Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe
-
Size
66KB
-
MD5
6dfa15c8353433d20c88ab5f3d7dd7a0
-
SHA1
163d687fdf21a0b1d74b35400d53ce07b1074e9c
-
SHA256
11785883d002a5742582aac5ca06b2370780a5d57d0612ba04b9449e29b563fb
-
SHA512
7b0bc349d277b6b4d54347c678fccb25c634a9a819cdaee717d9bae101baf983d5418484c09d5d36872814bceedc93eb5f0679df1ba60cceaedec7b4e3093807
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvPrgpX7:ymb3NkkiQ3mdBjF0yMlwrQ
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral2/memory/3956-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/644-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3592-21-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2096-29-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1436-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3992-49-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3620-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4872-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2492-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1540-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1492-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4316-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3732-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2364-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1084-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1224-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/64-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2792-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3412-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4232-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/960-196-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3340-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3012-207-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 644 btttnn.exe 3592 rflxrrf.exe 2096 hbhbtb.exe 1436 dpppj.exe 3248 7rrlxxr.exe 3992 xlrfxlx.exe 1544 nbbttn.exe 3620 lflxllf.exe 4872 tnntbt.exe 2492 5nhnhn.exe 2956 jjvpd.exe 2220 7lrfxrf.exe 1540 3btnnh.exe 1492 pddvj.exe 4316 fxrfllr.exe 3732 lffrffx.exe 2364 jjvvd.exe 3552 5dpjj.exe 2512 frlffxl.exe 2552 5bbtnn.exe 1652 hhnnnn.exe 1084 7dvdv.exe 1224 5xrlfff.exe 3932 5tbtnn.exe 64 dvjjd.exe 2792 dpvpv.exe 3412 rflrlrx.exe 4232 bhtnnn.exe 960 1vddp.exe 3340 rlflrrl.exe 3012 bttthn.exe 1664 jjvjp.exe 4516 xrxrxrl.exe 4312 bnbthh.exe 3624 vvjdd.exe 2304 xrllffl.exe 3456 1thbhb.exe 3592 nttbhb.exe 5044 vpvvp.exe 3840 vpjvj.exe 4860 flxlllr.exe 3248 hnnhtt.exe 3208 ppdvp.exe 3260 vvjjd.exe 2460 frfxlfl.exe 2596 hthhnn.exe 3292 nbbtnt.exe 4900 nnnhhh.exe 3752 jddvp.exe 1828 jjdvd.exe 2796 3rllllf.exe 2956 llfxxff.exe 2572 nnnhnh.exe 2100 bnthbh.exe 4992 dpvvv.exe 4920 pjdjv.exe 2292 1xlllrl.exe 2736 xflfxll.exe 3052 nntnhn.exe 3548 1pvvp.exe 4816 7jvpj.exe 1804 rxrrxff.exe 3008 xrxxrxr.exe 3212 bhhbtb.exe -
