Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c99889cce9875872961f69a831124300_NeikiAnalytics.exe
Resource
win7-20240419-en
5 signatures
150 seconds
General
-
Target
c99889cce9875872961f69a831124300_NeikiAnalytics.exe
-
Size
59KB
-
MD5
c99889cce9875872961f69a831124300
-
SHA1
e79cdab3e53854dcc934101918db5f7e439ab9eb
-
SHA256
3f4f019e25541f2a990926cfb1d825481a0102e2483af016867ff3b39ae6cc0a
-
SHA512
9bae2bd690133c15b3b9faba6a22d3427b489a5a6aae01c30bab794b907aab311ce1c96f1cd26db6ea0f7e3c29a010857d2be40a2a49beab08e8b4227c49bccf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk9Ug9:ymb3NkkiQ3mdBjFIvlqg9
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral2/memory/3024-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3428-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3292-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3472-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/624-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/624-39-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2116-49-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4860-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3364-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3560-71-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4392-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2932-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4360-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4220-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1432-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2284-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4224-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1704-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3316-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1672-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4640-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3412-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3428 7tnbtb.exe 3472 vjdpd.exe 3292 jdvjd.exe 624 lxxrrrl.exe 4512 1hbtnh.exe 2116 bnnbbt.exe 4860 3pdjv.exe 3364 jdpjv.exe 3560 nthbtt.exe 4392 tnbnbb.exe 2932 ppvpj.exe 1832 xrfxrrr.exe 4360 hbbbtt.exe 4220 jjjjd.exe 1432 rlrxlll.exe 2284 1fllfff.exe 1536 tnnhht.exe 1544 jvvvp.exe 4224 pdjdv.exe 3084 fxrlffx.exe 3124 xlrrrrl.exe 1704 bthhhh.exe 844 hnnhbb.exe 3316 djppp.exe 1672 lrffflf.exe 3172 3llffxr.exe 3828 bnhbtt.exe 4640 hnthtn.exe 3412 dpvpp.exe 1528 vdjdv.exe 3100 5hhhtt.exe 1428 vjdvv.exe 2460 pdjdp.exe 3076 xfllflf.exe 4820 tbhbbn.exe 2416 hnttnn.exe 4424 pvvjv.exe 3024 jvpdv.exe 2796 rrllrrr.exe 8 xrlfxxr.exe 4568 hhbtnh.exe 1164 3rlxlff.exe 4580 lfffrrx.exe 4532 hbtnhb.exe 3132 htthth.exe 2180 pvpvp.exe 1108 lfrflfx.exe 432 frfrlxr.exe 4132 9tnhtt.exe 2044 3pjvj.exe 4072 9jpdp.exe 2720 5lrfxrr.exe 3628 rlrfxrr.exe 3520 bntnht.exe 3784 dppdv.exe 3880 1vvjv.exe 2016 xrxrrff.exe 1536 xlrllrx.exe 4000 hbbttn.exe 3668 htbntn.exe 5048 ntnbnh.exe 4644 dpdvv.exe 3124 xlxrxrl.exe 3924 rfllfxr.exe -
