Analysis
-
max time kernel
130s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
68f03ceae3be7434f22518e24e87eae0
-
SHA1
c03ff3599491a17da26c7835af42842442d65a8a
-
SHA256
2fe261e2b6a3cbc8f0be90b908564c6c8786b5f3a4e34e63f5abb54f85782374
-
SHA512
446147dc17f3c912f9571b1135f62f993b70606525540ae5ab642290fa737afdc67e76fa32aa4a1af9c60068ad0f810d0de8821b127e2965ed525322bace8688
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1AP2:ymb3NkkiQ3mdBjFIsIVbpUO2
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/1368-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1608-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/744-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/744-19-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2796-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2104-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3680-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3648-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3812-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2956-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3988-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1944-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2708-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1780-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2912-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4648-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1512-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2568-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4080-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2180-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2216-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3312-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1704-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5020-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4220-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1628-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1608 ntttnn.exe 744 7jppp.exe 2796 xlrrlll.exe 2104 btbbtb.exe 3680 5pvpj.exe 3648 fflfxxx.exe 3812 7bnntt.exe 2956 vvjdj.exe 3988 vppvp.exe 1944 rxffxxr.exe 2708 htbnhh.exe 4964 vjddv.exe 1780 jpjjd.exe 2912 rrxlffx.exe 316 hbhntb.exe 4648 tbhnhh.exe 1512 vpppv.exe 3188 vjppj.exe 2568 rffxrrl.exe 4080 thtnht.exe 2180 nbbtnh.exe 2216 dpppj.exe 1084 xflllxf.exe 2156 fxfxrff.exe 3312 3thbbb.exe 1704 tnnnnh.exe 4388 pjddv.exe 5020 xxfffff.exe 4220 1rrrxrr.exe 1628 bttnnn.exe 640 ddddd.exe 2848 bnnhhh.exe 1092 tnnhnh.exe 4384 vjjvv.exe 2288 lllfrff.exe 1256 fxrlxlx.exe 4484 tnnnhh.exe 1816 vjpvv.exe 976 fflllll.exe 3432 ffffrrx.exe 4116 htntnn.exe 2876 bthbhb.exe 4860 vpvjp.exe 4076 ppvvp.exe 2844 fffxxxx.exe 4940 xrfrlrr.exe 3936 7ntbtn.exe 2116 bbhbbb.exe 1980 9jppj.exe 1212 jpvvj.exe 860 xrrxlll.exe 1668 lfrrlll.exe 4264 9tbhbh.exe 3408 nbhbnn.exe 1976 3vddv.exe 2536 pjvpv.exe 4156 xxxxlll.exe 4852 fxrllll.exe 4728 nbhbtn.exe 3568 pjdvd.exe 1916 flrlrxf.exe 2568 rlffxxr.exe 3272 hbbbbb.exe 3760 nhbbbt.exe -