resource yara_rule behavioral2/memory/3956-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/644-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/644-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/644-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3592-21-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3592-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3592-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2096-29-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1436-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3992-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3620-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4872-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4872-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4872-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4872-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2492-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1540-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1492-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4316-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3732-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2364-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1084-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1224-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/64-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2792-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3412-183-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4232-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/960-196-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3340-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3012-207-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3956 wrote to memory of 644 3956 6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe 84 PID 3956 wrote to memory of 644 3956 6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe 84 PID 3956 wrote to memory of 644 3956 6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe 84 PID 644 wrote to memory of 3592 644 btttnn.exe 85 PID 644 wrote to memory of 3592 644 btttnn.exe 85 PID 644 wrote to memory of 3592 644 btttnn.exe 85 PID 3592 wrote to memory of 2096 3592 rflxrrf.exe 86 PID 3592 wrote to memory of 2096 3592 rflxrrf.exe 86 PID 3592 wrote to memory of 2096 3592 rflxrrf.exe 86 PID 2096 wrote to memory of 1436 2096 hbhbtb.exe 87 PID 2096 wrote to memory of 1436 2096 hbhbtb.exe 87 PID 2096 wrote to memory of 1436 2096 hbhbtb.exe 87 PID 1436 wrote to memory of 3248 1436 dpppj.exe 88 PID 1436 wrote to memory of 3248 1436 dpppj.exe 88 PID 1436 wrote to memory of 3248 1436 dpppj.exe 88 PID 3248 wrote to memory of 3992 3248 7rrlxxr.exe 89 PID 3248 wrote to memory of 3992 3248 7rrlxxr.exe 89 PID 3248 wrote to memory of 3992 3248 7rrlxxr.exe 89 PID 3992 wrote to memory of 1544 3992 xlrfxlx.exe 90 PID 3992 wrote to memory of 1544 3992 xlrfxlx.exe 90 PID 3992 wrote to memory of 1544 3992 xlrfxlx.exe 90 PID 1544 wrote to memory of 3620 1544 nbbttn.exe 91 PID 1544 wrote to memory of 3620 1544 nbbttn.exe 91 PID 1544 wrote to memory of 3620 1544 nbbttn.exe 91 PID 3620 wrote to memory of 4872 3620 lflxllf.exe 92 PID 3620 wrote to memory of 4872 3620 lflxllf.exe 92 PID 3620 wrote to memory of 4872 3620 lflxllf.exe 92 PID 4872 wrote to