Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 00:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe
Resource
win7-20240508-en
windows7-x64
5 signatures
150 seconds
General
-
Target
6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe
-
Size
55KB
-
MD5
6e59366cbf414d2f36b1c406de666110
-
SHA1
fa4d33307c702ba6e3ae81d0fc62fc1d6d857b60
-
SHA256
2dcbd3b8e67df09445a5c4149d249517abe460116654826fc57cb3cc74970c1b
-
SHA512
3dffd5182850e60bf92753116dbd0da7144b1fb3df04305797eae64cd175527c23909779d0fe54a1d6c42493e41e6656fc00761bcc08d2934473641e17274317
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEVB:ymb3NkkiQ3mdBjFIe
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral2/memory/972-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4776-20-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4776-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3316-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1092-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4708-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3464-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2892-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4520-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1676-71-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3944-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1728-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2284-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1148-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1528-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4552-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1540-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3160-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1776-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1356-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4960-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4756-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1612-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3316 nhtnnt.exe 4776 vvjdd.exe 4240 xlffffr.exe 1092 ttbbnn.exe 4708 ppddd.exe 3464 ddppj.exe 2892 llllllf.exe 4520 fflllrl.exe 2356 tnnnnn.exe 1676 vpddj.exe 3944 3pddv.exe 1728 1rlllrr.exe 2284 tbhhhh.exe 4980 ppddv.exe 1148 pjjjd.exe 1528 xfrfflr.exe 4552 ntbbbh.exe 1540 vjddv.exe 948 rrfflrx.exe 3160 lfrllxx.exe 1776 ntbhhb.exe 1356 jpppv.exe 4960 vvddj.exe 856 lfrrfrf.exe 4756 httbnt.exe 4736 vdjpd.exe 3252 ppvpv.exe 2648 lrlfrrx.exe 3848 nhbtnt.exe 1612 vjpjv.exe 2060 lxlllxx.exe 4304 lrfxfxl.exe 2340 nhnhbb.exe 3732 jvpjp.exe 880 dpvjj.exe 4836 fxfxxff.exe 3980 rxxxfll.exe 2796 thbbbn.exe 1952 nhhbbh.exe 4444 jvddv.exe 932 ffrxrrx.exe 3456 9flllrr.exe 5084 nhbbbb.exe 4560 nbbtbb.exe 4332 tthbbh.exe 3900 nhnnnt.exe 1560 1dvjd.exe 1536 rrlrrfl.exe 3424 flrrrrx.exe 4004 1hnbtt.exe 3020 pvvvp.exe 2800 rflrrxx.exe 2208 lxxxrrf.exe 2264 hhhhhh.exe 3944 hntbhb.exe 4912 vpvdv.exe 3312 xxllfrl.exe 2140 9rlllrl.exe 760 5bhbbh.exe 4256 bbnnnt.exe 4168 pjjdv.exe 4352 xxrfrlf.exe 4568 thbhhn.exe 2868 nbhhhh.exe -
