Analysis
-
max time kernel
150s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe
-
Size
306KB
-
MD5
6cc49bd405510fdaefb5de79b5d197f0
-
SHA1
09b48120be291958f91772b29c171fa9f573769d
-
SHA256
22d683acfa42dfa9c168721ba65bded2ad499eecaa8601af2799f820e4595715
-
SHA512
e2934a8f1fa93a127289d44d0dfeb3521c45b8d8b56a719a3bb8303e780fc939894a6ccac8fd803f96c7e6ad682b1bac5e0f7c6b8868a875f2be412d842bed7d
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2vu:n3C9uUnAvtd3Ogld2vu
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral2/memory/4212-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4816-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2668-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2404-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4588-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4464-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2256-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1288-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1288-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4260-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4652-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5016-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3052-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1180-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4828-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2480-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1144-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2296-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4580-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3284-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3776-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3812-198-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4628-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4212 dvjdv.exe 4588 fxxxllf.exe 2668 7lfxrrl.exe 2404 nhbnhb.exe 4464 nthtnh.exe 2256 dvvpj.exe 1288 9lxlffx.exe 4260 xffffll.exe 4652 hnbbbb.exe 3904 jpddv.exe 4536 hbhhhb.exe 468 nbbntb.exe 5016 djvdd.exe 3052 nhtthb.exe 1180 vpppj.exe 4828 lrfrrlf.exe 548 bttnhh.exe 1800 lfrrflx.exe 2480 jdjjd.exe 1144 lxrlrlx.exe 2296 hntbtt.exe 4580 tthhtn.exe 2068 jddjp.exe 3284 bnbbbb.exe 2276 pjjjd.exe 3776 lffxrll.exe 1092 ntbhtn.exe 544 pjpjj.exe 5052 rxrlxxr.exe 3812 nnbhbh.exe 4628 ddddj.exe 4636 nhhbbt.exe 632 pvppp.exe 4624 rrlllrl.exe 4452 btbhhb.exe 1996 ddjpp.exe 4716 dpjpj.exe 1260 xfrxxff.exe 2728 nnhnnh.exe 4016 vpvvp.exe 2124 1lrllll.exe 3048 hbnnnn.exe 3044 7jppv.exe 3388 jdvpp.exe 436 fxrxllf.exe 4572 nnhnhn.exe 3300 vpdvd.exe 1232 xfffllf.exe 4260 btttnh.exe 2852 pppjd.exe 4692 5xfxrrx.exe 2952 xxlfllf.exe 4292 hthhbb.exe 3224 vpppp.exe 2732 5dvvj.exe 3896 7bhbbt.exe 756 ddddv.exe 1180 ddjpp.exe 1364 nhttnt.exe 812 rrffflf.exe 4980 rxrllfx.exe 2904 vdpjv.exe 4128 frflfrx.exe 868 nbbtht.exe -
