Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe
-
Size
63KB
-
MD5
cb6af1535a31d482a7730652dc81a0f0
-
SHA1
676eec737409993f6cdd4d2d70d3e79a0a63c458
-
SHA256
71dd3e830c1a064c1bb39e1c77abb2135d1081cf611d51fd8aa17ba7b3f3b4bc
-
SHA512
6a8530825f329e74fb953eb8ccf3c6740caaac657a1d7128596b29a0eed90153a00e1fb4d64317cc341e9bcc2f4d436d01a6e5ffee888f355816cd862c679e43
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AS:ymb3NkkiQ3mdBjFI46TQS
Malware Config
Signatures
-
Detect Blackmoon payload 27 IoCs
resource yara_rule behavioral2/memory/4656-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2308-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3044-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3432-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4940-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2820-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1532-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2596-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2076-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2804-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1736-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1776-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2912-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2424-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3920-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2052-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3104-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1088-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/404-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4992-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1268-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4580-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3288-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4104-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2980-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1924-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2968-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2308 9hnbbb.exe 3044 xrrlffx.exe 5096 htttnn.exe 3432 btbthh.exe 4940 pddpj.exe 2820 ddpdd.exe 1532 9frffff.exe 2596 ttbbhn.exe 3520 ddvjv.exe 2076 3jdjp.exe 2804 rrrrrrl.exe 1736 hbhbbb.exe 1776 jdddv.exe 2912 rflfxrl.exe 2424 nbbbnn.exe 3920 jvddd.exe 2052 dvdvd.exe 3104 ffrlrfx.exe 1088 xrxxrxr.exe 4428 tthnnt.exe 2904 jdppp.exe 404 dvjjp.exe 4992 7frxxrr.exe 1268 hhtbtb.exe 4580 pdvdp.exe 3288 xrxxrrx.exe 4104 1bnnhn.exe 2980 3vjjj.exe 1924 bbhbhh.exe 2968 hhttnt.exe 4736 jjddv.exe 4032 vjppp.exe 2128 rrllrxl.exe 4964 5rfllrl.exe 2448 thtttb.exe 3184 tntttb.exe 4652 djddd.exe 1380 3xrxxlx.exe 756 bhbbtb.exe 4416 bhtnbb.exe 1384 ddjpd.exe 872 vjppp.exe 772 5fxllrr.exe 2484 lfrxrxx.exe 1112 bbhhhh.exe 364 thbbbh.exe 4660 dvdvp.exe 4012 1rxxrfl.exe 1400 lxlrrrr.exe 1716 nnnhbb.exe 2268 hhbttn.exe 2228 vvddd.exe 2276 jddvp.exe 2236 xxffxff.exe 828 nnnhhh.exe 2792 nbbtnh.exe 1212 ddddd.exe 4612 xlrxxxx.exe 4856 rxxffll.exe 2552 nnnnnt.exe 2584 btbtnn.exe 4724 3jpjd.exe 1808 5pvvp.exe 2600 lrrlrxf.exe -
