Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe
-
Size
70KB
-
MD5
c9f79ac83b49bbfc54ee4ed477146b80
-
SHA1
e6e9f75cb1a1a4df9e140e26a0f6378e0488be80
-
SHA256
5897ecc02a035a317a5965c5d4d522629386d07183f210c66e84127cba2d9621
-
SHA512
e9b2b298f09006aedf17f52c20f28fa61f681dd86044dab7e3ff17a8ffb14b91565d71d6326bf54ee416dc0dab901fb8ab8c781c04523749d104ceb7e9cc6a4e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnfg:ymb3NkkiQ3mdBjFIgUEBg
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/992-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2332-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1224-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1152-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3116-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1152-35-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2248-28-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3040-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4080-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4400-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1916-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1916-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4444-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4728-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1356-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2864-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/400-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4520-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4796-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4604-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3304-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1456-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4976-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4108-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2364-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/944-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2332 tthbht.exe 1224 pjpdv.exe 2248 fxrfrlx.exe 1152 bhbnhb.exe 3116 7nnhhb.exe 3040 jppdp.exe 4080 frrffrl.exe 4400 nnhbtn.exe 1916 vvdvj.exe 4444 dpddv.exe 4728 hnnntb.exe 1356 5ttnhb.exe 4880 vjvjd.exe 2864 rllxflr.exe 1828 llllfff.exe 400 tnnhnb.exe 4520 vdvpd.exe 4796 1ddpd.exe 4604 fxfrfxx.exe 4700 hnnhtn.exe 3304 hbthnh.exe 744 vdvpv.exe 1456 rrrrlll.exe 4976 nbhbtt.exe 2768 jpjdv.exe 4108 7djdv.exe 800 lxlxxrl.exe 436 hthbtn.exe 5104 bnhbnb.exe 2364 3ppjv.exe 944 ppjdp.exe 3804 xrxrxxr.exe 3732 fxxllfl.exe 1084 1bhbbt.exe 5112 tththb.exe 3668 jddvp.exe 4516 xrrlfff.exe 992 rxllffx.exe 1436 5bhhhh.exe 688 3jvvp.exe 1604 dvvpj.exe 1152 lllfxxl.exe 3116 lllxlfr.exe 4992 btnhtn.exe 3996 jvpdp.exe 3684 5vjjv.exe 960 fxrlffl.exe 2984 bbbnbt.exe 2720 jvpjv.exe 4728 dpjdp.exe 644 rflfxxx.exe 4224 ttthht.exe 2596 nhhhth.exe 3272 jdvdv.exe 2576 pvpdp.exe 2376 7fxrfxr.exe 3800 nhhhtt.exe 4580 nbtnbb.exe 3864 pjvjp.exe 4296 jvddp.exe 4576 llfxrrl.exe 1964 lxlxlfr.exe 2804 hnbnhb.exe 2408 pppdj.exe -
