Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe
-
Size
460KB
-
MD5
65a69ea99b6fcb709cdf8fe3fcfc05b0
-
SHA1
beab1b00b691cfe6ad8a5b30e5a8853a62822dde
-
SHA256
8656f98bad7224f846a3125e888fcdf0673b2137e9096092cbc72174cc28d1f3
-
SHA512
4f0936e66744f716a791b26f9aa27c4b927b463c746b9a57de0623cae4d5ae6fba1b24400939b51dac006cf62eb440bb4d32a6f952418a4b9fc98d643fd43f4b
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/TJTaYvMmr3C9BRo7tvnJ9Fywhk/Tky:n3C9ytvn8whkbJTaFmr3C9ytvn8whkbB
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral2/memory/452-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3144-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5056-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4932-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4032-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2348-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4240-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2456-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3152-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4816-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/336-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3596-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4436-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3632-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3344-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2028-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1776-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4876-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4136-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2480-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1224-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5012-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4100-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3144 vjjdv.exe 5056 xrxffff.exe 4932 nhnhhh.exe 4032 pjjdv.exe 2348 pjpjj.exe 4240 hntnhb.exe 3152 lxfxxxx.exe 2456 nbbbtn.exe 4816 jjjdv.exe 336 llfxxxx.exe 3596 thtntn.exe 4436 rxfflrx.exe 1392 hbhhbb.exe 3632 bntnhb.exe 3344 5rrrlll.exe 2028 rrrrlll.exe 4868 1llfffr.exe 1776 9djjp.exe 4876 frlffff.exe 1388 nbnhhh.exe 3992 hhtnhh.exe 4144 ppvpj.exe 4528 9flfxfx.exe 4136 vpdvd.exe 3192 lflfrrl.exe 2480 ddppp.exe 4340 jpjdj.exe 1224 5pjdd.exe 5012 rfrfrlx.exe 4100 nnnhhb.exe 1132 1pvvj.exe 2972 tnntnn.exe 4524 fffxlfx.exe 1552 lffrfxr.exe 2528 7vpjv.exe 2492 lfxlfxr.exe 3020 hbtnhb.exe 4772 7ddpj.exe 720 frxfrxl.exe 2832 hhhbtn.exe 3568 3ddpj.exe 4164 lfxfllr.exe 4268 lrrlfxf.exe 1320 thhnhn.exe 4804 9pppd.exe 3576 xrrlffx.exe 1060 bnhhtn.exe 2084 djjdp.exe 3168 xrxllfl.exe 4476 btnhtn.exe 2180 pdpjp.exe 4180 rlxrrlr.exe 1432 tnbnhh.exe 3172 pvjdv.exe 2220 xfxflrx.exe 4768 hnnhbt.exe 2940 5dvpd.exe 5088 ffxrrlf.exe 3036 xllxrlx.exe 2312 hbnhhb.exe 4676 pjvpd.exe 3428 lxrlfxr.exe 1928 9bbttn.exe 1012 bttbnh.exe -