resource yara_rule behavioral2/memory/4816-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4212-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4816-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2668-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2404-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4588-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4464-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2256-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1288-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1288-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4260-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4652-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5016-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3052-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1180-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4828-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2480-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1144-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2296-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4580-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3284-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3776-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3812-198-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4628-203-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4816 wrote to memory of 4212 4816 6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe 83 PID 4816 wrote to memory of 4212 4816 6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe 83 PID 4816 wrote to memory of 4212 4816 6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe 83 PID 4212 wrote to memory of 4588 4212 dvjdv.exe 84 PID 4212 wrote to memory of 4588 4212 dvjdv.exe 84 PID 4212 wrote to memory of 4588 4212 dvjdv.exe 84 PID 4588 wrote to memory of 2668 4588 fxxxllf.exe 85 PID 4588 wrote to memory of 2668 4588 fxxxllf.exe 85 PID 4588 wrote to memory of 2668 4588 fxxxllf.exe 85 PID 2668 wrote to memory of 2404 2668 7lfxrrl.exe 86 PID 2668 wrote to memory of 2404 2668 7lfxrrl.exe 86 PID 2668 wrote to memory of 2404 2668 7lfxrrl.exe 86 PID 2404 wrote to memory of 4464 2404 nhbnhb.exe 87 PID 2404 wrote to memory of 4464 2404 nhbnhb.exe 87 PID 2404 wrote to memory of 4464 2404 nhbnhb.exe 87 PID 4464 wrote to memory of 2256 4464 nthtnh.exe 88 PID 4464 wrote to memory of 2256 4464 nthtnh.exe 88 PID 4464 wrote to memory of 2256 4464 nthtnh.exe 88 PID 2256 wrote to memory of 1288 2256 dvvpj.exe 89 PID 2256 wrote to memory of 1288 2256 dvvpj.exe 89 PID 2256 wrote to memory of 1288 2256 dvvpj.exe 89 PID 1288 wrote to memory of 4260 1288 9lxlffx.exe 90 PID 1288 wrote to memory of 4260 1288 9lxlffx.exe 90 PID 1288 wrote to memory of 4260 1288 9lxlffx.exe 90 PID 4260 wrote to memory of 4652 4260 xffffll.exe 91 PID 4260 wrote to memory of 4652 4260 xffffll.exe 91 PID 4260 wrote to memory of 4652 4260 xffffll.exe 91 PID 4652 wrote to memory of 3904 4652 hnbbbb.exe 92 PID 4652 wrote to memory of 3904 4652 hnbbbb.exe 92 PID 4652 wrote to memory of 3904 4652 hnbbbb.exe 92 PID 3904 wrote to memory of 4536 