Analysis
-
max time kernel
150s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe
-
Size
50KB
-
MD5
cf657dccfa4fe75a606640e5dfb9f990
-
SHA1
56eb715553c3656eca75e42b4c7947f966b4d174
-
SHA256
b657a6cebcece1d6af39e0264a2e0a8ebb5e00b7429620263ac85c9aa8d8a15f
-
SHA512
9fd299dfb7eedf4fb1aed6180df2623cb66ab811ea67263d91d57f307ef1f637aceea83a755f3cd736fdf9ef329f24a6d4d3c477a199aeeab92741c6c7ff6a8b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoYqi:ymb3NkkiQ3mdBjFoxi
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/4840-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4200-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3888-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4676-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3888-27-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/760-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4196-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4196-43-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3988-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3988-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2724-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2192-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/860-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2744-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3396-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3384-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2968-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1696-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4592-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2336-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4020-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5060-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3660-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2524-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3980-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3696-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4200 vpjjd.exe 760 rrfxllf.exe 3888 thnhbn.exe 4676 ttbbbb.exe 4196 pjddv.exe 1824 vdjdv.exe 3988 rflfllf.exe 2724 fxxxxxr.exe 2192 htbbtt.exe 860 bthbtt.exe 2744 pjjdp.exe 3396 xxxrllr.exe 3384 7xfxrxr.exe 2968 tnttnn.exe 1696 dpjdv.exe 4592 jvjdj.exe 2336 frfxrlr.exe 4612 3flffff.exe 4020 nhbnnn.exe 4500 jdddp.exe 5060 pdjjv.exe 3660 fxrlfxl.exe 2280 flrlffr.exe 4352 nthbbb.exe 2524 pjdvv.exe 3980 vvvjj.exe 732 lrrfxxx.exe 3696 hbbtbb.exe 2272 nbbtnt.exe 4512 pjddv.exe 3956 pvpjp.exe 2176 9lxxllr.exe 1324 rrrxxxr.exe 4572 hhbbhh.exe 4004 hnnhbn.exe 3436 jjddd.exe 1460 jpdvp.exe 4052 xrlrflf.exe 4364 fxxrlrx.exe 1464 bthnhh.exe 5048 htttnh.exe 2404 ddddv.exe 1016 pdvjp.exe 2852 rxxffff.exe 1148 nnbbbb.exe 1104 nbhhbh.exe 3796 dvvpj.exe 3976 dpjdj.exe 1136 vddvj.exe 2716 rrxlfrl.exe 4640 tthbbb.exe 5080 bthnhh.exe 1356 btbhbb.exe 5036 jvddd.exe 3384 ddvdv.exe 2968 jpvvv.exe 3704 frrxlxf.exe 3480 rfllllf.exe 3496 hthnhh.exe 4244 ppvpp.exe 1880 vvjdd.exe 540 rxxfxxr.exe 2304 ddvpp.exe 2052 3lrlxxf.exe -
