Analysis
-
max time kernel
149s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 00:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe
-
Size
78KB
-
MD5
63c5d387fa0518edd60f58ccebfa1e50
-
SHA1
7902a2b69154d84f923c7dade0e9a2d33aab8e0d
-
SHA256
bfc52a510582752e05ba47d7d85c7a4cd379131b1fb6f2c3f3285cf6ddb173a7
-
SHA512
8d55a258591680ff90a5a6aeb72fde994afa242086ad5b28f08cdd26e0cc00909e6ff10cc215ea6cfe62b8f00bd127de54eb0d10440565460d1770e7cc5ee315
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2wVEJjOBo99F:ymb3NkkiQ3mdBjF+3TU2KEJjE69F
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/4272-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3524-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2696-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3960-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2780-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1040-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/744-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1628-29-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4456-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/896-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2000-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4136-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1740-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2916-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1140-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4016-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4692-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1744-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2600-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1376-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1488-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2772-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1792-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3740-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1988-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2520-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3524 bhtnnb.exe 2696 7djdd.exe 1628 lxlllrx.exe 744 llxxrrx.exe 3960 htbnhn.exe 3160 vjjjv.exe 2780 3pvvp.exe 1040 rffxfrl.exe 4456 thnnnn.exe 896 vjjpj.exe 2000 vdvdj.exe 4136 tbntht.exe 3212 ppjjj.exe 1740 fxfxlfx.exe 2916 hntbhn.exe 1140 vvjjj.exe 4016 rfrfflf.exe 4692 fxxfflr.exe 1744 tnthhn.exe 1352 vvjdv.exe 1204 rlxrfxl.exe 2600 1thhnn.exe 1376 ntnbnh.exe 1488 pppjd.exe 2772 9rlllll.exe 864 bnthbt.exe 1176 dpppp.exe 1792 lrrrlxf.exe 3740 flxxxfl.exe 1988 nnbbhn.exe 2520 dvvvp.exe 2676 fflfxrf.exe 960 1ttbbn.exe 5092 nbbtbb.exe 4636 vddjd.exe 1004 vjdjd.exe 4008 rflxllf.exe 4736 rrfrffx.exe 836 1bbbbh.exe 2572 7vdjd.exe 3296 lxxrrrl.exe 1684 rrfxrll.exe 744 bthnnn.exe 2972 jjvvv.exe 1416 rlxffll.exe 4756 fxxrxxr.exe 4124 bhbbnn.exe 2120 bntnbt.exe 3236 vdpvv.exe 4456 rrllxff.exe 2804 dvvdj.exe 2016 jjvvd.exe 4344 rlxxfll.exe 3212 fxflrxx.exe 1740 tthnnt.exe 4804 hbhhhh.exe 4064 9pvvp.exe 4148 flrxxfl.exe 1436 tbbbbb.exe 2876 htnnnt.exe 4824 pppjp.exe 2124 pppdv.exe 4500 lxlxrfx.exe 4620 hnttth.exe -