resource yara_rule behavioral2/memory/972-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4776-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3316-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4240-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1092-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4708-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3464-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2892-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4520-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1676-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3944-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1728-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2284-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1148-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1528-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4552-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1540-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3160-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1776-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1356-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4960-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4756-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1612-195-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 972 wrote to memory of 3316 972 6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe 82 PID 972 wrote to memory of 3316 972 6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe 82 PID 972 wrote to memory of 3316 972 6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe 82 PID 3316 wrote to memory of 4776 3316 nhtnnt.exe 83 PID 3316 wrote to memory of 4776 3316 nhtnnt.exe 83 PID 3316 wrote to memory of 4776 3316 nhtnnt.exe 83 PID 4776 wrote to memory of 4240 4776 vvjdd.exe 84 PID 4776 wrote to memory of 4240 4776 vvjdd.exe 84 PID 4776 wrote to memory of 4240 4776 vvjdd.exe 84 PID 4240 wrote to memory of 1092 4240 xlffffr.exe 85 PID 4240 wrote to memory of 1092 4240 xlffffr.exe 85 PID 4240 wrote to memory of 1092 4240 xlffffr.exe 85 PID 1092 wrote to memory of 4708 1092 ttbbnn.exe 86 PID 1092 wrote to memory of 4708 1092 ttbbnn.exe 86 PID 1092 wrote to memory of 4708 1092 ttbbnn.exe 86 PID 4708 wrote to memory of 3464 4708 ppddd.exe 87 PID 4708 wrote to memory of 3464 4708 ppddd.exe 87 PID 4708 wrote to memory of 3464 4708 ppddd.exe 87 PID 3464 wrote to memory of 2892 3464 ddppj.exe 88 PID 3464 wrote to memory of 2892 3464 ddppj.exe 88 PID 3464 wrote to memory of 2892 3464 ddppj.exe 88 PID 2892 wrote to memory of 4520 2892 llllllf.exe 89 PID 2892 wrote to memory of 4520 2892 llllllf.exe 89 PID 2892 wrote to memory of 4520 2892 llllllf.exe 89 PID 4520 wrote to memory of 2356 4520 fflllrl.exe 90 PID 4520 wrote to memory of 2356 4520 fflllrl.exe 90 PID 4520 wrote to memory of 2356 4520 fflllrl.exe 90 PID 2356 wrote to memory of 1676 2356 tnnnnn.exe 91 PID 2356 wrote to memory of 1676 2356 tnnnnn.exe 91 PID 2356 wrote to memory