resource yara_rule behavioral2/memory/4840-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4200-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3888-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4676-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/760-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4196-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3988-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3988-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2724-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2192-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3988-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/860-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2744-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3396-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3384-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2968-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1696-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4592-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2336-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4020-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5060-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3660-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2524-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3980-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3696-186-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4840 wrote to memory of 4200 4840 cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe 82 PID 4840 wrote to memory of 4200 4840 cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe 82 PID 4840 wrote to memory of 4200 4840 cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe 82 PID 4200 wrote to memory of 760 4200 vpjjd.exe 83 PID 4200 wrote to memory of 760 4200 vpjjd.exe 83 PID 4200 wrote to memory of 760 4200 vpjjd.exe 83 PID 760 wrote to memory of 3888 760 rrfxllf.exe 84 PID 760 wrote to memory of 3888 760 rrfxllf.exe 84 PID 760 wrote to memory of 3888 760 rrfxllf.exe 84 PID 3888 wrote to memory of 4676 3888 thnhbn.exe 85 PID 3888 wrote to memory of 4676 3888 thnhbn.exe 85 PID 3888 wrote to memory of 4676 3888 thnhbn.exe 85 PID 4676 wrote to memory of 4196 4676 ttbbbb.exe 86 PID 4676 wrote to memory of 4196 4676 ttbbbb.exe 86 PID 4676 wrote to memory of 4196 4676 ttbbbb.exe 86 PID 4196 wrote to memory of 1824 4196 pjddv.exe 87 PID 4196 wrote to memory of 1824 4196 pjddv.exe 87 PID 4196 wrote to memory of 1824 4196 pjddv.exe 87 PID 1824 wrote to memory of 3988 1824 vdjdv.exe 88 PID 1824 wrote to memory of 3988 1824 vdjdv.exe 88 PID 1824 wrote to memory of 3988 1824 vdjdv.exe 88 PID 3988 wrote to memory of 2724 3988 rflfllf.exe 89 PID 3988 wrote to memory of 2724 3988 rflfllf.exe 89 PID 3988 wrote to memory of 2724 3988 rflfllf.exe 89 PID 2724 wrote to memory of 2192 2724 fxxxxxr.exe 90 PID 2724 wrote to memory of 2192 2724 fxxxxxr.exe 90 PID 2724 wrote to memory of 2192 2724 fxxxxxr.exe 90 PID 2192 wrote to memory of 860 2192 htbbtt.exe 91 PID 2192 wrote to memory