resource yara_rule behavioral2/memory/4272-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3524-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2696-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3960-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2780-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1040-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/744-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1628-29-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4456-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/896-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2000-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4136-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1740-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2916-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1140-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4016-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4692-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1744-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2600-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1376-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1488-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2772-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1792-183-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3740-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1988-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2520-203-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4272 wrote to memory of 3524 4272 63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe 83 PID 4272 wrote to memory of 3524 4272 63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe 83 PID 4272 wrote to memory of 3524 4272 63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe 83 PID 3524 wrote to memory of 2696 3524 bhtnnb.exe 84 PID 3524 wrote to memory of 2696 3524 bhtnnb.exe 84 PID 3524 wrote to memory of 2696 3524 bhtnnb.exe 84 PID 2696 wrote to memory of 1628 2696 7djdd.exe 85 PID 2696 wrote to memory of 1628 2696 7djdd.exe 85 PID 2696 wrote to memory of 1628 2696 7djdd.exe 85 PID 1628 wrote to memory of 744 1628 lxlllrx.exe 86 PID 1628 wrote to memory of 744 1628 lxlllrx.exe 86 PID 1628 wrote to memory of 744 1628 lxlllrx.exe 86 PID 744 wrote to memory of 3960 744 llxxrrx.exe 87 PID 744 wrote to memory of 3960 744 llxxrrx.exe 87 PID 744 wrote to memory of 3960 744 llxxrrx.exe 87 PID 3960 wrote to memory of 3160 3960 htbnhn.exe 88 PID 3960 wrote to memory of 3160 3960 htbnhn.exe 88 PID 3960 wrote to memory of 3160 3960 htbnhn.exe 88 PID 3160 wrote to memory of 2780 3160 vjjjv.exe 89 PID 3160 wrote to memory of 2780 3160 vjjjv.exe 89 PID 3160 wrote to memory of 2780 3160 vjjjv.exe 89 PID 2780 wrote to memory of 1040 2780 3pvvp.exe 90 PID 2780 wrote to memory of 1040 2780 3pvvp.exe 90 PID 2780 wrote to memory of 1040 2780 3pvvp.exe 90 PID 1040 wrote to memory of 4456 1040 rffxfrl.exe 91 PID 1040 wrote to memory of 4456 1040 rffxfrl.exe 91 PID 1040 wrote