resource yara_rule behavioral2/memory/4656-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2308-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3044-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3432-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4940-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2820-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1532-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2596-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2076-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2076-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2804-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1736-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1776-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2912-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2424-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3920-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2052-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3104-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1088-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/404-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4992-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1268-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4580-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3288-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4104-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2980-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1924-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2968-197-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4656 wrote to memory of 2308 4656 cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe 83 PID 4656 wrote to memory of 2308 4656 cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe 83 PID 4656 wrote to memory of 2308 4656 cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe 83 PID 2308 wrote to memory of 3044 2308 9hnbbb.exe 84 PID 2308 wrote to memory of 3044 2308 9hnbbb.exe 84 PID 2308 wrote to memory of 3044 2308 9hnbbb.exe 84 PID 3044 wrote to memory of 5096 3044 xrrlffx.exe 85 PID 3044 wrote to memory of 5096 3044 xrrlffx.exe 85 PID 3044 wrote to memory of 5096 3044 xrrlffx.exe 85 PID 5096 wrote to memory of 3432 5096 htttnn.exe 86 PID 5096 wrote to memory of 3432 5096 htttnn.exe 86 PID 5096 wrote to memory of 3432 5096 htttnn.exe 86 PID 3432 wrote to memory of 4940 3432 btbthh.exe 87 PID 3432 wrote to memory of 4940 3432 btbthh.exe 87 PID 3432 wrote to memory of 4940 3432 btbthh.exe 87 PID 4940 wrote to memory of 2820 4940 pddpj.exe 88 PID 4940 wrote to memory of 2820 4940 pddpj.exe 88 PID 4940 wrote to memory of 2820 4940 pddpj.exe 88 PID 2820 wrote to memory of 1532 2820 ddpdd.exe 89 PID 2820 wrote to memory of 1532 2820 ddpdd.exe 89 PID 2820 wrote to memory of 1532 2820 ddpdd.exe 89 PID 1532 wrote to memory of 2596 1532 9frffff.exe 90 PID 1532 wrote to memory of 2596 1532 9frffff.exe 90 PID 1532 wrote to memory of 2596 1532 9frffff.exe 90 PID 2596 wrote to memory of 3520 2596 ttbbhn.exe 91 PID 2596 wrote to memory of 