of 860 2192 htbbtt.exe 91 PID 2192 wrote to memory of 860 2192 htbbtt.exe 91 PID 860 wrote to memory of 2744 860 bthbtt.exe 92 PID 860 wrote to memory of 2744 860 bthbtt.exe 92 PID 860 wrote to memory of 2744 860 bthbtt.exe 92 PID 2744 wrote to memory of 3396 2744 pjjdp.exe 93 PID 2744 wrote to memory of 3396 2744 pjjdp.exe 93 PID 2744 wrote to memory of 3396 2744 pjjdp.exe 93 PID 3396 wrote to memory of 3384 3396 xxxrllr.exe 94 PID 3396 wrote to memory of 3384 3396 xxxrllr.exe 94 PID 3396 wrote to memory of 3384 3396 xxxrllr.exe 94 PID 3384 wrote to memory of 2968 3384 7xfxrxr.exe 95 PID 3384 wrote to memory of 2968 3384 7xfxrxr.exe 95 PID 3384 wrote to memory of 2968 3384 7xfxrxr.exe 95 PID 2968 wrote to memory of 1696 2968 tnttnn.exe 96 PID 2968 wrote to memory of 1696 2968 tnttnn.exe 96 PID 2968 wrote to memory of 1696 2968 tnttnn.exe 96 PID 1696 wrote to memory of 4592 1696 dpjdv.exe 97 PID 1696 wrote to memory of 4592 1696 dpjdv.exe 97 PID 1696 wrote to memory of 4592 1696 dpjdv.exe 97 PID 4592 wrote to memory of 2336 4592 jvjdj.exe 98 PID 4592 wrote to memory of 2336 4592 jvjdj.exe 98 PID 4592 wrote to memory of 2336 4592 jvjdj.exe 98 PID 2336 wrote to memory of 4612 2336 frfxrlr.exe 99 PID 2336 wrote to memory of 4612 2336 frfxrlr.exe 99 PID 2336 wrote to memory of 4612 2336 frfxrlr.exe 99 PID 4612 wrote to memory of 4020 4612 3flffff.exe 100 PID 4612 wrote to memory of 4020 4612 3flffff.exe 100 PID 4612 wrote to memory of 4020 4612 3flffff.exe 100 PID 4020 wrote to memory of 4500 4020 nhbnnn.exe 101 PID 4020 wrote to memory of 4500 4020 nhbnnn.exe 101 PID 4020 wrote to memory of 4500 4020 nhbnnn.exe 101 PID 4500 wrote to memory of 5060 4500 jdddp.exe 102 PID 4500 wrote to memory of 5060 4500 jdddp.exe 102 PID 4500 wrote to memory of 5060 4500 jdddp.exe 102 PID 5060 wrote to memory of 3660 5060 pdjjv.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cf657dccfa4fe75a606640e5dfb9f990_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4840 -
\??\c:\vpjjd.exec:\vpjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4200 -
\??\c:\rrfxllf.exec:\rrfxllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:760 -
\??\c:\thnhbn.exec:\thnhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3888 -
\??\c:\ttbbbb.exec:\ttbbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4676 -
\??\c:\pjddv.exec:\pjddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4196 -
\??\c:\vdjdv.exec:\vdjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1824 -
\??\c:\rflfllf.exec:\rflfllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3988 -
\??\c:\fxxxxxr.exec:\fxxxxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\htbbtt.exec:\htbbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2192 -
\??\c:\bthbtt.exec:\bthbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:860 -
\??\c:\pjjdp.exec:\pjjdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\xxxrllr.exec:\xxxrllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3396 -
\??\c:\7xfxrxr.exec:\7xfxrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3384 -
