\??\c:\btnnnh.exec:\btnnnh.exe47⤵
- Executes dropped EXE
PID:1096 -
\??\c:\vvddv.exec:\vvddv.exe48⤵
- Executes dropped EXE
PID:4816 -
\??\c:\lxxlfrl.exec:\lxxlfrl.exe49⤵
- Executes dropped EXE
PID:1208 -
\??\c:\fxxxxxx.exec:\fxxxxxx.exe50⤵
- Executes dropped EXE
PID:2660 -
\??\c:\frllfll.exec:\frllfll.exe51⤵
- Executes dropped EXE
PID:4924 -
\??\c:\thnhnn.exec:\thnhnn.exe52⤵
- Executes dropped EXE
PID:4692 -
\??\c:\nhbtht.exec:\nhbtht.exe53⤵
- Executes dropped EXE
PID:636 -
\??\c:\vjdvj.exec:\vjdvj.exe54⤵
- Executes dropped EXE
PID:3688 -
\??\c:\xlfrlfr.exec:\xlfrlfr.exe55⤵
- Executes dropped EXE
PID:4064 -
\??\c:\rrrlfxr.exec:\rrrlfxr.exe56⤵
- Executes dropped EXE
PID:1028 -
\??\c:\htbbhh.exec:\htbbhh.exe57⤵
- Executes dropped EXE
PID:4324 -
\??\c:\7nnhbb.exec:\7nnhbb.exe58⤵
- Executes dropped EXE
PID:3944 -
\??\c:\ppdvp.exec:\ppdvp.exe59⤵
- Executes dropped EXE
PID:868 -
\??\c:\7vpjv.exec:\7vpjv.exe60⤵
- Executes dropped EXE
PID:8 -
\??\c:\7lflflf.exec:\7lflflf.exe61⤵
- Executes dropped EXE
PID:1704 -
\??\c:\ffrrflx.exec:\ffrrflx.exe62⤵
- Executes dropped EXE
PID:2832 -
\??\c:\tnbbtt.exec:\tnbbtt.exe63⤵
- Executes dropped EXE
PID:4520 -
\??\c:\7vjdp.exec:\7vjdp.exe64⤵
- Executes dropped EXE
PID:4664 -
\??\c:\pvjdd.exec:\pvjdd.exe65⤵
- Executes dropped EXE
PID:4148 -
\??\c:\xrxrfxf.exec:\xrxrfxf.exe66⤵PID:3284
-
\??\c:\hthbtt.exec:\hthbtt.exe67⤵PID:3996
-
\??\c:\pvvjd.exec:\pvvjd.exe68⤵PID:2916
-
\??\c:\xlfrffr.exec:\xlfrffr.exe69⤵PID:2856
-
\??\c:\bnnnhh.exec:\bnnnhh.exe70⤵PID:784
-
\??\c:\ntntbt.exec:\ntntbt.exe71⤵PID:3396
-
\??\c:\3vdpj.exec:\3vdpj.exe72⤵PID:2684
-
\??\c:\jjddp.exec:\jjddp.exe73⤵PID:2732
-
\??\c:\lxxrflf.exec:\lxxrflf.exe74⤵PID:3220
-
\??\c:\5nhntn.exec:\5nhntn.exe75⤵PID:1676
-
\??\c:\nbhbtt.exec:\nbhbtt.exe76⤵PID:2080
-
\??\c:\1vjdv.exec:\1vjdv.exe77⤵PID:3148
-
\??\c:\7llrlll.exec:\7llrlll.exe78⤵PID:4708
-
\??\c:\xxxfrfr.exec:\xxxfrfr.exe79⤵PID:1584
-
\??\c:\3hbtbb.exec:\3hbtbb.exe80⤵PID:3636
-
\??\c:\htthnh.exec:\htthnh.exe81⤵PID:1160
-
\??\c:\pvdvj.exec:\pvdvj.exe82⤵PID:2248
-
\??\c:\lxrlffx.exec:\lxrlffx.exe83⤵PID:2420
-
\??\c:\lfxxxlf.exec:\lfxxxlf.exe84⤵PID:1944
-
\??\c:\hhhnnn.exec:\hhhnnn.exe85⤵PID:2204
-
\??\c:\3vpjv.exec:\3vpjv.exe86⤵PID:2780
-
\??\c:\jvvvj.exec:\jvvvj.exe87⤵PID:2008
-
\??\c:\7xfxrlf.exec:\7xfxrlf.exe88⤵PID:3736
-
\??\c:\btnhtt.exec:\btnhtt.exe89⤵PID:536
-
\??\c:\bbbtbb.exec:\bbbtbb.exe90⤵PID:3224
-
\??\c:\xlrlxxr.exec:\xlrlxxr.exe91⤵PID:696
-
\??\c:\9xxrrrl.exec:\9xxrrrl.exe92⤵PID:2240
-
\??\c:\bbbbnn.exec:\bbbbnn.exe93⤵PID:636
-
\??\c:\hhtnhh.exec:\hhtnhh.exe94⤵PID:3692
-
\??\c:\ddjvj.exec:\ddjvj.exe95⤵PID:2152
-
\??\c:\1pppp.exec:\1pppp.exe96⤵PID:1028
-
\??\c:\lxxfrrl.exec:\lxxfrrl.exe97⤵PID:752
-
\??\c:\3lxxrfx.exec:\3lxxrfx.exe98⤵PID:4856
-
\??\c:\3nbtnn.exec:\3nbtnn.exe99⤵PID:3752
-
\??\c:\thhhbt.exec:\thhhbt.exe100⤵PID:436
-
\??\c:\dvdvd.exec:\dvdvd.exe101⤵PID:2972
-
\??\c:\5pvpd.exec:\5pvpd.exe102⤵PID:3612
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe103⤵PID:5068
-
\??\c:\3nnttb.exec:\3nnttb.exe104⤵PID:3172
-
\??\c:\tnntht.exec:\tnntht.exe105⤵PID:2100
-
\??\c:\3ddvj.exec:\3ddvj.exe106⤵PID:1432
-
\??\c:\pdvvp.exec:\pdvvp.exe107⤵PID:2984
-
\??\c:\lxlfrrr.exec:\lxlfrrr.exe108⤵PID:2400
-
\??\c:\hnttnn.exec:\hnttnn.exe109⤵PID:5040
-
\??\c:\bbbbnn.exec:\bbbbnn.exe110⤵PID:4484
-
\??\c:\jpvpp.exec:\jpvpp.exe111⤵PID:2684
-
\??\c:\pjppj.exec:\pjppj.exe112⤵PID:4656
-
\??\c:\xxrrlll.exec:\xxrrlll.exe113⤵PID:1568
-
\??\c:\xxxrlll.exec:\xxxrlll.exe114⤵PID:4968
-
\??\c:\bnhbtt.exec:\bnhbtt.exe115⤵PID:3416
-
\??\c:\jjjpv.exec:\jjjpv.exe116⤵PID:1476
-
\??\c:\vvvpj.exec:\vvvpj.exe117⤵PID:3472
-
\??\c:\flrrlrr.exec:\flrrlrr.exe118⤵PID:1632
-
\??\c:\hbnttb.exec:\hbnttb.exe119⤵PID:2064
-
\??\c:\htbtnn.exec:\htbtnn.exe120⤵PID:4764
-
\??\c:\5vjdj.exec:\5vjdj.exe121⤵PID:3052
-
\??\c:\3vvpv.exec:\3vvpv.exe122⤵PID:920
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-