memory of 2492 4872 tnntbt.exe 93 PID 4872 wrote to memory of 2492 4872 tnntbt.exe 93 PID 4872 wrote to memory of 2492 4872 tnntbt.exe 93 PID 2492 wrote to memory of 2956 2492 5nhnhn.exe 94 PID 2492 wrote to memory of 2956 2492 5nhnhn.exe 94 PID 2492 wrote to memory of 2956 2492 5nhnhn.exe 94 PID 2956 wrote to memory of 2220 2956 jjvpd.exe 95 PID 2956 wrote to memory of 2220 2956 jjvpd.exe 95 PID 2956 wrote to memory of 2220 2956 jjvpd.exe 95 PID 2220 wrote to memory of 1540 2220 7lrfxrf.exe 96 PID 2220 wrote to memory of 1540 2220 7lrfxrf.exe 96 PID 2220 wrote to memory of 1540 2220 7lrfxrf.exe 96 PID 1540 wrote to memory of 1492 1540 3btnnh.exe 97 PID 1540 wrote to memory of 1492 1540 3btnnh.exe 97 PID 1540 wrote to memory of 1492 1540 3btnnh.exe 97 PID 1492 wrote to memory of 4316 1492 pddvj.exe 98 PID 1492 wrote to memory of 4316 1492 pddvj.exe 98 PID 1492 wrote to memory of 4316 1492 pddvj.exe 98 PID 4316 wrote to memory of 3732 4316 fxrfllr.exe 99 PID 4316 wrote to memory of 3732 4316 fxrfllr.exe 99 PID 4316 wrote to memory of 3732 4316 fxrfllr.exe 99 PID 3732 wrote to memory of 2364 3732 lffrffx.exe 100 PID 3732 wrote to memory of 2364 3732 lffrffx.exe 100 PID 3732 wrote to memory of 2364 3732 lffrffx.exe 100 PID 2364 wrote to memory of 3552 2364 jjvvd.exe 101 PID 2364 wrote to memory of 3552 2364 jjvvd.exe 101 PID 2364 wrote to memory of 3552 2364 jjvvd.exe 101 PID 3552 wrote to memory of 2512 3552 5dpjj.exe 102 PID 3552 wrote to memory of 2512 3552 5dpjj.exe 102 PID 3552 wrote to memory of 2512 3552 5dpjj.exe 102 PID 2512 wrote to memory of 2552 2512 frlffxl.exe 103 PID 2512 wrote to memory of 2552 2512 frlffxl.exe 103 PID 2512 wrote to memory of 2552 2512 frlffxl.exe 103 PID 2552 wrote to memory of 1652 2552 5bbtnn.exe 104 PID 2552 wrote to memory of 1652 2552 5bbtnn.exe 104 PID 2552 wrote to memory of 1652 2552 5bbtnn.exe 104 PID 1652 wrote to memory of 1084 1652 hhnnnn.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6dfa15c8353433d20c88ab5f3d7dd7a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3956 -
\??\c:\btttnn.exec:\btttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:644 -
\??\c:\rflxrrf.exec:\rflxrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3592 -
\??\c:\hbhbtb.exec:\hbhbtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2096 -
\??\c:\dpppj.exec:\dpppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1436 -
\??\c:\7rrlxxr.exec:\7rrlxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3248 -
\??\c:\xlrfxlx.exec:\xlrfxlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3992 -
\??\c:\nbbttn.exec:\nbbttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1544 -
\??\c:\lflxllf.exec:\lflxllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3620 -
\??\c:\tnntbt.exec:\tnntbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4872 -
\??\c:\5nhnhn.exec:\5nhnhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\jjvpd.exec:\jjvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956 -
\??\c:\7lrfxrf.exec:\7lrfxrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\3btnnh.exec:\3btnnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1540 -
