Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cafe89b4cd8d0d18e1b0dc511a56f7f0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cafe89b4cd8d0d18e1b0dc511a56f7f0_NeikiAnalytics.exe
-
Size
65KB
-
MD5
cafe89b4cd8d0d18e1b0dc511a56f7f0
-
SHA1
4aaa5981e06a8bc2e156cd76ef9b221be4276e90
-
SHA256
bb6f5a4092ee030bcdfc6dad9a2a924a340cd5f8bc4977bd79a280064ffc3d44
-
SHA512
c34c1faf26f47820503889ec8bfcca21e6cbc4464388f4cc53a8379f7e90ad70e0a14c72a4336f6023110a23bc1af669f5825b6ca65c5b386ac7bec0eb3a22bb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AyXm4:ymb3NkkiQ3mdBjFI46TQyXm4
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral2/memory/3596-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3696-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/600-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2724-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4200-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1920-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4280-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4464-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2216-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3812-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1548-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4508-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4968-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3264-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4472-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3212-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3760-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1552-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/804-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2788-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5112-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3360-180-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/364-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 600 pjppv.exe 3696 xxlxffl.exe 4200 hnntnt.exe 2724 5dvpd.exe 4496 llrrlrl.exe 1920 xlxrllr.exe 4296 tnnnhh.exe 2604 vvvvp.exe 4280 ffllxxl.exe 2184 7hhhhb.exe 4464 pjppv.exe 4700 dpvpp.exe 2216 fflrlll.exe 3812 hbnnnt.exe 1548 ddvvv.exe 4508 1jvpv.exe 4968 lffxxxr.exe 3264 ttbbnt.exe 4472 1hnntn.exe 3212 jjjjp.exe 2288 fxfffff.exe 3760 nnbhhn.exe 1552 bnttnt.exe 2788 9jpjd.exe 804 frffxxx.exe 5112 xrrrrxr.exe 4400 3ttntb.exe 3360 pddvp.exe 568 xrllxrr.exe 928 xlrrrxr.exe 364 ppvvv.exe 4880 pppjd.exe 3504 9lrxrrr.exe 2784 bbtttn.exe 824 btbbbh.exe 3928 jjvvp.exe 3340 vvppp.exe 752 7frlrxl.exe 3368 btbttb.exe 700 pjdvv.exe 4540 lffxrll.exe 1192 rfrrfll.exe 876 tntbtb.exe 4948 nbhbhb.exe 2728 pjddv.exe 2368 rlrflrl.exe 2548 5rrfrxr.exe 2440 7thnnh.exe 4572 djppj.exe 3700 5vvpp.exe 2604 xrlrxfr.exe 1104 9hntth.exe 552 bthnnn.exe 3416 pdppj.exe 1524 vjvvv.exe 3084 rxxfxfl.exe 2216 llxlrxl.exe 4404 hhhtnt.exe 4084 nhntnb.exe 3148 jvddv.exe 3968 jdjjd.exe 3112 rxfrlrr.exe 5036 xxllrrf.exe 1480 5thbnt.exe -
