Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe
-
Size
367KB
-
MD5
672275b905ec734b6d1dcfb2041b5300
-
SHA1
c9c129e5c5a837c5fbaee5a6487e80fe75c3f3d5
-
SHA256
cee68c34d8a7eba7f6d59380d4d3fc312d9316b49d73618ac0045017314a1769
-
SHA512
5b67cf6871840c0d647385738dd623c911a820396b2f6253291f06a23493ff1686d69e5594c5f9da845e58be530ff011d8a7e70e0431e98894e353d4c707d309
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWGIaxJ8TN005pWmjVwdSsyg:n3C9BRo7tvnJ9Fywhk/T7xyTpShZb
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral2/memory/4804-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3616-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2084-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2232-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3304-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3996-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4432-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4440-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3944-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/836-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3080-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1860-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1168-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5112-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/536-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/668-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2608-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4184-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1660-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3152-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1752-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3964-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5020-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2008-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3944 xffxxff.exe 3616 hbbttt.exe 2084 ffllxxx.exe 2232 bhttnt.exe 3304 jdvvp.exe 3996 3rlfxfl.exe 4432 btnthh.exe 4440 fxxllxx.exe 2124 fffllfr.exe 836 tnbtbt.exe 3080 jdppj.exe 4576 tnhbtn.exe 1860 3xfxrrl.exe 5112 tnnnhb.exe 1168 lfrxxrl.exe 4292 ntnnhn.exe 1040 rxlxrrf.exe 4184 btbbtt.exe 536 vpvpp.exe 668 xffxrrr.exe 2608 jppdj.exe 3272 lflxrxr.exe 1660 pdppv.exe 3152 xfxxxrx.exe 1752 rrrrllr.exe 5040 jjjdv.exe 2756 xrllflx.exe 3964 jjpdj.exe 5020 rlrfrxr.exe 2008 nntnth.exe 5032 thhhht.exe 1452 jjddd.exe 1936 nhnnnh.exe 3148 pdvjv.exe 4352 xlfxrrr.exe 2752 tbhhbt.exe 3184 pjjvp.exe 2580 frlxffl.exe 3024 bttnnh.exe 4524 5xllrxf.exe 4444 nhtbnb.exe 4888 nnhtth.exe 3304 llflrrx.exe 2968 3nhbtn.exe 1332 hnhtht.exe 3036 lxfxxxf.exe 412 hbbbnb.exe 2364 jppjj.exe 3428 bnhttb.exe 2520 vjjvj.exe 3640 vvvjp.exe 4328 xrrrrff.exe 2740 htbttt.exe 4364 lxxxrxr.exe 516 btbbhn.exe 3580 djpjj.exe 3976 xrxlxrf.exe 2208 nnnhhb.exe 456 tnbttn.exe 536 jdjjv.exe 668 htnnnb.exe 400 jjddv.exe 1440 xfllxrr.exe 2764 bhthnb.exe -