\??\c:\tnttnn.exec:\tnttnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\dpjdv.exec:\dpjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1696 -
\??\c:\jvjdj.exec:\jvjdj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4592 -
\??\c:\frfxrlr.exec:\frfxrlr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2336 -
\??\c:\3flffff.exec:\3flffff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4612 -
\??\c:\nhbnnn.exec:\nhbnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4020 -
\??\c:\jdddp.exec:\jdddp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4500 -
\??\c:\pdjjv.exec:\pdjjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5060 -
\??\c:\fxrlfxl.exec:\fxrlfxl.exe23⤵
- Executes dropped EXE
PID:3660 -
\??\c:\flrlffr.exec:\flrlffr.exe24⤵
- Executes dropped EXE
PID:2280 -
\??\c:\nthbbb.exec:\nthbbb.exe25⤵
- Executes dropped EXE
PID:4352 -
\??\c:\pjdvv.exec:\pjdvv.exe26⤵
- Executes dropped EXE
PID:2524 -
\??\c:\vvvjj.exec:\vvvjj.exe27⤵
- Executes dropped EXE
PID:3980 -
\??\c:\lrrfxxx.exec:\lrrfxxx.exe28⤵
- Executes dropped EXE
PID:732 -
\??\c:\hbbtbb.exec:\hbbtbb.exe29⤵
- Executes dropped EXE
PID:3696 -
\??\c:\nbbtnt.exec:\nbbtnt.exe30⤵
- Executes dropped EXE
PID:2272 -
\??\c:\pjddv.exec:\pjddv.exe31⤵
- Executes dropped EXE
PID:4512 -
\??\c:\pvpjp.exec:\pvpjp.exe32⤵
- Executes dropped EXE
PID:3956 -
\??\c:\9lxxllr.exec:\9lxxllr.exe33⤵
- Executes dropped EXE
PID:2176 -
\??\c:\rrrxxxr.exec:\rrrxxxr.exe34⤵
- Executes dropped EXE
PID:1324 -
\??\c:\hhbbhh.exec:\hhbbhh.exe35⤵
- Executes dropped EXE
PID:4572 -
\??\c:\hnnhbn.exec:\hnnhbn.exe36⤵
- Executes dropped EXE
PID:4004 -
\??\c:\jjddd.exec:\jjddd.exe37⤵
- Executes dropped EXE
PID:3436 -
\??\c:\jpdvp.exec:\jpdvp.exe38⤵
- Executes dropped EXE
PID:1460 -
\??\c:\xrlrflf.exec:\xrlrflf.exe39⤵
- Executes dropped EXE
PID:4052 -
\??\c:\fxxrlrx.exec:\fxxrlrx.exe40⤵
- Executes dropped EXE
PID:4364 -
\??\c:\bthnhh.exec:\bthnhh.exe41⤵
- Executes dropped EXE
PID:1464 -
\??\c:\htttnh.exec:\htttnh.exe42⤵
- Executes dropped EXE
PID:5048 -
\??\c:\ddddv.exec:\ddddv.exe43⤵
- Executes dropped EXE
PID:2404 -
\??\c:\pdvjp.exec:\pdvjp.exe44⤵
- Executes dropped EXE
PID:1016 -
\??\c:\rxxffff.exec:\rxxffff.exe45⤵
- Executes dropped EXE
PID:2852 -
\??\c:\nnbbbb.exec:\nnbbbb.exe46⤵
- Executes dropped EXE
PID:1148 -
\??\c:\nbhhbh.exec:\nbhhbh.exe47⤵
- Executes dropped EXE
PID:1104 -
\??\c:\dvvpj.exec:\dvvpj.exe48⤵
- Executes dropped EXE
PID:3796 -
\??\c:\dpjdj.exec:\dpjdj.exe49⤵
- Executes dropped EXE
PID:3976 -
\??\c:\vddvj.exec:\vddvj.exe50⤵
- Executes dropped EXE
PID:1136 -
\??\c:\rrxlfrl.exec:\rrxlfrl.exe51⤵
- Executes dropped EXE
PID:2716 -
\??\c:\tthbbb.exec:\tthbbb.exe52⤵
- Executes dropped EXE
PID:4640 -
\??\c:\bthnhh.exec:\bthnhh.exe53⤵
- Executes dropped EXE
PID:5080 -
\??\c:\btbhbb.exec:\btbhbb.exe54⤵
- Executes dropped EXE
PID:1356 -
\??\c:\jvddd.exec:\jvddd.exe55⤵
- Executes dropped EXE
PID:5036 -
\??\c:\ddvdv.exec:\ddvdv.exe56⤵
- Executes dropped EXE
PID:3384 -
\??\c:\jpvvv.exec:\jpvvv.exe57⤵
- Executes dropped EXE
PID:2968 -
\??\c:\frrxlxf.exec:\frrxlxf.exe58⤵
- Executes dropped EXE