resource yara_rule behavioral2/memory/452-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3144-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5056-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4932-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4032-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2348-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2348-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2348-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4240-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2456-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3152-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4816-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/336-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3596-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4436-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3632-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3344-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2028-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1776-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4876-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4136-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2480-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1224-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5012-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4100-201-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 452 wrote to memory of 3144 452 65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe 83 PID 452 wrote to memory of 3144 452 65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe 83 PID 452 wrote to memory of 3144 452 65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe 83 PID 3144 wrote to memory of 5056 3144 vjjdv.exe 84 PID 3144 wrote to memory of 5056 3144 vjjdv.exe 84 PID 3144 wrote to memory of 5056 3144 vjjdv.exe 84 PID 5056 wrote to memory of 4932 5056 xrxffff.exe 85 PID 5056 wrote to memory of 4932 5056 xrxffff.exe 85 PID 5056 wrote to memory of 4932 5056 xrxffff.exe 85 PID 4932 wrote to memory of 4032 4932 nhnhhh.exe 86 PID 4932 wrote to memory of 4032 4932 nhnhhh.exe 86 PID 4932 wrote to memory of 4032 4932 nhnhhh.exe 86 PID 4032 wrote to memory of 2348 4032 pjjdv.exe 87 PID 4032 wrote to memory of 2348 4032 pjjdv.exe 87 PID 4032 wrote to memory of 2348 4032 pjjdv.exe 87 PID 2348 wrote to memory of 4240 2348 pjpjj.exe 88 PID 2348 wrote to memory of 4240 2348 pjpjj.exe 88 PID 2348 wrote to memory of 4240 2348 pjpjj.exe 88 PID 4240 wrote to memory of 3152 4240 hntnhb.exe 89 PID 4240 wrote to memory of 3152 4240 hntnhb.exe 89 PID 4240 wrote to memory of 3152 4240 hntnhb.exe 89 PID 3152 wrote to memory of 2456 3152 lxfxxxx.exe 90 PID 3152 wrote to memory of 2456 3152 lxfxxxx.exe 90 PID 3152 wrote to memory of 2456 3152 lxfxxxx.exe 90 PID 2456 wrote to memory of 4816 2456 nbbbtn.exe 91 PID 2456 wrote to memory of 4816 2456 nbbbtn.exe 91 PID 2456 wrote to memory of 4816 2456 nbbbtn.exe 91 PID 4816 wrote to memory of 336 4816 jjjdv.exe 93 PID 4816 wrote to memory of 336 4816 jjjdv.exe 93 PID 4816 wrote to memory of 336 4816 jjjdv.exe 93 PID 336 wrote to memory of 3596 336 