Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe
-
Size
55KB
-
MD5
c9916c423e552b6fbeaae00ad2ba9df0
-
SHA1
8d75f5f9038c5a785769d3fa12d257f679d70fce
-
SHA256
d838239b504e4011a99b0090bc1e3bc0bd898767b1fa61fd661147288c194d10
-
SHA512
87f816f3297d653830e88301fcfd31be0de50616e76059f4018ca591d4c126bdb7cc79e5dbe70a44181d34a1f1623adeaff28cd0b7a85d4743b457afe1e22d28
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFk:ymb3NkkiQ3mdBjFIFk
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/3292-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3952-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1000-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5080-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3628-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3528-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1384-207-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1744-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3992-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/464-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4916-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1072-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2276-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3152-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1568-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3724-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1768-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2880-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2880-71-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2764-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3272-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3972-43-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3972-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1820-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3364-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3952 5vpjv.exe 1000 dvjdp.exe 3364 flxlfrf.exe 1820 lxxlfxr.exe 3972 tnnbbn.exe 3272 djjvp.exe 2764 vvpdv.exe 5080 fxrlfxr.exe 2880 xflfxrl.exe 1768 htbtbb.exe 3724 hhhbtn.exe 1568 pdjjd.exe 3152 pdvvj.exe 2276 fxlxrlx.exe 4668 frrffxr.exe 1072 rxrfxlf.exe 4916 hbbtht.exe 464 hbnbht.exe 184 ppvjd.exe 4620 1xrlrlf.exe 4752 xrrlfxl.exe 4920 btbbnt.exe 3628 hbbnhb.exe 1328 9nbnbb.exe 3528 vddpd.exe 3992 dppdp.exe 1980 9frlxrl.exe 3264 9hnbtn.exe 3004 1ppjd.exe 1744 jdpdv.exe 1384 fxxlfrl.exe 4480 lxlfrlf.exe 4800 lxfxxxr.exe 1652 bththb.exe 1380 djdpd.exe 2200 3jjjj.exe 892 lxxfrlx.exe 4908 xffrfxl.exe 4696 xlxrlfr.exe 4732 btbnbt.exe 4692 htnhnb.exe 1828 7vpdj.exe 4468 dpdvj.exe 3228 lfrfrlx.exe 3904 lfxrrxx.exe 540 1ththh.exe 4504 7hhthb.exe 60 3jvjd.exe 4872 djjdj.exe 3724 fxrlfxr.exe 3128 fxrlfxr.exe 3028 lflxrrr.exe 2908 thbtht.exe 3120 nbthtn.exe 2904 pjdvj.exe 3160 pdjvv.exe 1528 rxrlrrf.exe 224 7lfrllf.exe 184 hbtnbt.exe 3252 pdpjv.exe 3832 fxxrxrx.exe 784 lxxrfxr.exe 1996 nhthbt.exe 1376 9btnbh.exe -