resource yara_rule behavioral2/memory/3596-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3696-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/600-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2724-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4200-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1920-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4280-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4464-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2216-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3812-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1548-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4508-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4968-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3264-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4472-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3212-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3760-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1552-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/804-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2788-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5112-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3360-180-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/364-199-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3596 wrote to memory of 600 3596 cafe89b4cd8d0d18e1b0dc511a56f7f0_NeikiAnalytics.exe 82 PID 3596 wrote to memory of 600 3596 cafe89b4cd8d0d18e1b0dc511a56f7f0_NeikiAnalytics.exe 82 PID 3596 wrote to memory of 600 3596 cafe89b4cd8d0d18e1b0dc511a56f7f0_NeikiAnalytics.exe 82 PID 600 wrote to memory of 3696 600 pjppv.exe 83 PID 600 wrote to memory of 3696 600 pjppv.exe 83 PID 600 wrote to memory of 3696 600 pjppv.exe 83 PID 3696 wrote to memory of 4200 3696 xxlxffl.exe 84 PID 3696 wrote to memory of 4200 3696 xxlxffl.exe 84 PID 3696 wrote to memory of 4200 3696 xxlxffl.exe 84 PID 4200 wrote to memory of 2724 4200 hnntnt.exe 85 PID 4200 wrote to memory of 2724 4200 hnntnt.exe 85 PID 4200 wrote to memory of 2724 4200 hnntnt.exe 85 PID 2724 wrote to memory of 4496 2724 5dvpd.exe 86 PID 2724 wrote to memory of 4496 2724 5dvpd.exe 86 PID 2724 wrote to memory of 4496 2724 5dvpd.exe 86 PID 4496 wrote to memory of 1920 4496 llrrlrl.exe 87 PID 4496 wrote to memory of 1920 4496 llrrlrl.exe 87 PID 4496 wrote to memory of 1920 4496 llrrlrl.exe 87 PID 1920 wrote to memory of 4296 1920 xlxrllr.exe 88 PID 1920 wrote to memory of 4296 1920 xlxrllr.exe 88 PID 1920 wrote to memory of 4296 1920 xlxrllr.exe 88 PID 4296 wrote to memory of 2604 4296 tnnnhh.exe 89 PID 4296 wrote to memory of 2604 4296 tnnnhh.exe 89 PID 4296 wrote to memory of 2604 4296 tnnnhh.exe 89 PID 2604 wrote to memory of 4280 2604 vvvvp.exe 90 PID 2604 wrote to memory of 4280 2604 vvvvp.exe 90 PID 2604 wrote to memory of 4280 2604 vvvvp.exe 90 PID 4280 wrote to memory of 2184 4280 ffllxxl.exe 91 PID 4280 wrote to memory of 2184 4280 ffllxxl.exe 91 PID 4280 wrote to memory of 2184 4280 ffllxxl.exe 91 PID 2184 wrote to memory of 4464 2184 7hhhhb.exe 92 PID 2184 wrote