Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cc0f370851036ddd6d4eafe7f9a87dc0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cc0f370851036ddd6d4eafe7f9a87dc0_NeikiAnalytics.exe
-
Size
305KB
-
MD5
cc0f370851036ddd6d4eafe7f9a87dc0
-
SHA1
3a74d3b515f3ca4ef4ec225ad9387dc3cd7c88c1
-
SHA256
df551886303d9eef888a15c71968a41a154cd878a41759ea4922176ca851625e
-
SHA512
1a7d78d718afe9be2cb5cc2c7b1c523ef54a692064529d3190ff43f42c5c75ac4fcef63b621bfa229228f6734f3c1c75ea67016f5537538e44e19ef6968f8845
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2v+:n3C9uUnAvtd3Ogld2v+
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral2/memory/1624-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4352-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3520-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1632-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4956-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4928-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2792-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4260-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2340-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1524-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4884-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1248-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2104-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4796-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4764-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4984-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2068-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4232-198-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3608-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4668-185-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3988-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5104-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4188-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4316-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4352 jvjjj.exe 3428 3flfffx.exe 3520 pvpvv.exe 1632 5bnbtn.exe 4956 vjdpj.exe 4928 lffxrxr.exe 2792 5rrlfff.exe 4260 djpjj.exe 2340 nbnnnb.exe 4004 jdddv.exe 1524 1frllll.exe 4884 nhhbbb.exe 3216 dddpd.exe 1248 bnnhtt.exe 2104 pvvpj.exe 4796 bbbhbh.exe 5044 jddvj.exe 4764 djjvj.exe 1928 5nnhbn.exe 4188 nnnhbt.exe 4984 dvdvd.exe 5104 lxlffrl.exe 2068 1nntnh.exe 4624 9ddvp.exe 3988 xffxfxf.exe 3076 btntbh.exe 232 btnnnt.exe 4668 djvvd.exe 4232 rrxxrxr.exe 3608 tbhhhn.exe 4316 jjjjv.exe 4024 5jvvp.exe 3744 7hbbtb.exe 4464 pjpvv.exe 368 fxrlffx.exe 2332 hhhthn.exe 2404 pddjv.exe 4680 1xxrllx.exe 3392 nnbhth.exe 4964 dpdjj.exe 380 pjjdv.exe 2624 ntbhhb.exe 4784 vddvj.exe 4736 fxrlflf.exe 4948 btbnnb.exe 3964 pddvp.exe 3040 3lxrrrx.exe 840 bnttnn.exe 1036 ppjdj.exe 4684 5xxrlrr.exe 1308 bhbbht.exe 3356 vvjjv.exe 2228 rrxllrr.exe 1548 tbtbnn.exe 2400 dpdjj.exe 4884 lfrllll.exe 3648 hhhhtt.exe 1460 pjpdj.exe 900 xxfffxf.exe 4980 tnnhbb.exe 2616 5hhbtn.exe 1388 jjdpd.exe 2376 llxxrrx.exe 4236 hhtnhb.exe -
