Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 06:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a315d467fec6f3537a0b07a398a5dc40_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
a315d467fec6f3537a0b07a398a5dc40_NeikiAnalytics.exe
-
Size
60KB
-
MD5
a315d467fec6f3537a0b07a398a5dc40
-
SHA1
3ff68464903417573cefe9c1ceeccfb8350b0201
-
SHA256
d65dfe42077ca86e6ac17a8a0adf488b754c36331e9a431eae98cede8f90447d
-
SHA512
d3e78041e972de5d1611de29296f85679e5a6bee003fc5037cc2fee45aa9089f16ec47f31a65c0b7e6613fa840453a9b34bbde194004917c9db0332d31f027df
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk9UWd:ymb3NkkiQ3mdBjFIvlq2
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral2/memory/1800-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4644-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2188-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/8-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4380-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/412-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2676-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2876-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1368-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/464-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1844-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2572-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2892-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3188-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4524-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5092-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/884-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2368-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1796-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1996-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4364-180-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3232-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3892-196-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1824-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4644 llxllff.exe 2188 xrrlxrl.exe 8 tntnnh.exe 4380 jdjvp.exe 412 nhhthh.exe 2676 nbhthb.exe 2876 vjdpj.exe 1368 flxrlfr.exe 464 ttnhtt.exe 2424 tthtnt.exe 1844 jdjjp.exe 2572 lxfxlfx.exe 60 nnhbbt.exe 4552 1pdpd.exe 4464 vpjpj.exe 2892 5llfxrl.exe 3188 tttnbb.exe 3596 jdjvv.exe 4524 ffxrllf.exe 5092 rlrrrrx.exe 884 jpppj.exe 2368 vjjjv.exe 1508 5fxrfff.exe 1796 3tbbtt.exe 1996 bttnhb.exe 2692 vvddj.exe 4364 lxrlxrr.exe 3232 bnbbhh.exe 3892 pvdpd.exe 3556 ppvdv.exe 1824 1lllfff.exe 4168 hbnhbb.exe 4856 pddvv.exe 4140 fxlxflx.exe 4788 fxlrllx.exe 4068 nhnnhn.exe 2124 djpdd.exe 556 xfxrffx.exe 4396 lrrllfx.exe 4988 ntbtnh.exe 5024 dpdvd.exe 1852 9rlrffx.exe 1096 hhtnht.exe 8 bttnhb.exe 2536 dpjvp.exe 412 flrrfff.exe 3560 fxffxff.exe 1528 htttnn.exe 4984 nhbtnh.exe 404 jdjdd.exe 3680 xflfrrf.exe 3520 nhnnnn.exe 1296 ttnhbb.exe 3216 xflfrll.exe 1416 frxfxxx.exe 4504 tthhbb.exe 1248 1dpjd.exe 4188 vjvpd.exe 868 rllrxxf.exe 2524 nbhhhb.exe 4744 tbhbnh.exe 1232 jpjpj.exe 2172 xlrlxxx.exe 1272 nthbbt.exe -