resource yara_rule behavioral2/memory/3024-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3024-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3428-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3292-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3472-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3428-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/624-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2116-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4860-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4860-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4860-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3364-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3560-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4392-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4392-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4392-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4392-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2932-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4360-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4220-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1432-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2284-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4224-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1704-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3316-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1672-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4640-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3412-197-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3024 wrote to memory of 3428 3024 c99889cce9875872961f69a831124300_NeikiAnalytics.exe 83 PID 3024 wrote to memory of 3428 3024 c99889cce9875872961f69a831124300_NeikiAnalytics.exe 83 PID 3024 wrote to memory of 3428 3024 c99889cce9875872961f69a831124300_NeikiAnalytics.exe 83 PID 3428 wrote to memory of 3472 3428 7tnbtb.exe 84 PID 3428 wrote to memory of 3472 3428 7tnbtb.exe 84 PID 3428 wrote to memory of 3472 3428 7tnbtb.exe 84 PID 3472 wrote to memory of 3292 3472 vjdpd.exe 85 PID 3472 wrote to memory of 3292 3472 vjdpd.exe 85 PID 3472 wrote to memory of 3292 3472 vjdpd.exe 85 PID 3292 wrote to memory of 624 3292 jdvjd.exe 86 PID 3292 wrote to memory of 624 3292 jdvjd.exe 86 PID 3292 wrote to memory of 624 3292 jdvjd.exe 86 PID 624 wrote to memory of 4512 624 lxxrrrl.exe 87 PID 624 wrote to memory of 4512 624 lxxrrrl.exe 87 PID 624 wrote to memory of 4512 624 lxxrrrl.exe 87 PID 4512 wrote to memory of 2116 4512 1hbtnh.exe 88 PID 4512 wrote to memory of 2116 4512 1hbtnh.exe 88 PID 4512 wrote to memory of 2116 4512 1hbtnh.exe 88 PID 2116 wrote to memory of 4860 2116 bnnbbt.exe 89 PID 2116 wrote to memory of 4860 2116 bnnbbt.exe 89 PID 2116 wrote to memory of 4860 2116 bnnbbt.exe 89 PID 4860 wrote to memory of 3364 4860 3pdjv.exe 90 PID 4860 wrote to memory of 3364 4860 3pdjv.exe 90 PID 4860 wrote to memory of 3364 4860 3pdjv.exe 90 PID 3364 wrote to memory of 3560 3364 jdpjv.exe 91 PID 3364 wrote to memory of 3560 3364 jdpjv.exe 91 PID 3364 wrote to memory of 3560 3364 jdpjv.exe 91 PID 3560 wrote to memory of 4392 3560 nthbtt.exe 92 PID 3560 wrote to