3904 jpddv.exe 94 PID 3904 wrote to memory of 4536 3904 jpddv.exe 94 PID 3904 wrote to memory of 4536 3904 jpddv.exe 94 PID 4536 wrote to memory of 468 4536 hbhhhb.exe 95 PID 4536 wrote to memory of 468 4536 hbhhhb.exe 95 PID 4536 wrote to memory of 468 4536 hbhhhb.exe 95 PID 468 wrote to memory of 5016 468 nbbntb.exe 96 PID 468 wrote to memory of 5016 468 nbbntb.exe 96 PID 468 wrote to memory of 5016 468 nbbntb.exe 96 PID 5016 wrote to memory of 3052 5016 djvdd.exe 97 PID 5016 wrote to memory of 3052 5016 djvdd.exe 97 PID 5016 wrote to memory of 3052 5016 djvdd.exe 97 PID 3052 wrote to memory of 1180 3052 nhtthb.exe 98 PID 3052 wrote to memory of 1180 3052 nhtthb.exe 98 PID 3052 wrote to memory of 1180 3052 nhtthb.exe 98 PID 1180 wrote to memory of 4828 1180 vpppj.exe 99 PID 1180 wrote to memory of 4828 1180 vpppj.exe 99 PID 1180 wrote to memory of 4828 1180 vpppj.exe 99 PID 4828 wrote to memory of 548 4828 lrfrrlf.exe 100 PID 4828 wrote to memory of 548 4828 lrfrrlf.exe 100 PID 4828 wrote to memory of 548 4828 lrfrrlf.exe 100 PID 548 wrote to memory of 1800 548 bttnhh.exe 101 PID 548 wrote to memory of 1800 548 bttnhh.exe 101 PID 548 wrote to memory of 1800 548 bttnhh.exe 101 PID 1800 wrote to memory of 2480 1800 lfrrflx.exe 102 PID 1800 wrote to memory of 2480 1800 lfrrflx.exe 102 PID 1800 wrote to memory of 2480 1800 lfrrflx.exe 102 PID 2480 wrote to memory of 1144 2480 jdjjd.exe 103 PID 2480 wrote to memory of 1144 2480 jdjjd.exe 103 PID 2480 wrote to memory of 1144 2480 jdjjd.exe 103 PID 1144 wrote to memory of 2296 1144 lxrlrlx.exe 104 PID 1144 wrote to memory of 2296 1144 lxrlrlx.exe 104 PID 1144 wrote to memory of 2296 1144 lxrlrlx.exe 104 PID 2296 wrote to memory of 4580 2296 hntbtt.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6cc49bd405510fdaefb5de79b5d197f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4816 -
\??\c:\dvjdv.exec:\dvjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4212 -
\??\c:\fxxxllf.exec:\fxxxllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4588 -
\??\c:\7lfxrrl.exec:\7lfxrrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2668 -
\??\c:\nhbnhb.exec:\nhbnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\nthtnh.exec:\nthtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4464 -
\??\c:\dvvpj.exec:\dvvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2256 -
\??\c:\9lxlffx.exec:\9lxlffx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1288 -
\??\c:\xffffll.exec:\xffffll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4260 -
\??\c:\hnbbbb.exec:\hnbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4652 -
\??\c:\jpddv.exec:\jpddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3904 -
\??\c:\hbhhhb.exec:\hbhhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4536 -
\??\c:\nbbntb.exec:\nbbntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:468 -
\??\c:\djvdd.exec:\djvdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5016 -
\??\c:\nhtthb.exec:\nhtthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3052 -