of 1676 2356 tnnnnn.exe 91 PID 1676 wrote to memory of 3944 1676 vpddj.exe 92 PID 1676 wrote to memory of 3944 1676 vpddj.exe 92 PID 1676 wrote to memory of 3944 1676 vpddj.exe 92 PID 3944 wrote to memory of 1728 3944 3pddv.exe 93 PID 3944 wrote to memory of 1728 3944 3pddv.exe 93 PID 3944 wrote to memory of 1728 3944 3pddv.exe 93 PID 1728 wrote to memory of 2284 1728 1rlllrr.exe 94 PID 1728 wrote to memory of 2284 1728 1rlllrr.exe 94 PID 1728 wrote to memory of 2284 1728 1rlllrr.exe 94 PID 2284 wrote to memory of 4980 2284 tbhhhh.exe 95 PID 2284 wrote to memory of 4980 2284 tbhhhh.exe 95 PID 2284 wrote to memory of 4980 2284 tbhhhh.exe 95 PID 4980 wrote to memory of 1148 4980 ppddv.exe 96 PID 4980 wrote to memory of 1148 4980 ppddv.exe 96 PID 4980 wrote to memory of 1148 4980 ppddv.exe 96 PID 1148 wrote to memory of 1528 1148 pjjjd.exe 97 PID 1148 wrote to memory of 1528 1148 pjjjd.exe 97 PID 1148 wrote to memory of 1528 1148 pjjjd.exe 97 PID 1528 wrote to memory of 4552 1528 xfrfflr.exe 98 PID 1528 wrote to memory of 4552 1528 xfrfflr.exe 98 PID 1528 wrote to memory of 4552 1528 xfrfflr.exe 98 PID 4552 wrote to memory of 1540 4552 ntbbbh.exe 99 PID 4552 wrote to memory of 1540 4552 ntbbbh.exe 99 PID 4552 wrote to memory of 1540 4552 ntbbbh.exe 99 PID 1540 wrote to memory of 948 1540 vjddv.exe 100 PID 1540 wrote to memory of 948 1540 vjddv.exe 100 PID 1540 wrote to memory of 948 1540 vjddv.exe 100 PID 948 wrote to memory of 3160 948 rrfflrx.exe 101 PID 948 wrote to memory of 3160 948 rrfflrx.exe 101 PID 948 wrote to memory of 3160 948 rrfflrx.exe 101 PID 3160 wrote to memory of 1776 3160 lfrllxx.exe 102 PID 3160 wrote to memory of 1776 3160 lfrllxx.exe 102 PID 3160 wrote to memory of 1776 3160 lfrllxx.exe 102 PID 1776 wrote to memory of 1356 1776 ntbhhb.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:972 -
\??\c:\nhtnnt.exec:\nhtnnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3316 -
\??\c:\vvjdd.exec:\vvjdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4776 -
\??\c:\xlffffr.exec:\xlffffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4240 -
\??\c:\ttbbnn.exec:\ttbbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1092 -
\??\c:\ppddd.exec:\ppddd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4708 -
\??\c:\ddppj.exec:\ddppj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3464 -
\??\c:\llllllf.exec:\llllllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\fflllrl.exec:\fflllrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4520 -
\??\c:\tnnnnn.exec:\tnnnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2356 -
\??\c:\vpddj.exec:\vpddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1676 -
\??\c:\3pddv.exec:\3pddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3944 -
\??\c:\1rlllrr.exec:\1rlllrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1728 -
\??\c:\tbhhhh.exec:\tbhhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\ppddv.exec:\ppddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4980 -
\??\c:\pjjjd.exec:\pjjjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1148 -
