Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe
-
Size
92KB
-
MD5
6714262332d39ab80b732afbfd4673e0
-
SHA1
35f7c16c77fae625325f52e7c8568898effcf54d
-
SHA256
e6ba6720ffad5085ea83878d584a545a9f4fa2b2879d28fcd349d52c9dfd9e6a
-
SHA512
082c50011b91e410125bd48b59d8ee4fc1a165c2128f935c98835df1b1f33c51077889e93a09890985c019628a835b7b9597dcbeaf7e8676618bb3bbabb71804
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/210:ymb3NkkiQ3mdBjFo73PYP1lri3K8GN4f
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral2/memory/3384-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3792-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2228-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2228-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3784-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/880-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4100-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2328-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2160-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2132-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2840-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4396-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3360-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3260-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2740-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1772-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4704-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1964-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4716-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2872-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2892-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2240-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4884-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3792 tnhbht.exe 2228 pjpvd.exe 3784 7pjpj.exe 880 7ffxrrl.exe 4100 nhhhbb.exe 2328 7vpjv.exe 2160 3dvjd.exe 1680 5rrlfxr.exe 1500 9nnhbb.exe 3276 djdvp.exe 2132 vpvvp.exe 2840 fxflxxf.exe 4396 3tbttb.exe 3360 5vvpj.exe 3260 5flxrlf.exe 2740 bhbhbb.exe 3928 jdvpp.exe 1772 rfxlxrl.exe 5016 xrxrllr.exe 5072 vdjdd.exe 4704 jddvj.exe 1964 1xlfrrl.exe 4716 nbtnhh.exe 3736 9vjdd.exe 2872 7vpjj.exe 4400 xrxrrrl.exe 2892 bbtttt.exe 2240 dvvpp.exe 1032 fffxxxf.exe 3640 xfllllx.exe 4884 ntnhbt.exe 4216 dvjdd.exe 4932 xrrlffx.exe 1424 tthbhh.exe 984 nntbtn.exe 4812 vppdd.exe 1436 rfxrlfl.exe 4640 fxflrxx.exe 4124 tnbtnn.exe 4432 vpvpj.exe 428 rflllfx.exe 3356 bbnhhh.exe 3408 ttbttt.exe 4808 jddvp.exe 2068 ffrlrrx.exe 4100 nhtnbn.exe 3832 tbnbnn.exe 4044 vdddp.exe 1824 fxlfllf.exe 1640 1thhhn.exe 1500 hnnnbt.exe 4644 ddvvp.exe 4084 jddvp.exe 2128 rfxxxff.exe 1416 5llfxxr.exe 1012 nhnhhh.exe 4316 vjppj.exe 876 lxxlfxr.exe 4476 lfxrlfx.exe 3696 nhbhtn.exe 2656 ntbnhb.exe 4048 jvjvd.exe 2420 frxllxr.exe 4840 thnhtt.exe -