resource yara_rule behavioral2/memory/3292-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3952-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1000-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5080-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3628-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3528-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1384-207-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1744-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3992-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/464-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4916-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1072-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2276-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3152-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1568-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3724-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1768-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1768-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1768-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1768-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2880-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2764-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2764-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3272-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3972-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1820-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3364-25-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3292 wrote to memory of 3952 3292 c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe 83 PID 3292 wrote to memory of 3952 3292 c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe 83 PID 3292 wrote to memory of 3952 3292 c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe 83 PID 3952 wrote to memory of 1000 3952 5vpjv.exe 84 PID 3952 wrote to memory of 1000 3952 5vpjv.exe 84 PID 3952 wrote to memory of 1000 3952 5vpjv.exe 84 PID 1000 wrote to memory of 3364 1000 dvjdp.exe 85 PID 1000 wrote to memory of 3364 1000 dvjdp.exe 85 PID 1000 wrote to memory of 3364 1000 dvjdp.exe 85 PID 3364 wrote to memory of 1820 3364 flxlfrf.exe 86 PID 3364 wrote to memory of 1820 3364 flxlfrf.exe 86 PID 3364 wrote to memory of 1820 3364 flxlfrf.exe 86 PID 1820 wrote to memory of 3972 1820 lxxlfxr.exe 87 PID 1820 wrote to memory of 3972 1820 lxxlfxr.exe 87 PID 1820 wrote to memory of 3972 1820 lxxlfxr.exe 87 PID 3972 wrote to memory of 3272 3972 tnnbbn.exe 88 PID 3972 wrote to memory of 3272 3972 tnnbbn.exe 88 PID 3972 wrote to memory of 3272 3972 tnnbbn.exe 88 PID 3272 wrote to memory of 2764 3272 djjvp.exe 89 PID 3272 wrote to memory of 2764 3272 djjvp.exe 89 PID 3272 wrote to memory of 2764 3272 djjvp.exe 89 PID 2764 wrote to memory of 5080 2764 vvpdv.exe 90 PID 2764 wrote to memory of 5080 2764 vvpdv.exe 90 PID 2764 wrote to memory of 5080 2764 vvpdv.exe 90 PID 5080 wrote to memory of 2880 5080 fxrlfxr.exe 91 PID 5080 wrote to memory of 2880 5080 fxrlfxr.exe 91 PID 5080 wrote to memory of 2880 5080 fxrlfxr.exe 91 PID 2880 wrote to memory of 1768 2880 xflfxrl.exe 92 PID 2880 wrote to