memory of 4392 3560 nthbtt.exe 92 PID 3560 wrote to memory of 4392 3560 nthbtt.exe 92 PID 4392 wrote to memory of 2932 4392 tnbnbb.exe 93 PID 4392 wrote to memory of 2932 4392 tnbnbb.exe 93 PID 4392 wrote to memory of 2932 4392 tnbnbb.exe 93 PID 2932 wrote to memory of 1832 2932 ppvpj.exe 94 PID 2932 wrote to memory of 1832 2932 ppvpj.exe 94 PID 2932 wrote to memory of 1832 2932 ppvpj.exe 94 PID 1832 wrote to memory of 4360 1832 xrfxrrr.exe 95 PID 1832 wrote to memory of 4360 1832 xrfxrrr.exe 95 PID 1832 wrote to memory of 4360 1832 xrfxrrr.exe 95 PID 4360 wrote to memory of 4220 4360 hbbbtt.exe 96 PID 4360 wrote to memory of 4220 4360 hbbbtt.exe 96 PID 4360 wrote to memory of 4220 4360 hbbbtt.exe 96 PID 4220 wrote to memory of 1432 4220 jjjjd.exe 97 PID 4220 wrote to memory of 1432 4220 jjjjd.exe 97 PID 4220 wrote to memory of 1432 4220 jjjjd.exe 97 PID 1432 wrote to memory of 2284 1432 rlrxlll.exe 98 PID 1432 wrote to memory of 2284 1432 rlrxlll.exe 98 PID 1432 wrote to memory of 2284 1432 rlrxlll.exe 98 PID 2284 wrote to memory of 1536 2284 1fllfff.exe 99 PID 2284 wrote to memory of 1536 2284 1fllfff.exe 99 PID 2284 wrote to memory of 1536 2284 1fllfff.exe 99 PID 1536 wrote to memory of 1544 1536 tnnhht.exe 100 PID 1536 wrote to memory of 1544 1536 tnnhht.exe 100 PID 1536 wrote to memory of 1544 1536 tnnhht.exe 100 PID 1544 wrote to memory of 4224 1544 jvvvp.exe 102 PID 1544 wrote to memory of 4224 1544 jvvvp.exe 102 PID 1544 wrote to memory of 4224 1544 jvvvp.exe 102 PID 4224 wrote to memory of 3084 4224 pdjdv.exe 103 PID 4224 wrote to memory of 3084 4224 pdjdv.exe 103 PID 4224 wrote to memory of 3084 4224 pdjdv.exe 103 PID 3084 wrote to memory of 3124 3084 fxrlffx.exe 104 PID 3084 wrote to memory of 3124 3084 fxrlffx.exe 104 PID 3084 wrote to memory of 3124 3084 fxrlffx.exe 104 PID 3124 wrote to memory of 1704 3124 xlrrrrl.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\c99889cce9875872961f69a831124300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c99889cce9875872961f69a831124300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3024 -
\??\c:\7tnbtb.exec:\7tnbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3428 -
\??\c:\vjdpd.exec:\vjdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3472 -
\??\c:\jdvjd.exec:\jdvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3292 -
\??\c:\lxxrrrl.exec:\lxxrrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:624 -
\??\c:\1hbtnh.exec:\1hbtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4512 -
\??\c:\bnnbbt.exec:\bnnbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2116 -
\??\c:\3pdjv.exec:\3pdjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4860 -
\??\c:\jdpjv.exec:\jdpjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3364 -
\??\c:\nthbtt.exec:\nthbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3560 -
\??\c:\tnbnbb.exec:\tnbnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4392 -
\??\c:\ppvpj.exec:\ppvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\xrfxrrr.exec:\xrfxrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1832 -