resource yara_rule behavioral2/memory/1368-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1608-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/744-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2796-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2104-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3680-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3648-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3648-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3812-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2956-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3988-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1944-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2708-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1780-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2912-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4648-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1512-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2568-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4080-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2180-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2216-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3312-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1704-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5020-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4220-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1628-200-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1368 wrote to memory of 1608 1368 68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe 83 PID 1368 wrote to memory of 1608 1368 68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe 83 PID 1368 wrote to memory of 1608 1368 68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe 83 PID 1608 wrote to memory of 744 1608 ntttnn.exe 84 PID 1608 wrote to memory of 744 1608 ntttnn.exe 84 PID 1608 wrote to memory of 744 1608 ntttnn.exe 84 PID 744 wrote to memory of 2796 744 7jppp.exe 85 PID 744 wrote to memory of 2796 744 7jppp.exe 85 PID 744 wrote to memory of 2796 744 7jppp.exe 85 PID 2796 wrote to memory of 2104 2796 xlrrlll.exe 86 PID 2796 wrote to memory of 2104 2796 xlrrlll.exe 86 PID 2796 wrote to memory of 2104 2796 xlrrlll.exe 86 PID 2104 wrote to memory of 3680 2104 btbbtb.exe 87 PID 2104 wrote to memory of 3680 2104 btbbtb.exe 87 PID 2104 wrote to memory of 3680 2104 btbbtb.exe 87 PID 3680 wrote to memory of 3648 3680 5pvpj.exe 88 PID 3680 wrote to memory of 3648 3680 5pvpj.exe 88 PID 3680 wrote to memory of 3648 3680 5pvpj.exe 88 PID 3648 wrote to memory of 3812 3648 fflfxxx.exe 89 PID 3648 wrote to memory of 3812 3648 fflfxxx.exe 89 PID 3648 wrote to memory of 3812 3648 fflfxxx.exe 89 PID 3812 wrote to memory of 2956 3812 7bnntt.exe 90 PID 3812 wrote to memory of 2956 3812 7bnntt.exe 90 PID 3812 wrote to memory of 2956 3812 7bnntt.exe 90 PID 2956 wrote to memory of 3988 2956 vvjdj.exe 91 PID 2956 wrote to memory of 3988 2956 vvjdj.exe 91 PID 2956 wrote to memory of 3988 2956 vvjdj.exe 91 PID 3988 wrote to memory of 1944 3988 vppvp.exe 92 PID 3988 