resource yara_rule behavioral2/memory/1800-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1800-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4644-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2188-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/8-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4380-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/412-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2676-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2676-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2876-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1368-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/464-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1844-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2572-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2892-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3188-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4524-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5092-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/884-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2368-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1796-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1996-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4364-180-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3232-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3892-196-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1824-204-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1800 wrote to memory of 4644 1800 a315d467fec6f3537a0b07a398a5dc40_NeikiAnalytics.exe 83 PID 1800 wrote to memory of 4644 1800 a315d467fec6f3537a0b07a398a5dc40_NeikiAnalytics.exe 83 PID 1800 wrote to memory of 4644 1800 a315d467fec6f3537a0b07a398a5dc40_NeikiAnalytics.exe 83 PID 4644 wrote to memory of 2188 4644 llxllff.exe 84 PID 4644 wrote to memory of 2188 4644 llxllff.exe 84 PID 4644 wrote to memory of 2188 4644 llxllff.exe 84 PID 2188 wrote to memory of 8 2188 xrrlxrl.exe 85 PID 2188 wrote to memory of 8 2188 xrrlxrl.exe 85 PID 2188 wrote to memory of 8 2188 xrrlxrl.exe 85 PID 8 wrote to memory of 4380 8 tntnnh.exe 86 PID 8 wrote to memory of 4380 8 tntnnh.exe 86 PID 8 wrote to memory of 4380 8 tntnnh.exe 86 PID 4380 wrote to memory of 412 4380 jdjvp.exe 87 PID 4380 wrote to memory of 412 4380 jdjvp.exe 87 PID 4380 wrote to memory of 412 4380 jdjvp.exe 87 PID 412 wrote to memory of 2676 412 nhhthh.exe 88 PID 412 wrote to memory of 2676 412 nhhthh.exe 88 PID 412 wrote to memory of 2676 412 nhhthh.exe 88 PID 2676 wrote to memory of 2876 2676 nbhthb.exe 89 PID 2676 wrote to memory of 2876 2676 nbhthb.exe 89 PID 2676 wrote to memory of 2876 2676 nbhthb.exe 89 PID 2876 wrote to memory of 1368 2876 vjdpj.exe 90 PID 2876 wrote to memory of 1368 2876 vjdpj.exe 90 PID 2876 wrote to memory of 1368 2876 vjdpj.exe 90 PID 1368 wrote to memory of 464 1368 flxrlfr.exe 91 PID 1368 wrote to memory of 464 1368 flxrlfr.exe 91 PID 1368 wrote to memory of 464 1368 flxrlfr.exe 91 PID 464 wrote to memory of 2424 464 ttnhtt.exe 92 PID 464 wrote