resource yara_rule behavioral2/memory/3384-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3792-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2228-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2228-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3784-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/880-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4100-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2160-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2328-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2160-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2132-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2840-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4396-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3360-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3260-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2740-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1772-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4704-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1964-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4716-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2872-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2892-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2240-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4884-202-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3384 wrote to memory of 3792 3384 6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe 83 PID 3384 wrote to memory of 3792 3384 6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe 83 PID 3384 wrote to memory of 3792 3384 6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe 83 PID 3792 wrote to memory of 2228 3792 tnhbht.exe 84 PID 3792 wrote to memory of 2228 3792 tnhbht.exe 84 PID 3792 wrote to memory of 2228 3792 tnhbht.exe 84 PID 2228 wrote to memory of 3784 2228 pjpvd.exe 85 PID 2228 wrote to memory of 3784 2228 pjpvd.exe 85 PID 2228 wrote to memory of 3784 2228 pjpvd.exe 85 PID 3784 wrote to memory of 880 3784 7pjpj.exe 86 PID 3784 wrote to memory of 880 3784 7pjpj.exe 86 PID 3784 wrote to memory of 880 3784 7pjpj.exe 86 PID 880 wrote to memory of 4100 880 7ffxrrl.exe 87 PID 880 wrote to memory of 4100 880 7ffxrrl.exe 87 PID 880 wrote to memory of 4100 880 7ffxrrl.exe 87 PID 4100 wrote to memory of 2328 4100 nhhhbb.exe 88 PID 4100 wrote to memory of 2328 4100 nhhhbb.exe 88 PID 4100 wrote to memory of 2328 4100 nhhhbb.exe 88 PID 2328 wrote to memory of 2160 2328 7vpjv.exe 89 PID 2328 wrote to memory of 2160 2328 7vpjv.exe 89 PID 2328 wrote to memory of 2160 2328 7vpjv.exe 89 PID 2160 wrote to memory of 1680 2160 3dvjd.exe 90 PID 2160 wrote to memory of 1680 2160 3dvjd.exe 90 PID 2160 wrote to memory of 1680 2160 3dvjd.exe 90 PID 1680 wrote to memory of 1500 1680 5rrlfxr.exe 91 PID 1680 wrote to memory of 1500 1680 5rrlfxr.exe 91 PID 1680 wrote to memory of 1500 1680 5rrlfxr.exe 91 PID 1500 wrote to memory of 3276 1500 9nnhbb.exe 92 PID 1500 wrote to memory of 3276 1500 9nnhbb.exe 92 PID 1500 wrote to memory of 3276 1500 9nnhbb.exe 92 PID 3276 wrote to memory of 2132 3276 djdvp.exe 93 PID 3276 wrote to memory