wrote to memory of 1944 3988 vppvp.exe 92 PID 3988 wrote to memory of 1944 3988 vppvp.exe 92 PID 1944 wrote to memory of 2708 1944 rxffxxr.exe 93 PID 1944 wrote to memory of 2708 1944 rxffxxr.exe 93 PID 1944 wrote to memory of 2708 1944 rxffxxr.exe 93 PID 2708 wrote to memory of 4964 2708 htbnhh.exe 94 PID 2708 wrote to memory of 4964 2708 htbnhh.exe 94 PID 2708 wrote to memory of 4964 2708 htbnhh.exe 94 PID 4964 wrote to memory of 1780 4964 vjddv.exe 95 PID 4964 wrote to memory of 1780 4964 vjddv.exe 95 PID 4964 wrote to memory of 1780 4964 vjddv.exe 95 PID 1780 wrote to memory of 2912 1780 jpjjd.exe 96 PID 1780 wrote to memory of 2912 1780 jpjjd.exe 96 PID 1780 wrote to memory of 2912 1780 jpjjd.exe 96 PID 2912 wrote to memory of 316 2912 rrxlffx.exe 97 PID 2912 wrote to memory of 316 2912 rrxlffx.exe 97 PID 2912 wrote to memory of 316 2912 rrxlffx.exe 97 PID 316 wrote to memory of 4648 316 hbhntb.exe 98 PID 316 wrote to memory of 4648 316 hbhntb.exe 98 PID 316 wrote to memory of 4648 316 hbhntb.exe 98 PID 4648 wrote to memory of 1512 4648 tbhnhh.exe 99 PID 4648 wrote to memory of 1512 4648 tbhnhh.exe 99 PID 4648 wrote to memory of 1512 4648 tbhnhh.exe 99 PID 1512 wrote to memory of 3188 1512 vpppv.exe 100 PID 1512 wrote to memory of 3188 1512 vpppv.exe 100 PID 1512 wrote to memory of 3188 1512 vpppv.exe 100 PID 3188 wrote to memory of 2568 3188 vjppj.exe 101 PID 3188 wrote to memory of 2568 3188 vjppj.exe 101 PID 3188 wrote to memory of 2568 3188 vjppj.exe 101 PID 2568 wrote to memory of 4080 2568 rffxrrl.exe 102 PID 2568 wrote to memory of 4080 2568 rffxrrl.exe 102 PID 2568 wrote to memory of 4080 2568 rffxrrl.exe 102 PID 4080 wrote to memory of 2180 4080 thtnht.exe 103 PID 4080 wrote to memory of 2180 4080 thtnht.exe 103 PID 4080 wrote to memory of 2180 4080 thtnht.exe 103 PID 2180 wrote to memory of 2216 2180 nbbtnh.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\68f03ceae3be7434f22518e24e87eae0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1368 -
\??\c:\ntttnn.exec:\ntttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1608 -
\??\c:\7jppp.exec:\7jppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:744 -
\??\c:\xlrrlll.exec:\xlrrlll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2796 -
\??\c:\btbbtb.exec:\btbbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2104 -
\??\c:\5pvpj.exec:\5pvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3680 -
\??\c:\fflfxxx.exec:\fflfxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3648 -
\??\c:\7bnntt.exec:\7bnntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3812 -
\??\c:\vvjdj.exec:\vvjdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956 -
\??\c:\vppvp.exec:\vppvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3988 -
\??\c:\rxffxxr.exec:\rxffxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1944 -
\??\c:\htbnhh.exec:\htbnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2708 -
\??\c:\vjddv.exec:\vjddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4964 -
\??\c:\jpjjd.exec:\jpjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1780 -