PID:3704 -
\??\c:\rfllllf.exec:\rfllllf.exe59⤵
- Executes dropped EXE
PID:3480 -
\??\c:\hthnhh.exec:\hthnhh.exe60⤵
- Executes dropped EXE
PID:3496 -
\??\c:\ppvpp.exec:\ppvpp.exe61⤵
- Executes dropped EXE
PID:4244 -
\??\c:\vvjdd.exec:\vvjdd.exe62⤵
- Executes dropped EXE
PID:1880 -
\??\c:\rxxfxxr.exec:\rxxfxxr.exe63⤵
- Executes dropped EXE
PID:540 -
\??\c:\ddvpp.exec:\ddvpp.exe64⤵
- Executes dropped EXE
PID:2304 -
\??\c:\3lrlxxf.exec:\3lrlxxf.exe65⤵
- Executes dropped EXE
PID:2052 -
\??\c:\rlxrxxx.exec:\rlxrxxx.exe66⤵PID:4812
-
\??\c:\bhhhbb.exec:\bhhhbb.exe67⤵PID:3512
-
\??\c:\bntthh.exec:\bntthh.exe68⤵PID:424
-
\??\c:\nhbbtn.exec:\nhbbtn.exe69⤵PID:1296
-
\??\c:\3vdvj.exec:\3vdvj.exe70⤵PID:5020
-
\??\c:\lflfrrl.exec:\lflfrrl.exe71⤵PID:4668
-
\??\c:\xlfxrrx.exec:\xlfxrrx.exe72⤵PID:3980
-
\??\c:\1frrrrl.exec:\1frrrrl.exe73⤵PID:1808
-
\??\c:\htbhbb.exec:\htbhbb.exe74⤵PID:1708
-
\??\c:\hhhbhh.exec:\hhhbhh.exe75⤵PID:2272
-
\??\c:\ppjjv.exec:\ppjjv.exe76⤵PID:3916
-
\??\c:\frrrrxr.exec:\frrrrxr.exe77⤵PID:3956
-
\??\c:\xlrlfff.exec:\xlrlfff.exe78⤵PID:4388
-
\??\c:\nbnttb.exec:\nbnttb.exe79⤵PID:3568
-
\??\c:\hbhbbb.exec:\hbhbbb.exe80⤵PID:3260
-
\??\c:\btbthh.exec:\btbthh.exe81⤵PID:632
-
\??\c:\jddjd.exec:\jddjd.exe82⤵PID:3972
-
\??\c:\vpjdj.exec:\vpjdj.exe83⤵PID:3952
-
\??\c:\lfxrxxr.exec:\lfxrxxr.exe84⤵PID:4436
-
\??\c:\nhhbtt.exec:\nhhbtt.exe85⤵PID:4356
-
\??\c:\hbbbtt.exec:\hbbbtt.exe86⤵PID:2056
-
\??\c:\tbnhnt.exec:\tbnhnt.exe87⤵PID:3112
-
\??\c:\1jpdv.exec:\1jpdv.exe88⤵PID:772
-
\??\c:\7xxrflf.exec:\7xxrflf.exe89⤵PID:4712
-
\??\c:\llffxxx.exec:\llffxxx.exe90⤵PID:1456
-
\??\c:\xffxrrl.exec:\xffxrrl.exe91⤵PID:4876
-
\??\c:\hhtttt.exec:\hhtttt.exe92⤵PID:2348
-
\??\c:\bnnhbb.exec:\bnnhbb.exe93⤵PID:1824
-
\??\c:\jpdvp.exec:\jpdvp.exe94⤵PID:3904
-
\??\c:\pjvpj.exec:\pjvpj.exe95⤵PID:1508
-
\??\c:\9vdpj.exec:\9vdpj.exe96⤵PID:4312
-
\??\c:\7flrffl.exec:\7flrffl.exe97⤵PID:4156
-
\??\c:\llrrxxl.exec:\llrrxxl.exe98⤵PID:1136
-
\??\c:\tbbbbb.exec:\tbbbbb.exe99⤵PID:4260
-
\??\c:\hnhhbb.exec:\hnhhbb.exe100⤵PID:4640
-
\??\c:\dpjjd.exec:\dpjjd.exe101⤵PID:3076
-
\??\c:\pjjdp.exec:\pjjdp.exe102⤵PID:1928
-
\??\c:\jjjdv.exec:\jjjdv.exe103⤵PID:5036
-
\??\c:\frffxxx.exec:\frffxxx.exe104⤵PID:2900
-
\??\c:\lllrxrx.exec:\lllrxrx.exe105⤵PID:1452
-
\??\c:\hhbbtt.exec:\hhbbtt.exe106⤵PID:4728
-
\??\c:\dpvpp.exec:\dpvpp.exe107⤵PID:4164
-
\??\c:\5frfxxx.exec:\5frfxxx.exe108⤵PID:1640
-
\??\c:\rrrxrxr.exec:\rrrxrxr.exe109⤵PID:4612
-
\??\c:\frxfxff.exec:\frxfxff.exe110⤵PID:3152
-
\??\c:\ttttnn.exec:\ttttnn.exe111⤵PID:5060
-
\??\c:\nhhhnt.exec:\nhhhnt.exe112⤵PID:3936
-
\??\c:\pjvvj.exec:\pjvvj.exe113⤵PID:4812
-
\??\c:\vvvjj.exec:\vvvjj.exe114⤵PID:3296
-
\??\c:\1xrrfff.exec:\1xrrfff.exe115⤵PID:424
-
\??\c:\7xfflrr.exec:\7xfflrr.exe116⤵PID:1724
-
\??\c:\ttttnn.exec:\ttttnn.exe117⤵PID:4920
-
\??\c:\bbtttb.exec:\bbtttb.exe118⤵PID:4668
-
\??\c:\dpjjd.exec:\dpjjd.exe119⤵PID:3980
-
\??\c:\dvjdp.exec:\dvjdp.exe120⤵PID:1808
-
\??\c:\3vdvj.exec:\3vdvj.exe121⤵PID:4512
-
\??\c:\lflffff.exec:\lflffff.exe122⤵PID:392
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-