\??\c:\hbbbtt.exec:\hbbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4360 -
\??\c:\jjjjd.exec:\jjjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4220 -
\??\c:\rlrxlll.exec:\rlrxlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1432 -
\??\c:\1fllfff.exec:\1fllfff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\tnnhht.exec:\tnnhht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1536 -
\??\c:\jvvvp.exec:\jvvvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1544 -
\??\c:\pdjdv.exec:\pdjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4224 -
\??\c:\fxrlffx.exec:\fxrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3084 -
\??\c:\xlrrrrl.exec:\xlrrrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3124 -
\??\c:\bthhhh.exec:\bthhhh.exe23⤵
- Executes dropped EXE
PID:1704 -
\??\c:\hnnhbb.exec:\hnnhbb.exe24⤵
- Executes dropped EXE
PID:844 -
\??\c:\djppp.exec:\djppp.exe25⤵
- Executes dropped EXE
PID:3316 -
\??\c:\lrffflf.exec:\lrffflf.exe26⤵
- Executes dropped EXE
PID:1672 -
\??\c:\3llffxr.exec:\3llffxr.exe27⤵
- Executes dropped EXE
PID:3172 -
\??\c:\bnhbtt.exec:\bnhbtt.exe28⤵
- Executes dropped EXE
PID:3828 -
\??\c:\hnthtn.exec:\hnthtn.exe29⤵
- Executes dropped EXE
PID:4640 -
\??\c:\dpvpp.exec:\dpvpp.exe30⤵
- Executes dropped EXE
PID:3412 -
\??\c:\vdjdv.exec:\vdjdv.exe31⤵
- Executes dropped EXE
PID:1528 -
\??\c:\5hhhtt.exec:\5hhhtt.exe32⤵
- Executes dropped EXE
PID:3100 -
\??\c:\vjdvv.exec:\vjdvv.exe33⤵
- Executes dropped EXE
PID:1428 -
\??\c:\pdjdp.exec:\pdjdp.exe34⤵
- Executes dropped EXE
PID:2460 -
\??\c:\xfllflf.exec:\xfllflf.exe35⤵
- Executes dropped EXE
PID:3076 -
\??\c:\tbhbbn.exec:\tbhbbn.exe36⤵
- Executes dropped EXE
PID:4820 -
\??\c:\hnttnn.exec:\hnttnn.exe37⤵
- Executes dropped EXE
PID:2416 -
\??\c:\pvvjv.exec:\pvvjv.exe38⤵
- Executes dropped EXE
PID:4424 -
\??\c:\jvpdv.exec:\jvpdv.exe39⤵
- Executes dropped EXE
PID:3024 -
\??\c:\rrllrrr.exec:\rrllrrr.exe40⤵
- Executes dropped EXE
PID:2796 -
\??\c:\xrlfxxr.exec:\xrlfxxr.exe41⤵
- Executes dropped EXE
PID:8 -
\??\c:\hhbtnh.exec:\hhbtnh.exe42⤵
- Executes dropped EXE
PID:4568 -
\??\c:\3rlxlff.exec:\3rlxlff.exe43⤵
- Executes dropped EXE
PID:1164 -
\??\c:\lfffrrx.exec:\lfffrrx.exe44⤵
- Executes dropped EXE
PID:4580 -
\??\c:\hbtnhb.exec:\hbtnhb.exe45⤵
- Executes dropped EXE
PID:4532 -
\??\c:\htthth.exec:\htthth.exe46⤵
- Executes dropped EXE
PID:3132 -
\??\c:\pvpvp.exec:\pvpvp.exe47⤵
- Executes dropped EXE
PID:2180 -
\??\c:\lfrflfx.exec:\lfrflfx.exe48⤵
- Executes dropped EXE
PID:1108 -
\??\c:\frfrlxr.exec:\frfrlxr.exe49⤵
- Executes dropped EXE
PID:432 -
\??\c:\9tnhtt.exec:\9tnhtt.exe50⤵
- Executes dropped EXE
PID:4132 -
\??\c:\3pjvj.exec:\3pjvj.exe51⤵
- Executes dropped EXE
PID:2044 -
\??\c:\9jpdp.exec:\9jpdp.exe52⤵
- Executes dropped EXE
PID:4072 -
\??\c:\5lrfxrr.exec:\5lrfxrr.exe53⤵
- Executes dropped EXE
PID:2720 -
\??\c:\rlrfxrr.exec:\rlrfxrr.exe54⤵
- Executes dropped EXE
PID:3628 -
\??\c:\bntnht.exec:\bntnht.exe55⤵
- Executes dropped EXE
PID:3520 -
\??\c:\dppdv.exec:\dppdv.exe56⤵
- Executes dropped EXE
PID:3784 -
\??\c:\1vvjv.exec:\1vvjv.exe57⤵
- Executes dropped EXE
PID:3880 -
\??\c:\xrxrrff.exec:\xrxrrff.exe58⤵
