Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ce01be62f58718eabfede085397a70a0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
ce01be62f58718eabfede085397a70a0_NeikiAnalytics.exe
-
Size
445KB
-
MD5
ce01be62f58718eabfede085397a70a0
-
SHA1
31e71352ba06573728dedbf6bca5b79d8781e21e
-
SHA256
6819f9595f091398a7b16062b59d207f6f86e6278eec18cfb8f9c8bced0ad918
-
SHA512
6f0e56a0a6e8fdb7a3be52ec92f963ddb5ac2fad3b2ed7ef44fcd9dcced804b86db84ba7237381fffe8ec1653b2a9e9ba4d98776a6752e4f124211fdb3a487bf
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0p5WI09JN:n3C9ytvn8whkb4i3e3GFO6JN
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/2368-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3724-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1960-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2580-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4852-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1324-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3160-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3300-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4516-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4416-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4552-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2708-202-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1888-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1680-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1096-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3964-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1276-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/884-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/544-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2064-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3600-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1260-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2312-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4856-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4856-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/760-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1960 rrxxrxx.exe 3724 tnhhht.exe 760 ppdvv.exe 2580 xfffxff.exe 4852 hnhbbh.exe 1324 jvjdv.exe 4856 xrlrlrr.exe 2312 1htnnn.exe 2736 pddvd.exe 1260 1rrllff.exe 3160 xxfxrlf.exe 3600 bbtnbb.exe 2064 7flfllr.exe 3300 hhnhhb.exe 4372 5dvvj.exe 4516 rfxrlff.exe 544 9tbnhh.exe 884 tntnnn.exe 1276 llfxrrf.exe 3964 7tbbbb.exe 4660 ddddv.exe 4416 ddppp.exe 1096 bttnhb.exe 1204 hhnhbh.exe 1876 jpvpj.exe 1680 rrxxrxx.exe 2428 hhnnnh.exe 1888 jjjjd.exe 436 ddjpj.exe 2708 1frlfxx.exe 4552 1nttnn.exe 4480 3pvpv.exe 428 fxlllll.exe 1836 7xxxrrx.exe 3972 nbbbtn.exe 1004 vppjj.exe 2580 rlxrllf.exe 744 1nnhhb.exe 2984 pjjpj.exe 3128 rxfxfll.exe 4500 xflfxxx.exe 2736 tbhhbh.exe 216 ppvpd.exe 4404 3fxfrfx.exe 4420 xxrxfxl.exe 1456 tnhbbb.exe 3500 tnbbtn.exe 4624 jpddv.exe 3980 flrlxxr.exe 2808 ttbntb.exe 2376 btbttb.exe 4752 djdvp.exe 4108 ffxrrrr.exe 720 flrrrrl.exe 2920 nnntth.exe 1444 jvdvv.exe 1984 pjjdv.exe 1880 xlrrrrr.exe 536 tbhbbt.exe 4416 nhntnn.exe 3260 jjjjd.exe 1204 xffrlxx.exe 32 lllffxr.exe 548 htttnn.exe -