to memory of 4456 1040 rffxfrl.exe 91 PID 4456 wrote to memory of 896 4456 thnnnn.exe 92 PID 4456 wrote to memory of 896 4456 thnnnn.exe 92 PID 4456 wrote to memory of 896 4456 thnnnn.exe 92 PID 896 wrote to memory of 2000 896 vjjpj.exe 93 PID 896 wrote to memory of 2000 896 vjjpj.exe 93 PID 896 wrote to memory of 2000 896 vjjpj.exe 93 PID 2000 wrote to memory of 4136 2000 vdvdj.exe 94 PID 2000 wrote to memory of 4136 2000 vdvdj.exe 94 PID 2000 wrote to memory of 4136 2000 vdvdj.exe 94 PID 4136 wrote to memory of 3212 4136 tbntht.exe 95 PID 4136 wrote to memory of 3212 4136 tbntht.exe 95 PID 4136 wrote to memory of 3212 4136 tbntht.exe 95 PID 3212 wrote to memory of 1740 3212 ppjjj.exe 96 PID 3212 wrote to memory of 1740 3212 ppjjj.exe 96 PID 3212 wrote to memory of 1740 3212 ppjjj.exe 96 PID 1740 wrote to memory of 2916 1740 fxfxlfx.exe 97 PID 1740 wrote to memory of 2916 1740 fxfxlfx.exe 97 PID 1740 wrote to memory of 2916 1740 fxfxlfx.exe 97 PID 2916 wrote to memory of 1140 2916 hntbhn.exe 98 PID 2916 wrote to memory of 1140 2916 hntbhn.exe 98 PID 2916 wrote to memory of 1140 2916 hntbhn.exe 98 PID 1140 wrote to memory of 4016 1140 vvjjj.exe 99 PID 1140 wrote to memory of 4016 1140 vvjjj.exe 99 PID 1140 wrote to memory of 4016 1140 vvjjj.exe 99 PID 4016 wrote to memory of 4692 4016 rfrfflf.exe 100 PID 4016 wrote to memory of 4692 4016 rfrfflf.exe 100 PID 4016 wrote to memory of 4692 4016 rfrfflf.exe 100 PID 4692 wrote to memory of 1744 4692 fxxfflr.exe 101 PID 4692 wrote to memory of 1744 4692 fxxfflr.exe 101 PID 4692 wrote to memory of 1744 4692 fxxfflr.exe 101 PID 1744 wrote to memory of 1352 1744 tnthhn.exe 102 PID 1744 wrote to memory of 1352 1744 tnthhn.exe 102 PID 1744 wrote to memory of 1352 1744 tnthhn.exe 102 PID 1352 wrote to memory of 1204 1352 vvjdv.exe 103 PID 1352 wrote to memory of 1204 1352 vvjdv.exe 103 PID 1352 wrote to memory of 1204 1352 vvjdv.exe 103 PID 1204 wrote to memory of 2600 1204 rlxrfxl.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4272 -
\??\c:\bhtnnb.exec:\bhtnnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3524 -
\??\c:\7djdd.exec:\7djdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\lxlllrx.exec:\lxlllrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1628 -
\??\c:\llxxrrx.exec:\llxxrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:744 -
\??\c:\htbnhn.exec:\htbnhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3960 -
\??\c:\vjjjv.exec:\vjjjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3160 -
\??\c:\3pvvp.exec:\3pvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\rffxfrl.exec:\rffxfrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1040 -
\??\c:\thnnnn.exec:\thnnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4456 -
\??\c:\vjjpj.exec:\vjjpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:896 -
\??\c:\vdvdj.exec:\vdvdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\tbntht.exec:\tbntht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4136 -
\??\c:\ppjjj.exec:\ppjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3212 -
