Analysis
-
max time kernel
138s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 06:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a2e6e46097ab26e58862d3cfb836f4f0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
a2e6e46097ab26e58862d3cfb836f4f0_NeikiAnalytics.exe
-
Size
394KB
-
MD5
a2e6e46097ab26e58862d3cfb836f4f0
-
SHA1
62f1226a3e5574a369b298bb3495a85e2b3a0755
-
SHA256
3ca482c4b8b0e279797aaaacb8fcb98c70c30c4007c7112d5389b95fd634c044
-
SHA512
1a4a9460f217b4199353804277ba92992711c80654ed174befeeac4d4a9ae7c08b720cdf920bdbee8adfb3d71085d83569a3a7bdd0debd01696b36919bc057f9
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkobjcSbcY+CaQdaFOY4iGFYtRdu/6:n3C9ytvngQjZbz+xt4vFBy
Malware Config
Signatures
-
Detect Blackmoon payload 27 IoCs
resource yara_rule behavioral2/memory/3248-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2472-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1420-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3412-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1268-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5084-49-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2816-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4156-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4236-71-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/512-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1296-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3268-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3380-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3288-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1500-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3040-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1552-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/748-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4500-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2468-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4036-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1184-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4444-180-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4728-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2064-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1192-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3916-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1420 jvjvj.exe 2472 xffrlfr.exe 4320 1tnhbb.exe 3412 jjvdp.exe 1268 dpvpp.exe 5084 5vvpv.exe 2816 1ffrfxl.exe 4156 3frflff.exe 4236 jvppd.exe 512 frlxllx.exe 1296 nnhttn.exe 3268 xlllxxl.exe 3380 ttbtbt.exe 3288 jddpp.exe 1500 hhhbhb.exe 3040 jddpj.exe 1552 hhtnhh.exe 748 vvvpd.exe 4500 9lxxxxf.exe 1564 ddjdv.exe 2468 frrfrlx.exe 4036 bhnhtn.exe 1184 pddvj.exe 3792 rrxlxfr.exe 4728 btnhbt.exe 4444 vjdvj.exe 5004 5fxxrxx.exe 3840 bhtnnh.exe 2064 9jjjd.exe 1192 xrxxlll.exe 3916 jjjjv.exe 1848 rflfllr.exe 4308 pjvvd.exe 3112 frrffff.exe 1072 rxrlrrx.exe 3324 hbthhh.exe 2248 vvjjv.exe 2080 fllllrx.exe 1452 hthnnn.exe 2416 vdddv.exe 1640 jdjvd.exe 2252 xflxxxx.exe 376 nnbnnh.exe 1064 ppdvd.exe 1688 jjjjj.exe 4736 xflffxx.exe 2744 tnhbbt.exe 3048 jvdvv.exe 2920 xlrrrrr.exe 4152 lflllfx.exe 4752 hhtnnt.exe 1768 vvdpp.exe 4960 1ffxrrl.exe 3140 7hhbbt.exe 1840 djdvj.exe 2308 xxlxxff.exe 2424 thttbb.exe 4848 bnbttt.exe 4404 pjvpv.exe 1300 flflffl.exe 2696 nhhnhb.exe 4596 vpvjj.exe 2976 vpvpv.exe 1508 lrxxrxr.exe -