resource yara_rule behavioral2/memory/1624-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4352-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3428-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3520-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1632-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1632-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4956-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4928-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2792-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4260-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4260-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2340-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1524-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4884-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1248-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2104-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4796-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4764-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4984-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2068-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4232-198-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3608-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4668-185-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3988-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5104-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4188-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4316-205-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1624 wrote to memory of 4352 1624 cc0f370851036ddd6d4eafe7f9a87dc0_NeikiAnalytics.exe 83 PID 1624 wrote to memory of 4352 1624 cc0f370851036ddd6d4eafe7f9a87dc0_NeikiAnalytics.exe 83 PID 1624 wrote to memory of 4352 1624 cc0f370851036ddd6d4eafe7f9a87dc0_NeikiAnalytics.exe 83 PID 4352 wrote to memory of 3428 4352 jvjjj.exe 84 PID 4352 wrote to memory of 3428 4352 jvjjj.exe 84 PID 4352 wrote to memory of 3428 4352 jvjjj.exe 84 PID 3428 wrote to memory of 3520 3428 3flfffx.exe 85 PID 3428 wrote to memory of 3520 3428 3flfffx.exe 85 PID 3428 wrote to memory of 3520 3428 3flfffx.exe 85 PID 3520 wrote to memory of 1632 3520 pvpvv.exe 86 PID 3520 wrote to memory of 1632 3520 pvpvv.exe 86 PID 3520 wrote to memory of 1632 3520 pvpvv.exe 86 PID 1632 wrote to memory of 4956 1632 5bnbtn.exe 87 PID 1632 wrote to memory of 4956 1632 5bnbtn.exe 87 PID 1632 wrote to memory of 4956 1632 5bnbtn.exe 87 PID 4956 wrote to memory of 4928 4956 vjdpj.exe 88 PID 4956 wrote to memory of 4928 4956 vjdpj.exe 88 PID 4956 wrote to memory of 4928 4956 vjdpj.exe 88 PID 4928 wrote to memory of 2792 4928 lffxrxr.exe 89 PID 4928 wrote to memory of 2792 4928 lffxrxr.exe 89 PID 4928 wrote to memory of 2792 4928 lffxrxr.exe 89 PID 2792 wrote to memory of 4260 2792 5rrlfff.exe 90 PID 2792 wrote to memory of 4260 2792 5rrlfff.exe 90 PID 2792 wrote to memory of 4260 2792 5rrlfff.exe 90 PID 4260 wrote to memory of 2340 4260 djpjj.exe 92 PID 4260 wrote to memory of 2340 4260 djpjj.exe 92 PID 4260 wrote to memory of 2340 4260 djpjj.exe 92 PID 2340 wrote to memory of 4004 2340 nbnnnb.exe 93 PID 2340 