llfxxxx.exe 94 PID 336 wrote to memory of 3596 336 llfxxxx.exe 94 PID 336 wrote to memory of 3596 336 llfxxxx.exe 94 PID 3596 wrote to memory of 4436 3596 thtntn.exe 96 PID 3596 wrote to memory of 4436 3596 thtntn.exe 96 PID 3596 wrote to memory of 4436 3596 thtntn.exe 96 PID 4436 wrote to memory of 1392 4436 rxfflrx.exe 97 PID 4436 wrote to memory of 1392 4436 rxfflrx.exe 97 PID 4436 wrote to memory of 1392 4436 rxfflrx.exe 97 PID 1392 wrote to memory of 3632 1392 hbhhbb.exe 98 PID 1392 wrote to memory of 3632 1392 hbhhbb.exe 98 PID 1392 wrote to memory of 3632 1392 hbhhbb.exe 98 PID 3632 wrote to memory of 3344 3632 bntnhb.exe 99 PID 3632 wrote to memory of 3344 3632 bntnhb.exe 99 PID 3632 wrote to memory of 3344 3632 bntnhb.exe 99 PID 3344 wrote to memory of 2028 3344 5rrrlll.exe 100 PID 3344 wrote to memory of 2028 3344 5rrrlll.exe 100 PID 3344 wrote to memory of 2028 3344 5rrrlll.exe 100 PID 2028 wrote to memory of 4868 2028 rrrrlll.exe 102 PID 2028 wrote to memory of 4868 2028 rrrrlll.exe 102 PID 2028 wrote to memory of 4868 2028 rrrrlll.exe 102 PID 4868 wrote to memory of 1776 4868 1llfffr.exe 103 PID 4868 wrote to memory of 1776 4868 1llfffr.exe 103 PID 4868 wrote to memory of 1776 4868 1llfffr.exe 103 PID 1776 wrote to memory of 4876 1776 9djjp.exe 104 PID 1776 wrote to memory of 4876 1776 9djjp.exe 104 PID 1776 wrote to memory of 4876 1776 9djjp.exe 104 PID 4876 wrote to memory of 1388 4876 frlffff.exe 105 PID 4876 wrote to memory of 1388 4876 frlffff.exe 105 PID 4876 wrote to memory of 1388 4876 frlffff.exe 105 PID 1388 wrote to memory of 3992 1388 nbnhhh.exe 106 PID 1388 wrote to memory of 3992 1388 nbnhhh.exe 106 PID 1388 wrote to memory of 3992 1388 nbnhhh.exe 106 PID 3992 wrote to memory of 4144 3992 hhtnhh.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\65a69ea99b6fcb709cdf8fe3fcfc05b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:452 -
\??\c:\vjjdv.exec:\vjjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3144 -
\??\c:\xrxffff.exec:\xrxffff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5056 -
\??\c:\nhnhhh.exec:\nhnhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4932 -
\??\c:\pjjdv.exec:\pjjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4032 -
\??\c:\pjpjj.exec:\pjpjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2348 -
\??\c:\hntnhb.exec:\hntnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4240 -
\??\c:\lxfxxxx.exec:\lxfxxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3152 -
\??\c:\nbbbtn.exec:\nbbbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\jjjdv.exec:\jjjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4816 -
\??\c:\llfxxxx.exec:\llfxxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:336 -
\??\c:\thtntn.exec:\thtntn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3596 -
\??\c:\rxfflrx.exec:\rxfflrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4436 -
\??\c:\hbhhbb.exec:\hbhhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1392 -
\??\c:\bntnhb.exec:\bntnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3632 -