\??\c:\vpppj.exec:\vpppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1180 -
\??\c:\lrfrrlf.exec:\lrfrrlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4828 -
\??\c:\bttnhh.exec:\bttnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:548 -
\??\c:\lfrrflx.exec:\lfrrflx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\jdjjd.exec:\jdjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\lxrlrlx.exec:\lxrlrlx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1144 -
\??\c:\hntbtt.exec:\hntbtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2296 -
\??\c:\tthhtn.exec:\tthhtn.exe23⤵
- Executes dropped EXE
PID:4580 -
\??\c:\jddjp.exec:\jddjp.exe24⤵
- Executes dropped EXE
PID:2068 -
\??\c:\bnbbbb.exec:\bnbbbb.exe25⤵
- Executes dropped EXE
PID:3284 -
\??\c:\pjjjd.exec:\pjjjd.exe26⤵
- Executes dropped EXE
PID:2276 -
\??\c:\lffxrll.exec:\lffxrll.exe27⤵
- Executes dropped EXE
PID:3776 -
\??\c:\ntbhtn.exec:\ntbhtn.exe28⤵
- Executes dropped EXE
PID:1092 -
\??\c:\pjpjj.exec:\pjpjj.exe29⤵
- Executes dropped EXE
PID:544 -
\??\c:\rxrlxxr.exec:\rxrlxxr.exe30⤵
- Executes dropped EXE
PID:5052 -
\??\c:\nnbhbh.exec:\nnbhbh.exe31⤵
- Executes dropped EXE
PID:3812 -
\??\c:\ddddj.exec:\ddddj.exe32⤵
- Executes dropped EXE
PID:4628 -
\??\c:\nhhbbt.exec:\nhhbbt.exe33⤵
- Executes dropped EXE
PID:4636 -
\??\c:\pvppp.exec:\pvppp.exe34⤵
- Executes dropped EXE
PID:632 -
\??\c:\rrlllrl.exec:\rrlllrl.exe35⤵
- Executes dropped EXE
PID:4624 -
\??\c:\btbhhb.exec:\btbhhb.exe36⤵
- Executes dropped EXE
PID:4452 -
\??\c:\ddjpp.exec:\ddjpp.exe37⤵
- Executes dropped EXE
PID:1996 -
\??\c:\dpjpj.exec:\dpjpj.exe38⤵
- Executes dropped EXE
PID:4716 -
\??\c:\xfrxxff.exec:\xfrxxff.exe39⤵
- Executes dropped EXE
PID:1260 -
\??\c:\nnhnnh.exec:\nnhnnh.exe40⤵
- Executes dropped EXE
PID:2728 -
\??\c:\vpvvp.exec:\vpvvp.exe41⤵
- Executes dropped EXE
PID:4016 -
\??\c:\1lrllll.exec:\1lrllll.exe42⤵
- Executes dropped EXE
PID:2124 -
\??\c:\hbnnnn.exec:\hbnnnn.exe43⤵
- Executes dropped EXE
PID:3048 -
\??\c:\7jppv.exec:\7jppv.exe44⤵
- Executes dropped EXE
PID:3044 -
\??\c:\jdvpp.exec:\jdvpp.exe45⤵
- Executes dropped EXE
PID:3388 -
\??\c:\fxrxllf.exec:\fxrxllf.exe46⤵
- Executes dropped EXE
PID:436 -
\??\c:\nnhnhn.exec:\nnhnhn.exe47⤵
- Executes dropped EXE
PID:4572 -
\??\c:\vpdvd.exec:\vpdvd.exe48⤵
- Executes dropped EXE
PID:3300 -
\??\c:\xfffllf.exec:\xfffllf.exe49⤵
- Executes dropped EXE
PID:1232 -
\??\c:\btttnh.exec:\btttnh.exe50⤵
- Executes dropped EXE
PID:4260 -
\??\c:\pppjd.exec:\pppjd.exe51⤵
- Executes dropped EXE
PID:2852 -
\??\c:\5xfxrrx.exec:\5xfxrrx.exe52⤵
- Executes dropped EXE
PID:4692 -
\??\c:\xxlfllf.exec:\xxlfllf.exe53⤵
- Executes dropped EXE
PID:2952 -
\??\c:\hthhbb.exec:\hthhbb.exe54⤵
- Executes dropped EXE
PID:4292 -
\??\c:\vpppp.exec:\vpppp.exe55⤵
- Executes dropped EXE
PID:3224 -
\??\c:\5dvvj.exec:\5dvvj.exe56⤵
- Executes dropped EXE
PID:2732 -
\??\c:\7bhbbt.exec:\7bhbbt.exe57⤵
- Executes dropped EXE
PID:3896 -
\??\c:\ddddv.exec:\ddddv.exe58⤵
- Executes dropped EXE
PID:756 -
\??\c:\ddjpp.exec:\ddjpp.exe59⤵