wrote to memory of 4004 2340 nbnnnb.exe 93 PID 2340 wrote to memory of 4004 2340 nbnnnb.exe 93 PID 4004 wrote to memory of 1524 4004 jdddv.exe 94 PID 4004 wrote to memory of 1524 4004 jdddv.exe 94 PID 4004 wrote to memory of 1524 4004 jdddv.exe 94 PID 1524 wrote to memory of 4884 1524 1frllll.exe 95 PID 1524 wrote to memory of 4884 1524 1frllll.exe 95 PID 1524 wrote to memory of 4884 1524 1frllll.exe 95 PID 4884 wrote to memory of 3216 4884 nhhbbb.exe 96 PID 4884 wrote to memory of 3216 4884 nhhbbb.exe 96 PID 4884 wrote to memory of 3216 4884 nhhbbb.exe 96 PID 3216 wrote to memory of 1248 3216 dddpd.exe 97 PID 3216 wrote to memory of 1248 3216 dddpd.exe 97 PID 3216 wrote to memory of 1248 3216 dddpd.exe 97 PID 1248 wrote to memory of 2104 1248 bnnhtt.exe 98 PID 1248 wrote to memory of 2104 1248 bnnhtt.exe 98 PID 1248 wrote to memory of 2104 1248 bnnhtt.exe 98 PID 2104 wrote to memory of 4796 2104 pvvpj.exe 99 PID 2104 wrote to memory of 4796 2104 pvvpj.exe 99 PID 2104 wrote to memory of 4796 2104 pvvpj.exe 99 PID 4796 wrote to memory of 5044 4796 bbbhbh.exe 100 PID 4796 wrote to memory of 5044 4796 bbbhbh.exe 100 PID 4796 wrote to memory of 5044 4796 bbbhbh.exe 100 PID 5044 wrote to memory of 4764 5044 jddvj.exe 101 PID 5044 wrote to memory of 4764 5044 jddvj.exe 101 PID 5044 wrote to memory of 4764 5044 jddvj.exe 101 PID 4764 wrote to memory of 1928 4764 djjvj.exe 102 PID 4764 wrote to memory of 1928 4764 djjvj.exe 102 PID 4764 wrote to memory of 1928 4764 djjvj.exe 102 PID 1928 wrote to memory of 4188 1928 5nnhbn.exe 103 PID 1928 wrote to memory of 4188 1928 5nnhbn.exe 103 PID 1928 wrote to memory of 4188 1928 5nnhbn.exe 103 PID 4188 wrote to memory of 4984 4188 nnnhbt.exe 104 PID 4188 wrote to memory of 4984 4188 nnnhbt.exe 104 PID 4188 wrote to memory of 4984 4188 nnnhbt.exe 104 PID 4984 wrote to memory of 5104 4984 dvdvd.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc0f370851036ddd6d4eafe7f9a87dc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc0f370851036ddd6d4eafe7f9a87dc0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1624 -
\??\c:\jvjjj.exec:\jvjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4352 -
\??\c:\3flfffx.exec:\3flfffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3428 -
\??\c:\pvpvv.exec:\pvpvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3520 -
\??\c:\5bnbtn.exec:\5bnbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1632 -
\??\c:\vjdpj.exec:\vjdpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4956 -
\??\c:\lffxrxr.exec:\lffxrxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4928 -
\??\c:\5rrlfff.exec:\5rrlfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2792 -
\??\c:\djpjj.exec:\djpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4260 -
\??\c:\nbnnnb.exec:\nbnnnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2340 -
\??\c:\jdddv.exec:\jdddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4004 -
\??\c:\1frllll.exec:\1frllll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1524 -
\??\c:\nhhbbb.exec:\nhhbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4884 -