\??\c:\xfrfflr.exec:\xfrfflr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1528 -
\??\c:\ntbbbh.exec:\ntbbbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4552 -
\??\c:\vjddv.exec:\vjddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1540 -
\??\c:\rrfflrx.exec:\rrfflrx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:948 -
\??\c:\lfrllxx.exec:\lfrllxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3160 -
\??\c:\ntbhhb.exec:\ntbhhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1776 -
\??\c:\jpppv.exec:\jpppv.exe23⤵
- Executes dropped EXE
PID:1356 -
\??\c:\vvddj.exec:\vvddj.exe24⤵
- Executes dropped EXE
PID:4960 -
\??\c:\lfrrfrf.exec:\lfrrfrf.exe25⤵
- Executes dropped EXE
PID:856 -
\??\c:\httbnt.exec:\httbnt.exe26⤵
- Executes dropped EXE
PID:4756 -
\??\c:\vdjpd.exec:\vdjpd.exe27⤵
- Executes dropped EXE
PID:4736 -
\??\c:\ppvpv.exec:\ppvpv.exe28⤵
- Executes dropped EXE
PID:3252 -
\??\c:\lrlfrrx.exec:\lrlfrrx.exe29⤵
- Executes dropped EXE
PID:2648 -
\??\c:\nhbtnt.exec:\nhbtnt.exe30⤵
- Executes dropped EXE
PID:3848 -
\??\c:\vjpjv.exec:\vjpjv.exe31⤵
- Executes dropped EXE
PID:1612 -
\??\c:\lxlllxx.exec:\lxlllxx.exe32⤵
- Executes dropped EXE
PID:2060 -
\??\c:\lrfxfxl.exec:\lrfxfxl.exe33⤵
- Executes dropped EXE
PID:4304 -
\??\c:\nhnhbb.exec:\nhnhbb.exe34⤵
- Executes dropped EXE
PID:2340 -
\??\c:\jvpjp.exec:\jvpjp.exe35⤵
- Executes dropped EXE
PID:3732 -
\??\c:\dpvjj.exec:\dpvjj.exe36⤵
- Executes dropped EXE
PID:880 -
\??\c:\fxfxxff.exec:\fxfxxff.exe37⤵
- Executes dropped EXE
PID:4836 -
\??\c:\rxxxfll.exec:\rxxxfll.exe38⤵
- Executes dropped EXE
PID:3980 -
\??\c:\thbbbn.exec:\thbbbn.exe39⤵
- Executes dropped EXE
PID:2796 -
\??\c:\nhhbbh.exec:\nhhbbh.exe40⤵
- Executes dropped EXE
PID:1952 -
\??\c:\jvddv.exec:\jvddv.exe41⤵
- Executes dropped EXE
PID:4444 -
\??\c:\ffrxrrx.exec:\ffrxrrx.exe42⤵
- Executes dropped EXE
PID:932 -
\??\c:\9flllrr.exec:\9flllrr.exe43⤵
- Executes dropped EXE
PID:3456 -
\??\c:\nhbbbb.exec:\nhbbbb.exe44⤵
- Executes dropped EXE
PID:5084 -
\??\c:\nbbtbb.exec:\nbbtbb.exe45⤵
- Executes dropped EXE
PID:4560 -
\??\c:\tthbbh.exec:\tthbbh.exe46⤵
- Executes dropped EXE
PID:4332 -
\??\c:\nhnnnt.exec:\nhnnnt.exe47⤵
- Executes dropped EXE
PID:3900 -
\??\c:\1dvjd.exec:\1dvjd.exe48⤵
- Executes dropped EXE
PID:1560 -
\??\c:\rrlrrfl.exec:\rrlrrfl.exe49⤵
- Executes dropped EXE
PID:1536 -
\??\c:\flrrrrx.exec:\flrrrrx.exe50⤵
- Executes dropped EXE
PID:3424 -
\??\c:\1hnbtt.exec:\1hnbtt.exe51⤵
- Executes dropped EXE
PID:4004 -
\??\c:\pvvvp.exec:\pvvvp.exe52⤵
- Executes dropped EXE
PID:3020 -
\??\c:\rflrrxx.exec:\rflrrxx.exe53⤵
- Executes dropped EXE
PID:2800 -
\??\c:\lxxxrrf.exec:\lxxxrrf.exe54⤵
- Executes dropped EXE
PID:2208 -
\??\c:\hhhhhh.exec:\hhhhhh.exe55⤵
- Executes dropped EXE
PID:2264 -
\??\c:\hntbhb.exec:\hntbhb.exe56⤵
- Executes dropped EXE
PID:3944 -
\??\c:\vpvdv.exec:\vpvdv.exe57⤵
- Executes dropped EXE
PID:4912 -
\??\c:\xxllfrl.exec:\xxllfrl.exe58⤵
- Executes dropped EXE
PID:3312 -
\??\c:\9rlllrl.exec:\9rlllrl.exe59⤵