resource yara_rule behavioral2/memory/4804-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3616-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2084-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2232-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3304-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3996-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4432-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4440-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3944-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/836-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3080-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1860-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1168-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5112-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/536-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/668-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2608-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4184-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1660-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3152-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1752-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3964-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5020-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2008-199-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4804 wrote to memory of 3944 4804 672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe 83 PID 4804 wrote to memory of 3944 4804 672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe 83 PID 4804 wrote to memory of 3944 4804 672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe 83 PID 3944 wrote to memory of 3616 3944 xffxxff.exe 84 PID 3944 wrote to memory of 3616 3944 xffxxff.exe 84 PID 3944 wrote to memory of 3616 3944 xffxxff.exe 84 PID 3616 wrote to memory of 2084 3616 hbbttt.exe 85 PID 3616 wrote to memory of 2084 3616 hbbttt.exe 85 PID 3616 wrote to memory of 2084 3616 hbbttt.exe 85 PID 2084 wrote to memory of 2232 2084 ffllxxx.exe 86 PID 2084 wrote to memory of 2232 2084 ffllxxx.exe 86 PID 2084 wrote to memory of 2232 2084 ffllxxx.exe 86 PID 2232 wrote to memory of 3304 2232 bhttnt.exe 87 PID 2232 wrote to memory of 3304 2232 bhttnt.exe 87 PID 2232 wrote to memory of 3304 2232 bhttnt.exe 87 PID 3304 wrote to memory of 3996 3304 jdvvp.exe 88 PID 3304 wrote to memory of 3996 3304 jdvvp.exe 88 PID 3304 wrote to memory of 3996 3304 jdvvp.exe 88 PID 3996 wrote to memory of 4432 3996 3rlfxfl.exe 89 PID 3996 wrote to memory of 4432 3996 3rlfxfl.exe 89 PID 3996 wrote to memory of 4432 3996 3rlfxfl.exe 89 PID 4432 wrote to memory of 4440 4432 btnthh.exe 90 PID 4432 wrote to memory of 4440 4432 btnthh.exe 90 PID 4432 wrote to memory of 4440 4432 btnthh.exe 90 PID 4440 wrote to memory of 2124 4440 fxxllxx.exe 91 PID 4440 wrote to memory of 2124 4440 fxxllxx.exe 91 PID 4440 wrote to memory of 2124 4440 fxxllxx.exe 91 PID 2124 wrote to memory of 836 2124 fffllfr.exe 92 PID 2124 wrote to memory of 836 2124 fffllfr.exe 92 PID 2124 wrote to memory of 836 2124 fffllfr.exe 92 PID 836 wrote