to memory of 2424 464 ttnhtt.exe 92 PID 464 wrote to memory of 2424 464 ttnhtt.exe 92 PID 2424 wrote to memory of 1844 2424 tthtnt.exe 93 PID 2424 wrote to memory of 1844 2424 tthtnt.exe 93 PID 2424 wrote to memory of 1844 2424 tthtnt.exe 93 PID 1844 wrote to memory of 2572 1844 jdjjp.exe 94 PID 1844 wrote to memory of 2572 1844 jdjjp.exe 94 PID 1844 wrote to memory of 2572 1844 jdjjp.exe 94 PID 2572 wrote to memory of 60 2572 lxfxlfx.exe 95 PID 2572 wrote to memory of 60 2572 lxfxlfx.exe 95 PID 2572 wrote to memory of 60 2572 lxfxlfx.exe 95 PID 60 wrote to memory of 4552 60 nnhbbt.exe 96 PID 60 wrote to memory of 4552 60 nnhbbt.exe 96 PID 60 wrote to memory of 4552 60 nnhbbt.exe 96 PID 4552 wrote to memory of 4464 4552 1pdpd.exe 97 PID 4552 wrote to memory of 4464 4552 1pdpd.exe 97 PID 4552 wrote to memory of 4464 4552 1pdpd.exe 97 PID 4464 wrote to memory of 2892 4464 vpjpj.exe 98 PID 4464 wrote to memory of 2892 4464 vpjpj.exe 98 PID 4464 wrote to memory of 2892 4464 vpjpj.exe 98 PID 2892 wrote to memory of 3188 2892 5llfxrl.exe 99 PID 2892 wrote to memory of 3188 2892 5llfxrl.exe 99 PID 2892 wrote to memory of 3188 2892 5llfxrl.exe 99 PID 3188 wrote to memory of 3596 3188 tttnbb.exe 100 PID 3188 wrote to memory of 3596 3188 tttnbb.exe 100 PID 3188 wrote to memory of 3596 3188 tttnbb.exe 100 PID 3596 wrote to memory of 4524 3596 jdjvv.exe 101 PID 3596 wrote to memory of 4524 3596 jdjvv.exe 101 PID 3596 wrote to memory of 4524 3596 jdjvv.exe 101 PID 4524 wrote to memory of 5092 4524 ffxrllf.exe 102 PID 4524 wrote to memory of 5092 4524 ffxrllf.exe 102 PID 4524 wrote to memory of 5092 4524 ffxrllf.exe 102 PID 5092 wrote to memory of 884 5092 rlrrrrx.exe 103 PID 5092 wrote to memory of 884 5092 rlrrrrx.exe 103 PID 5092 wrote to memory of 884 5092 rlrrrrx.exe 103 PID 884 wrote to memory of 2368 884 jpppj.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\a315d467fec6f3537a0b07a398a5dc40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a315d467fec6f3537a0b07a398a5dc40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\llxllff.exec:\llxllff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4644 -
\??\c:\xrrlxrl.exec:\xrrlxrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2188 -
\??\c:\tntnnh.exec:\tntnnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:8 -
\??\c:\jdjvp.exec:\jdjvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4380 -
\??\c:\nhhthh.exec:\nhhthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:412 -
\??\c:\nbhthb.exec:\nbhthb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2676 -
\??\c:\vjdpj.exec:\vjdpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2876 -
\??\c:\flxrlfr.exec:\flxrlfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1368 -
\??\c:\ttnhtt.exec:\ttnhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:464 -
\??\c:\tthtnt.exec:\tthtnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\jdjjp.exec:\jdjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1844 -
\??\c:\lxfxlfx.exec:\lxfxlfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2572 -
\??\c:\nnhbbt.exec:\nnhbbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:60 -