of 2132 3276 djdvp.exe 93 PID 3276 wrote to memory of 2132 3276 djdvp.exe 93 PID 2132 wrote to memory of 2840 2132 vpvvp.exe 94 PID 2132 wrote to memory of 2840 2132 vpvvp.exe 94 PID 2132 wrote to memory of 2840 2132 vpvvp.exe 94 PID 2840 wrote to memory of 4396 2840 fxflxxf.exe 95 PID 2840 wrote to memory of 4396 2840 fxflxxf.exe 95 PID 2840 wrote to memory of 4396 2840 fxflxxf.exe 95 PID 4396 wrote to memory of 3360 4396 3tbttb.exe 96 PID 4396 wrote to memory of 3360 4396 3tbttb.exe 96 PID 4396 wrote to memory of 3360 4396 3tbttb.exe 96 PID 3360 wrote to memory of 3260 3360 5vvpj.exe 97 PID 3360 wrote to memory of 3260 3360 5vvpj.exe 97 PID 3360 wrote to memory of 3260 3360 5vvpj.exe 97 PID 3260 wrote to memory of 2740 3260 5flxrlf.exe 98 PID 3260 wrote to memory of 2740 3260 5flxrlf.exe 98 PID 3260 wrote to memory of 2740 3260 5flxrlf.exe 98 PID 2740 wrote to memory of 3928 2740 bhbhbb.exe 99 PID 2740 wrote to memory of 3928 2740 bhbhbb.exe 99 PID 2740 wrote to memory of 3928 2740 bhbhbb.exe 99 PID 3928 wrote to memory of 1772 3928 jdvpp.exe 101 PID 3928 wrote to memory of 1772 3928 jdvpp.exe 101 PID 3928 wrote to memory of 1772 3928 jdvpp.exe 101 PID 1772 wrote to memory of 5016 1772 rfxlxrl.exe 102 PID 1772 wrote to memory of 5016 1772 rfxlxrl.exe 102 PID 1772 wrote to memory of 5016 1772 rfxlxrl.exe 102 PID 5016 wrote to memory of 5072 5016 xrxrllr.exe 103 PID 5016 wrote to memory of 5072 5016 xrxrllr.exe 103 PID 5016 wrote to memory of 5072 5016 xrxrllr.exe 103 PID 5072 wrote to memory of 4704 5072 vdjdd.exe 104 PID 5072 wrote to memory of 4704 5072 vdjdd.exe 104 PID 5072 wrote to memory of 4704 5072 vdjdd.exe 104 PID 4704 wrote to memory of 1964 4704 jddvj.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6714262332d39ab80b732afbfd4673e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3384 -
\??\c:\tnhbht.exec:\tnhbht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3792 -
\??\c:\pjpvd.exec:\pjpvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2228 -
\??\c:\7pjpj.exec:\7pjpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3784 -
\??\c:\7ffxrrl.exec:\7ffxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:880 -
\??\c:\nhhhbb.exec:\nhhhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4100 -
\??\c:\7vpjv.exec:\7vpjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2328 -
\??\c:\3dvjd.exec:\3dvjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2160 -
\??\c:\5rrlfxr.exec:\5rrlfxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1680 -
\??\c:\9nnhbb.exec:\9nnhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1500 -
\??\c:\djdvp.exec:\djdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3276 -
\??\c:\vpvvp.exec:\vpvvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\fxflxxf.exec:\fxflxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2840 -
\??\c:\3tbttb.exec:\3tbttb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4396 -
\??\c:\5vvpj.exec:\5vvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3360 -