resource yara_rule behavioral2/memory/3248-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1420-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2472-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1420-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3412-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3412-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3412-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1268-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5084-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2816-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4156-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4156-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4156-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4156-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4236-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/512-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1296-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3268-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3380-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3288-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1500-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3040-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1552-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/748-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4500-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2468-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4036-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1184-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4444-180-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4728-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2064-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1192-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3916-204-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3248 wrote to memory of 1420 3248 a2e6e46097ab26e58862d3cfb836f4f0_NeikiAnalytics.exe 84 PID 3248 wrote to memory of 1420 3248 a2e6e46097ab26e58862d3cfb836f4f0_NeikiAnalytics.exe 84 PID 3248 wrote to memory of 1420 3248 a2e6e46097ab26e58862d3cfb836f4f0_NeikiAnalytics.exe 84 PID 1420 wrote to memory of 2472 1420 jvjvj.exe 85 PID 1420 wrote to memory of 2472 1420 jvjvj.exe 85 PID 1420 wrote to memory of 2472 1420 jvjvj.exe 85 PID 2472 wrote to memory of 4320 2472 xffrlfr.exe 86 PID 2472 wrote to memory of 4320 2472 xffrlfr.exe 86 PID 2472 wrote to memory of 4320 2472 xffrlfr.exe 86 PID 4320 wrote to memory of 3412 4320 1tnhbb.exe 87 PID 4320 wrote to memory of 3412 4320 1tnhbb.exe 87 PID 4320 wrote to memory of 3412 4320 1tnhbb.exe 87 PID 3412 wrote to memory of 1268 3412 jjvdp.exe 88 PID 3412 wrote to memory of 1268 3412 jjvdp.exe 88 PID 3412 wrote to memory of 1268 3412 jjvdp.exe 88 PID 1268 wrote to memory of 5084 1268 dpvpp.exe 89 PID 1268 wrote to memory of 5084 1268 dpvpp.exe 89 PID 1268 wrote to memory of 5084 1268 dpvpp.exe 89 PID 5084 wrote to memory of 2816 5084 5vvpv.exe 90 PID 5084 wrote to memory of 2816 5084 5vvpv.exe 90 PID 5084 