\??\c:\dddpd.exec:\dddpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3216 -
\??\c:\bnnhtt.exec:\bnnhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1248 -
\??\c:\pvvpj.exec:\pvvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2104 -
\??\c:\bbbhbh.exec:\bbbhbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4796 -
\??\c:\jddvj.exec:\jddvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5044 -
\??\c:\djjvj.exec:\djjvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4764 -
\??\c:\5nnhbn.exec:\5nnhbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1928 -
\??\c:\nnnhbt.exec:\nnnhbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4188 -
\??\c:\dvdvd.exec:\dvdvd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4984 -
\??\c:\lxlffrl.exec:\lxlffrl.exe23⤵
- Executes dropped EXE
PID:5104 -
\??\c:\1nntnh.exec:\1nntnh.exe24⤵
- Executes dropped EXE
PID:2068 -
\??\c:\9ddvp.exec:\9ddvp.exe25⤵
- Executes dropped EXE
PID:4624 -
\??\c:\xffxfxf.exec:\xffxfxf.exe26⤵
- Executes dropped EXE
PID:3988 -
\??\c:\btntbh.exec:\btntbh.exe27⤵
- Executes dropped EXE
PID:3076 -
\??\c:\btnnnt.exec:\btnnnt.exe28⤵
- Executes dropped EXE
PID:232 -
\??\c:\djvvd.exec:\djvvd.exe29⤵
- Executes dropped EXE
PID:4668 -
\??\c:\rrxxrxr.exec:\rrxxrxr.exe30⤵
- Executes dropped EXE
PID:4232 -
\??\c:\tbhhhn.exec:\tbhhhn.exe31⤵
- Executes dropped EXE
PID:3608 -
\??\c:\jjjjv.exec:\jjjjv.exe32⤵
- Executes dropped EXE
PID:4316 -
\??\c:\5jvvp.exec:\5jvvp.exe33⤵
- Executes dropped EXE
PID:4024 -
\??\c:\7hbbtb.exec:\7hbbtb.exe34⤵
- Executes dropped EXE
PID:3744 -
\??\c:\pjpvv.exec:\pjpvv.exe35⤵
- Executes dropped EXE
PID:4464 -
\??\c:\fxrlffx.exec:\fxrlffx.exe36⤵
- Executes dropped EXE
PID:368 -
\??\c:\hhhthn.exec:\hhhthn.exe37⤵
- Executes dropped EXE
PID:2332 -
\??\c:\pddjv.exec:\pddjv.exe38⤵
- Executes dropped EXE
PID:2404 -
\??\c:\1xxrllx.exec:\1xxrllx.exe39⤵
- Executes dropped EXE
PID:4680 -
\??\c:\nnbhth.exec:\nnbhth.exe40⤵
- Executes dropped EXE
PID:3392 -
\??\c:\dpdjj.exec:\dpdjj.exe41⤵
- Executes dropped EXE
PID:4964 -
\??\c:\pjjdv.exec:\pjjdv.exe42⤵
- Executes dropped EXE
PID:380 -
\??\c:\ntbhhb.exec:\ntbhhb.exe43⤵
- Executes dropped EXE
PID:2624 -
\??\c:\vddvj.exec:\vddvj.exe44⤵
- Executes dropped EXE
PID:4784 -
\??\c:\fxrlflf.exec:\fxrlflf.exe45⤵
- Executes dropped EXE
PID:4736 -
\??\c:\btbnnb.exec:\btbnnb.exe46⤵
- Executes dropped EXE
PID:4948 -
\??\c:\pddvp.exec:\pddvp.exe47⤵
- Executes dropped EXE
PID:3964 -
\??\c:\3lxrrrx.exec:\3lxrrrx.exe48⤵
- Executes dropped EXE
PID:3040 -
\??\c:\bnttnn.exec:\bnttnn.exe49⤵
- Executes dropped EXE
PID:840 -
\??\c:\ppjdj.exec:\ppjdj.exe50⤵
- Executes dropped EXE
PID:1036 -
\??\c:\5xxrlrr.exec:\5xxrlrr.exe51⤵
- Executes dropped EXE
PID:4684 -
\??\c:\bhbbht.exec:\bhbbht.exe52⤵
- Executes dropped EXE
PID:1308 -
\??\c:\vvjjv.exec:\vvjjv.exe53⤵
- Executes dropped EXE
PID:3356 -
\??\c:\rrxllrr.exec:\rrxllrr.exe54⤵
- Executes dropped EXE
PID:2228 -
\??\c:\tbtbnn.exec:\tbtbnn.exe55⤵
- Executes dropped EXE
PID:1548 -
\??\c:\dpdjj.exec:\dpdjj.exe56⤵
- Executes dropped EXE
PID:2400 -
\??\c:\lfrllll.exec:\lfrllll.exe57⤵
- Executes dropped EXE
PID:4884 -
\??\c:\hhhhtt.exec:\hhhhtt.exe58⤵