3520 2596 ttbbhn.exe 91 PID 2596 wrote to memory of 3520 2596 ttbbhn.exe 91 PID 3520 wrote to memory of 2076 3520 ddvjv.exe 92 PID 3520 wrote to memory of 2076 3520 ddvjv.exe 92 PID 3520 wrote to memory of 2076 3520 ddvjv.exe 92 PID 2076 wrote to memory of 2804 2076 3jdjp.exe 93 PID 2076 wrote to memory of 2804 2076 3jdjp.exe 93 PID 2076 wrote to memory of 2804 2076 3jdjp.exe 93 PID 2804 wrote to memory of 1736 2804 rrrrrrl.exe 94 PID 2804 wrote to memory of 1736 2804 rrrrrrl.exe 94 PID 2804 wrote to memory of 1736 2804 rrrrrrl.exe 94 PID 1736 wrote to memory of 1776 1736 hbhbbb.exe 95 PID 1736 wrote to memory of 1776 1736 hbhbbb.exe 95 PID 1736 wrote to memory of 1776 1736 hbhbbb.exe 95 PID 1776 wrote to memory of 2912 1776 jdddv.exe 96 PID 1776 wrote to memory of 2912 1776 jdddv.exe 96 PID 1776 wrote to memory of 2912 1776 jdddv.exe 96 PID 2912 wrote to memory of 2424 2912 rflfxrl.exe 97 PID 2912 wrote to memory of 2424 2912 rflfxrl.exe 97 PID 2912 wrote to memory of 2424 2912 rflfxrl.exe 97 PID 2424 wrote to memory of 3920 2424 nbbbnn.exe 98 PID 2424 wrote to memory of 3920 2424 nbbbnn.exe 98 PID 2424 wrote to memory of 3920 2424 nbbbnn.exe 98 PID 3920 wrote to memory of 2052 3920 jvddd.exe 99 PID 3920 wrote to memory of 2052 3920 jvddd.exe 99 PID 3920 wrote to memory of 2052 3920 jvddd.exe 99 PID 2052 wrote to memory of 3104 2052 dvdvd.exe 100 PID 2052 wrote to memory of 3104 2052 dvdvd.exe 100 PID 2052 wrote to memory of 3104 2052 dvdvd.exe 100 PID 3104 wrote to memory of 1088 3104 ffrlrfx.exe 101 PID 3104 wrote to memory of 1088 3104 ffrlrfx.exe 101 PID 3104 wrote to memory of 1088 3104 ffrlrfx.exe 101 PID 1088 wrote to memory of 4428 1088 xrxxrxr.exe 102 PID 1088 wrote to memory of 4428 1088 xrxxrxr.exe 102 PID 1088 wrote to memory of 4428 1088 xrxxrxr.exe 102 PID 4428 wrote to memory of 2904 4428 tthnnt.exe 103 PID 4428 wrote to memory of 2904 4428 tthnnt.exe 103 PID 4428 wrote to memory of 2904 4428 tthnnt.exe 103 PID 2904 wrote to memory of 404 2904 jdppp.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb6af1535a31d482a7730652dc81a0f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4656 -
\??\c:\9hnbbb.exec:\9hnbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\xrrlffx.exec:\xrrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3044 -
\??\c:\htttnn.exec:\htttnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5096 -
\??\c:\btbthh.exec:\btbthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3432 -
\??\c:\pddpj.exec:\pddpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4940 -
\??\c:\ddpdd.exec:\ddpdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2820 -
\??\c:\9frffff.exec:\9frffff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1532 -
\??\c:\ttbbhn.exec:\ttbbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\ddvjv.exec:\ddvjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3520 -
\??\c:\3jdjp.exec:\3jdjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2076 -
\??\c:\rrrrrrl.exec:\rrrrrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2804 -
\??\c:\hbhbbb.exec:\hbhbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1736 -