- Executes dropped EXE
PID:2140 -
\??\c:\5bhbbh.exec:\5bhbbh.exe60⤵
- Executes dropped EXE
PID:760 -
\??\c:\bbnnnt.exec:\bbnnnt.exe61⤵
- Executes dropped EXE
PID:4256 -
\??\c:\pjjdv.exec:\pjjdv.exe62⤵
- Executes dropped EXE
PID:4168 -
\??\c:\xxrfrlf.exec:\xxrfrlf.exe63⤵
- Executes dropped EXE
PID:4352 -
\??\c:\thbhhn.exec:\thbhhn.exe64⤵
- Executes dropped EXE
PID:4568 -
\??\c:\nbhhhh.exec:\nbhhhh.exe65⤵
- Executes dropped EXE
PID:2868 -
\??\c:\djddp.exec:\djddp.exe66⤵PID:1040
-
\??\c:\vvdjp.exec:\vvdjp.exe67⤵PID:5060
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe68⤵PID:2968
-
\??\c:\9rfrrrf.exec:\9rfrrrf.exe69⤵PID:848
-
\??\c:\bhbbnb.exec:\bhbbnb.exe70⤵PID:4212
-
\??\c:\dpvvp.exec:\dpvvp.exe71⤵PID:3828
-
\??\c:\jjdvv.exec:\jjdvv.exe72⤵PID:856
-
\??\c:\frxlxxr.exec:\frxlxxr.exe73⤵PID:4756
-
\??\c:\rrrxxlr.exec:\rrrxxlr.exe74⤵PID:3228
-
\??\c:\nhhnnt.exec:\nhhnnt.exe75⤵PID:4992
-
\??\c:\bthnnt.exec:\bthnnt.exe76⤵PID:3252
-
\??\c:\7pvpp.exec:\7pvpp.exe77⤵PID:2648
-
\??\c:\ppvjj.exec:\ppvjj.exe78⤵PID:4032
-
\??\c:\xxrrrlx.exec:\xxrrrlx.exe79⤵PID:1568
-
\??\c:\flrxfrx.exec:\flrxfrx.exe80⤵PID:3388
-
\??\c:\bbtttb.exec:\bbtttb.exe81⤵PID:2336
-
\??\c:\bbhnbb.exec:\bbhnbb.exe82⤵PID:3552
-
\??\c:\vjvpp.exec:\vjvpp.exe83⤵PID:3616
-
\??\c:\frfffrx.exec:\frfffrx.exe84⤵PID:1036
-
\??\c:\flffrrx.exec:\flffrrx.exe85⤵PID:3860
-
\??\c:\3bhnnt.exec:\3bhnnt.exe86⤵PID:4440
-
\??\c:\nnbbbb.exec:\nnbbbb.exe87⤵PID:3756
-
\??\c:\pvjjp.exec:\pvjjp.exe88⤵PID:4744
-
\??\c:\dddjj.exec:\dddjj.exe89⤵PID:4316
-
\??\c:\xxlxflx.exec:\xxlxflx.exe90⤵PID:3660
-
\??\c:\lxfllrx.exec:\lxfllrx.exe91⤵PID:5076
-
\??\c:\hnthbh.exec:\hnthbh.exe92⤵PID:3008
-
\??\c:\nbhhbt.exec:\nbhhbt.exe93⤵PID:5084
-
\??\c:\9vjdd.exec:\9vjdd.exe94⤵PID:4560
-
\??\c:\lrlrlxx.exec:\lrlrlxx.exe95⤵PID:1400
-
\??\c:\nhtnnt.exec:\nhtnnt.exe96⤵PID:3052
-
\??\c:\bhntnt.exec:\bhntnt.exe97⤵PID:1276
-
\??\c:\3jvvp.exec:\3jvvp.exe98⤵PID:2728
-
\??\c:\1jpdv.exec:\1jpdv.exe99⤵PID:3408
-
\??\c:\xlffxxl.exec:\xlffxxl.exe100⤵PID:3060
-
\??\c:\hnttbt.exec:\hnttbt.exe101⤵PID:3536
-
\??\c:\tnbbhh.exec:\tnbbhh.exe102⤵PID:4844
-
\??\c:\5lxxrlr.exec:\5lxxrlr.exe103⤵PID:2476
-
\??\c:\rrrxxrx.exec:\rrrxxrx.exe104⤵PID:992
-
\??\c:\bnhntb.exec:\bnhntb.exe105⤵PID:3520
-
\??\c:\ddjdv.exec:\ddjdv.exe106⤵PID:1016
-
\??\c:\3dpdj.exec:\3dpdj.exe107⤵PID:4828
-
\??\c:\xlrrrrl.exec:\xlrrrrl.exe108⤵PID:3200
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe109⤵PID:4256
-
\??\c:\tbhntt.exec:\tbhntt.exe110⤵PID:2364
-
\??\c:\9tthtn.exec:\9tthtn.exe111⤵PID:1800
-
\??\c:\vjvdd.exec:\vjvdd.exe112⤵PID:1540
-
\??\c:\dpjpv.exec:\dpjpv.exe113⤵PID:948
-
\??\c:\lxrfflf.exec:\lxrfflf.exe114⤵PID:1556
-
\??\c:\hthbtn.exec:\hthbtn.exe115⤵PID:1004
-
\??\c:\pjvpj.exec:\pjvpj.exe116⤵PID:1592
-
\??\c:\1vppv.exec:\1vppv.exe117⤵PID:1384
-
\??\c:\rfxlllf.exec:\rfxlllf.exe118⤵PID:3032
-
\??\c:\hhnnnn.exec:\hhnnnn.exe119⤵PID:708
-
\??\c:\tthbbt.exec:\tthbbt.exe120⤵PID:4804
-
\??\c:\djjvd.exec:\djjvd.exe121⤵PID:3140
-
\??\c:\9xlffrr.exec:\9xlffrr.exe122⤵PID:4780
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-