memory of 1768 2880 xflfxrl.exe 92 PID 2880 wrote to memory of 1768 2880 xflfxrl.exe 92 PID 1768 wrote to memory of 3724 1768 htbtbb.exe 134 PID 1768 wrote to memory of 3724 1768 htbtbb.exe 134 PID 1768 wrote to memory of 3724 1768 htbtbb.exe 134 PID 3724 wrote to memory of 1568 3724 hhhbtn.exe 94 PID 3724 wrote to memory of 1568 3724 hhhbtn.exe 94 PID 3724 wrote to memory of 1568 3724 hhhbtn.exe 94 PID 1568 wrote to memory of 3152 1568 pdjjd.exe 95 PID 1568 wrote to memory of 3152 1568 pdjjd.exe 95 PID 1568 wrote to memory of 3152 1568 pdjjd.exe 95 PID 3152 wrote to memory of 2276 3152 pdvvj.exe 96 PID 3152 wrote to memory of 2276 3152 pdvvj.exe 96 PID 3152 wrote to memory of 2276 3152 pdvvj.exe 96 PID 2276 wrote to memory of 4668 2276 fxlxrlx.exe 97 PID 2276 wrote to memory of 4668 2276 fxlxrlx.exe 97 PID 2276 wrote to memory of 4668 2276 fxlxrlx.exe 97 PID 4668 wrote to memory of 1072 4668 frrffxr.exe 98 PID 4668 wrote to memory of 1072 4668 frrffxr.exe 98 PID 4668 wrote to memory of 1072 4668 frrffxr.exe 98 PID 1072 wrote to memory of 4916 1072 rxrfxlf.exe 99 PID 1072 wrote to memory of 4916 1072 rxrfxlf.exe 99 PID 1072 wrote to memory of 4916 1072 rxrfxlf.exe 99 PID 4916 wrote to memory of 464 4916 hbbtht.exe 100 PID 4916 wrote to memory of 464 4916 hbbtht.exe 100 PID 4916 wrote to memory of 464 4916 hbbtht.exe 100 PID 464 wrote to memory of 184 464 hbnbht.exe 101 PID 464 wrote to memory of 184 464 hbnbht.exe 101 PID 464 wrote to memory of 184 464 hbnbht.exe 101 PID 184 wrote to memory of 4620 184 ppvjd.exe 102 PID 184 wrote to memory of 4620 184 ppvjd.exe 102 PID 184 wrote to memory of 4620 184 ppvjd.exe 102 PID 4620 wrote to memory of 4752 4620 1xrlrlf.exe 103 PID 4620 wrote to memory of 4752 4620 1xrlrlf.exe 103 PID 4620 wrote to memory of 4752 4620 1xrlrlf.exe 103 PID 4752 wrote to memory of 4920 4752 xrrlfxl.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c9916c423e552b6fbeaae00ad2ba9df0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3292 -
\??\c:\5vpjv.exec:\5vpjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3952 -
\??\c:\dvjdp.exec:\dvjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1000 -
\??\c:\flxlfrf.exec:\flxlfrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3364 -
\??\c:\lxxlfxr.exec:\lxxlfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1820 -
\??\c:\tnnbbn.exec:\tnnbbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3972 -
\??\c:\djjvp.exec:\djjvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3272 -
\??\c:\vvpdv.exec:\vvpdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\fxrlfxr.exec:\fxrlfxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5080 -
\??\c:\xflfxrl.exec:\xflfxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2880 -
\??\c:\htbtbb.exec:\htbtbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1768 -
\??\c:\hhhbtn.exec:\hhhbtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3724 -
\??\c:\pdjjd.exec:\pdjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1568 -
\??\c:\pdvvj.exec:\pdvvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3152 -