\??\c:\pddvj.exec:\pddvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1492 -
\??\c:\fxrfllr.exec:\fxrfllr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4316 -
\??\c:\lffrffx.exec:\lffrffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3732 -
\??\c:\jjvvd.exec:\jjvvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2364 -
\??\c:\5dpjj.exec:\5dpjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3552 -
\??\c:\frlffxl.exec:\frlffxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2512 -
\??\c:\5bbtnn.exec:\5bbtnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\hhnnnn.exec:\hhnnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1652 -
\??\c:\7dvdv.exec:\7dvdv.exe23⤵
- Executes dropped EXE
PID:1084 -
\??\c:\5xrlfff.exec:\5xrlfff.exe24⤵
- Executes dropped EXE
PID:1224 -
\??\c:\5tbtnn.exec:\5tbtnn.exe25⤵
- Executes dropped EXE
PID:3932 -
\??\c:\dvjjd.exec:\dvjjd.exe26⤵
- Executes dropped EXE
PID:64 -
\??\c:\dpvpv.exec:\dpvpv.exe27⤵
- Executes dropped EXE
PID:2792 -
\??\c:\rflrlrx.exec:\rflrlrx.exe28⤵
- Executes dropped EXE
PID:3412 -
\??\c:\bhtnnn.exec:\bhtnnn.exe29⤵
- Executes dropped EXE
PID:4232 -
\??\c:\1vddp.exec:\1vddp.exe30⤵
- Executes dropped EXE
PID:960 -
\??\c:\rlflrrl.exec:\rlflrrl.exe31⤵
- Executes dropped EXE
PID:3340 -
\??\c:\bttthn.exec:\bttthn.exe32⤵
- Executes dropped EXE
PID:3012 -
\??\c:\jjvjp.exec:\jjvjp.exe33⤵
- Executes dropped EXE
PID:1664 -
\??\c:\xrxrxrl.exec:\xrxrxrl.exe34⤵
- Executes dropped EXE
PID:4516 -
\??\c:\bnbthh.exec:\bnbthh.exe35⤵
- Executes dropped EXE
PID:4312 -
\??\c:\vvjdd.exec:\vvjdd.exe36⤵
- Executes dropped EXE
PID:3624 -
\??\c:\xrllffl.exec:\xrllffl.exe37⤵
- Executes dropped EXE
PID:2304 -
\??\c:\1thbhb.exec:\1thbhb.exe38⤵
- Executes dropped EXE
PID:3456 -
\??\c:\nttbhb.exec:\nttbhb.exe39⤵
- Executes dropped EXE
PID:3592 -
\??\c:\vpvvp.exec:\vpvvp.exe40⤵
- Executes dropped EXE
PID:5044 -
\??\c:\vpjvj.exec:\vpjvj.exe41⤵
- Executes dropped EXE
PID:3840 -
\??\c:\flxlllr.exec:\flxlllr.exe42⤵
- Executes dropped EXE
PID:4860 -
\??\c:\hnnhtt.exec:\hnnhtt.exe43⤵
- Executes dropped EXE
PID:3248 -
\??\c:\ppdvp.exec:\ppdvp.exe44⤵
- Executes dropped EXE
PID:3208 -
\??\c:\vvjjd.exec:\vvjjd.exe45⤵
- Executes dropped EXE
PID:3260 -
\??\c:\frfxlfl.exec:\frfxlfl.exe46⤵
- Executes dropped EXE
PID:2460 -
\??\c:\hthhnn.exec:\hthhnn.exe47⤵
- Executes dropped EXE
PID:2596 -
\??\c:\nbbtnt.exec:\nbbtnt.exe48⤵
- Executes dropped EXE
PID:3292 -
\??\c:\nnnhhh.exec:\nnnhhh.exe49⤵
- Executes dropped EXE
PID:4900 -
\??\c:\jddvp.exec:\jddvp.exe50⤵
- Executes dropped EXE
PID:3752 -
\??\c:\jjdvd.exec:\jjdvd.exe51⤵
- Executes dropped EXE
PID:1828 -
\??\c:\3rllllf.exec:\3rllllf.exe52⤵
- Executes dropped EXE
PID:2796 -
\??\c:\llfxxff.exec:\llfxxff.exe53⤵
- Executes dropped EXE
PID:2956 -
\??\c:\nnnhnh.exec:\nnnhnh.exe54⤵
- Executes dropped EXE
PID:2572 -
\??\c:\bnthbh.exec:\bnthbh.exe55⤵
- Executes dropped EXE
PID:2100 -
\??\c:\dpvvv.exec:\dpvvv.exe56⤵
- Executes dropped EXE
PID:4992 -
\??\c:\pjdjv.exec:\pjdjv.exe57⤵
- Executes dropped EXE
PID:4920 -
\??\c:\1xlllrl.exec:\1xlllrl.exe58⤵
- Executes dropped EXE
PID:2292 -