to memory of 3080 836 tnbtbt.exe 93 PID 836 wrote to memory of 3080 836 tnbtbt.exe 93 PID 836 wrote to memory of 3080 836 tnbtbt.exe 93 PID 3080 wrote to memory of 4576 3080 jdppj.exe 94 PID 3080 wrote to memory of 4576 3080 jdppj.exe 94 PID 3080 wrote to memory of 4576 3080 jdppj.exe 94 PID 4576 wrote to memory of 1860 4576 tnhbtn.exe 95 PID 4576 wrote to memory of 1860 4576 tnhbtn.exe 95 PID 4576 wrote to memory of 1860 4576 tnhbtn.exe 95 PID 1860 wrote to memory of 5112 1860 3xfxrrl.exe 96 PID 1860 wrote to memory of 5112 1860 3xfxrrl.exe 96 PID 1860 wrote to memory of 5112 1860 3xfxrrl.exe 96 PID 5112 wrote to memory of 1168 5112 tnnnhb.exe 97 PID 5112 wrote to memory of 1168 5112 tnnnhb.exe 97 PID 5112 wrote to memory of 1168 5112 tnnnhb.exe 97 PID 1168 wrote to memory of 4292 1168 lfrxxrl.exe 98 PID 1168 wrote to memory of 4292 1168 lfrxxrl.exe 98 PID 1168 wrote to memory of 4292 1168 lfrxxrl.exe 98 PID 4292 wrote to memory of 1040 4292 ntnnhn.exe 99 PID 4292 wrote to memory of 1040 4292 ntnnhn.exe 99 PID 4292 wrote to memory of 1040 4292 ntnnhn.exe 99 PID 1040 wrote to memory of 4184 1040 rxlxrrf.exe 100 PID 1040 wrote to memory of 4184 1040 rxlxrrf.exe 100 PID 1040 wrote to memory of 4184 1040 rxlxrrf.exe 100 PID 4184 wrote to memory of 536 4184 btbbtt.exe 101 PID 4184 wrote to memory of 536 4184 btbbtt.exe 101 PID 4184 wrote to memory of 536 4184 btbbtt.exe 101 PID 536 wrote to memory of 668 536 vpvpp.exe 102 PID 536 wrote to memory of 668 536 vpvpp.exe 102 PID 536 wrote to memory of 668 536 vpvpp.exe 102 PID 668 wrote to memory of 2608 668 xffxrrr.exe 103 PID 668 wrote to memory of 2608 668 xffxrrr.exe 103 PID 668 wrote to memory of 2608 668 xffxrrr.exe 103 PID 2608 wrote to memory of 3272 2608 jppdj.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\672275b905ec734b6d1dcfb2041b5300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4804 -
\??\c:\xffxxff.exec:\xffxxff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3944 -
\??\c:\hbbttt.exec:\hbbttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3616 -
\??\c:\ffllxxx.exec:\ffllxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2084 -
\??\c:\bhttnt.exec:\bhttnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2232 -
\??\c:\jdvvp.exec:\jdvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3304 -
\??\c:\3rlfxfl.exec:\3rlfxfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3996 -
\??\c:\btnthh.exec:\btnthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4432 -
\??\c:\fxxllxx.exec:\fxxllxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4440 -
\??\c:\fffllfr.exec:\fffllfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2124 -
\??\c:\tnbtbt.exec:\tnbtbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:836 -
\??\c:\jdppj.exec:\jdppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3080 -
\??\c:\tnhbtn.exec:\tnhbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4576 -
\??\c:\3xfxrrl.exec:\3xfxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1860 -
\??\c:\tnnnhb.exec:\tnnnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5112 -