wrote to memory of 2816 5084 5vvpv.exe 90 PID 2816 wrote to memory of 4156 2816 1ffrfxl.exe 91 PID 2816 wrote to memory of 4156 2816 1ffrfxl.exe 91 PID 2816 wrote to memory of 4156 2816 1ffrfxl.exe 91 PID 4156 wrote to memory of 4236 4156 3frflff.exe 92 PID 4156 wrote to memory of 4236 4156 3frflff.exe 92 PID 4156 wrote to memory of 4236 4156 3frflff.exe 92 PID 4236 wrote to memory of 512 4236 jvppd.exe 93 PID 4236 wrote to memory of 512 4236 jvppd.exe 93 PID 4236 wrote to memory of 512 4236 jvppd.exe 93 PID 512 wrote to memory of 1296 512 frlxllx.exe 94 PID 512 wrote to memory of 1296 512 frlxllx.exe 94 PID 512 wrote to memory of 1296 512 frlxllx.exe 94 PID 1296 wrote to memory of 3268 1296 nnhttn.exe 95 PID 1296 wrote to memory of 3268 1296 nnhttn.exe 95 PID 1296 wrote to memory of 3268 1296 nnhttn.exe 95 PID 3268 wrote to memory of 3380 3268 xlllxxl.exe 96 PID 3268 wrote to memory of 3380 3268 xlllxxl.exe 96 PID 3268 wrote to memory of 3380 3268 xlllxxl.exe 96 PID 3380 wrote to memory of 3288 3380 ttbtbt.exe 97 PID 3380 wrote to memory of 3288 3380 ttbtbt.exe 97 PID 3380 wrote to memory of 3288 3380 ttbtbt.exe 97 PID 3288 wrote to memory of 1500 3288 jddpp.exe 98 PID 3288 wrote to memory of 1500 3288 jddpp.exe 98 PID 3288 wrote to memory of 1500 3288 jddpp.exe 98 PID 1500 wrote to memory of 3040 1500 hhhbhb.exe 100 PID 1500 wrote to memory of 3040 1500 hhhbhb.exe 100 PID 1500 wrote to memory of 3040 1500 hhhbhb.exe 100 PID 3040 wrote to memory of 1552 3040 jddpj.exe 101 PID 3040 wrote to memory of 1552 3040 jddpj.exe 101 PID 3040 wrote to memory of 1552 3040 jddpj.exe 101 PID 1552 wrote to memory of 748 1552 hhtnhh.exe 103 PID 1552 wrote to memory of 748 1552 hhtnhh.exe 103 PID 1552 wrote to memory of 748 1552 hhtnhh.exe 103 PID 748 wrote to memory of 4500 748 vvvpd.exe 104 PID 748 wrote to memory of 4500 748 vvvpd.exe 104 PID 748 wrote to memory of 4500 748 vvvpd.exe 104 PID 4500 wrote to memory of 1564 4500 9lxxxxf.exe 106 PID 4500 wrote to memory of 1564 4500 9lxxxxf.exe 106 PID 4500 wrote to memory of 1564 4500 9lxxxxf.exe 106 PID 1564 wrote to memory of 2468 1564 ddjdv.exe 107 PID 1564 wrote to memory of 2468 1564 ddjdv.exe 107 PID 1564 wrote to memory of 2468 1564 ddjdv.exe 107 PID 2468 wrote to memory of 4036 2468 frrfrlx.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2e6e46097ab26e58862d3cfb836f4f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a2e6e46097ab26e58862d3cfb836f4f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3248 -
\??\c:\jvjvj.exec:\jvjvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1420 -
\??\c:\xffrlfr.exec:\xffrlfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2472 -
\??\c:\1tnhbb.exec:\1tnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4320 -
\??\c:\jjvdp.exec:\jjvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3412 -
\??\c:\dpvpp.exec:\dpvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1268 -
\??\c:\5vvpv.exec:\5vvpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5084 -
\??\c:\1ffrfxl.exec:\1ffrfxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\3frflff.exec:\3frflff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4156 -
\??\c:\jvppd.exec:\jvppd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4236 -