to memory of 4464 2184 7hhhhb.exe 92 PID 2184 wrote to memory of 4464 2184 7hhhhb.exe 92 PID 4464 wrote to memory of 4700 4464 pjppv.exe 93 PID 4464 wrote to memory of 4700 4464 pjppv.exe 93 PID 4464 wrote to memory of 4700 4464 pjppv.exe 93 PID 4700 wrote to memory of 2216 4700 dpvpp.exe 94 PID 4700 wrote to memory of 2216 4700 dpvpp.exe 94 PID 4700 wrote to memory of 2216 4700 dpvpp.exe 94 PID 2216 wrote to memory of 3812 2216 fflrlll.exe 95 PID 2216 wrote to memory of 3812 2216 fflrlll.exe 95 PID 2216 wrote to memory of 3812 2216 fflrlll.exe 95 PID 3812 wrote to memory of 1548 3812 hbnnnt.exe 96 PID 3812 wrote to memory of 1548 3812 hbnnnt.exe 96 PID 3812 wrote to memory of 1548 3812 hbnnnt.exe 96 PID 1548 wrote to memory of 4508 1548 ddvvv.exe 97 PID 1548 wrote to memory of 4508 1548 ddvvv.exe 97 PID 1548 wrote to memory of 4508 1548 ddvvv.exe 97 PID 4508 wrote to memory of 4968 4508 1jvpv.exe 98 PID 4508 wrote to memory of 4968 4508 1jvpv.exe 98 PID 4508 wrote to memory of 4968 4508 1jvpv.exe 98 PID 4968 wrote to memory of 3264 4968 lffxxxr.exe 99 PID 4968 wrote to memory of 3264 4968 lffxxxr.exe 99 PID 4968 wrote to memory of 3264 4968 lffxxxr.exe 99 PID 3264 wrote to memory of 4472 3264 ttbbnt.exe 100 PID 3264 wrote to memory of 4472 3264 ttbbnt.exe 100 PID 3264 wrote to memory of 4472 3264 ttbbnt.exe 100 PID 4472 wrote to memory of 3212 4472 1hnntn.exe 101 PID 4472 wrote to memory of 3212 4472 1hnntn.exe 101 PID 4472 wrote to memory of 3212 4472 1hnntn.exe 101 PID 3212 wrote to memory of 2288 3212 jjjjp.exe 102 PID 3212 wrote to memory of 2288 3212 jjjjp.exe 102 PID 3212 wrote to memory of 2288 3212 jjjjp.exe 102 PID 2288 wrote to memory of 3760 2288 fxfffff.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\cafe89b4cd8d0d18e1b0dc511a56f7f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cafe89b4cd8d0d18e1b0dc511a56f7f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3596 -
\??\c:\pjppv.exec:\pjppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:600 -
\??\c:\xxlxffl.exec:\xxlxffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3696 -
\??\c:\hnntnt.exec:\hnntnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4200 -
\??\c:\5dvpd.exec:\5dvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\llrrlrl.exec:\llrrlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4496 -
\??\c:\xlxrllr.exec:\xlxrllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1920 -
\??\c:\tnnnhh.exec:\tnnnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4296 -
\??\c:\vvvvp.exec:\vvvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2604 -
\??\c:\ffllxxl.exec:\ffllxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4280 -
\??\c:\7hhhhb.exec:\7hhhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\pjppv.exec:\pjppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4464 -
\??\c:\dpvpp.exec:\dpvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4700 -
\??\c:\fflrlll.exec:\fflrlll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2216 -
\??\c:\hbnnnt.exec:\hbnnnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3812 -