- Executes dropped EXE
PID:2016 -
\??\c:\xlrllrx.exec:\xlrllrx.exe59⤵
- Executes dropped EXE
PID:1536 -
\??\c:\hbbttn.exec:\hbbttn.exe60⤵
- Executes dropped EXE
PID:4000 -
\??\c:\htbntn.exec:\htbntn.exe61⤵
- Executes dropped EXE
PID:3668 -
\??\c:\ntnbnh.exec:\ntnbnh.exe62⤵
- Executes dropped EXE
PID:5048 -
\??\c:\dpdvv.exec:\dpdvv.exe63⤵
- Executes dropped EXE
PID:4644 -
\??\c:\xlxrxrl.exec:\xlxrxrl.exe64⤵
- Executes dropped EXE
PID:3124 -
\??\c:\rfllfxr.exec:\rfllfxr.exe65⤵
- Executes dropped EXE
PID:3924 -
\??\c:\1xlfxrl.exec:\1xlfxrl.exe66⤵PID:3636
-
\??\c:\tnnbtn.exec:\tnnbtn.exe67⤵PID:4996
-
\??\c:\bhhbnh.exec:\bhhbnh.exe68⤵PID:3316
-
\??\c:\pdjvv.exec:\pdjvv.exe69⤵PID:732
-
\??\c:\rflxxrl.exec:\rflxxrl.exe70⤵PID:3172
-
\??\c:\rffrrlx.exec:\rffrrlx.exe71⤵PID:4552
-
\??\c:\frlfxrl.exec:\frlfxrl.exe72⤵PID:3400
-
\??\c:\thhhht.exec:\thhhht.exe73⤵PID:3552
-
\??\c:\5hhbhh.exec:\5hhbhh.exe74⤵PID:3412
-
\??\c:\vpvjj.exec:\vpvjj.exe75⤵PID:4808
-
\??\c:\9dpjv.exec:\9dpjv.exe76⤵PID:1712
-
\??\c:\rxlxlfl.exec:\rxlxlfl.exe77⤵PID:3788
-
\??\c:\ntbtht.exec:\ntbtht.exe78⤵PID:2516
-
\??\c:\htnbth.exec:\htnbth.exe79⤵PID:2460
-
\??\c:\bntnhn.exec:\bntnhn.exe80⤵PID:4564
-
\??\c:\9vdvd.exec:\9vdvd.exe81⤵PID:5096
-
\??\c:\xffxlxr.exec:\xffxlxr.exe82⤵PID:4172
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe83⤵PID:4424
-
\??\c:\tnthht.exec:\tnthht.exe84⤵PID:944
-
\??\c:\vjjjp.exec:\vjjjp.exe85⤵PID:4648
-
\??\c:\pdvpv.exec:\pdvpv.exe86⤵PID:4772
-
\??\c:\dpjdp.exec:\dpjdp.exe87⤵PID:3620
-
\??\c:\lxxrxlx.exec:\lxxrxlx.exe88⤵PID:4880
-
\??\c:\xfxlfxr.exec:\xfxlfxr.exe89⤵PID:4468
-
\??\c:\bnhbtn.exec:\bnhbtn.exe90⤵PID:4832
-
\??\c:\dvdvd.exec:\dvdvd.exe91⤵PID:3608
-
\??\c:\1fxlxrl.exec:\1fxlxrl.exe92⤵PID:1828
-
\??\c:\5fxrfxr.exec:\5fxrfxr.exe93⤵PID:232
-
\??\c:\vdvjd.exec:\vdvjd.exe94⤵PID:3560
-
\??\c:\jpjdj.exec:\jpjdj.exe95⤵PID:3992
-
\??\c:\rffxlff.exec:\rffxlff.exe96⤵PID:4140
-
\??\c:\xrrllxx.exec:\xrrllxx.exe97⤵PID:776
-
\??\c:\htnhbb.exec:\htnhbb.exe98⤵PID:1480
-
\??\c:\1bthtn.exec:\1bthtn.exe99⤵PID:1440
-
\??\c:\jjdjp.exec:\jjdjp.exe100⤵PID:2580
-
\??\c:\pdjjv.exec:\pdjjv.exe101⤵PID:3784
-
\??\c:\1xxlxxr.exec:\1xxlxxr.exe102⤵PID:2288
-
\??\c:\bntnht.exec:\bntnht.exe103⤵PID:2832
-
\??\c:\bthhbb.exec:\bthhbb.exe104⤵PID:3052
-
\??\c:\jppjv.exec:\jppjv.exe105⤵PID:2544
-
\??\c:\9pdpd.exec:\9pdpd.exe106⤵PID:3084
-
\??\c:\vdvpv.exec:\vdvpv.exe107⤵PID:992
-
\??\c:\xlrffxx.exec:\xlrffxx.exe108⤵PID:3244
-
\??\c:\9lxrlfx.exec:\9lxrlfx.exe109⤵PID:1704
-
\??\c:\tttnhb.exec:\tttnhb.exe110⤵PID:4956
-
\??\c:\ntthtb.exec:\ntthtb.exe111⤵PID:1344
-
\??\c:\5djdp.exec:\5djdp.exe112⤵PID:1416
-
\??\c:\jppjd.exec:\jppjd.exe113⤵PID:2364
-
\??\c:\frlxxfr.exec:\frlxxfr.exe114⤵PID:2588
-
\??\c:\tnttht.exec:\tnttht.exe115⤵PID:1664
-
\??\c:\hthnbt.exec:\hthnbt.exe116⤵PID:2156
-
\??\c:\vvvpj.exec:\vvvpj.exe117⤵PID:2756
-
\??\c:\vvvpd.exec:\vvvpd.exe118⤵PID:1844
-
\??\c:\xllxrrf.exec:\xllxrrf.exe119⤵PID:2928
-
\??\c:\9xxrfxl.exec:\9xxrfxl.exe120⤵PID:2680
-
\??\c:\bnhnnn.exec:\bnhnnn.exe121⤵PID:228
-
\??\c:\5jjdd.exec:\5jjdd.exe122⤵PID:3372
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-