resource yara_rule behavioral2/memory/992-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2332-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1224-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2248-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1152-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3116-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2248-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3040-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4080-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4400-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1916-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1916-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1916-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4444-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4444-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4444-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4444-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4728-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1356-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2864-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/400-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4520-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4796-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4604-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3304-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1456-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4976-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4108-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2364-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/944-208-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 992 wrote to memory of 2332 992 c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe 85 PID 992 wrote to memory of 2332 992 c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe 85 PID 992 wrote to memory of 2332 992 c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe 85 PID 2332 wrote to memory of 1224 2332 tthbht.exe 86 PID 2332 wrote to memory of 1224 2332 tthbht.exe 86 PID 2332 wrote to memory of 1224 2332 tthbht.exe 86 PID 1224 wrote to memory of 2248 1224 pjpdv.exe 87 PID 1224 wrote to memory of 2248 1224 pjpdv.exe 87 PID 1224 wrote to memory of 2248 1224 pjpdv.exe 87 PID 2248 wrote to memory of 1152 2248 fxrfrlx.exe 88 PID 2248 wrote to memory of 1152 2248 fxrfrlx.exe 88 PID 2248 wrote to memory of 1152 2248 fxrfrlx.exe 88 PID 1152 wrote to memory of 3116 1152 bhbnhb.exe 89 PID 1152 wrote to memory of 3116 1152 bhbnhb.exe 89 PID 1152 wrote to memory of 3116 1152 bhbnhb.exe 89 PID 3116 wrote to memory of 3040 3116 7nnhhb.exe 90 PID 3116 wrote to memory of 3040 3116 7nnhhb.exe 90 PID 3116 wrote to memory of 3040 3116 7nnhhb.exe 90 PID 3040 wrote to memory of 4080 3040 jppdp.exe 91 PID 3040 wrote to memory of 4080 3040 jppdp.exe 91 PID 3040 wrote to memory of 4080 3040 jppdp.exe 91 PID 4080 wrote to memory of 4400 4080 frrffrl.exe 92 PID 4080 wrote to memory of 4400 4080 frrffrl.exe 92 PID 4080 wrote to memory of 4400 4080 frrffrl.exe 92 PID 4400 wrote to memory of 1916 4400 nnhbtn.exe 93 PID 4400 wrote to memory