\??\c:\ddvvv.exec:\ddvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1548 -
\??\c:\1jvpv.exec:\1jvpv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4508 -
\??\c:\lffxxxr.exec:\lffxxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4968 -
\??\c:\ttbbnt.exec:\ttbbnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3264 -
\??\c:\1hnntn.exec:\1hnntn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4472 -
\??\c:\jjjjp.exec:\jjjjp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3212 -
\??\c:\fxfffff.exec:\fxfffff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2288 -
\??\c:\nnbhhn.exec:\nnbhhn.exe23⤵
- Executes dropped EXE
PID:3760 -
\??\c:\bnttnt.exec:\bnttnt.exe24⤵
- Executes dropped EXE
PID:1552 -
\??\c:\9jpjd.exec:\9jpjd.exe25⤵
- Executes dropped EXE
PID:2788 -
\??\c:\frffxxx.exec:\frffxxx.exe26⤵
- Executes dropped EXE
PID:804 -
\??\c:\xrrrrxr.exec:\xrrrrxr.exe27⤵
- Executes dropped EXE
PID:5112 -
\??\c:\3ttntb.exec:\3ttntb.exe28⤵
- Executes dropped EXE
PID:4400 -
\??\c:\pddvp.exec:\pddvp.exe29⤵
- Executes dropped EXE
PID:3360 -
\??\c:\xrllxrr.exec:\xrllxrr.exe30⤵
- Executes dropped EXE
PID:568 -
\??\c:\xlrrrxr.exec:\xlrrrxr.exe31⤵
- Executes dropped EXE
PID:928 -
\??\c:\ppvvv.exec:\ppvvv.exe32⤵
- Executes dropped EXE
PID:364 -
\??\c:\pppjd.exec:\pppjd.exe33⤵
- Executes dropped EXE
PID:4880 -
\??\c:\9lrxrrr.exec:\9lrxrrr.exe34⤵
- Executes dropped EXE
PID:3504 -
\??\c:\bbtttn.exec:\bbtttn.exe35⤵
- Executes dropped EXE
PID:2784 -
\??\c:\btbbbh.exec:\btbbbh.exe36⤵
- Executes dropped EXE
PID:824 -
\??\c:\jjvvp.exec:\jjvvp.exe37⤵
- Executes dropped EXE
PID:3928 -
\??\c:\vvppp.exec:\vvppp.exe38⤵
- Executes dropped EXE
PID:3340 -
\??\c:\7frlrxl.exec:\7frlrxl.exe39⤵
- Executes dropped EXE
PID:752 -
\??\c:\btbttb.exec:\btbttb.exe40⤵
- Executes dropped EXE
PID:3368 -
\??\c:\pjdvv.exec:\pjdvv.exe41⤵
- Executes dropped EXE
PID:700 -
\??\c:\lffxrll.exec:\lffxrll.exe42⤵
- Executes dropped EXE
PID:4540 -
\??\c:\rfrrfll.exec:\rfrrfll.exe43⤵
- Executes dropped EXE
PID:1192 -
\??\c:\tntbtb.exec:\tntbtb.exe44⤵
- Executes dropped EXE
PID:876 -
\??\c:\nbhbhb.exec:\nbhbhb.exe45⤵
- Executes dropped EXE
PID:4948 -
\??\c:\pjddv.exec:\pjddv.exe46⤵
- Executes dropped EXE
PID:2728 -
\??\c:\rlrflrl.exec:\rlrflrl.exe47⤵
- Executes dropped EXE
PID:2368 -
\??\c:\5rrfrxr.exec:\5rrfrxr.exe48⤵
- Executes dropped EXE
PID:2548 -
\??\c:\7thnnh.exec:\7thnnh.exe49⤵
- Executes dropped EXE
PID:2440 -
\??\c:\djppj.exec:\djppj.exe50⤵
- Executes dropped EXE
PID:4572 -
\??\c:\5vvpp.exec:\5vvpp.exe51⤵
- Executes dropped EXE
PID:3700 -
\??\c:\xrlrxfr.exec:\xrlrxfr.exe52⤵
- Executes dropped EXE
PID:2604 -
\??\c:\9hntth.exec:\9hntth.exe53⤵
- Executes dropped EXE
PID:1104 -
\??\c:\bthnnn.exec:\bthnnn.exe54⤵
- Executes dropped EXE
PID:552 -
\??\c:\pdppj.exec:\pdppj.exe55⤵
- Executes dropped EXE
PID:3416 -
\??\c:\vjvvv.exec:\vjvvv.exe56⤵
- Executes dropped EXE
PID:1524 -
\??\c:\rxxfxfl.exec:\rxxfxfl.exe57⤵
- Executes dropped EXE
PID:3084 -
\??\c:\llxlrxl.exec:\llxlrxl.exe58⤵
- Executes dropped EXE
PID:2216 -