resource yara_rule behavioral2/memory/2368-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3724-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1960-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2580-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4852-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1324-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3160-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3300-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4516-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4416-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4552-206-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2708-202-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1888-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1680-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1096-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3964-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1276-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/884-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/544-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2064-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3600-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1260-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2312-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4856-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4856-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4856-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4856-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/760-24-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2368 wrote to memory of 1960 2368 ce01be62f58718eabfede085397a70a0_NeikiAnalytics.exe 82 PID 2368 wrote to memory of 1960 2368 ce01be62f58718eabfede085397a70a0_NeikiAnalytics.exe 82 PID 2368 wrote to memory of 1960 2368 ce01be62f58718eabfede085397a70a0_NeikiAnalytics.exe 82 PID 1960 wrote to memory of 3724 1960 rrxxrxx.exe 83 PID 1960 wrote to memory of 3724 1960 rrxxrxx.exe 83 PID 1960 wrote to memory of 3724 1960 rrxxrxx.exe 83 PID 3724 wrote to memory of 760 3724 tnhhht.exe 84 PID 3724 wrote to memory of 760 3724 tnhhht.exe 84 PID 3724 wrote to memory of 760 3724 tnhhht.exe 84 PID 760 wrote to memory of 2580 760 ppdvv.exe 121 PID 760 wrote to memory of 2580 760 ppdvv.exe 121 PID 760 wrote to memory of 2580 760 ppdvv.exe 121 PID 2580 wrote to memory of 4852 2580 xfffxff.exe 86 PID 2580 wrote to memory of 4852 2580 xfffxff.exe 86 PID 2580 wrote to memory of 4852 2580 xfffxff.exe 86 PID 4852 wrote to memory of 1324 4852 hnhbbh.exe 600 PID 4852 wrote to memory of 1324 4852 hnhbbh.exe 600 PID 4852 wrote to memory of 1324 4852 hnhbbh.exe 600 PID 1324 wrote to memory of 4856 1324 jvjdv.exe 202 PID 1324 wrote to memory of 4856 1324 jvjdv.exe 202 PID 1324 wrote to memory of 4856 1324 jvjdv.exe 202 PID 4856 wrote to memory of 2312 4856 xrlrlrr.exe 90 PID 4856 wrote to memory of 2312 4856 xrlrlrr.exe 90 PID 4856 wrote to memory of 2312 4856 xrlrlrr.exe 90 PID 2312 wrote to memory of 2736 2312 1htnnn.exe 91 PID 2312 wrote to memory of 2736 2312 1htnnn.exe 91 PID 2312 wrote to memory of 2736 2312 1htnnn.exe 91 PID 