\??\c:\rrxlffx.exec:\rrxlffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\hbhntb.exec:\hbhntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:316 -
\??\c:\tbhnhh.exec:\tbhnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4648 -
\??\c:\vpppv.exec:\vpppv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1512 -
\??\c:\vjppj.exec:\vjppj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3188 -
\??\c:\rffxrrl.exec:\rffxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\thtnht.exec:\thtnht.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4080 -
\??\c:\nbbtnh.exec:\nbbtnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2180 -
\??\c:\dpppj.exec:\dpppj.exe23⤵
- Executes dropped EXE
PID:2216 -
\??\c:\xflllxf.exec:\xflllxf.exe24⤵
- Executes dropped EXE
PID:1084 -
\??\c:\fxfxrff.exec:\fxfxrff.exe25⤵
- Executes dropped EXE
PID:2156 -
\??\c:\3thbbb.exec:\3thbbb.exe26⤵
- Executes dropped EXE
PID:3312 -
\??\c:\tnnnnh.exec:\tnnnnh.exe27⤵
- Executes dropped EXE
PID:1704 -
\??\c:\pjddv.exec:\pjddv.exe28⤵
- Executes dropped EXE
PID:4388 -
\??\c:\xxfffff.exec:\xxfffff.exe29⤵
- Executes dropped EXE
PID:5020 -
\??\c:\1rrrxrr.exec:\1rrrxrr.exe30⤵
- Executes dropped EXE
PID:4220 -
\??\c:\bttnnn.exec:\bttnnn.exe31⤵
- Executes dropped EXE
PID:1628 -
\??\c:\ddddd.exec:\ddddd.exe32⤵
- Executes dropped EXE
PID:640 -
\??\c:\bnnhhh.exec:\bnnhhh.exe33⤵
- Executes dropped EXE
PID:2848 -
\??\c:\tnnhnh.exec:\tnnhnh.exe34⤵
- Executes dropped EXE
PID:1092 -
\??\c:\vjjvv.exec:\vjjvv.exe35⤵
- Executes dropped EXE
PID:4384 -
\??\c:\lllfrff.exec:\lllfrff.exe36⤵
- Executes dropped EXE
PID:2288 -
\??\c:\fxrlxlx.exec:\fxrlxlx.exe37⤵
- Executes dropped EXE
PID:1256 -
\??\c:\tnnnhh.exec:\tnnnhh.exe38⤵
- Executes dropped EXE
PID:4484 -
\??\c:\vjpvv.exec:\vjpvv.exe39⤵
- Executes dropped EXE
PID:1816 -
\??\c:\fflllll.exec:\fflllll.exe40⤵
- Executes dropped EXE
PID:976 -
\??\c:\ffffrrx.exec:\ffffrrx.exe41⤵
- Executes dropped EXE
PID:3432 -
\??\c:\htntnn.exec:\htntnn.exe42⤵
- Executes dropped EXE
PID:4116 -
\??\c:\bthbhb.exec:\bthbhb.exe43⤵
- Executes dropped EXE
PID:2876 -
\??\c:\vpvjp.exec:\vpvjp.exe44⤵
- Executes dropped EXE
PID:4860 -
\??\c:\ppvvp.exec:\ppvvp.exe45⤵
- Executes dropped EXE
PID:4076 -
\??\c:\fffxxxx.exec:\fffxxxx.exe46⤵
- Executes dropped EXE
PID:2844 -
\??\c:\xrfrlrr.exec:\xrfrlrr.exe47⤵
- Executes dropped EXE
PID:4940 -
\??\c:\7ntbtn.exec:\7ntbtn.exe48⤵
- Executes dropped EXE
PID:3936 -
\??\c:\bbhbbb.exec:\bbhbbb.exe49⤵
- Executes dropped EXE
PID:2116 -
\??\c:\9jppj.exec:\9jppj.exe50⤵
- Executes dropped EXE
PID:1980 -
\??\c:\jpvvj.exec:\jpvvj.exe51⤵
- Executes dropped EXE
PID:1212 -
\??\c:\xrrxlll.exec:\xrrxlll.exe52⤵
- Executes dropped EXE
PID:860 -
\??\c:\lfrrlll.exec:\lfrrlll.exe53⤵
- Executes dropped EXE
PID:1668 -
\??\c:\9tbhbh.exec:\9tbhbh.exe54⤵
- Executes dropped EXE
PID:4264 -
\??\c:\nbhbnn.exec:\nbhbnn.exe55⤵
- Executes dropped EXE
PID:3408 -
\??\c:\3vddv.exec:\3vddv.exe56⤵
- Executes dropped EXE
PID:1976 -
\??\c:\pjvpv.exec:\pjvpv.exe57⤵
- Executes dropped EXE
PID:2536 -
\??\c:\xxxxlll.exec:\xxxxlll.exe58⤵
- Executes dropped EXE