\??\c:\frlxllx.exec:\frlxllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:512 -
\??\c:\nnhttn.exec:\nnhttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1296 -
\??\c:\xlllxxl.exec:\xlllxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3268 -
\??\c:\ttbtbt.exec:\ttbtbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3380 -
\??\c:\jddpp.exec:\jddpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3288 -
\??\c:\hhhbhb.exec:\hhhbhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1500 -
\??\c:\jddpj.exec:\jddpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\hhtnhh.exec:\hhtnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1552 -
\??\c:\vvvpd.exec:\vvvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:748 -
\??\c:\9lxxxxf.exec:\9lxxxxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4500 -
\??\c:\ddjdv.exec:\ddjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\frrfrlx.exec:\frrfrlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\bhnhtn.exec:\bhnhtn.exe23⤵
- Executes dropped EXE
PID:4036 -
\??\c:\pddvj.exec:\pddvj.exe24⤵
- Executes dropped EXE
PID:1184 -
\??\c:\rrxlxfr.exec:\rrxlxfr.exe25⤵
- Executes dropped EXE
PID:3792 -
\??\c:\btnhbt.exec:\btnhbt.exe26⤵
- Executes dropped EXE
PID:4728 -
\??\c:\vjdvj.exec:\vjdvj.exe27⤵
- Executes dropped EXE
PID:4444 -
\??\c:\5fxxrxx.exec:\5fxxrxx.exe28⤵
- Executes dropped EXE
PID:5004 -
\??\c:\bhtnnh.exec:\bhtnnh.exe29⤵
- Executes dropped EXE
PID:3840 -
\??\c:\9jjjd.exec:\9jjjd.exe30⤵
- Executes dropped EXE
PID:2064 -
\??\c:\xrxxlll.exec:\xrxxlll.exe31⤵
- Executes dropped EXE
PID:1192 -
\??\c:\jjjjv.exec:\jjjjv.exe32⤵
- Executes dropped EXE
PID:3916 -
\??\c:\jjpjd.exec:\jjpjd.exe33⤵PID:5076
-
\??\c:\rflfllr.exec:\rflfllr.exe34⤵
- Executes dropped EXE
PID:1848 -
\??\c:\pjvvd.exec:\pjvvd.exe35⤵
- Executes dropped EXE
PID:4308 -
\??\c:\frrffff.exec:\frrffff.exe36⤵
- Executes dropped EXE
PID:3112 -
\??\c:\rxrlrrx.exec:\rxrlrrx.exe37⤵
- Executes dropped EXE
PID:1072 -
\??\c:\hbthhh.exec:\hbthhh.exe38⤵
- Executes dropped EXE
PID:3324 -
\??\c:\vvjjv.exec:\vvjjv.exe39⤵
- Executes dropped EXE
PID:2248 -
\??\c:\fllllrx.exec:\fllllrx.exe40⤵
- Executes dropped EXE
PID:2080 -
\??\c:\hthnnn.exec:\hthnnn.exe41⤵
- Executes dropped EXE
PID:1452 -
\??\c:\vdddv.exec:\vdddv.exe42⤵
- Executes dropped EXE
PID:2416 -
\??\c:\jdjvd.exec:\jdjvd.exe43⤵
- Executes dropped EXE
PID:1640 -
\??\c:\xflxxxx.exec:\xflxxxx.exe44⤵
- Executes dropped EXE
PID:2252 -
\??\c:\nnbnnh.exec:\nnbnnh.exe45⤵
- Executes dropped EXE
PID:376 -
\??\c:\ppdvd.exec:\ppdvd.exe46⤵
- Executes dropped EXE
PID:1064 -
\??\c:\jjjjj.exec:\jjjjj.exe47⤵
- Executes dropped EXE
PID:1688 -
\??\c:\xflffxx.exec:\xflffxx.exe48⤵
- Executes dropped EXE
PID:4736 -
\??\c:\tnhbbt.exec:\tnhbbt.exe49⤵
- Executes dropped EXE
PID:2744 -
\??\c:\jvdvv.exec:\jvdvv.exe50⤵
- Executes dropped EXE
PID:3048 -
\??\c:\xlrrrrr.exec:\xlrrrrr.exe51⤵
- Executes dropped EXE
PID:2920 -
\??\c:\lflllfx.exec:\lflllfx.exe52⤵
- Executes dropped EXE
PID:4152 -
\??\c:\hhtnnt.exec:\hhtnnt.exe53⤵
- Executes dropped EXE
PID:4752 -
\??\c:\vvdpp.exec:\vvdpp.exe54⤵
- Executes dropped EXE
PID:1768 -
\??\c:\1ffxrrl.exec:\1ffxrrl.exe55⤵
- Executes dropped EXE
PID:4960 -
\??\c:\7hhbbt.exec:\7hhbbt.exe56⤵
- Executes dropped EXE
PID:3140 -