\??\c:\xflfxll.exec:\xflfxll.exe59⤵
- Executes dropped EXE
PID:2736 -
\??\c:\nntnhn.exec:\nntnhn.exe60⤵
- Executes dropped EXE
PID:3052 -
\??\c:\1pvvp.exec:\1pvvp.exe61⤵
- Executes dropped EXE
PID:3548 -
\??\c:\7jvpj.exec:\7jvpj.exe62⤵
- Executes dropped EXE
PID:4816 -
\??\c:\rxrrxff.exec:\rxrrxff.exe63⤵
- Executes dropped EXE
PID:1804 -
\??\c:\xrxxrxr.exec:\xrxxrxr.exe64⤵
- Executes dropped EXE
PID:3008 -
\??\c:\bhhbtb.exec:\bhhbtb.exe65⤵
- Executes dropped EXE
PID:3212 -
\??\c:\hhnbhh.exec:\hhnbhh.exe66⤵PID:2928
-
\??\c:\jdvpj.exec:\jdvpj.exe67⤵PID:2172
-
\??\c:\xlxlffx.exec:\xlxlffx.exe68⤵PID:1568
-
\??\c:\fxlxrff.exec:\fxlxrff.exe69⤵PID:4520
-
\??\c:\htbttt.exec:\htbttt.exe70⤵PID:1512
-
\??\c:\pjvdv.exec:\pjvdv.exe71⤵PID:1476
-
\??\c:\dpjvp.exec:\dpjvp.exe72⤵PID:4032
-
\??\c:\9htnnn.exec:\9htnnn.exe73⤵PID:3328
-
\??\c:\5dvpj.exec:\5dvpj.exe74⤵PID:4588
-
\??\c:\vppjp.exec:\vppjp.exe75⤵PID:3184
-
\??\c:\5frllll.exec:\5frllll.exe76⤵PID:868
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe77⤵PID:1140
-
\??\c:\thnhbh.exec:\thnhbh.exe78⤵PID:1664
-
\??\c:\ppdpp.exec:\ppdpp.exe79⤵PID:848
-
\??\c:\jpvjd.exec:\jpvjd.exe80⤵PID:4516
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe81⤵PID:3956
-
\??\c:\bthhbb.exec:\bthhbb.exe82⤵PID:376
-
\??\c:\nhtnhb.exec:\nhtnhb.exe83⤵PID:1448
-
\??\c:\3dppj.exec:\3dppj.exe84⤵PID:2488
-
\??\c:\llxfffl.exec:\llxfffl.exe85⤵PID:1128
-
\??\c:\ttbtbb.exec:\ttbtbb.exe86⤵PID:1836
-
\??\c:\7nthhh.exec:\7nthhh.exe87⤵PID:4284
-
\??\c:\pvdjj.exec:\pvdjj.exe88⤵PID:612
-
\??\c:\llxrllf.exec:\llxrllf.exe89⤵PID:4896
-
\??\c:\7rrlrll.exec:\7rrlrll.exe90⤵PID:4524
-
\??\c:\hnttnt.exec:\hnttnt.exe91⤵PID:792
-
\??\c:\7vvvv.exec:\7vvvv.exe92⤵PID:4392
-
\??\c:\rfxllrl.exec:\rfxllrl.exe93⤵PID:2276
-
\??\c:\xrllllr.exec:\xrllllr.exe94⤵PID:2652
-
\??\c:\5hhhhh.exec:\5hhhhh.exe95⤵PID:1524
-
\??\c:\bnbbtt.exec:\bnbbtt.exe96⤵PID:4904
-
\??\c:\jjdvp.exec:\jjdvp.exe97⤵PID:1232
-
\??\c:\vpdpj.exec:\vpdpj.exe98⤵PID:3808
-
\??\c:\7xfxxxr.exec:\7xfxxxr.exe99⤵PID:4660
-
\??\c:\ffxrxrx.exec:\ffxrxrx.exe100⤵PID:2056
-
\??\c:\5hnhhb.exec:\5hnhhb.exe101⤵PID:4992
-
\??\c:\jvjpp.exec:\jvjpp.exe102⤵PID:4836
-
\??\c:\ddvpj.exec:\ddvpj.exe103⤵PID:2684
-
\??\c:\lrlffll.exec:\lrlffll.exe104⤵PID:1260
-
\??\c:\xrxffff.exec:\xrxffff.exe105⤵PID:4464
-
\??\c:\tnnnhn.exec:\tnnnhn.exe106⤵PID:1184
-
\??\c:\thnnhh.exec:\thnnhh.exe107⤵PID:3448
-
\??\c:\dvvjj.exec:\dvvjj.exe108⤵PID:2412
-
\??\c:\rfflfxf.exec:\rfflfxf.exe109⤵PID:3008
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe110⤵PID:1068
-
\??\c:\hhnhbb.exec:\hhnhbb.exe111⤵PID:2928
-
\??\c:\nbnhbb.exec:\nbnhbb.exe112⤵PID:3932
-
\??\c:\vjvvd.exec:\vjvvd.exe113⤵PID:1568
-
\??\c:\dpjdp.exec:\dpjdp.exe114⤵PID:4572
-
\??\c:\rlxxrxl.exec:\rlxxrxl.exe115⤵PID:2540
-
\??\c:\hhnhnn.exec:\hhnhnn.exe116⤵PID:1476
-
\??\c:\pppdj.exec:\pppdj.exe117⤵PID:2772
-
\??\c:\btbttt.exec:\btbttt.exe118⤵PID:3964
-
\??\c:\jvpvj.exec:\jvpvj.exe119⤵PID:380
-
\??\c:\9frflrr.exec:\9frflrr.exe120⤵PID:4684
-
\??\c:\frrrlll.exec:\frrrlll.exe121⤵PID:4596
-
\??\c:\btbtbt.exec:\btbtbt.exe122⤵PID:1332
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-