of 1916 4400 nnhbtn.exe 93 PID 4400 wrote to memory of 1916 4400 nnhbtn.exe 93 PID 1916 wrote to memory of 4444 1916 vvdvj.exe 94 PID 1916 wrote to memory of 4444 1916 vvdvj.exe 94 PID 1916 wrote to memory of 4444 1916 vvdvj.exe 94 PID 4444 wrote to memory of 4728 4444 dpddv.exe 95 PID 4444 wrote to memory of 4728 4444 dpddv.exe 95 PID 4444 wrote to memory of 4728 4444 dpddv.exe 95 PID 4728 wrote to memory of 1356 4728 hnnntb.exe 96 PID 4728 wrote to memory of 1356 4728 hnnntb.exe 96 PID 4728 wrote to memory of 1356 4728 hnnntb.exe 96 PID 1356 wrote to memory of 4880 1356 5ttnhb.exe 97 PID 1356 wrote to memory of 4880 1356 5ttnhb.exe 97 PID 1356 wrote to memory of 4880 1356 5ttnhb.exe 97 PID 4880 wrote to memory of 2864 4880 vjvjd.exe 98 PID 4880 wrote to memory of 2864 4880 vjvjd.exe 98 PID 4880 wrote to memory of 2864 4880 vjvjd.exe 98 PID 2864 wrote to memory of 1828 2864 rllxflr.exe 99 PID 2864 wrote to memory of 1828 2864 rllxflr.exe 99 PID 2864 wrote to memory of 1828 2864 rllxflr.exe 99 PID 1828 wrote to memory of 400 1828 llllfff.exe 100 PID 1828 wrote to memory of 400 1828 llllfff.exe 100 PID 1828 wrote to memory of 400 1828 llllfff.exe 100 PID 400 wrote to memory of 4520 400 tnnhnb.exe 101 PID 400 wrote to memory of 4520 400 tnnhnb.exe 101 PID 400 wrote to memory of 4520 400 tnnhnb.exe 101 PID 4520 wrote to memory of 4796 4520 vdvpd.exe 102 PID 4520 wrote to memory of 4796 4520 vdvpd.exe 102 PID 4520 wrote to memory of 4796 4520 vdvpd.exe 102 PID 4796 wrote to memory of 4604 4796 1ddpd.exe 103 PID 4796 wrote to memory of 4604 4796 1ddpd.exe 103 PID 4796 wrote to memory of 4604 4796 1ddpd.exe 103 PID 4604 wrote to memory of 4700 4604 fxfrfxx.exe 104 PID 4604 wrote to memory of 4700 4604 fxfrfxx.exe 104 PID 4604 wrote to memory of 4700 4604 fxfrfxx.exe 104 PID 4700 wrote to memory of 3304 4700 hnnhtn.exe 105 PID 4700 wrote to memory of 3304 4700 hnnhtn.exe 105 PID 4700 wrote to memory of 3304 4700 hnnhtn.exe 105 PID 3304 wrote to memory of 744 3304 hbthnh.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c9f79ac83b49bbfc54ee4ed477146b80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:992 -
\??\c:\tthbht.exec:\tthbht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2332 -
\??\c:\pjpdv.exec:\pjpdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1224 -
\??\c:\fxrfrlx.exec:\fxrfrlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2248 -
\??\c:\bhbnhb.exec:\bhbnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1152 -
\??\c:\7nnhhb.exec:\7nnhhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3116 -
\??\c:\jppdp.exec:\jppdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\frrffrl.exec:\frrffrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4080 -
\??\c:\nnhbtn.exec:\nnhbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4400 -
\??\c:\vvdvj.exec:\vvdvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1916 -
\??\c:\dpddv.exec:\dpddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4444 -
\??\c:\hnnntb.exec:\hnnntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4728 -
\??\c:\5ttnhb.exec:\5ttnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1356 -