\??\c:\5rrrlll.exec:\5rrrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3344 -
\??\c:\rrrrlll.exec:\rrrrlll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\1llfffr.exec:\1llfffr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4868 -
\??\c:\9djjp.exec:\9djjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1776 -
\??\c:\frlffff.exec:\frlffff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4876 -
\??\c:\nbnhhh.exec:\nbnhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1388 -
\??\c:\hhtnhh.exec:\hhtnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3992 -
\??\c:\ppvpj.exec:\ppvpj.exe23⤵
- Executes dropped EXE
PID:4144 -
\??\c:\9flfxfx.exec:\9flfxfx.exe24⤵
- Executes dropped EXE
PID:4528 -
\??\c:\vpdvd.exec:\vpdvd.exe25⤵
- Executes dropped EXE
PID:4136 -
\??\c:\lflfrrl.exec:\lflfrrl.exe26⤵
- Executes dropped EXE
PID:3192 -
\??\c:\ddppp.exec:\ddppp.exe27⤵
- Executes dropped EXE
PID:2480 -
\??\c:\jpjdj.exec:\jpjdj.exe28⤵
- Executes dropped EXE
PID:4340 -
\??\c:\5pjdd.exec:\5pjdd.exe29⤵
- Executes dropped EXE
PID:1224 -
\??\c:\rfrfrlx.exec:\rfrfrlx.exe30⤵
- Executes dropped EXE
PID:5012 -
\??\c:\nnnhhb.exec:\nnnhhb.exe31⤵
- Executes dropped EXE
PID:4100 -
\??\c:\1pvvj.exec:\1pvvj.exe32⤵
- Executes dropped EXE
PID:1132 -
\??\c:\tnntnn.exec:\tnntnn.exe33⤵
- Executes dropped EXE
PID:2972 -
\??\c:\fffxlfx.exec:\fffxlfx.exe34⤵
- Executes dropped EXE
PID:4524 -
\??\c:\lffrfxr.exec:\lffrfxr.exe35⤵
- Executes dropped EXE
PID:1552 -
\??\c:\7vpjv.exec:\7vpjv.exe36⤵
- Executes dropped EXE
PID:2528 -
\??\c:\lfxlfxr.exec:\lfxlfxr.exe37⤵
- Executes dropped EXE
PID:2492 -
\??\c:\hbtnhb.exec:\hbtnhb.exe38⤵
- Executes dropped EXE
PID:3020 -
\??\c:\7ddpj.exec:\7ddpj.exe39⤵
- Executes dropped EXE
PID:4772 -
\??\c:\frxfrxl.exec:\frxfrxl.exe40⤵
- Executes dropped EXE
PID:720 -
\??\c:\hhhbtn.exec:\hhhbtn.exe41⤵
- Executes dropped EXE
PID:2832 -
\??\c:\3ddpj.exec:\3ddpj.exe42⤵
- Executes dropped EXE
PID:3568 -
\??\c:\lfxfllr.exec:\lfxfllr.exe43⤵
- Executes dropped EXE
PID:4164 -
\??\c:\lrrlfxf.exec:\lrrlfxf.exe44⤵
- Executes dropped EXE
PID:4268 -
\??\c:\thhnhn.exec:\thhnhn.exe45⤵
- Executes dropped EXE
PID:1320 -
\??\c:\9pppd.exec:\9pppd.exe46⤵
- Executes dropped EXE
PID:4804 -
\??\c:\xrrlffx.exec:\xrrlffx.exe47⤵
- Executes dropped EXE
PID:3576 -
\??\c:\bnhhtn.exec:\bnhhtn.exe48⤵
- Executes dropped EXE
PID:1060 -
\??\c:\djjdp.exec:\djjdp.exe49⤵
- Executes dropped EXE
PID:2084 -
\??\c:\xrxllfl.exec:\xrxllfl.exe50⤵
- Executes dropped EXE
PID:3168 -
\??\c:\btnhtn.exec:\btnhtn.exe51⤵
- Executes dropped EXE
PID:4476 -
\??\c:\pdpjp.exec:\pdpjp.exe52⤵
- Executes dropped EXE
PID:2180 -
\??\c:\rlxrrlr.exec:\rlxrrlr.exe53⤵
- Executes dropped EXE
PID:4180 -
\??\c:\tnbnhh.exec:\tnbnhh.exe54⤵
- Executes dropped EXE
PID:1432 -
\??\c:\pvjdv.exec:\pvjdv.exe55⤵
- Executes dropped EXE
PID:3172 -
\??\c:\xfxflrx.exec:\xfxflrx.exe56⤵
- Executes dropped EXE
PID:2220 -
\??\c:\hnnhbt.exec:\hnnhbt.exe57⤵
- Executes dropped EXE
PID:4768 -
\??\c:\5dvpd.exec:\5dvpd.exe58⤵
- Executes dropped EXE
PID:2940 -