\??\c:\1pdpd.exec:\1pdpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4552 -
\??\c:\vpjpj.exec:\vpjpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4464 -
\??\c:\5llfxrl.exec:\5llfxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\tttnbb.exec:\tttnbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3188 -
\??\c:\jdjvv.exec:\jdjvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3596 -
\??\c:\ffxrllf.exec:\ffxrllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4524 -
\??\c:\rlrrrrx.exec:\rlrrrrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5092 -
\??\c:\jpppj.exec:\jpppj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:884 -
\??\c:\vjjjv.exec:\vjjjv.exe23⤵
- Executes dropped EXE
PID:2368 -
\??\c:\5fxrfff.exec:\5fxrfff.exe24⤵
- Executes dropped EXE
PID:1508 -
\??\c:\3tbbtt.exec:\3tbbtt.exe25⤵
- Executes dropped EXE
PID:1796 -
\??\c:\bttnhb.exec:\bttnhb.exe26⤵
- Executes dropped EXE
PID:1996 -
\??\c:\vvddj.exec:\vvddj.exe27⤵
- Executes dropped EXE
PID:2692 -
\??\c:\lxrlxrr.exec:\lxrlxrr.exe28⤵
- Executes dropped EXE
PID:4364 -
\??\c:\bnbbhh.exec:\bnbbhh.exe29⤵
- Executes dropped EXE
PID:3232 -
\??\c:\pvdpd.exec:\pvdpd.exe30⤵
- Executes dropped EXE
PID:3892 -
\??\c:\ppvdv.exec:\ppvdv.exe31⤵
- Executes dropped EXE
PID:3556 -
\??\c:\1lllfff.exec:\1lllfff.exe32⤵
- Executes dropped EXE
PID:1824 -
\??\c:\hbnhbb.exec:\hbnhbb.exe33⤵
- Executes dropped EXE
PID:4168 -
\??\c:\pddvv.exec:\pddvv.exe34⤵
- Executes dropped EXE
PID:4856 -
\??\c:\fxlxflx.exec:\fxlxflx.exe35⤵
- Executes dropped EXE
PID:4140 -
\??\c:\fxlrllx.exec:\fxlrllx.exe36⤵
- Executes dropped EXE
PID:4788 -
\??\c:\nhnnhn.exec:\nhnnhn.exe37⤵
- Executes dropped EXE
PID:4068 -
\??\c:\djpdd.exec:\djpdd.exe38⤵
- Executes dropped EXE
PID:2124 -
\??\c:\xfxrffx.exec:\xfxrffx.exe39⤵
- Executes dropped EXE
PID:556 -
\??\c:\lrrllfx.exec:\lrrllfx.exe40⤵
- Executes dropped EXE
PID:4396 -
\??\c:\ntbtnh.exec:\ntbtnh.exe41⤵
- Executes dropped EXE
PID:4988 -
\??\c:\dpdvd.exec:\dpdvd.exe42⤵
- Executes dropped EXE
PID:5024 -
\??\c:\9rlrffx.exec:\9rlrffx.exe43⤵
- Executes dropped EXE
PID:1852 -
\??\c:\hhtnht.exec:\hhtnht.exe44⤵
- Executes dropped EXE
PID:1096 -
\??\c:\bttnhb.exec:\bttnhb.exe45⤵
- Executes dropped EXE
PID:8 -
\??\c:\dpjvp.exec:\dpjvp.exe46⤵
- Executes dropped EXE
PID:2536 -
\??\c:\flrrfff.exec:\flrrfff.exe47⤵
- Executes dropped EXE
PID:412 -
\??\c:\fxffxff.exec:\fxffxff.exe48⤵
- Executes dropped EXE
PID:3560 -
\??\c:\htttnn.exec:\htttnn.exe49⤵
- Executes dropped EXE
PID:1528 -
\??\c:\nhbtnh.exec:\nhbtnh.exe50⤵
- Executes dropped EXE
PID:4984 -
\??\c:\jdjdd.exec:\jdjdd.exe51⤵
- Executes dropped EXE
PID:404 -
\??\c:\xflfrrf.exec:\xflfrrf.exe52⤵
- Executes dropped EXE
PID:3680 -
\??\c:\nhnnnn.exec:\nhnnnn.exe53⤵
- Executes dropped EXE
PID:3520 -
\??\c:\ttnhbb.exec:\ttnhbb.exe54⤵
- Executes dropped EXE
PID:1296 -
\??\c:\xflfrll.exec:\xflfrll.exe55⤵
- Executes dropped EXE
PID:3216 -
\??\c:\frxfxxx.exec:\frxfxxx.exe56⤵
- Executes dropped EXE
PID:1416 -
\??\c:\tthhbb.exec:\tthhbb.exe57⤵
- Executes dropped EXE
PID:4504 -
\??\c:\1dpjd.exec:\1dpjd.exe58⤵