\??\c:\jdddv.exec:\jdddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1776 -
\??\c:\rflfxrl.exec:\rflfxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\nbbbnn.exec:\nbbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\jvddd.exec:\jvddd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3920 -
\??\c:\dvdvd.exec:\dvdvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2052 -
\??\c:\ffrlrfx.exec:\ffrlrfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3104 -
\??\c:\xrxxrxr.exec:\xrxxrxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1088 -
\??\c:\tthnnt.exec:\tthnnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4428 -
\??\c:\jdppp.exec:\jdppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2904 -
\??\c:\dvjjp.exec:\dvjjp.exe23⤵
- Executes dropped EXE
PID:404 -
\??\c:\7frxxrr.exec:\7frxxrr.exe24⤵
- Executes dropped EXE
PID:4992 -
\??\c:\hhtbtb.exec:\hhtbtb.exe25⤵
- Executes dropped EXE
PID:1268 -
\??\c:\pdvdp.exec:\pdvdp.exe26⤵
- Executes dropped EXE
PID:4580 -
\??\c:\xrxxrrx.exec:\xrxxrrx.exe27⤵
- Executes dropped EXE
PID:3288 -
\??\c:\1bnnhn.exec:\1bnnhn.exe28⤵
- Executes dropped EXE
PID:4104 -
\??\c:\3vjjj.exec:\3vjjj.exe29⤵
- Executes dropped EXE
PID:2980 -
\??\c:\bbhbhh.exec:\bbhbhh.exe30⤵
- Executes dropped EXE
PID:1924 -
\??\c:\hhttnt.exec:\hhttnt.exe31⤵
- Executes dropped EXE
PID:2968 -
\??\c:\jjddv.exec:\jjddv.exe32⤵
- Executes dropped EXE
PID:4736 -
\??\c:\vjppp.exec:\vjppp.exe33⤵
- Executes dropped EXE
PID:4032 -
\??\c:\rrllrxl.exec:\rrllrxl.exe34⤵
- Executes dropped EXE
PID:2128 -
\??\c:\5rfllrl.exec:\5rfllrl.exe35⤵
- Executes dropped EXE
PID:4964 -
\??\c:\thtttb.exec:\thtttb.exe36⤵
- Executes dropped EXE
PID:2448 -
\??\c:\tntttb.exec:\tntttb.exe37⤵
- Executes dropped EXE
PID:3184 -
\??\c:\djddd.exec:\djddd.exe38⤵
- Executes dropped EXE
PID:4652 -
\??\c:\3xrxxlx.exec:\3xrxxlx.exe39⤵
- Executes dropped EXE
PID:1380 -
\??\c:\bhbbtb.exec:\bhbbtb.exe40⤵
- Executes dropped EXE
PID:756 -
\??\c:\bhtnbb.exec:\bhtnbb.exe41⤵
- Executes dropped EXE
PID:4416 -
\??\c:\ddjpd.exec:\ddjpd.exe42⤵
- Executes dropped EXE
PID:1384 -
\??\c:\vjppp.exec:\vjppp.exe43⤵
- Executes dropped EXE
PID:872 -
\??\c:\5fxllrr.exec:\5fxllrr.exe44⤵
- Executes dropped EXE
PID:772 -
\??\c:\lfrxrxx.exec:\lfrxrxx.exe45⤵
- Executes dropped EXE
PID:2484 -
\??\c:\bbhhhh.exec:\bbhhhh.exe46⤵
- Executes dropped EXE
PID:1112 -
\??\c:\thbbbh.exec:\thbbbh.exe47⤵
- Executes dropped EXE
PID:364 -
\??\c:\dvdvp.exec:\dvdvp.exe48⤵
- Executes dropped EXE
PID:4660 -
\??\c:\1rxxrfl.exec:\1rxxrfl.exe49⤵
- Executes dropped EXE
PID:4012 -
\??\c:\lxlrrrr.exec:\lxlrrrr.exe50⤵
- Executes dropped EXE
PID:1400 -
\??\c:\nnnhbb.exec:\nnnhbb.exe51⤵
- Executes dropped EXE
PID:1716 -
\??\c:\hhbttn.exec:\hhbttn.exe52⤵
- Executes dropped EXE
PID:2268 -
\??\c:\vvddd.exec:\vvddd.exe53⤵
- Executes dropped EXE
PID:2228 -
\??\c:\jddvp.exec:\jddvp.exe54⤵
- Executes dropped EXE
PID:2276 -
\??\c:\xxffxff.exec:\xxffxff.exe55⤵
- Executes dropped EXE
PID:2236 -
\??\c:\nnnhhh.exec:\nnnhhh.exe56⤵
- Executes dropped EXE
PID:828 -
\??\c:\nbbtnh.exec:\nbbtnh.exe57⤵
- Executes dropped EXE
PID:2792 -