\??\c:\ffxrrlf.exec:\ffxrrlf.exe59⤵
- Executes dropped EXE
PID:5088 -
\??\c:\xllxrlx.exec:\xllxrlx.exe60⤵
- Executes dropped EXE
PID:3036 -
\??\c:\hbnhhb.exec:\hbnhhb.exe61⤵
- Executes dropped EXE
PID:2312 -
\??\c:\pjvpd.exec:\pjvpd.exe62⤵
- Executes dropped EXE
PID:4676 -
\??\c:\lxrlfxr.exec:\lxrlfxr.exe63⤵
- Executes dropped EXE
PID:3428 -
\??\c:\9bbttn.exec:\9bbttn.exe64⤵
- Executes dropped EXE
PID:1928 -
\??\c:\bttbnh.exec:\bttbnh.exe65⤵
- Executes dropped EXE
PID:1012 -
\??\c:\7vpjd.exec:\7vpjd.exe66⤵PID:2064
-
\??\c:\7ffrlfr.exec:\7ffrlfr.exe67⤵PID:4224
-
\??\c:\rrxrlfl.exec:\rrxrlfl.exe68⤵PID:4844
-
\??\c:\bttnbt.exec:\bttnbt.exe69⤵PID:2772
-
\??\c:\dvvpv.exec:\dvvpv.exe70⤵PID:4124
-
\??\c:\vvdpp.exec:\vvdpp.exe71⤵PID:1416
-
\??\c:\xxlfxrl.exec:\xxlfxrl.exe72⤵PID:4284
-
\??\c:\nbhhbb.exec:\nbhhbb.exe73⤵PID:4904
-
\??\c:\3nhbnh.exec:\3nhbnh.exe74⤵PID:1332
-
\??\c:\pjjvp.exec:\pjjvp.exe75⤵PID:1772
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe76⤵PID:2700
-
\??\c:\frxrflf.exec:\frxrflf.exe77⤵PID:5076
-
\??\c:\jvvpd.exec:\jvvpd.exe78⤵PID:904
-
\??\c:\lxxlffx.exec:\lxxlffx.exe79⤵PID:3032
-
\??\c:\xrrlffx.exec:\xrrlffx.exe80⤵PID:4732
-
\??\c:\thbbbh.exec:\thbbbh.exe81⤵PID:4568
-
\??\c:\tbhbnh.exec:\tbhbnh.exe82⤵PID:4524
-
\??\c:\dvvpj.exec:\dvvpj.exe83⤵PID:3324
-
\??\c:\7lfxxxr.exec:\7lfxxxr.exe84⤵PID:4336
-
\??\c:\bthbth.exec:\bthbth.exe85⤵PID:876
-
\??\c:\pvddv.exec:\pvddv.exe86⤵PID:452
-
\??\c:\5rxrffl.exec:\5rxrffl.exe87⤵PID:664
-
\??\c:\xflfffx.exec:\xflfffx.exe88⤵PID:4832
-
\??\c:\bbnnht.exec:\bbnnht.exe89⤵PID:3320
-
\??\c:\vpvvd.exec:\vpvvd.exe90⤵PID:1596
-
\??\c:\ppvvv.exec:\ppvvv.exe91⤵PID:3208
-
\??\c:\5frrlll.exec:\5frrlll.exe92⤵PID:1600
-
\??\c:\thhnhb.exec:\thhnhb.exe93⤵PID:3968
-
\??\c:\ntbnhb.exec:\ntbnhb.exe94⤵PID:4928
-
\??\c:\ddvvp.exec:\ddvvp.exe95⤵PID:3564
-
\??\c:\rffxlfx.exec:\rffxlfx.exe96⤵PID:4816
-
\??\c:\tnnhbh.exec:\tnnhbh.exe97⤵PID:508
-
\??\c:\vjvpd.exec:\vjvpd.exe98⤵PID:4476
-
\??\c:\vppjd.exec:\vppjd.exe99⤵PID:2180
-
\??\c:\9ffxlrl.exec:\9ffxlrl.exe100⤵PID:4180
-
\??\c:\tbnhhh.exec:\tbnhhh.exe101⤵PID:5060
-
\??\c:\vjvpj.exec:\vjvpj.exe102⤵PID:2960
-
\??\c:\ffffffx.exec:\ffffffx.exe103⤵PID:1116
-
\??\c:\xxlfxxx.exec:\xxlfxxx.exe104⤵PID:3156
-
\??\c:\hntnbt.exec:\hntnbt.exe105⤵PID:1604
-
\??\c:\jpvvp.exec:\jpvvp.exe106⤵PID:1712
-
\??\c:\xrxrffx.exec:\xrxrffx.exe107⤵PID:3736
-
\??\c:\bnnhnn.exec:\bnnhnn.exe108⤵PID:2584
-
\??\c:\tbthbh.exec:\tbthbh.exe109⤵PID:912
-
\??\c:\vppdp.exec:\vppdp.exe110⤵PID:3464
-
\??\c:\xlxxrlf.exec:\xlxxrlf.exe111⤵PID:432
-
\??\c:\hbhbbt.exec:\hbhbbt.exe112⤵PID:1848
-
\??\c:\dvdpj.exec:\dvdpj.exe113⤵PID:4604
-
\??\c:\jvdvp.exec:\jvdvp.exe114⤵PID:4872
-
\??\c:\3rlfffx.exec:\3rlfffx.exe115⤵PID:4124
-
\??\c:\hnnnnh.exec:\hnnnnh.exe116⤵PID:444
-
\??\c:\tntnbb.exec:\tntnbb.exe117⤵PID:2448
-
\??\c:\1dvpd.exec:\1dvpd.exe118⤵PID:4264
-
\??\c:\7vdpv.exec:\7vdpv.exe119⤵PID:4696
-
\??\c:\rlxrxrf.exec:\rlxrxrf.exe120⤵PID:1772
-
\??\c:\1tbnbt.exec:\1tbnbt.exe121⤵PID:4564
-
\??\c:\tnttnb.exec:\tnttnb.exe122⤵PID:1956
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-