\??\c:\vjvjd.exec:\vjvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4880 -
\??\c:\rllxflr.exec:\rllxflr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\llllfff.exec:\llllfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1828 -
\??\c:\tnnhnb.exec:\tnnhnb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:400 -
\??\c:\vdvpd.exec:\vdvpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4520 -
\??\c:\1ddpd.exec:\1ddpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4796 -
\??\c:\fxfrfxx.exec:\fxfrfxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4604 -
\??\c:\hnnhtn.exec:\hnnhtn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4700 -
\??\c:\hbthnh.exec:\hbthnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3304 -
\??\c:\vdvpv.exec:\vdvpv.exe23⤵
- Executes dropped EXE
PID:744 -
\??\c:\rrrrlll.exec:\rrrrlll.exe24⤵
- Executes dropped EXE
PID:1456 -
\??\c:\nbhbtt.exec:\nbhbtt.exe25⤵
- Executes dropped EXE
PID:4976 -
\??\c:\jpjdv.exec:\jpjdv.exe26⤵
- Executes dropped EXE
PID:2768 -
\??\c:\7djdv.exec:\7djdv.exe27⤵
- Executes dropped EXE
PID:4108 -
\??\c:\lxlxxrl.exec:\lxlxxrl.exe28⤵
- Executes dropped EXE
PID:800 -
\??\c:\hthbtn.exec:\hthbtn.exe29⤵
- Executes dropped EXE
PID:436 -
\??\c:\bnhbnb.exec:\bnhbnb.exe30⤵
- Executes dropped EXE
PID:5104 -
\??\c:\3ppjv.exec:\3ppjv.exe31⤵
- Executes dropped EXE
PID:2364 -
\??\c:\ppjdp.exec:\ppjdp.exe32⤵
- Executes dropped EXE
PID:944 -
\??\c:\xrxrxxr.exec:\xrxrxxr.exe33⤵
- Executes dropped EXE
PID:3804 -
\??\c:\fxxllfl.exec:\fxxllfl.exe34⤵
- Executes dropped EXE
PID:3732 -
\??\c:\1bhbbt.exec:\1bhbbt.exe35⤵
- Executes dropped EXE
PID:1084 -
\??\c:\tththb.exec:\tththb.exe36⤵
- Executes dropped EXE
PID:5112 -
\??\c:\jddvp.exec:\jddvp.exe37⤵
- Executes dropped EXE
PID:3668 -
\??\c:\xrrlfff.exec:\xrrlfff.exe38⤵
- Executes dropped EXE
PID:4516 -
\??\c:\rxllffx.exec:\rxllffx.exe39⤵
- Executes dropped EXE
PID:992 -
\??\c:\5bhhhh.exec:\5bhhhh.exe40⤵
- Executes dropped EXE
PID:1436 -
\??\c:\3jvvp.exec:\3jvvp.exe41⤵
- Executes dropped EXE
PID:688 -
\??\c:\dvvpj.exec:\dvvpj.exe42⤵
- Executes dropped EXE
PID:1604 -
\??\c:\lllfxxl.exec:\lllfxxl.exe43⤵
- Executes dropped EXE
PID:1152 -
\??\c:\lllxlfr.exec:\lllxlfr.exe44⤵
- Executes dropped EXE
PID:3116 -
\??\c:\btnhtn.exec:\btnhtn.exe45⤵
- Executes dropped EXE
PID:4992 -
\??\c:\jvpdp.exec:\jvpdp.exe46⤵
- Executes dropped EXE
PID:3996 -
\??\c:\5vjjv.exec:\5vjjv.exe47⤵
- Executes dropped EXE
PID:3684 -
\??\c:\fxrlffl.exec:\fxrlffl.exe48⤵
- Executes dropped EXE
PID:960 -
\??\c:\bbbnbt.exec:\bbbnbt.exe49⤵
- Executes dropped EXE
PID:2984 -
\??\c:\jvpjv.exec:\jvpjv.exe50⤵
- Executes dropped EXE
PID:2720 -
\??\c:\dpjdp.exec:\dpjdp.exe51⤵
- Executes dropped EXE
PID:4728 -
\??\c:\rflfxxx.exec:\rflfxxx.exe52⤵
- Executes dropped EXE
PID:644 -
\??\c:\ttthht.exec:\ttthht.exe53⤵
- Executes dropped EXE
PID:4224 -
\??\c:\nhhhth.exec:\nhhhth.exe54⤵
- Executes dropped EXE
PID:2596 -
\??\c:\jdvdv.exec:\jdvdv.exe55⤵
- Executes dropped EXE
PID:3272 -
\??\c:\pvpdp.exec:\pvpdp.exe56⤵
- Executes dropped EXE
PID:2576 -
\??\c:\7fxrfxr.exec:\7fxrfxr.exe57⤵
- Executes dropped EXE