2736 wrote to memory of 1260 2736 pddvd.exe 92 PID 2736 wrote to memory of 1260 2736 pddvd.exe 92 PID 2736 wrote to memory of 1260 2736 pddvd.exe 92 PID 1260 wrote to memory of 3160 1260 1rrllff.exe 578 PID 1260 wrote to memory of 3160 1260 1rrllff.exe 578 PID 1260 wrote to memory of 3160 1260 1rrllff.exe 578 PID 3160 wrote to memory of 3600 3160 xxfxrlf.exe 644 PID 3160 wrote to memory of 3600 3160 xxfxrlf.exe 644 PID 3160 wrote to memory of 3600 3160 xxfxrlf.exe 644 PID 3600 wrote to memory of 2064 3600 bbtnbb.exe 95 PID 3600 wrote to memory of 2064 3600 bbtnbb.exe 95 PID 3600 wrote to memory of 2064 3600 bbtnbb.exe 95 PID 2064 wrote to memory of 3300 2064 7flfllr.exe 97 PID 2064 wrote to memory of 3300 2064 7flfllr.exe 97 PID 2064 wrote to memory of 3300 2064 7flfllr.exe 97 PID 3300 wrote to memory of 4372 3300 hhnhhb.exe 611 PID 3300 wrote to memory of 4372 3300 hhnhhb.exe 611 PID 3300 wrote to memory of 4372 3300 hhnhhb.exe 611 PID 4372 wrote to memory of 4516 4372 5dvvj.exe 99 PID 4372 wrote to memory of 4516 4372 5dvvj.exe 99 PID 4372 wrote to memory of 4516 4372 5dvvj.exe 99 PID 4516 wrote to memory of 544 4516 rfxrlff.exe 101 PID 4516 wrote to memory of 544 4516 rfxrlff.exe 101 PID 4516 wrote to memory of 544 4516 rfxrlff.exe 101 PID 544 wrote to memory of 884 544 9tbnhh.exe 102 PID 544 wrote to memory of 884 544 9tbnhh.exe 102 PID 544 wrote to memory of 884 544 9tbnhh.exe 102 PID 884 wrote to memory of 1276 884 tntnnn.exe 103 PID 884 wrote to memory of 1276 884 tntnnn.exe 103 PID 884 wrote to memory of 1276 884 tntnnn.exe 103 PID 1276 wrote to memory of 3964 1276 llfxrrf.exe 104 PID 1276 wrote to memory of 3964 1276 llfxrrf.exe 104 PID 1276 wrote to memory of 3964 1276 llfxrrf.exe 104 PID 3964 wrote to memory of 4660 3964 7tbbbb.exe 647 PID 3964 wrote to memory of 4660 3964 7tbbbb.exe 647 PID 3964 wrote to memory of 4660 3964 7tbbbb.exe 647 PID 4660 wrote to memory of 4416 4660 ddddv.exe 144
Processes
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵PID:4580
-
C:\Users\Admin\AppData\Local\Temp\ce01be62f58718eabfede085397a70a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ce01be62f58718eabfede085397a70a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2368 -
\??\c:\rrxxrxx.exec:\rrxxrxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1960 -
\??\c:\tnhhht.exec:\tnhhht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3724 -
\??\c:\ppdvv.exec:\ppdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:760 -
\??\c:\xfffxff.exec:\xfffxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2580 -
\??\c:\hnhbbh.exec:\hnhbbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4852 -
\??\c:\jvjdv.exec:\jvjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1324 -
\??\c:\xrlrlrr.exec:\xrlrlrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4856 -
\??\c:\1htnnn.exec:\1htnnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312 -
\??\c:\pddvd.exec:\pddvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\1rrllff.exec:\1rrllff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1260 -
\??\c:\xxfxrlf.exec:\xxfxrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3160 -
\??\c:\bbtnbb.exec:\bbtnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3600 -