\??\c:\fxlxrlx.exec:\fxlxrlx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2276 -
\??\c:\frrffxr.exec:\frrffxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4668 -
\??\c:\rxrfxlf.exec:\rxrfxlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1072 -
\??\c:\hbbtht.exec:\hbbtht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4916 -
\??\c:\hbnbht.exec:\hbnbht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:464 -
\??\c:\ppvjd.exec:\ppvjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:184 -
\??\c:\1xrlrlf.exec:\1xrlrlf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4620 -
\??\c:\xrrlfxl.exec:\xrrlfxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4752 -
\??\c:\btbbnt.exec:\btbbnt.exe23⤵
- Executes dropped EXE
PID:4920 -
\??\c:\hbbnhb.exec:\hbbnhb.exe24⤵
- Executes dropped EXE
PID:3628 -
\??\c:\9nbnbb.exec:\9nbnbb.exe25⤵
- Executes dropped EXE
PID:1328 -
\??\c:\vddpd.exec:\vddpd.exe26⤵
- Executes dropped EXE
PID:3528 -
\??\c:\dppdp.exec:\dppdp.exe27⤵
- Executes dropped EXE
PID:3992 -
\??\c:\9frlxrl.exec:\9frlxrl.exe28⤵
- Executes dropped EXE
PID:1980 -
\??\c:\9hnbtn.exec:\9hnbtn.exe29⤵
- Executes dropped EXE
PID:3264 -
\??\c:\1ppjd.exec:\1ppjd.exe30⤵
- Executes dropped EXE
PID:3004 -
\??\c:\jdpdv.exec:\jdpdv.exe31⤵
- Executes dropped EXE
PID:1744 -
\??\c:\fxxlfrl.exec:\fxxlfrl.exe32⤵
- Executes dropped EXE
PID:1384 -
\??\c:\lxlfrlf.exec:\lxlfrlf.exe33⤵
- Executes dropped EXE
PID:4480 -
\??\c:\lxfxxxr.exec:\lxfxxxr.exe34⤵
- Executes dropped EXE
PID:4800 -
\??\c:\bththb.exec:\bththb.exe35⤵
- Executes dropped EXE
PID:1652 -
\??\c:\djdpd.exec:\djdpd.exe36⤵
- Executes dropped EXE
PID:1380 -
\??\c:\3jjjj.exec:\3jjjj.exe37⤵
- Executes dropped EXE
PID:2200 -
\??\c:\lxxfrlx.exec:\lxxfrlx.exe38⤵
- Executes dropped EXE
PID:892 -
\??\c:\xffrfxl.exec:\xffrfxl.exe39⤵
- Executes dropped EXE
PID:4908 -
\??\c:\xlxrlfr.exec:\xlxrlfr.exe40⤵
- Executes dropped EXE
PID:4696 -
\??\c:\btbnbt.exec:\btbnbt.exe41⤵
- Executes dropped EXE
PID:4732 -
\??\c:\htnhnb.exec:\htnhnb.exe42⤵
- Executes dropped EXE
PID:4692 -
\??\c:\7vpdj.exec:\7vpdj.exe43⤵
- Executes dropped EXE
PID:1828 -
\??\c:\dpdvj.exec:\dpdvj.exe44⤵
- Executes dropped EXE
PID:4468 -
\??\c:\lfrfrlx.exec:\lfrfrlx.exe45⤵
- Executes dropped EXE
PID:3228 -
\??\c:\lfxrrxx.exec:\lfxrrxx.exe46⤵
- Executes dropped EXE
PID:3904 -
\??\c:\1ththh.exec:\1ththh.exe47⤵
- Executes dropped EXE
PID:540 -
\??\c:\7hhthb.exec:\7hhthb.exe48⤵
- Executes dropped EXE
PID:4504 -
\??\c:\3jvjd.exec:\3jvjd.exe49⤵
- Executes dropped EXE
PID:60 -
\??\c:\djjdj.exec:\djjdj.exe50⤵
- Executes dropped EXE
PID:4872 -
\??\c:\fxrlfxr.exec:\fxrlfxr.exe51⤵
- Executes dropped EXE
PID:3724 -
\??\c:\fxrlfxr.exec:\fxrlfxr.exe52⤵
- Executes dropped EXE
PID:3128 -
\??\c:\lflxrrr.exec:\lflxrrr.exe53⤵
- Executes dropped EXE
PID:3028 -
\??\c:\thbtht.exec:\thbtht.exe54⤵
- Executes dropped EXE
PID:2908 -
\??\c:\nbthtn.exec:\nbthtn.exe55⤵
- Executes dropped EXE
PID:3120 -
\??\c:\pjdvj.exec:\pjdvj.exe56⤵
- Executes dropped EXE
PID:2904 -
\??\c:\pdjvv.exec:\pdjvv.exe57⤵
- Executes dropped EXE
PID:3160 -
\??\c:\rxrlrrf.exec:\rxrlrrf.exe58⤵
- Executes dropped EXE