- Executes dropped EXE
PID:1180 -
\??\c:\nhttnt.exec:\nhttnt.exe60⤵
- Executes dropped EXE
PID:1364 -
\??\c:\rrffflf.exec:\rrffflf.exe61⤵
- Executes dropped EXE
PID:812 -
\??\c:\rxrllfx.exec:\rxrllfx.exe62⤵
- Executes dropped EXE
PID:4980 -
\??\c:\vdpjv.exec:\vdpjv.exe63⤵
- Executes dropped EXE
PID:2904 -
\??\c:\frflfrx.exec:\frflfrx.exe64⤵
- Executes dropped EXE
PID:4128 -
\??\c:\nbbtht.exec:\nbbtht.exe65⤵
- Executes dropped EXE
PID:868 -
\??\c:\jvdvv.exec:\jvdvv.exe66⤵PID:1576
-
\??\c:\xrlrrlf.exec:\xrlrrlf.exe67⤵PID:2572
-
\??\c:\hbbhhn.exec:\hbbhhn.exe68⤵PID:1136
-
\??\c:\fxrxrrr.exec:\fxrxrrr.exe69⤵PID:1660
-
\??\c:\nbbhhb.exec:\nbbhhb.exe70⤵PID:2000
-
\??\c:\jjjjd.exec:\jjjjd.exe71⤵PID:3480
-
\??\c:\fffflfr.exec:\fffflfr.exe72⤵PID:396
-
\??\c:\htnnnt.exec:\htnnnt.exe73⤵PID:4948
-
\??\c:\dpjpd.exec:\dpjpd.exe74⤵PID:3352
-
\??\c:\jpjjp.exec:\jpjjp.exe75⤵PID:4036
-
\??\c:\xxrrlll.exec:\xxrrlll.exe76⤵PID:2624
-
\??\c:\7tnnhh.exec:\7tnnhh.exe77⤵PID:3312
-
\??\c:\pdjdv.exec:\pdjdv.exe78⤵PID:1412
-
\??\c:\vppjp.exec:\vppjp.exe79⤵PID:1448
-
\??\c:\rflxrrl.exec:\rflxrrl.exe80⤵PID:4636
-
\??\c:\nbhbbn.exec:\nbhbbn.exe81⤵PID:4356
-
\??\c:\vjjvp.exec:\vjjvp.exe82⤵PID:4624
-
\??\c:\dpdvv.exec:\dpdvv.exe83⤵PID:4788
-
\??\c:\xrfxffr.exec:\xrfxffr.exe84⤵PID:3288
-
\??\c:\nbhhbb.exec:\nbhhbb.exe85⤵PID:4716
-
\??\c:\1djdd.exec:\1djdd.exe86⤵PID:1260
-
\??\c:\jdpjj.exec:\jdpjj.exe87⤵PID:1276
-
\??\c:\rffxlrx.exec:\rffxlrx.exe88⤵PID:3656
-
\??\c:\ntbbtt.exec:\ntbbtt.exe89⤵PID:2124
-
\??\c:\ttbbth.exec:\ttbbth.exe90⤵PID:3048
-
\??\c:\dvvpp.exec:\dvvpp.exe91⤵PID:4464
-
\??\c:\3llfxlf.exec:\3llfxlf.exe92⤵PID:3388
-
\??\c:\tbnhbb.exec:\tbnhbb.exe93⤵PID:888
-
\??\c:\tttntt.exec:\tttntt.exe94⤵PID:4572
-
\??\c:\3vvpp.exec:\3vvpp.exe95⤵PID:3328
-
\??\c:\1rrxxxx.exec:\1rrxxxx.exe96⤵PID:3596
-
\??\c:\xrrrlrr.exec:\xrrrlrr.exe97⤵PID:4652
-
\??\c:\bbhbnh.exec:\bbhbnh.exe98⤵PID:4472
-
\??\c:\ddvjj.exec:\ddvjj.exe99⤵PID:2700
-
\??\c:\dvvpp.exec:\dvvpp.exe100⤵PID:432
-
\??\c:\1rfrllr.exec:\1rfrllr.exe101⤵PID:2800
-
\??\c:\5tbbhn.exec:\5tbbhn.exe102⤵PID:3144
-
\??\c:\9bhhbh.exec:\9bhhbh.exe103⤵PID:4908
-
\??\c:\jpvpv.exec:\jpvpv.exe104⤵PID:4796
-
\??\c:\7flllxx.exec:\7flllxx.exe105⤵PID:3700
-
\??\c:\7ntnhh.exec:\7ntnhh.exe106⤵PID:2320
-
\??\c:\dpjjd.exec:\dpjjd.exe107⤵PID:4980
-
\??\c:\jjjjj.exec:\jjjjj.exe108⤵PID:2904
-
\??\c:\3lxxrxx.exec:\3lxxrxx.exe109⤵PID:1964
-
\??\c:\bntnhh.exec:\bntnhh.exe110⤵PID:1576
-
\??\c:\ppdvj.exec:\ppdvj.exe111⤵PID:4220
-
\??\c:\pjdvv.exec:\pjdvv.exe112⤵PID:3740
-
\??\c:\lffffxx.exec:\lffffxx.exe113⤵PID:2988
-
\??\c:\bntttt.exec:\bntttt.exe114⤵PID:2740
-
\??\c:\tbnbbb.exec:\tbnbbb.exe115⤵PID:4264
-
\??\c:\ddvpd.exec:\ddvpd.exe116⤵PID:1844
-
\??\c:\fflfxxl.exec:\fflfxxl.exe117⤵PID:1252
-
\??\c:\hhtnbb.exec:\hhtnbb.exe118⤵PID:2288
-
\??\c:\vvdjj.exec:\vvdjj.exe119⤵PID:3312
-
\??\c:\fxxrllr.exec:\fxxrllr.exe120⤵PID:2108
-
\??\c:\7rrlffx.exec:\7rrlffx.exe121⤵PID:3712
-
\??\c:\tnhnht.exec:\tnhnht.exe122⤵PID:4636
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-