\??\c:\fxfxlfx.exec:\fxfxlfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1740 -
\??\c:\hntbhn.exec:\hntbhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2916 -
\??\c:\vvjjj.exec:\vvjjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1140 -
\??\c:\rfrfflf.exec:\rfrfflf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4016 -
\??\c:\fxxfflr.exec:\fxxfflr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4692 -
\??\c:\tnthhn.exec:\tnthhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1744 -
\??\c:\vvjdv.exec:\vvjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1352 -
\??\c:\rlxrfxl.exec:\rlxrfxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1204 -
\??\c:\1thhnn.exec:\1thhnn.exe23⤵
- Executes dropped EXE
PID:2600 -
\??\c:\ntnbnh.exec:\ntnbnh.exe24⤵
- Executes dropped EXE
PID:1376 -
\??\c:\pppjd.exec:\pppjd.exe25⤵
- Executes dropped EXE
PID:1488 -
\??\c:\9rlllll.exec:\9rlllll.exe26⤵
- Executes dropped EXE
PID:2772 -
\??\c:\bnthbt.exec:\bnthbt.exe27⤵
- Executes dropped EXE
PID:864 -
\??\c:\dpppp.exec:\dpppp.exe28⤵
- Executes dropped EXE
PID:1176 -
\??\c:\lrrrlxf.exec:\lrrrlxf.exe29⤵
- Executes dropped EXE
PID:1792 -
\??\c:\flxxxfl.exec:\flxxxfl.exe30⤵
- Executes dropped EXE
PID:3740 -
\??\c:\nnbbhn.exec:\nnbbhn.exe31⤵
- Executes dropped EXE
PID:1988 -
\??\c:\dvvvp.exec:\dvvvp.exe32⤵
- Executes dropped EXE
PID:2520 -
\??\c:\fflfxrf.exec:\fflfxrf.exe33⤵
- Executes dropped EXE
PID:2676 -
\??\c:\1ttbbn.exec:\1ttbbn.exe34⤵
- Executes dropped EXE
PID:960 -
\??\c:\nbbtbb.exec:\nbbtbb.exe35⤵
- Executes dropped EXE
PID:5092 -
\??\c:\vddjd.exec:\vddjd.exe36⤵
- Executes dropped EXE
PID:4636 -
\??\c:\vjdjd.exec:\vjdjd.exe37⤵
- Executes dropped EXE
PID:1004 -
\??\c:\rflxllf.exec:\rflxllf.exe38⤵
- Executes dropped EXE
PID:4008 -
\??\c:\rrfrffx.exec:\rrfrffx.exe39⤵
- Executes dropped EXE
PID:4736 -
\??\c:\1bbbbh.exec:\1bbbbh.exe40⤵
- Executes dropped EXE
PID:836 -
\??\c:\7vdjd.exec:\7vdjd.exe41⤵
- Executes dropped EXE
PID:2572 -
\??\c:\lxxrrrl.exec:\lxxrrrl.exe42⤵
- Executes dropped EXE
PID:3296 -
\??\c:\rrfxrll.exec:\rrfxrll.exe43⤵
- Executes dropped EXE
PID:1684 -
\??\c:\bthnnn.exec:\bthnnn.exe44⤵
- Executes dropped EXE
PID:744 -
\??\c:\jjvvv.exec:\jjvvv.exe45⤵
- Executes dropped EXE
PID:2972 -
\??\c:\rlxffll.exec:\rlxffll.exe46⤵
- Executes dropped EXE
PID:1416 -
\??\c:\fxxrxxr.exec:\fxxrxxr.exe47⤵
- Executes dropped EXE
PID:4756 -
\??\c:\bhbbnn.exec:\bhbbnn.exe48⤵
- Executes dropped EXE
PID:4124 -
\??\c:\bntnbt.exec:\bntnbt.exe49⤵
- Executes dropped EXE
PID:2120 -
\??\c:\vdpvv.exec:\vdpvv.exe50⤵
- Executes dropped EXE
PID:3236 -
\??\c:\rrllxff.exec:\rrllxff.exe51⤵
- Executes dropped EXE
PID:4456 -
\??\c:\dvvdj.exec:\dvvdj.exe52⤵
- Executes dropped EXE
PID:2804 -
\??\c:\jjvvd.exec:\jjvvd.exe53⤵
- Executes dropped EXE
PID:2016 -
\??\c:\rlxxfll.exec:\rlxxfll.exe54⤵
- Executes dropped EXE
PID:4344 -
\??\c:\fxflrxx.exec:\fxflrxx.exe55⤵
- Executes dropped EXE
PID:3212 -
\??\c:\tthnnt.exec:\tthnnt.exe56⤵
- Executes dropped EXE
PID:1740 -
\??\c:\hbhhhh.exec:\hbhhhh.exe57⤵
- Executes dropped EXE
PID:4804 -
\??\c:\9pvvp.exec:\9pvvp.exe58⤵
- Executes dropped EXE