\??\c:\7flfllr.exec:\7flfllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2064 -
\??\c:\hhnhhb.exec:\hhnhhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3300 -
\??\c:\5dvvj.exec:\5dvvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4372 -
\??\c:\rfxrlff.exec:\rfxrlff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4516 -
\??\c:\9tbnhh.exec:\9tbnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:544 -
\??\c:\tntnnn.exec:\tntnnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:884 -
\??\c:\llfxrrf.exec:\llfxrrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1276 -
\??\c:\7tbbbb.exec:\7tbbbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3964 -
\??\c:\ddddv.exec:\ddddv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4660 -
\??\c:\ddppp.exec:\ddppp.exe23⤵
- Executes dropped EXE
PID:4416 -
\??\c:\bttnhb.exec:\bttnhb.exe24⤵
- Executes dropped EXE
PID:1096 -
\??\c:\hhnhbh.exec:\hhnhbh.exe25⤵
- Executes dropped EXE
PID:1204 -
\??\c:\jpvpj.exec:\jpvpj.exe26⤵
- Executes dropped EXE
PID:1876 -
\??\c:\rrxxrxx.exec:\rrxxrxx.exe27⤵
- Executes dropped EXE
PID:1680 -
\??\c:\hhnnnh.exec:\hhnnnh.exe28⤵
- Executes dropped EXE
PID:2428 -
\??\c:\jjjjd.exec:\jjjjd.exe29⤵
- Executes dropped EXE
PID:1888 -
\??\c:\ddjpj.exec:\ddjpj.exe30⤵
- Executes dropped EXE
PID:436 -
\??\c:\1frlfxx.exec:\1frlfxx.exe31⤵
- Executes dropped EXE
PID:2708 -
\??\c:\1nttnn.exec:\1nttnn.exe32⤵
- Executes dropped EXE
PID:4552 -
\??\c:\3pvpv.exec:\3pvpv.exe33⤵
- Executes dropped EXE
PID:4480 -
\??\c:\fxlllll.exec:\fxlllll.exe34⤵
- Executes dropped EXE
PID:428 -
\??\c:\7xxxrrx.exec:\7xxxrrx.exe35⤵
- Executes dropped EXE
PID:1836 -
\??\c:\nbbbtn.exec:\nbbbtn.exe36⤵
- Executes dropped EXE
PID:3972 -
\??\c:\vppjj.exec:\vppjj.exe37⤵
- Executes dropped EXE
PID:1004 -
\??\c:\rlxrllf.exec:\rlxrllf.exe38⤵
- Executes dropped EXE
PID:2580 -
\??\c:\1nnhhb.exec:\1nnhhb.exe39⤵
- Executes dropped EXE
PID:744 -
\??\c:\pjjpj.exec:\pjjpj.exe40⤵
- Executes dropped EXE
PID:2984 -
\??\c:\rxfxfll.exec:\rxfxfll.exe41⤵
- Executes dropped EXE
PID:3128 -
\??\c:\xflfxxx.exec:\xflfxxx.exe42⤵
- Executes dropped EXE
PID:4500 -
\??\c:\tbhhbh.exec:\tbhhbh.exe43⤵
- Executes dropped EXE
PID:2736 -
\??\c:\ppvpd.exec:\ppvpd.exe44⤵
- Executes dropped EXE
PID:216 -
\??\c:\3fxfrfx.exec:\3fxfrfx.exe45⤵
- Executes dropped EXE
PID:4404 -
\??\c:\xxrxfxl.exec:\xxrxfxl.exe46⤵
- Executes dropped EXE
PID:4420 -
\??\c:\tnhbbb.exec:\tnhbbb.exe47⤵
- Executes dropped EXE
PID:1456 -
\??\c:\tnbbtn.exec:\tnbbtn.exe48⤵
- Executes dropped EXE
PID:3500 -
\??\c:\jpddv.exec:\jpddv.exe49⤵
- Executes dropped EXE
PID:4624 -
\??\c:\flrlxxr.exec:\flrlxxr.exe50⤵
- Executes dropped EXE
PID:3980 -
\??\c:\ttbntb.exec:\ttbntb.exe51⤵
- Executes dropped EXE
PID:2808 -
\??\c:\btbttb.exec:\btbttb.exe52⤵
- Executes dropped EXE
PID:2376 -
\??\c:\djdvp.exec:\djdvp.exe53⤵
- Executes dropped EXE
PID:4752 -
\??\c:\ffxrrrr.exec:\ffxrrrr.exe54⤵
- Executes dropped EXE
PID:4108 -
\??\c:\flrrrrl.exec:\flrrrrl.exe55⤵
- Executes dropped EXE
PID:720 -
\??\c:\nnntth.exec:\nnntth.exe56⤵
- Executes dropped EXE
PID:2920 -
\??\c:\jvdvv.exec:\jvdvv.exe57⤵
- Executes dropped EXE
PID:1444 -