PID:1528 -
\??\c:\7lfrllf.exec:\7lfrllf.exe59⤵
- Executes dropped EXE
PID:224 -
\??\c:\hbtnbt.exec:\hbtnbt.exe60⤵
- Executes dropped EXE
PID:184 -
\??\c:\pdpjv.exec:\pdpjv.exe61⤵
- Executes dropped EXE
PID:3252 -
\??\c:\fxxrxrx.exec:\fxxrxrx.exe62⤵
- Executes dropped EXE
PID:3832 -
\??\c:\lxxrfxr.exec:\lxxrfxr.exe63⤵
- Executes dropped EXE
PID:784 -
\??\c:\nhthbt.exec:\nhthbt.exe64⤵
- Executes dropped EXE
PID:1996 -
\??\c:\9btnbh.exec:\9btnbh.exe65⤵
- Executes dropped EXE
PID:1376 -
\??\c:\7jpdp.exec:\7jpdp.exe66⤵PID:1780
-
\??\c:\pjdjv.exec:\pjdjv.exe67⤵PID:4180
-
\??\c:\rfxfrll.exec:\rfxfrll.exe68⤵PID:1648
-
\??\c:\lrrrlfr.exec:\lrrrlfr.exe69⤵PID:4404
-
\??\c:\ththth.exec:\ththth.exe70⤵PID:2860
-
\??\c:\nbtntn.exec:\nbtntn.exe71⤵PID:940
-
\??\c:\3tnbtn.exec:\3tnbtn.exe72⤵PID:2916
-
\??\c:\jpjdv.exec:\jpjdv.exe73⤵PID:4396
-
\??\c:\3vpdp.exec:\3vpdp.exe74⤵PID:1276
-
\??\c:\xfxfrrf.exec:\xfxfrrf.exe75⤵PID:2372
-
\??\c:\xflfrlf.exec:\xflfrlf.exe76⤵PID:2988
-
\??\c:\nbtnhb.exec:\nbtnhb.exe77⤵PID:3108
-
\??\c:\nthtbt.exec:\nthtbt.exe78⤵PID:220
-
\??\c:\jpjvp.exec:\jpjvp.exe79⤵PID:4076
-
\??\c:\vjvjj.exec:\vjvjj.exe80⤵PID:1652
-
\??\c:\lxrrlfl.exec:\lxrrlfl.exe81⤵PID:4444
-
\??\c:\rlrffxf.exec:\rlrffxf.exe82⤵PID:4436
-
\??\c:\1ttnbt.exec:\1ttnbt.exe83⤵PID:3292
-
\??\c:\vvvpd.exec:\vvvpd.exe84⤵PID:4412
-
\??\c:\ppjvj.exec:\ppjvj.exe85⤵PID:2884
-
\??\c:\xlxlxrf.exec:\xlxlxrf.exe86⤵PID:4132
-
\??\c:\xxxfxlr.exec:\xxxfxlr.exe87⤵PID:1928
-
\??\c:\rfrrrlx.exec:\rfrrrlx.exe88⤵PID:1820
-
\??\c:\bnbbtn.exec:\bnbbtn.exe89⤵PID:3212
-
\??\c:\nhhbtn.exec:\nhhbtn.exe90⤵PID:3380
-
\??\c:\djjvd.exec:\djjvd.exe91⤵PID:3880
-
\??\c:\vddvp.exec:\vddvp.exe92⤵PID:3368
-
\??\c:\fxxlxxr.exec:\fxxlxxr.exe93⤵PID:2088
-
\??\c:\tnttnh.exec:\tnttnh.exe94⤵PID:4148
-
\??\c:\hbtnbn.exec:\hbtnbn.exe95⤵PID:4064
-
\??\c:\1vdpp.exec:\1vdpp.exe96⤵PID:520
-
\??\c:\xffxrrf.exec:\xffxrrf.exe97⤵PID:3724
-
\??\c:\lxxflfx.exec:\lxxflfx.exe98⤵PID:1568
-
\??\c:\tnhthh.exec:\tnhthh.exe99⤵PID:2276
-
\??\c:\5hbntn.exec:\5hbntn.exe100⤵PID:4296
-
\??\c:\7dvpv.exec:\7dvpv.exe101⤵PID:5004
-
\??\c:\vjvpd.exec:\vjvpd.exe102⤵PID:4956
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe103⤵PID:1252
-
\??\c:\lflllll.exec:\lflllll.exe104⤵PID:4380
-
\??\c:\ntnbnh.exec:\ntnbnh.exe105⤵PID:564
-
\??\c:\5dvpp.exec:\5dvpp.exe106⤵PID:392
-
\??\c:\rxfflrr.exec:\rxfflrr.exe107⤵PID:3164
-
\??\c:\frxxxff.exec:\frxxxff.exe108⤵PID:4996
-
\??\c:\fxffllx.exec:\fxffllx.exe109⤵PID:4952
-
\??\c:\hbbbtt.exec:\hbbbtt.exe110⤵PID:784
-
\??\c:\vppdp.exec:\vppdp.exe111⤵PID:1996
-
\??\c:\rflfffl.exec:\rflfffl.exe112⤵PID:1376
-
\??\c:\5flrlrr.exec:\5flrlrr.exe113⤵PID:4884
-
\??\c:\ttthnb.exec:\ttthnb.exe114⤵PID:1648
-
\??\c:\ppdjj.exec:\ppdjj.exe115⤵PID:4948
-
\??\c:\vvddj.exec:\vvddj.exe116⤵PID:5068
-
\??\c:\pdjjj.exec:\pdjjj.exe117⤵PID:4476
-
\??\c:\9llfxrl.exec:\9llfxrl.exe118⤵PID:1852
-
\??\c:\5flffrr.exec:\5flffrr.exe119⤵PID:4416
-
\??\c:\nnbbbb.exec:\nnbbbb.exe120⤵PID:5112
-
\??\c:\tbbnbn.exec:\tbbnbn.exe121⤵PID:640
-
\??\c:\dppjd.exec:\dppjd.exe122⤵PID:3484
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-