PID:4156 -
\??\c:\fxrllll.exec:\fxrllll.exe59⤵
- Executes dropped EXE
PID:4852 -
\??\c:\nbhbtn.exec:\nbhbtn.exe60⤵
- Executes dropped EXE
PID:4728 -
\??\c:\pjdvd.exec:\pjdvd.exe61⤵
- Executes dropped EXE
PID:3568 -
\??\c:\flrlrxf.exec:\flrlrxf.exe62⤵
- Executes dropped EXE
PID:1916 -
\??\c:\rlffxxr.exec:\rlffxxr.exe63⤵
- Executes dropped EXE
PID:2568 -
\??\c:\hbbbbb.exec:\hbbbbb.exe64⤵
- Executes dropped EXE
PID:3272 -
\??\c:\nhbbbt.exec:\nhbbbt.exe65⤵
- Executes dropped EXE
PID:3760 -
\??\c:\jjddp.exec:\jjddp.exe66⤵PID:840
-
\??\c:\dvpjd.exec:\dvpjd.exe67⤵PID:1080
-
\??\c:\fxxrlll.exec:\fxxrlll.exe68⤵PID:4844
-
\??\c:\rrlllrl.exec:\rrlllrl.exe69⤵PID:4540
-
\??\c:\7fllfff.exec:\7fllfff.exe70⤵PID:2228
-
\??\c:\ntttnn.exec:\ntttnn.exe71⤵PID:748
-
\??\c:\9tttnn.exec:\9tttnn.exe72⤵PID:1704
-
\??\c:\jdddd.exec:\jdddd.exe73⤵PID:4828
-
\??\c:\jvdvp.exec:\jvdvp.exe74⤵PID:2548
-
\??\c:\lffxffl.exec:\lffxffl.exe75⤵PID:1056
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe76⤵PID:3396
-
\??\c:\hnbnth.exec:\hnbnth.exe77⤵PID:4972
-
\??\c:\thtthh.exec:\thtthh.exe78⤵PID:3628
-
\??\c:\djvpp.exec:\djvpp.exe79⤵PID:2928
-
\??\c:\7jjdv.exec:\7jjdv.exe80⤵PID:3456
-
\??\c:\pdvdv.exec:\pdvdv.exe81⤵PID:4084
-
\??\c:\rxflrfr.exec:\rxflrfr.exe82⤵PID:3608
-
\??\c:\bbhbbb.exec:\bbhbbb.exe83⤵PID:4384
-
\??\c:\nnnhhh.exec:\nnnhhh.exe84⤵PID:1852
-
\??\c:\jjvvd.exec:\jjvvd.exe85⤵PID:1256
-
\??\c:\pvvpp.exec:\pvvpp.exe86⤵PID:3248
-
\??\c:\lflfrrr.exec:\lflfrrr.exe87⤵PID:2248
-
\??\c:\fxlxxxl.exec:\fxlxxxl.exe88⤵PID:1752
-
\??\c:\bthbtn.exec:\bthbtn.exe89⤵PID:4560
-
\??\c:\1rlffff.exec:\1rlffff.exe90⤵PID:2876
-
\??\c:\rlllxxr.exec:\rlllxxr.exe91⤵PID:4860
-
\??\c:\htthbt.exec:\htthbt.exe92⤵PID:5028
-
\??\c:\7tbtnn.exec:\7tbtnn.exe93⤵PID:1800
-
\??\c:\vjvpj.exec:\vjvpj.exe94⤵PID:3240
-
\??\c:\vpjvj.exec:\vpjvj.exe95⤵PID:3232
-
\??\c:\rlxrfxr.exec:\rlxrfxr.exe96⤵PID:4392
-
\??\c:\xrrlrlf.exec:\xrrlrlf.exe97⤵PID:1944
-
\??\c:\3tnhbb.exec:\3tnhbb.exe98⤵PID:1536
-
\??\c:\nnnnnn.exec:\nnnnnn.exe99⤵PID:440
-
\??\c:\ddvvj.exec:\ddvvj.exe100⤵PID:4296
-
\??\c:\xrrflxf.exec:\xrrflxf.exe101⤵PID:1492
-
\??\c:\1rxrrff.exec:\1rxrrff.exe102⤵PID:2944
-
\??\c:\3ntntn.exec:\3ntntn.exe103⤵PID:4456
-
\??\c:\bthbnn.exec:\bthbnn.exe104⤵PID:316
-
\??\c:\vvdjd.exec:\vvdjd.exe105⤵PID:4112
-
\??\c:\xxxxrxf.exec:\xxxxrxf.exe106⤵PID:4656
-
\??\c:\7hnhtt.exec:\7hnhtt.exe107⤵PID:4868
-
\??\c:\nbhbnh.exec:\nbhbnh.exe108⤵PID:2884
-
\??\c:\3vpdv.exec:\3vpdv.exe109⤵PID:4532
-
\??\c:\vpjvj.exec:\vpjvj.exe110⤵PID:4624
-
\??\c:\5rlxfxf.exec:\5rlxfxf.exe111⤵PID:3272
-
\??\c:\xrlfrxl.exec:\xrlfrxl.exe112⤵PID:3760
-
\??\c:\bnnhbt.exec:\bnnhbt.exe113⤵PID:840
-
\??\c:\djdjv.exec:\djdjv.exe114⤵PID:3900
-
\??\c:\jdpjj.exec:\jdpjj.exe115⤵PID:4016
-
\??\c:\xfxlffr.exec:\xfxlffr.exe116⤵PID:3532
-
\??\c:\xlrlrlx.exec:\xlrlrlx.exe117⤵PID:4324
-
\??\c:\hthbnh.exec:\hthbnh.exe118⤵PID:3984
-
\??\c:\tbntbb.exec:\tbntbb.exe119⤵PID:2364
-
\??\c:\pjpvv.exec:\pjpvv.exe120⤵PID:4864
-
\??\c:\dvdvv.exec:\dvdvv.exe121⤵PID:4556
-
\??\c:\llllrrr.exec:\llllrrr.exe122⤵PID:1056
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-