- Executes dropped EXE
PID:1248 -
\??\c:\vjvpd.exec:\vjvpd.exe59⤵
- Executes dropped EXE
PID:4188 -
\??\c:\rllrxxf.exec:\rllrxxf.exe60⤵
- Executes dropped EXE
PID:868 -
\??\c:\nbhhhb.exec:\nbhhhb.exe61⤵
- Executes dropped EXE
PID:2524 -
\??\c:\tbhbnh.exec:\tbhbnh.exe62⤵
- Executes dropped EXE
PID:4744 -
\??\c:\jpjpj.exec:\jpjpj.exe63⤵
- Executes dropped EXE
PID:1232 -
\??\c:\xlrlxxx.exec:\xlrlxxx.exe64⤵
- Executes dropped EXE
PID:2172 -
\??\c:\nthbbt.exec:\nthbbt.exe65⤵
- Executes dropped EXE
PID:1272 -
\??\c:\jjdvp.exec:\jjdvp.exe66⤵PID:3760
-
\??\c:\nnhbnh.exec:\nnhbnh.exe67⤵PID:2316
-
\??\c:\jddvj.exec:\jddvj.exe68⤵PID:4400
-
\??\c:\vvppd.exec:\vvppd.exe69⤵PID:4720
-
\??\c:\frllxxf.exec:\frllxxf.exe70⤵PID:4544
-
\??\c:\bbttth.exec:\bbttth.exe71⤵PID:3616
-
\??\c:\7dddp.exec:\7dddp.exe72⤵PID:1220
-
\??\c:\7rrfxxr.exec:\7rrfxxr.exe73⤵PID:4364
-
\??\c:\frrlffr.exec:\frrlffr.exe74⤵PID:4208
-
\??\c:\tbbbtn.exec:\tbbbtn.exe75⤵PID:2136
-
\??\c:\vjddd.exec:\vjddd.exe76⤵PID:2144
-
\??\c:\vjpdp.exec:\vjpdp.exe77⤵PID:3356
-
\??\c:\frlxrlx.exec:\frlxrlx.exe78⤵PID:4924
-
\??\c:\btbbtt.exec:\btbbtt.exe79⤵PID:4168
-
\??\c:\hnhbtb.exec:\hnhbtb.exe80⤵PID:4784
-
\??\c:\pjpjj.exec:\pjpjj.exe81⤵PID:3364
-
\??\c:\lfxlxlf.exec:\lfxlxlf.exe82⤵PID:2760
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe83⤵PID:3496
-
\??\c:\thbtnb.exec:\thbtnb.exe84⤵PID:4120
-
\??\c:\vpjdv.exec:\vpjdv.exe85⤵PID:4292
-
\??\c:\1xxlxxr.exec:\1xxlxxr.exe86⤵PID:4540
-
\??\c:\xflfxxr.exec:\xflfxxr.exe87⤵PID:3184
-
\??\c:\9bbbbb.exec:\9bbbbb.exe88⤵PID:2756
-
\??\c:\jpvpj.exec:\jpvpj.exe89⤵PID:2720
-
\??\c:\dpvvj.exec:\dpvvj.exe90⤵PID:4228
-
\??\c:\lxffrll.exec:\lxffrll.exe91⤵PID:4380
-
\??\c:\htnhbt.exec:\htnhbt.exe92⤵PID:1728
-
\??\c:\bnnbnn.exec:\bnnbnn.exe93⤵PID:2676
-
\??\c:\vjvdd.exec:\vjvdd.exe94⤵PID:3560
-
\??\c:\vjpjj.exec:\vjpjj.exe95⤵PID:4968
-
\??\c:\rllfrlf.exec:\rllfrlf.exe96⤵PID:4176
-
\??\c:\hntttt.exec:\hntttt.exe97⤵PID:2016
-
\??\c:\nntbbb.exec:\nntbbb.exe98⤵PID:4476
-
\??\c:\pjddp.exec:\pjddp.exe99⤵PID:2860
-
\??\c:\frxrrrx.exec:\frxrrrx.exe100⤵PID:2180
-
\??\c:\htbbtn.exec:\htbbtn.exe101⤵PID:4536
-
\??\c:\3dvdp.exec:\3dvdp.exe102⤵PID:2488
-
\??\c:\rrrfxfx.exec:\rrrfxfx.exe103⤵PID:3268
-
\??\c:\rrrxrfx.exec:\rrrxrfx.exe104⤵PID:4500
-
\??\c:\hbbtnn.exec:\hbbtnn.exe105⤵PID:4188
-
\??\c:\nnnhtn.exec:\nnnhtn.exe106⤵PID:4092
-
\??\c:\vjpjv.exec:\vjpjv.exe107⤵PID:1068
-
\??\c:\fllxrlf.exec:\fllxrlf.exe108⤵PID:3768
-
\??\c:\dppjd.exec:\dppjd.exe109⤵PID:5092
-
\??\c:\xlfxrll.exec:\xlfxrll.exe110⤵PID:3348
-
\??\c:\frfrrlx.exec:\frfrrlx.exe111⤵PID:2368
-
\??\c:\htbbtb.exec:\htbbtb.exe112⤵PID:2792
-
\??\c:\jpjdp.exec:\jpjdp.exe113⤵PID:3344
-
\??\c:\pdjdv.exec:\pdjdv.exe114⤵PID:2300
-
\??\c:\frxrrll.exec:\frxrrll.exe115⤵PID:4364
-
\??\c:\dpppj.exec:\dpppj.exe116⤵PID:3892
-
\??\c:\vjjdp.exec:\vjjdp.exe117⤵PID:912
-
\??\c:\3xlxfff.exec:\3xlxfff.exe118⤵PID:4348
-
\??\c:\nnttbh.exec:\nnttbh.exe119⤵PID:2916
-
\??\c:\1bbhnb.exec:\1bbhnb.exe120⤵PID:1492
-
\??\c:\5vvjv.exec:\5vvjv.exe121⤵PID:4784
-
\??\c:\lflxrlx.exec:\lflxrlx.exe122⤵PID:3364
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-