\??\c:\lfrxxrl.exec:\lfrxxrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1168 -
\??\c:\ntnnhn.exec:\ntnnhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4292 -
\??\c:\rxlxrrf.exec:\rxlxrrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1040 -
\??\c:\btbbtt.exec:\btbbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4184 -
\??\c:\vpvpp.exec:\vpvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:536 -
\??\c:\xffxrrr.exec:\xffxrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:668 -
\??\c:\jppdj.exec:\jppdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\lflxrxr.exec:\lflxrxr.exe23⤵
- Executes dropped EXE
PID:3272 -
\??\c:\pdppv.exec:\pdppv.exe24⤵
- Executes dropped EXE
PID:1660 -
\??\c:\xfxxxrx.exec:\xfxxxrx.exe25⤵
- Executes dropped EXE
PID:3152 -
\??\c:\rrrrllr.exec:\rrrrllr.exe26⤵
- Executes dropped EXE
PID:1752 -
\??\c:\jjjdv.exec:\jjjdv.exe27⤵
- Executes dropped EXE
PID:5040 -
\??\c:\xrllflx.exec:\xrllflx.exe28⤵
- Executes dropped EXE
PID:2756 -
\??\c:\jjpdj.exec:\jjpdj.exe29⤵
- Executes dropped EXE
PID:3964 -
\??\c:\rlrfrxr.exec:\rlrfrxr.exe30⤵
- Executes dropped EXE
PID:5020 -
\??\c:\nntnth.exec:\nntnth.exe31⤵
- Executes dropped EXE
PID:2008 -
\??\c:\thhhht.exec:\thhhht.exe32⤵
- Executes dropped EXE
PID:5032 -
\??\c:\jjddd.exec:\jjddd.exe33⤵
- Executes dropped EXE
PID:1452 -
\??\c:\nhnnnh.exec:\nhnnnh.exe34⤵
- Executes dropped EXE
PID:1936 -
\??\c:\pdvjv.exec:\pdvjv.exe35⤵
- Executes dropped EXE
PID:3148 -
\??\c:\xlfxrrr.exec:\xlfxrrr.exe36⤵
- Executes dropped EXE
PID:4352 -
\??\c:\tbhhbt.exec:\tbhhbt.exe37⤵
- Executes dropped EXE
PID:2752 -
\??\c:\pjjvp.exec:\pjjvp.exe38⤵
- Executes dropped EXE
PID:3184 -
\??\c:\frlxffl.exec:\frlxffl.exe39⤵
- Executes dropped EXE
PID:2580 -
\??\c:\bttnnh.exec:\bttnnh.exe40⤵
- Executes dropped EXE
PID:3024 -
\??\c:\5xllrxf.exec:\5xllrxf.exe41⤵
- Executes dropped EXE
PID:4524 -
\??\c:\nhtbnb.exec:\nhtbnb.exe42⤵
- Executes dropped EXE
PID:4444 -
\??\c:\nnhtth.exec:\nnhtth.exe43⤵
- Executes dropped EXE
PID:4888 -
\??\c:\llflrrx.exec:\llflrrx.exe44⤵
- Executes dropped EXE
PID:3304 -
\??\c:\3nhbtn.exec:\3nhbtn.exe45⤵
- Executes dropped EXE
PID:2968 -
\??\c:\hnhtht.exec:\hnhtht.exe46⤵
- Executes dropped EXE
PID:1332 -
\??\c:\lxfxxxf.exec:\lxfxxxf.exe47⤵
- Executes dropped EXE
PID:3036 -
\??\c:\hbbbnb.exec:\hbbbnb.exe48⤵
- Executes dropped EXE
PID:412 -
\??\c:\jppjj.exec:\jppjj.exe49⤵
- Executes dropped EXE
PID:2364 -
\??\c:\bnhttb.exec:\bnhttb.exe50⤵
- Executes dropped EXE
PID:3428 -
\??\c:\vjjvj.exec:\vjjvj.exe51⤵
- Executes dropped EXE
PID:2520 -
\??\c:\vvvjp.exec:\vvvjp.exe52⤵
- Executes dropped EXE
PID:3640 -
\??\c:\xrrrrff.exec:\xrrrrff.exe53⤵
- Executes dropped EXE
PID:4328 -
\??\c:\htbttt.exec:\htbttt.exe54⤵
- Executes dropped EXE
PID:2740 -
\??\c:\lxxxrxr.exec:\lxxxrxr.exe55⤵
- Executes dropped EXE
PID:4364 -
\??\c:\btbbhn.exec:\btbbhn.exe56⤵
- Executes dropped EXE
PID:516 -
\??\c:\djpjj.exec:\djpjj.exe57⤵
- Executes dropped EXE
PID:3580 -
\??\c:\xrxlxrf.exec:\xrxlxrf.exe58⤵
- Executes dropped EXE
PID:3976 -