\??\c:\djdvj.exec:\djdvj.exe57⤵
- Executes dropped EXE
PID:1840 -
\??\c:\xxlxxff.exec:\xxlxxff.exe58⤵
- Executes dropped EXE
PID:2308 -
\??\c:\thttbb.exec:\thttbb.exe59⤵
- Executes dropped EXE
PID:2424 -
\??\c:\bnbttt.exec:\bnbttt.exe60⤵
- Executes dropped EXE
PID:4848 -
\??\c:\pjvpv.exec:\pjvpv.exe61⤵
- Executes dropped EXE
PID:4404 -
\??\c:\flflffl.exec:\flflffl.exe62⤵
- Executes dropped EXE
PID:1300 -
\??\c:\nhhnhb.exec:\nhhnhb.exe63⤵
- Executes dropped EXE
PID:2696 -
\??\c:\vpvjj.exec:\vpvjj.exe64⤵
- Executes dropped EXE
PID:4596 -
\??\c:\vpvpv.exec:\vpvpv.exe65⤵
- Executes dropped EXE
PID:2976 -
\??\c:\lrxxrxr.exec:\lrxxrxr.exe66⤵
- Executes dropped EXE
PID:1508 -
\??\c:\thnnnn.exec:\thnnnn.exe67⤵PID:388
-
\??\c:\ppdvd.exec:\ppdvd.exe68⤵PID:3356
-
\??\c:\pjpvp.exec:\pjpvp.exe69⤵PID:1656
-
\??\c:\hhbbbh.exec:\hhbbbh.exe70⤵PID:3108
-
\??\c:\vvddv.exec:\vvddv.exe71⤵PID:4300
-
\??\c:\dpdvp.exec:\dpdvp.exe72⤵PID:3752
-
\??\c:\thbhnb.exec:\thbhnb.exe73⤵PID:3028
-
\??\c:\xxxrrxx.exec:\xxxrrxx.exe74⤵PID:4664
-
\??\c:\1bhbth.exec:\1bhbth.exe75⤵PID:876
-
\??\c:\9dddp.exec:\9dddp.exe76⤵PID:2300
-
\??\c:\lfrfrll.exec:\lfrfrll.exe77⤵PID:440
-
\??\c:\rrffxxx.exec:\rrffxxx.exe78⤵PID:3172
-
\??\c:\nhbtnh.exec:\nhbtnh.exe79⤵PID:2128
-
\??\c:\3dvvp.exec:\3dvvp.exe80⤵PID:1692
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe81⤵PID:2080
-
\??\c:\tnhtnn.exec:\tnhtnn.exe82⤵PID:3552
-
\??\c:\tntnbb.exec:\tntnbb.exe83⤵PID:2416
-
\??\c:\dpvdd.exec:\dpvdd.exe84⤵PID:3968
-
\??\c:\xlffxxr.exec:\xlffxxr.exe85⤵PID:3844
-
\??\c:\nhnbbt.exec:\nhnbbt.exe86⤵PID:4236
-
\??\c:\7vpdv.exec:\7vpdv.exe87⤵PID:764
-
\??\c:\vppjd.exec:\vppjd.exe88⤵PID:792
-
\??\c:\7xxrfff.exec:\7xxrfff.exe89⤵PID:3972
-
\??\c:\bhnhbb.exec:\bhnhbb.exe90⤵PID:4812
-
\??\c:\tbbthh.exec:\tbbthh.exe91⤵PID:3048
-
\??\c:\pvddp.exec:\pvddp.exe92⤵PID:1208
-
\??\c:\lrxxxxf.exec:\lrxxxxf.exe93⤵PID:3148
-
\??\c:\ffrflll.exec:\ffrflll.exe94⤵PID:4992
-
\??\c:\1bnntb.exec:\1bnntb.exe95⤵PID:716
-
\??\c:\bnbttn.exec:\bnbttn.exe96⤵PID:2732
-
\??\c:\pvvpp.exec:\pvvpp.exe97⤵PID:3040
-
\??\c:\frrrlxx.exec:\frrrlxx.exe98⤵PID:1152
-
\??\c:\3rxxfxx.exec:\3rxxfxx.exe99⤵PID:2136
-
\??\c:\nnhhbn.exec:\nnhhbn.exe100⤵PID:5092
-
\??\c:\5vdpj.exec:\5vdpj.exe101⤵PID:3620
-
\??\c:\xxlllxx.exec:\xxlllxx.exe102⤵PID:4360
-
\??\c:\1rlfxff.exec:\1rlfxff.exe103⤵PID:1340
-
\??\c:\bnhbbt.exec:\bnhbbt.exe104⤵PID:4268
-
\??\c:\ntbttt.exec:\ntbttt.exe105⤵PID:2688
-
\??\c:\pdjdj.exec:\pdjdj.exe106⤵PID:3664
-
\??\c:\ffflllf.exec:\ffflllf.exe107⤵PID:3776
-
\??\c:\ntnhhh.exec:\ntnhhh.exe108⤵PID:3792
-
\??\c:\nbbbbt.exec:\nbbbbt.exe109⤵PID:1728
-
\??\c:\vdvpj.exec:\vdvpj.exe110⤵PID:3300
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe111⤵PID:1372
-
\??\c:\ttttbh.exec:\ttttbh.exe112⤵PID:544
-
\??\c:\nhhhbh.exec:\nhhhbh.exe113⤵PID:1012
-
\??\c:\ppvvv.exec:\ppvvv.exe114⤵PID:4420
-
\??\c:\xrxrlll.exec:\xrxrlll.exe115⤵PID:4844
-
\??\c:\rxllfff.exec:\rxllfff.exe116⤵PID:3324
-
\??\c:\bhbnhb.exec:\bhbnhb.exe117⤵PID:4860
-
\??\c:\pdjpj.exec:\pdjpj.exe118⤵PID:2080
-
\??\c:\jdppp.exec:\jdppp.exe119⤵PID:1640
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe120⤵PID:1044
-
\??\c:\btbbbb.exec:\btbbbb.exe121⤵PID:4332
-
\??\c:\pdddp.exec:\pdddp.exe122⤵PID:632
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-