\??\c:\5flxrlf.exec:\5flxrlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3260 -
\??\c:\bhbhbb.exec:\bhbhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\jdvpp.exec:\jdvpp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3928 -
\??\c:\rfxlxrl.exec:\rfxlxrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1772 -
\??\c:\xrxrllr.exec:\xrxrllr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5016 -
\??\c:\vdjdd.exec:\vdjdd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5072 -
\??\c:\jddvj.exec:\jddvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4704 -
\??\c:\1xlfrrl.exec:\1xlfrrl.exe23⤵
- Executes dropped EXE
PID:1964 -
\??\c:\nbtnhh.exec:\nbtnhh.exe24⤵
- Executes dropped EXE
PID:4716 -
\??\c:\9vjdd.exec:\9vjdd.exe25⤵
- Executes dropped EXE
PID:3736 -
\??\c:\7vpjj.exec:\7vpjj.exe26⤵
- Executes dropped EXE
PID:2872 -
\??\c:\xrxrrrl.exec:\xrxrrrl.exe27⤵
- Executes dropped EXE
PID:4400 -
\??\c:\bbtttt.exec:\bbtttt.exe28⤵
- Executes dropped EXE
PID:2892 -
\??\c:\dvvpp.exec:\dvvpp.exe29⤵
- Executes dropped EXE
PID:2240 -
\??\c:\fffxxxf.exec:\fffxxxf.exe30⤵
- Executes dropped EXE
PID:1032 -
\??\c:\xfllllx.exec:\xfllllx.exe31⤵
- Executes dropped EXE
PID:3640 -
\??\c:\ntnhbt.exec:\ntnhbt.exe32⤵
- Executes dropped EXE
PID:4884 -
\??\c:\dvjdd.exec:\dvjdd.exe33⤵
- Executes dropped EXE
PID:4216 -
\??\c:\xrrlffx.exec:\xrrlffx.exe34⤵
- Executes dropped EXE
PID:4932 -
\??\c:\tthbhh.exec:\tthbhh.exe35⤵
- Executes dropped EXE
PID:1424 -
\??\c:\nntbtn.exec:\nntbtn.exe36⤵
- Executes dropped EXE
PID:984 -
\??\c:\vppdd.exec:\vppdd.exe37⤵
- Executes dropped EXE
PID:4812 -
\??\c:\rfxrlfl.exec:\rfxrlfl.exe38⤵
- Executes dropped EXE
PID:1436 -
\??\c:\fxflrxx.exec:\fxflrxx.exe39⤵
- Executes dropped EXE
PID:4640 -
\??\c:\tnbtnn.exec:\tnbtnn.exe40⤵
- Executes dropped EXE
PID:4124 -
\??\c:\ttnnnh.exec:\ttnnnh.exe41⤵PID:2736
-
\??\c:\vpvpj.exec:\vpvpj.exe42⤵
- Executes dropped EXE
PID:4432 -
\??\c:\rflllfx.exec:\rflllfx.exe43⤵
- Executes dropped EXE
PID:428 -
\??\c:\bbnhhh.exec:\bbnhhh.exe44⤵
- Executes dropped EXE
PID:3356 -
\??\c:\ttbttt.exec:\ttbttt.exe45⤵
- Executes dropped EXE
PID:3408 -
\??\c:\jddvp.exec:\jddvp.exe46⤵
- Executes dropped EXE
PID:4808 -
\??\c:\ffrlrrx.exec:\ffrlrrx.exe47⤵
- Executes dropped EXE
PID:2068 -
\??\c:\nhtnbn.exec:\nhtnbn.exe48⤵
- Executes dropped EXE
PID:4100 -
\??\c:\tbnbnn.exec:\tbnbnn.exe49⤵
- Executes dropped EXE
PID:3832 -
\??\c:\vdddp.exec:\vdddp.exe50⤵
- Executes dropped EXE
PID:4044 -
\??\c:\fxlfllf.exec:\fxlfllf.exe51⤵
- Executes dropped EXE
PID:1824 -
\??\c:\1thhhn.exec:\1thhhn.exe52⤵
- Executes dropped EXE
PID:1640 -
\??\c:\hnnnbt.exec:\hnnnbt.exe53⤵
- Executes dropped EXE
PID:1500 -
\??\c:\ddvvp.exec:\ddvvp.exe54⤵
- Executes dropped EXE
PID:4644 -
\??\c:\jddvp.exec:\jddvp.exe55⤵
- Executes dropped EXE
PID:4084 -
\??\c:\rfxxxff.exec:\rfxxxff.exe56⤵
- Executes dropped EXE
PID:2128 -
\??\c:\5llfxxr.exec:\5llfxxr.exe57⤵
- Executes dropped EXE
PID:1416 -
\??\c:\nhnhhh.exec:\nhnhhh.exe58⤵
- Executes dropped EXE
PID:1012 -
\??\c:\vjppj.exec:\vjppj.exe59⤵
- Executes dropped EXE