- Executes dropped EXE
PID:3648 -
\??\c:\pjpdj.exec:\pjpdj.exe59⤵
- Executes dropped EXE
PID:1460 -
\??\c:\xxfffxf.exec:\xxfffxf.exe60⤵
- Executes dropped EXE
PID:900 -
\??\c:\tnnhbb.exec:\tnnhbb.exe61⤵
- Executes dropped EXE
PID:4980 -
\??\c:\5hhbtn.exec:\5hhbtn.exe62⤵
- Executes dropped EXE
PID:2616 -
\??\c:\jjdpd.exec:\jjdpd.exe63⤵
- Executes dropped EXE
PID:1388 -
\??\c:\llxxrrx.exec:\llxxrrx.exe64⤵
- Executes dropped EXE
PID:2376 -
\??\c:\hhtnhb.exec:\hhtnhb.exe65⤵
- Executes dropped EXE
PID:4236 -
\??\c:\llfllfx.exec:\llfllfx.exe66⤵PID:4804
-
\??\c:\1ttnhh.exec:\1ttnhh.exe67⤵PID:1668
-
\??\c:\jvppd.exec:\jvppd.exe68⤵PID:4984
-
\??\c:\rflfxxr.exec:\rflfxxr.exe69⤵PID:2380
-
\??\c:\bbtbtb.exec:\bbtbtb.exe70⤵PID:3956
-
\??\c:\tnnhhn.exec:\tnnhhn.exe71⤵PID:1572
-
\??\c:\vpdjj.exec:\vpdjj.exe72⤵PID:1576
-
\??\c:\frlffff.exec:\frlffff.exe73⤵PID:1348
-
\??\c:\3bnbtb.exec:\3bnbtb.exe74⤵PID:3076
-
\??\c:\ppdjj.exec:\ppdjj.exe75⤵PID:1568
-
\??\c:\3rrrxff.exec:\3rrrxff.exe76⤵PID:4600
-
\??\c:\1htttt.exec:\1htttt.exe77⤵PID:932
-
\??\c:\xrfrxll.exec:\xrfrxll.exe78⤵PID:3164
-
\??\c:\htnnhh.exec:\htnnhh.exe79⤵PID:3440
-
\??\c:\3jjvv.exec:\3jjvv.exe80⤵PID:5016
-
\??\c:\ffffxxx.exec:\ffffxxx.exe81⤵PID:348
-
\??\c:\lllffrx.exec:\lllffrx.exe82⤵PID:3084
-
\??\c:\hbnhnt.exec:\hbnhnt.exe83⤵PID:4592
-
\??\c:\ddjdv.exec:\ddjdv.exe84⤵PID:2256
-
\??\c:\xrfffff.exec:\xrfffff.exe85⤵PID:384
-
\??\c:\ttbtbb.exec:\ttbtbb.exe86⤵PID:4420
-
\??\c:\vvddd.exec:\vvddd.exe87⤵PID:3004
-
\??\c:\xxfflrx.exec:\xxfflrx.exe88⤵PID:2944
-
\??\c:\5nhnnt.exec:\5nhnnt.exe89⤵PID:4964
-
\??\c:\ppvpv.exec:\ppvpv.exe90⤵PID:3520
-
\??\c:\xxflffl.exec:\xxflffl.exe91⤵PID:1172
-
\??\c:\xxrflrf.exec:\xxrflrf.exe92⤵PID:4956
-
\??\c:\bbbbhh.exec:\bbbbhh.exe93⤵PID:1632
-
\??\c:\dpjjj.exec:\dpjjj.exe94⤵PID:4524
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe95⤵PID:4544
-
\??\c:\thtttb.exec:\thtttb.exe96⤵PID:2236
-
\??\c:\hhhhhh.exec:\hhhhhh.exe97⤵PID:2552
-
\??\c:\dvdvv.exec:\dvdvv.exe98⤵PID:1060
-
\??\c:\rlfrrfx.exec:\rlfrrfx.exe99⤵PID:3996
-
\??\c:\5nttnt.exec:\5nttnt.exe100⤵PID:3376
-
\??\c:\ttbbtt.exec:\ttbbtt.exe101⤵PID:1524
-
\??\c:\pjjjd.exec:\pjjjd.exe102⤵PID:1548
-
\??\c:\xlxfxrx.exec:\xlxfxrx.exe103⤵PID:2744
-
\??\c:\1bbbhn.exec:\1bbbhn.exe104⤵PID:1448
-
\??\c:\bttttt.exec:\bttttt.exe105⤵PID:3228
-
\??\c:\dddvv.exec:\dddvv.exe106⤵PID:3696
-
\??\c:\llxrxxx.exec:\llxrxxx.exe107⤵PID:4900
-
\??\c:\tthhhn.exec:\tthhhn.exe108⤵PID:1976
-
\??\c:\tntnhh.exec:\tntnhh.exe109⤵PID:4416
-
\??\c:\ffllflf.exec:\ffllflf.exe110⤵PID:1200
-
\??\c:\5lrrrxx.exec:\5lrrrxx.exe111⤵PID:2676
-
\??\c:\tbtbnn.exec:\tbtbnn.exe112⤵PID:4624
-
\??\c:\ddjdd.exec:\ddjdd.exe113⤵PID:3988
-
\??\c:\3xffrlf.exec:\3xffrlf.exe114⤵PID:548
-
\??\c:\rxrfflx.exec:\rxrfflx.exe115⤵PID:1348
-
\??\c:\bnhhhh.exec:\bnhhhh.exe116⤵PID:5108
-
\??\c:\pjvdd.exec:\pjvdd.exe117⤵PID:3048
-
\??\c:\flxxxxx.exec:\flxxxxx.exe118⤵PID:2156
-
\??\c:\5xlflxx.exec:\5xlflxx.exe119⤵PID:932
-
\??\c:\tthbbh.exec:\tthbbh.exe120⤵PID:3512
-
\??\c:\vjpvp.exec:\vjpvp.exe121⤵PID:3440
-
\??\c:\llxxllx.exec:\llxxllx.exe122⤵PID:5016
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-