\??\c:\pjjdv.exec:\pjjdv.exe58⤵
- Executes dropped EXE
PID:1984 -
\??\c:\xlrrrrr.exec:\xlrrrrr.exe59⤵
- Executes dropped EXE
PID:1880 -
\??\c:\tbhbbt.exec:\tbhbbt.exe60⤵
- Executes dropped EXE
PID:536 -
\??\c:\nhntnn.exec:\nhntnn.exe61⤵
- Executes dropped EXE
PID:4416 -
\??\c:\jjjjd.exec:\jjjjd.exe62⤵
- Executes dropped EXE
PID:3260 -
\??\c:\xffrlxx.exec:\xffrlxx.exe63⤵
- Executes dropped EXE
PID:1204 -
\??\c:\lllffxr.exec:\lllffxr.exe64⤵
- Executes dropped EXE
PID:32 -
\??\c:\htttnn.exec:\htttnn.exe65⤵
- Executes dropped EXE
PID:548 -
\??\c:\djdvp.exec:\djdvp.exe66⤵PID:4400
-
\??\c:\pvjdd.exec:\pvjdd.exe67⤵PID:4388
-
\??\c:\frrlllx.exec:\frrlllx.exe68⤵PID:2592
-
\??\c:\lxxxrxr.exec:\lxxxrxr.exe69⤵PID:3896
-
\??\c:\7tnnnn.exec:\7tnnnn.exe70⤵PID:2708
-
\??\c:\jjppd.exec:\jjppd.exe71⤵PID:2368
-
\??\c:\flrlfff.exec:\flrlfff.exe72⤵PID:1860
-
\??\c:\rrrrlxr.exec:\rrrrlxr.exe73⤵PID:4564
-
\??\c:\httnhb.exec:\httnhb.exe74⤵PID:3536
-
\??\c:\htttnt.exec:\htttnt.exe75⤵PID:4284
-
\??\c:\pjjjd.exec:\pjjjd.exe76⤵PID:4256
-
\??\c:\xrrlfxl.exec:\xrrlfxl.exe77⤵PID:4644
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe78⤵PID:3424
-
\??\c:\hbtnth.exec:\hbtnth.exe79⤵PID:2464
-
\??\c:\1tbnnn.exec:\1tbnnn.exe80⤵PID:3644
-
\??\c:\djppd.exec:\djppd.exe81⤵PID:3508
-
\??\c:\xfrxrrx.exec:\xfrxrrx.exe82⤵PID:4132
-
\??\c:\rlxxflr.exec:\rlxxflr.exe83⤵PID:4144
-
\??\c:\1bbttb.exec:\1bbttb.exe84⤵PID:2736
-
\??\c:\tnbtnh.exec:\tnbtnh.exe85⤵PID:216
-
\??\c:\vjpjd.exec:\vjpjd.exe86⤵PID:4412
-
\??\c:\5frlllf.exec:\5frlllf.exe87⤵PID:2868
-
\??\c:\rrrxrll.exec:\rrrxrll.exe88⤵PID:4588
-
\??\c:\htbhnb.exec:\htbhnb.exe89⤵PID:2064
-
\??\c:\jdppp.exec:\jdppp.exe90⤵PID:736
-
\??\c:\pjjjd.exec:\pjjjd.exe91⤵PID:4876
-
\??\c:\xxllfff.exec:\xxllfff.exe92⤵PID:5008
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe93⤵PID:844
-
\??\c:\9hhhbb.exec:\9hhhbb.exe94⤵PID:2576
-
\??\c:\ntnnhh.exec:\ntnnhh.exe95⤵PID:4664
-
\??\c:\vdjjd.exec:\vdjjd.exe96⤵PID:3936
-
\??\c:\rlllfff.exec:\rlllfff.exe97⤵PID:4956
-
\??\c:\fxlffxx.exec:\fxlffxx.exe98⤵PID:3252
-
\??\c:\nbtnnh.exec:\nbtnnh.exe99⤵PID:5004
-
\??\c:\vjdvp.exec:\vjdvp.exe100⤵PID:4804
-
\??\c:\vpdvd.exec:\vpdvd.exe101⤵PID:4872
-
\??\c:\xxrlxfl.exec:\xxrlxfl.exe102⤵PID:4536
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe103⤵PID:3260
-
\??\c:\ntbtnh.exec:\ntbtnh.exe104⤵PID:3084
-
\??\c:\1djdj.exec:\1djdj.exe105⤵PID:548
-
\??\c:\9vjjj.exec:\9vjjj.exe106⤵PID:1888
-
\??\c:\lxxxxxl.exec:\lxxxxxl.exe107⤵PID:2592
-
\??\c:\1rlfffl.exec:\1rlfffl.exe108⤵PID:2080
-
\??\c:\3tbbbb.exec:\3tbbbb.exe109⤵PID:2036
-
\??\c:\vdjjd.exec:\vdjjd.exe110⤵PID:2368
-
\??\c:\5vdvp.exec:\5vdvp.exe111⤵PID:1860
-
\??\c:\xxllrrx.exec:\xxllrrx.exe112⤵PID:3132
-
\??\c:\rrflflx.exec:\rrflflx.exe113⤵PID:2728
-
\??\c:\7bhbbb.exec:\7bhbbb.exe114⤵PID:4152
-
\??\c:\nhhbtt.exec:\nhhbtt.exe115⤵PID:1872
-
\??\c:\7jjjj.exec:\7jjjj.exe116⤵PID:3808
-
\??\c:\9llxrrl.exec:\9llxrrl.exe117⤵PID:4856
-
\??\c:\xflfxrl.exec:\xflfxrl.exe118⤵PID:2984
-
\??\c:\hnttnn.exec:\hnttnn.exe119⤵PID:3128
-
\??\c:\3ntnnh.exec:\3ntnnh.exe120⤵PID:224
-
\??\c:\1llrllf.exec:\1llrllf.exe121⤵PID:4132
-
\??\c:\hbnhbt.exec:\hbnhbt.exe122⤵PID:3088
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-