\??\c:\ddddd.exec:\ddddd.exe58⤵
- Executes dropped EXE
PID:1212 -
\??\c:\xlrxxxx.exec:\xlrxxxx.exe59⤵
- Executes dropped EXE
PID:4612 -
\??\c:\rxxffll.exec:\rxxffll.exe60⤵
- Executes dropped EXE
PID:4856 -
\??\c:\nnnnnt.exec:\nnnnnt.exe61⤵
- Executes dropped EXE
PID:2552 -
\??\c:\btbtnn.exec:\btbtnn.exe62⤵
- Executes dropped EXE
PID:2584 -
\??\c:\3jpjd.exec:\3jpjd.exe63⤵
- Executes dropped EXE
PID:4724 -
\??\c:\5pvvp.exec:\5pvvp.exe64⤵
- Executes dropped EXE
PID:1808 -
\??\c:\lrrlrxf.exec:\lrrlrxf.exe65⤵
- Executes dropped EXE
PID:2600 -
\??\c:\7flxllf.exec:\7flxllf.exe66⤵PID:1740
-
\??\c:\btbbtb.exec:\btbbtb.exe67⤵PID:3480
-
\??\c:\tnhbnh.exec:\tnhbnh.exe68⤵PID:4936
-
\??\c:\7ddvp.exec:\7ddvp.exe69⤵PID:3896
-
\??\c:\7lrllll.exec:\7lrllll.exe70⤵PID:1676
-
\??\c:\5lrxflx.exec:\5lrxflx.exe71⤵PID:4920
-
\??\c:\hbhtht.exec:\hbhtht.exe72⤵PID:4292
-
\??\c:\ddpdd.exec:\ddpdd.exe73⤵PID:1424
-
\??\c:\fxxrlff.exec:\fxxrlff.exe74⤵PID:3788
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe75⤵PID:4404
-
\??\c:\htbttb.exec:\htbttb.exe76⤵PID:4316
-
\??\c:\pjdpj.exec:\pjdpj.exe77⤵PID:3968
-
\??\c:\dvjdp.exec:\dvjdp.exe78⤵PID:1880
-
\??\c:\lxlxxrl.exec:\lxlxxrl.exe79⤵PID:2900
-
\??\c:\nhnbth.exec:\nhnbth.exe80⤵PID:1872
-
\??\c:\dvjjj.exec:\dvjjj.exe81⤵PID:3048
-
\??\c:\vdjdp.exec:\vdjdp.exe82⤵PID:1388
-
\??\c:\ffrxrxx.exec:\ffrxrxx.exe83⤵PID:1156
-
\??\c:\btbbbh.exec:\btbbbh.exe84⤵PID:4212
-
\??\c:\httttt.exec:\httttt.exe85⤵PID:1616
-
\??\c:\pjpvv.exec:\pjpvv.exe86⤵PID:660
-
\??\c:\fxlffll.exec:\fxlffll.exe87⤵PID:5028
-
\??\c:\rrrrlll.exec:\rrrrlll.exe88⤵PID:216
-
\??\c:\hhbhhb.exec:\hhbhhb.exe89⤵PID:1420
-
\??\c:\bhnthn.exec:\bhnthn.exe90⤵PID:3600
-
\??\c:\ppvvp.exec:\ppvvp.exe91⤵PID:4220
-
\??\c:\vppdp.exec:\vppdp.exe92⤵PID:744
-
\??\c:\xxxxxxf.exec:\xxxxxxf.exe93⤵PID:1640
-
\??\c:\llllflf.exec:\llllflf.exe94⤵PID:2300
-
\??\c:\7ttnhh.exec:\7ttnhh.exe95⤵PID:3328
-
\??\c:\bhnnht.exec:\bhnnht.exe96⤵PID:3016
-
\??\c:\ddvvp.exec:\ddvvp.exe97⤵PID:3692
-
\??\c:\9pvpv.exec:\9pvpv.exe98⤵PID:2368
-
\??\c:\frffxfx.exec:\frffxfx.exe99⤵PID:1400
-
\??\c:\nhhbtt.exec:\nhhbtt.exe100⤵PID:4928
-
\??\c:\vpvpd.exec:\vpvpd.exe101⤵PID:4584
-
\??\c:\llxrrfr.exec:\llxrrfr.exe102⤵PID:4848
-
\??\c:\rlllffx.exec:\rlllffx.exe103⤵PID:1964
-
\??\c:\hbhhbb.exec:\hbhhbb.exe104⤵PID:1840
-
\??\c:\bnbhhb.exec:\bnbhhb.exe105⤵PID:2244
-
\??\c:\pddjv.exec:\pddjv.exe106⤵PID:2204
-
\??\c:\lxxrfff.exec:\lxxrfff.exe107⤵PID:2768
-
\??\c:\bthbtt.exec:\bthbtt.exe108⤵PID:2940
-
\??\c:\vjpjp.exec:\vjpjp.exe109⤵PID:2552
-
\??\c:\7ddpj.exec:\7ddpj.exe110⤵PID:3316
-
\??\c:\rxfxrxr.exec:\rxfxrxr.exe111⤵PID:3104
-
\??\c:\btbbtt.exec:\btbbtt.exe112⤵PID:1088
-
\??\c:\bbbtnb.exec:\bbbtnb.exe113⤵PID:4832
-
\??\c:\vpppj.exec:\vpppj.exe114⤵PID:3480
-
\??\c:\jvddd.exec:\jvddd.exe115⤵PID:4064
-
\??\c:\llxxrxx.exec:\llxxrxx.exe116⤵PID:2812
-
\??\c:\rxfrllf.exec:\rxfrllf.exe117⤵PID:4588
-
\??\c:\nhnhhb.exec:\nhnhhb.exe118⤵PID:424
-
\??\c:\5hnbhh.exec:\5hnbhh.exe119⤵PID:1196
-
\??\c:\jdjvp.exec:\jdjvp.exe120⤵PID:4316
-
\??\c:\dvjdd.exec:\dvjdd.exe121⤵PID:1660
-
\??\c:\pppdv.exec:\pppdv.exe122⤵PID:1596
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-