PID:4316 -
\??\c:\lxxlfxr.exec:\lxxlfxr.exe60⤵
- Executes dropped EXE
PID:876 -
\??\c:\lfxrlfx.exec:\lfxrlfx.exe61⤵
- Executes dropped EXE
PID:4476 -
\??\c:\nhbhtn.exec:\nhbhtn.exe62⤵
- Executes dropped EXE
PID:3696 -
\??\c:\ntbnhb.exec:\ntbnhb.exe63⤵
- Executes dropped EXE
PID:2656 -
\??\c:\jvjvd.exec:\jvjvd.exe64⤵
- Executes dropped EXE
PID:4048 -
\??\c:\frxllxr.exec:\frxllxr.exe65⤵
- Executes dropped EXE
PID:2420 -
\??\c:\thnhtt.exec:\thnhtt.exe66⤵
- Executes dropped EXE
PID:4840 -
\??\c:\xrxxrll.exec:\xrxxrll.exe67⤵PID:116
-
\??\c:\xrrlffr.exec:\xrrlffr.exe68⤵PID:5044
-
\??\c:\nhtnhb.exec:\nhtnhb.exe69⤵PID:4184
-
\??\c:\thhtnn.exec:\thhtnn.exe70⤵PID:4716
-
\??\c:\jdpjv.exec:\jdpjv.exe71⤵PID:5080
-
\??\c:\pjdvj.exec:\pjdvj.exe72⤵PID:1956
-
\??\c:\fxxrrrf.exec:\fxxrrrf.exe73⤵PID:1740
-
\??\c:\fxllxxr.exec:\fxllxxr.exe74⤵PID:4156
-
\??\c:\bhtnbn.exec:\bhtnbn.exe75⤵PID:3684
-
\??\c:\dpvpp.exec:\dpvpp.exe76⤵PID:4604
-
\??\c:\pdjdd.exec:\pdjdd.exe77⤵PID:1032
-
\??\c:\1xffxrl.exec:\1xffxrl.exe78⤵PID:3976
-
\??\c:\lxrlxxx.exec:\lxrlxxx.exe79⤵PID:4128
-
\??\c:\3tnbtb.exec:\3tnbtb.exe80⤵PID:1028
-
\??\c:\ddjjp.exec:\ddjjp.exe81⤵PID:892
-
\??\c:\pdjdv.exec:\pdjdv.exe82⤵PID:5056
-
\??\c:\7xrrlll.exec:\7xrrlll.exe83⤵PID:1720
-
\??\c:\tthbhb.exec:\tthbhb.exe84⤵PID:4568
-
\??\c:\tnhhbb.exec:\tnhhbb.exe85⤵PID:4796
-
\??\c:\vppdv.exec:\vppdv.exe86⤵PID:1748
-
\??\c:\pjvpj.exec:\pjvpj.exe87⤵PID:4924
-
\??\c:\frffxxr.exec:\frffxxr.exe88⤵PID:5104
-
\??\c:\rlxfxrl.exec:\rlxfxrl.exe89⤵PID:2688
-
\??\c:\hbbtnh.exec:\hbbtnh.exe90⤵PID:1608
-
\??\c:\hbbthb.exec:\hbbthb.exe91⤵PID:4592
-
\??\c:\pdpvv.exec:\pdpvv.exe92⤵PID:3064
-
\??\c:\5xfxlll.exec:\5xfxlll.exe93⤵PID:4192
-
\??\c:\5lrlffx.exec:\5lrlffx.exe94⤵PID:3744
-
\??\c:\5lrlfxr.exec:\5lrlfxr.exe95⤵PID:4224
-
\??\c:\3nntnn.exec:\3nntnn.exe96⤵PID:2328
-
\??\c:\ntbnhb.exec:\ntbnhb.exe97⤵PID:1244
-
\??\c:\vvvvp.exec:\vvvvp.exe98⤵PID:2272
-
\??\c:\pddvp.exec:\pddvp.exe99⤵PID:4872
-
\??\c:\vpjjd.exec:\vpjjd.exe100⤵PID:2148
-
\??\c:\dpjdd.exec:\dpjdd.exe101⤵PID:3616
-
\??\c:\flrfrfr.exec:\flrfrfr.exe102⤵PID:2076
-
\??\c:\tnnhbt.exec:\tnnhbt.exe103⤵PID:1568
-
\??\c:\pjjvp.exec:\pjjvp.exe104⤵PID:2920
-
\??\c:\jvjjp.exec:\jvjjp.exe105⤵PID:1876
-
\??\c:\lrxrxxl.exec:\lrxrxxl.exe106⤵PID:3260
-
\??\c:\9rllfxr.exec:\9rllfxr.exe107⤵PID:2740
-
\??\c:\tnnhbb.exec:\tnnhbb.exe108⤵PID:4052
-
\??\c:\jvvvp.exec:\jvvvp.exe109⤵PID:816
-
\??\c:\pdddj.exec:\pdddj.exe110⤵PID:2712
-
\??\c:\xlllxfx.exec:\xlllxfx.exe111⤵PID:5072
-
\??\c:\htthtt.exec:\htthtt.exe112⤵PID:4220
-
\??\c:\1hbnnh.exec:\1hbnnh.exe113⤵PID:3040
-
\??\c:\pjddp.exec:\pjddp.exe114⤵PID:5080
-
\??\c:\jjdpd.exec:\jjdpd.exe115⤵PID:5004
-
\??\c:\lxffffx.exec:\lxffffx.exe116⤵PID:4488
-
\??\c:\rfrlllf.exec:\rfrlllf.exe117⤵PID:2240
-
\??\c:\ntbnbh.exec:\ntbnbh.exe118⤵PID:2856
-
\??\c:\5jpjj.exec:\5jpjj.exe119⤵PID:1600
-
\??\c:\9vvjd.exec:\9vvjd.exe120⤵PID:2268
-
\??\c:\flfxlxl.exec:\flfxlxl.exe121⤵PID:3780
-
\??\c:\9xrrfff.exec:\9xrrfff.exe122⤵PID:4216
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-