PID:4064 -
\??\c:\flrxxfl.exec:\flrxxfl.exe59⤵
- Executes dropped EXE
PID:4148 -
\??\c:\tbbbbb.exec:\tbbbbb.exe60⤵
- Executes dropped EXE
PID:1436 -
\??\c:\htnnnt.exec:\htnnnt.exe61⤵
- Executes dropped EXE
PID:2876 -
\??\c:\pppjp.exec:\pppjp.exe62⤵
- Executes dropped EXE
PID:4824 -
\??\c:\pppdv.exec:\pppdv.exe63⤵
- Executes dropped EXE
PID:2124 -
\??\c:\lxlxrfx.exec:\lxlxrfx.exe64⤵
- Executes dropped EXE
PID:4500 -
\??\c:\hnttth.exec:\hnttth.exe65⤵
- Executes dropped EXE
PID:4620 -
\??\c:\bntttt.exec:\bntttt.exe66⤵PID:2180
-
\??\c:\5pdjj.exec:\5pdjj.exe67⤵PID:1488
-
\??\c:\rrrlrxf.exec:\rrrlrxf.exe68⤵PID:4184
-
\??\c:\lffffll.exec:\lffffll.exe69⤵PID:380
-
\??\c:\bbhhnt.exec:\bbhhnt.exe70⤵PID:3600
-
\??\c:\nbnbbb.exec:\nbnbbb.exe71⤵PID:468
-
\??\c:\djjpd.exec:\djjpd.exe72⤵PID:3864
-
\??\c:\vvjdd.exec:\vvjdd.exe73⤵PID:3168
-
\??\c:\xxlrxlf.exec:\xxlrxlf.exe74⤵PID:2072
-
\??\c:\nbhtnh.exec:\nbhtnh.exe75⤵PID:2520
-
\??\c:\9hnntb.exec:\9hnntb.exe76⤵PID:1916
-
\??\c:\jpddp.exec:\jpddp.exe77⤵PID:3856
-
\??\c:\pjvvd.exec:\pjvvd.exe78⤵PID:396
-
\??\c:\fffxfrf.exec:\fffxfrf.exe79⤵PID:4760
-
\??\c:\bnntth.exec:\bnntth.exe80⤵PID:1004
-
\??\c:\hntbbh.exec:\hntbbh.exe81⤵PID:4712
-
\??\c:\jpjjd.exec:\jpjjd.exe82⤵PID:4204
-
\??\c:\ddddj.exec:\ddddj.exe83⤵PID:3452
-
\??\c:\lxxxxff.exec:\lxxxxff.exe84⤵PID:4520
-
\??\c:\rrfxlrr.exec:\rrfxlrr.exe85⤵PID:1732
-
\??\c:\tntbnt.exec:\tntbnt.exe86⤵PID:3536
-
\??\c:\dvdvd.exec:\dvdvd.exe87⤵PID:1008
-
\??\c:\ppddd.exec:\ppddd.exe88⤵PID:3892
-
\??\c:\rflllll.exec:\rflllll.exe89⤵PID:224
-
\??\c:\lrrxrlf.exec:\lrrxrlf.exe90⤵PID:4104
-
\??\c:\hhnttb.exec:\hhnttb.exe91⤵PID:3296
-
\??\c:\vjddp.exec:\vjddp.exe92⤵PID:1684
-
\??\c:\vpdvd.exec:\vpdvd.exe93⤵PID:4764
-
\??\c:\xrxxflr.exec:\xrxxflr.exe94⤵PID:3904
-
\??\c:\rxlxxrx.exec:\rxlxxrx.exe95⤵PID:3468
-
\??\c:\tbtttb.exec:\tbtttb.exe96⤵PID:4580
-
\??\c:\3ntbth.exec:\3ntbth.exe97⤵PID:1040
-
\??\c:\dvvvv.exec:\dvvvv.exe98⤵PID:1964
-
\??\c:\vpvvv.exec:\vpvvv.exe99⤵PID:4656
-
\??\c:\xrxxrxl.exec:\xrxxrxl.exe100⤵PID:2804
-
\??\c:\tbbhhh.exec:\tbbhhh.exe101⤵PID:3644
-
\??\c:\bbhnth.exec:\bbhnth.exe102⤵PID:2692
-
\??\c:\ppddv.exec:\ppddv.exe103⤵PID:2100
-
\??\c:\vpjdd.exec:\vpjdd.exe104⤵PID:4804
-
\??\c:\ppdpj.exec:\ppdpj.exe105⤵PID:1848
-
\??\c:\ffllfll.exec:\ffllfll.exe106⤵PID:5020
-
\??\c:\llrrrfr.exec:\llrrrfr.exe107⤵PID:4692
-
\??\c:\nntnbb.exec:\nntnbb.exe108⤵PID:2456
-
\??\c:\hnnhnb.exec:\hnnhnb.exe109⤵PID:1392
-
\??\c:\jjdjv.exec:\jjdjv.exe110⤵PID:4824
-
\??\c:\pvpjj.exec:\pvpjj.exe111⤵PID:2600
-
\??\c:\rrfffll.exec:\rrfffll.exe112⤵PID:4500
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe113⤵PID:4432
-
\??\c:\bbbbhn.exec:\bbbbhn.exe114⤵PID:3444
-
\??\c:\bbttbh.exec:\bbttbh.exe115⤵PID:1856
-
\??\c:\pvvjj.exec:\pvvjj.exe116⤵PID:4184
-
\??\c:\xlxrlrr.exec:\xlxrlrr.exe117⤵PID:380
-
\??\c:\flflfrr.exec:\flflfrr.exe118⤵PID:3600
-
\??\c:\hhhntt.exec:\hhhntt.exe119⤵PID:1756
-
\??\c:\hbtttt.exec:\hbtttt.exe120⤵PID:4056
-
\??\c:\5pvvv.exec:\5pvvv.exe121⤵PID:4936
-
\??\c:\lfffrrx.exec:\lfffrrx.exe122⤵PID:3476
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-