\??\c:\hhhtnt.exec:\hhhtnt.exe59⤵
- Executes dropped EXE
PID:4404 -
\??\c:\nhntnb.exec:\nhntnb.exe60⤵
- Executes dropped EXE
PID:4084 -
\??\c:\jvddv.exec:\jvddv.exe61⤵
- Executes dropped EXE
PID:3148 -
\??\c:\jdjjd.exec:\jdjjd.exe62⤵
- Executes dropped EXE
PID:3968 -
\??\c:\rxfrlrr.exec:\rxfrlrr.exe63⤵
- Executes dropped EXE
PID:3112 -
\??\c:\xxllrrf.exec:\xxllrrf.exe64⤵
- Executes dropped EXE
PID:5036 -
\??\c:\5thbnt.exec:\5thbnt.exe65⤵
- Executes dropped EXE
PID:1480 -
\??\c:\tntnnt.exec:\tntnnt.exe66⤵PID:3228
-
\??\c:\dvppj.exec:\dvppj.exe67⤵PID:3212
-
\??\c:\vvvvp.exec:\vvvvp.exe68⤵PID:3492
-
\??\c:\1lxxflx.exec:\1lxxflx.exe69⤵PID:232
-
\??\c:\1xxxxff.exec:\1xxxxff.exe70⤵PID:4184
-
\??\c:\nbbttb.exec:\nbbttb.exe71⤵PID:556
-
\??\c:\7pjdp.exec:\7pjdp.exe72⤵PID:4268
-
\??\c:\xxfffll.exec:\xxfffll.exe73⤵PID:4076
-
\??\c:\3xlfxxx.exec:\3xlfxxx.exe74⤵PID:4176
-
\??\c:\htbntn.exec:\htbntn.exe75⤵PID:3116
-
\??\c:\hbtnbh.exec:\hbtnbh.exe76⤵PID:1368
-
\??\c:\jjjdv.exec:\jjjdv.exe77⤵PID:4504
-
\??\c:\vjddj.exec:\vjddj.exe78⤵PID:3948
-
\??\c:\fxfxlfl.exec:\fxfxlfl.exe79⤵PID:4388
-
\??\c:\xxrrlrf.exec:\xxrrlrf.exe80⤵PID:4440
-
\??\c:\tnhbtn.exec:\tnhbtn.exe81⤵PID:4292
-
\??\c:\jdjvv.exec:\jdjvv.exe82⤵PID:3528
-
\??\c:\1vjdj.exec:\1vjdj.exe83⤵PID:4104
-
\??\c:\xrrrxrr.exec:\xrrrxrr.exe84⤵PID:2296
-
\??\c:\ttthbn.exec:\ttthbn.exe85⤵PID:4068
-
\??\c:\hhhhnn.exec:\hhhhnn.exe86⤵PID:3284
-
\??\c:\ddpdv.exec:\ddpdv.exe87⤵PID:3772
-
\??\c:\7fffxxx.exec:\7fffxxx.exe88⤵PID:3880
-
\??\c:\hbbbbh.exec:\hbbbbh.exe89⤵PID:1224
-
\??\c:\pddpv.exec:\pddpv.exe90⤵PID:1576
-
\??\c:\djpvp.exec:\djpvp.exe91⤵PID:3696
-
\??\c:\lrfffff.exec:\lrfffff.exe92⤵PID:1936
-
\??\c:\bnnnnt.exec:\bnnnnt.exe93⤵PID:4064
-
\??\c:\vpvvp.exec:\vpvvp.exe94⤵PID:3140
-
\??\c:\9lllfrx.exec:\9lllfrx.exe95⤵PID:2936
-
\??\c:\7rxfflr.exec:\7rxfflr.exe96⤵PID:4496
-
\??\c:\tbbbbb.exec:\tbbbbb.exe97⤵PID:1216
-
\??\c:\dpddv.exec:\dpddv.exe98⤵PID:2840
-
\??\c:\jdjdv.exec:\jdjdv.exe99⤵PID:2056
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe100⤵PID:1052
-
\??\c:\nnnnnt.exec:\nnnnnt.exe101⤵PID:4784
-
\??\c:\nthhbn.exec:\nthhbn.exe102⤵PID:1056
-
\??\c:\dpvdd.exec:\dpvdd.exe103⤵PID:4908
-
\??\c:\flxxxff.exec:\flxxxff.exe104⤵PID:1436
-
\??\c:\xfffxrl.exec:\xfffxrl.exe105⤵PID:2476
-
\??\c:\nbtttn.exec:\nbtttn.exe106⤵PID:4996
-
\??\c:\ppvdj.exec:\ppvdj.exe107⤵PID:4756
-
\??\c:\xxrrflf.exec:\xxrrflf.exe108⤵PID:4084
-
\??\c:\thntnn.exec:\thntnn.exe109⤵PID:3148
-
\??\c:\vpppj.exec:\vpppj.exe110⤵PID:4304
-
\??\c:\xrxxrrx.exec:\xrxxrrx.exe111⤵PID:3112
-
\??\c:\fffffll.exec:\fffffll.exe112⤵PID:4472
-
\??\c:\3ntnnn.exec:\3ntnnn.exe113⤵PID:4796
-
\??\c:\jjppp.exec:\jjppp.exe114⤵PID:3232
-
\??\c:\dvdvp.exec:\dvdvp.exe115⤵PID:2100
-
\??\c:\9frllll.exec:\9frllll.exe116⤵PID:696
-
\??\c:\tnnttb.exec:\tnnttb.exe117⤵PID:4448
-
\??\c:\nntnnt.exec:\nntnnt.exe118⤵PID:4932
-
\??\c:\9vvvv.exec:\9vvvv.exe119⤵PID:1148
-
\??\c:\3djdd.exec:\3djdd.exe120⤵PID:116
-
\??\c:\vpvvp.exec:\vpvvp.exe121⤵PID:3128
-
\??\c:\xxffxxx.exec:\xxffxxx.exe122⤵PID:1500
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-