\??\c:\nnnhhb.exec:\nnnhhb.exe59⤵
- Executes dropped EXE
PID:2208 -
\??\c:\tnbttn.exec:\tnbttn.exe60⤵
- Executes dropped EXE
PID:456 -
\??\c:\jdjjv.exec:\jdjjv.exe61⤵
- Executes dropped EXE
PID:536 -
\??\c:\htnnnb.exec:\htnnnb.exe62⤵
- Executes dropped EXE
PID:668 -
\??\c:\jjddv.exec:\jjddv.exe63⤵
- Executes dropped EXE
PID:400 -
\??\c:\xfllxrr.exec:\xfllxrr.exe64⤵
- Executes dropped EXE
PID:1440 -
\??\c:\bhthnb.exec:\bhthnb.exe65⤵
- Executes dropped EXE
PID:2764 -
\??\c:\pvjdp.exec:\pvjdp.exe66⤵PID:5028
-
\??\c:\rlfxrlr.exec:\rlfxrlr.exe67⤵PID:1660
-
\??\c:\nhtbbn.exec:\nhtbbn.exe68⤵PID:1972
-
\??\c:\vjvdv.exec:\vjvdv.exe69⤵PID:1752
-
\??\c:\xrrfxlx.exec:\xrrfxlx.exe70⤵PID:3444
-
\??\c:\rrffxfx.exec:\rrffxfx.exe71⤵PID:4608
-
\??\c:\bhhbbb.exec:\bhhbbb.exe72⤵PID:440
-
\??\c:\5dvdj.exec:\5dvdj.exe73⤵PID:4548
-
\??\c:\rrllfrr.exec:\rrllfrr.exe74⤵PID:5024
-
\??\c:\bttttb.exec:\bttttb.exe75⤵PID:1544
-
\??\c:\dvvdp.exec:\dvvdp.exe76⤵PID:968
-
\??\c:\5dvvv.exec:\5dvvv.exe77⤵PID:4784
-
\??\c:\lxrrxfl.exec:\lxrrxfl.exe78⤵PID:4428
-
\??\c:\bbbbbb.exec:\bbbbbb.exe79⤵PID:4420
-
\??\c:\vpdjd.exec:\vpdjd.exe80⤵PID:4620
-
\??\c:\lflrrlr.exec:\lflrrlr.exe81⤵PID:3700
-
\??\c:\lxfffff.exec:\lxfffff.exe82⤵PID:2240
-
\??\c:\ttthbh.exec:\ttthbh.exe83⤵PID:3884
-
\??\c:\pdjvd.exec:\pdjvd.exe84⤵PID:1716
-
\??\c:\vppjd.exec:\vppjd.exe85⤵PID:1028
-
\??\c:\xrrlfrf.exec:\xrrlfrf.exe86⤵PID:1668
-
\??\c:\hhtnbn.exec:\hhtnbn.exe87⤵PID:2516
-
\??\c:\vppjd.exec:\vppjd.exe88⤵PID:4716
-
\??\c:\pjdjp.exec:\pjdjp.exe89⤵PID:4568
-
\??\c:\xxfxrxr.exec:\xxfxrxr.exe90⤵PID:1348
-
\??\c:\nntnnb.exec:\nntnnb.exe91⤵PID:2496
-
\??\c:\jjjvj.exec:\jjjvj.exe92⤵PID:2664
-
\??\c:\xxxxffx.exec:\xxxxffx.exe93⤵PID:1116
-
\??\c:\vpvvd.exec:\vpvvd.exe94⤵PID:3316
-
\??\c:\lrrrxxx.exec:\lrrrxxx.exe95⤵PID:2740
-
\??\c:\ntnhnb.exec:\ntnhnb.exe96⤵PID:4364
-
\??\c:\vjpdv.exec:\vjpdv.exe97⤵PID:4292
-
\??\c:\xfflfxx.exec:\xfflfxx.exe98⤵PID:1008
-
\??\c:\tthhhh.exec:\tthhhh.exe99⤵PID:3976
-
\??\c:\ddvvj.exec:\ddvvj.exe100⤵PID:2208
-
\??\c:\fffxxff.exec:\fffxxff.exe101⤵PID:3340
-
\??\c:\hnbnbh.exec:\hnbnbh.exe102⤵PID:2480
-
\??\c:\tntbbb.exec:\tntbbb.exe103⤵PID:2532
-
\??\c:\vpjpp.exec:\vpjpp.exe104⤵PID:400
-
\??\c:\flrlxxx.exec:\flrlxxx.exe105⤵PID:4900
-
\??\c:\nbnhhb.exec:\nbnhhb.exe106⤵PID:2764
-
\??\c:\1dppp.exec:\1dppp.exe107⤵PID:5028
-
\??\c:\xlxxxxl.exec:\xlxxxxl.exe108⤵PID:2012
-
\??\c:\btnbbn.exec:\btnbbn.exe109⤵PID:1972
-
\??\c:\djjjv.exec:\djjjv.exe110⤵PID:4232
-
\??\c:\llllrxl.exec:\llllrxl.exe111⤵PID:2236
-
\??\c:\nnnhbt.exec:\nnnhbt.exe112⤵PID:1132
-
\??\c:\jjvvj.exec:\jjvvj.exe113⤵PID:2652
-
\??\c:\xxllxfr.exec:\xxllxfr.exe114⤵PID:4308
-
\??\c:\frxlffx.exec:\frxlffx.exe115⤵PID:3948
-
\??\c:\nntttt.exec:\nntttt.exe116⤵PID:968
-
\??\c:\pppvp.exec:\pppvp.exe117⤵PID:3156
-
\??\c:\rlrlfff.exec:\rlrlfff.exe118⤵PID:2564
-
\??\c:\hhbbtt.exec:\hhbbtt.exe119⤵PID:3184
-
\??\c:\tnttnt.exec:\tnttnt.exe120⤵PID:3612
-
\??\c:\ddjdd.exec:\ddjdd.exe121⤵PID:2044
-
\??\c:\flfrlxr.exec:\flfrlxr.exe122⤵PID:1220
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-