PID:2376 -
\??\c:\nhhhtt.exec:\nhhhtt.exe58⤵
- Executes dropped EXE
PID:3800 -
\??\c:\nbtnbb.exec:\nbtnbb.exe59⤵
- Executes dropped EXE
PID:4580 -
\??\c:\pjvjp.exec:\pjvjp.exe60⤵
- Executes dropped EXE
PID:3864 -
\??\c:\jvddp.exec:\jvddp.exe61⤵
- Executes dropped EXE
PID:4296 -
\??\c:\llfxrrl.exec:\llfxrrl.exe62⤵
- Executes dropped EXE
PID:4576 -
\??\c:\lxlxlfr.exec:\lxlxlfr.exe63⤵
- Executes dropped EXE
PID:1964 -
\??\c:\hnbnhb.exec:\hnbnhb.exe64⤵
- Executes dropped EXE
PID:2804 -
\??\c:\pppdj.exec:\pppdj.exe65⤵
- Executes dropped EXE
PID:2408 -
\??\c:\dpppd.exec:\dpppd.exe66⤵PID:4556
-
\??\c:\7pdpd.exec:\7pdpd.exe67⤵PID:2144
-
\??\c:\lllxlxr.exec:\lllxlxr.exe68⤵PID:828
-
\??\c:\1lfrfxx.exec:\1lfrfxx.exe69⤵PID:4108
-
\??\c:\1hbtht.exec:\1hbtht.exe70⤵PID:3784
-
\??\c:\9bhhbt.exec:\9bhhbt.exe71⤵PID:2644
-
\??\c:\pdvvd.exec:\pdvvd.exe72⤵PID:3048
-
\??\c:\rllrfxl.exec:\rllrfxl.exe73⤵PID:5080
-
\??\c:\xrxrrfx.exec:\xrxrrfx.exe74⤵PID:2364
-
\??\c:\tnbthb.exec:\tnbthb.exe75⤵PID:4248
-
\??\c:\btthtn.exec:\btthtn.exe76⤵PID:2636
-
\??\c:\vjvjp.exec:\vjvjp.exe77⤵PID:4204
-
\??\c:\jvjvj.exec:\jvjvj.exe78⤵PID:4020
-
\??\c:\xllfrrl.exec:\xllfrrl.exe79⤵PID:5112
-
\??\c:\5flffff.exec:\5flffff.exe80⤵PID:4380
-
\??\c:\tbthbb.exec:\tbthbb.exe81⤵PID:4152
-
\??\c:\tnntht.exec:\tnntht.exe82⤵PID:2912
-
\??\c:\pvdpj.exec:\pvdpj.exe83⤵PID:3692
-
\??\c:\pjpvv.exec:\pjpvv.exe84⤵PID:3220
-
\??\c:\rrfxflf.exec:\rrfxflf.exe85⤵PID:3408
-
\??\c:\rfllllf.exec:\rfllllf.exe86⤵PID:3372
-
\??\c:\5nnhtn.exec:\5nnhtn.exe87⤵PID:1316
-
\??\c:\nbhttt.exec:\nbhttt.exe88⤵PID:4808
-
\??\c:\3dpjj.exec:\3dpjj.exe89⤵PID:3996
-
\??\c:\lxlxlff.exec:\lxlxlff.exe90⤵PID:3684
-
\??\c:\nbnbhh.exec:\nbnbhh.exe91⤵PID:3388
-
\??\c:\1pjdv.exec:\1pjdv.exe92⤵PID:4256
-
\??\c:\jvvdp.exec:\jvvdp.exe93⤵PID:820
-
\??\c:\7lxrfxl.exec:\7lxrfxl.exe94⤵PID:2396
-
\??\c:\5nhbnn.exec:\5nhbnn.exe95⤵PID:1840
-
\??\c:\tbbtnh.exec:\tbbtnh.exe96⤵PID:2908
-
\??\c:\vppdj.exec:\vppdj.exe97⤵PID:408
-
\??\c:\3ppdv.exec:\3ppdv.exe98⤵PID:4464
-
\??\c:\frlxfxr.exec:\frlxfxr.exe99⤵PID:2792
-
\??\c:\fllxrlf.exec:\fllxrlf.exe100⤵PID:4132
-
\??\c:\ttbbhn.exec:\ttbbhn.exe101⤵PID:1936
-
\??\c:\9nhtht.exec:\9nhtht.exe102⤵PID:1616
-
\??\c:\vddpd.exec:\vddpd.exe103⤵PID:4504
-
\??\c:\vjvjv.exec:\vjvjv.exe104⤵PID:4424
-
\??\c:\flrrfrr.exec:\flrrfrr.exe105⤵PID:4712
-
\??\c:\frrlfxx.exec:\frrlfxx.exe106⤵PID:1964
-
\??\c:\hbthtn.exec:\hbthtn.exe107⤵PID:4528
-
\??\c:\3tbnnn.exec:\3tbnnn.exe108⤵PID:1444
-
\??\c:\9djvd.exec:\9djvd.exe109⤵PID:2580
-
\??\c:\vddpp.exec:\vddpp.exe110⤵PID:4956
-
\??\c:\rxlrlxf.exec:\rxlrlxf.exe111⤵PID:1952
-
\??\c:\ffrfxll.exec:\ffrfxll.exe112⤵PID:2400
-
\??\c:\1hhbbt.exec:\1hhbbt.exe113⤵PID:4232
-
\??\c:\bnhbhb.exec:\bnhbhb.exe114⤵PID:5104
-
\??\c:\jdvjp.exec:\jdvjp.exe115⤵PID:388
-
\??\c:\pjppv.exec:\pjppv.exe116⤵PID:5080
-
\??\c:\rlrfxfx.exec:\rlrfxfx.exe117⤵PID:3376
-
\??\c:\rxxlxrf.exec:\rxxlxrf.exe118⤵PID:700
-
\??\c:\ffflxxl.exec:\ffflxxl.exe119⤵PID:2628
-
\??\c:\nhnhnh.exec:\nhnhnh.exe120⤵PID:1084
-
\??\c:\1bbhtn.exec:\1bbhtn.exe121⤵PID:3392
-
\??\c:\vjddv.exec:\vjddv.exe122⤵PID:4396
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-