Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
19-05-2024 06:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8e88a18128b197533de31b961a56cc10_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
General
-
Target
8e88a18128b197533de31b961a56cc10_NeikiAnalytics.exe
-
Size
75KB
-
MD5
8e88a18128b197533de31b961a56cc10
-
SHA1
5951543af24e3d6036b8abec6a52e63b9c0d2828
-
SHA256
904fdcfa4c8f441b2153f8a90fd917f2693165915301054af88a5e12cbbb08ee
-
SHA512
bb2a5fd562a7b624d607718802ac3711abb6b75cc0081103bf36297aa406b4a6b99940ca29366867871429962b54e0ef9984c3d92d786b5027cd815d0e39b7fb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5f:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCx
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/2028-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3360-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4496-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2092-36-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2092-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4228-27-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1140-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2460-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3468-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1348-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/856-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2236-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3900-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4140-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4060-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3796-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3004-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/736-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1704-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4092-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1156-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4500-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4676-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/908-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2792-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2556-207-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3360 frxlflx.exe 4496 9rrrlll.exe 4228 5nbbnn.exe 2092 jddvj.exe 1140 5dvpj.exe 2460 rlxxlxr.exe 3468 bnbhbb.exe 1348 vdjjv.exe 856 pjdvp.exe 2236 fflfxrl.exe 4028 5hhbbb.exe 3900 jdvpp.exe 4140 7vvpj.exe 4060 3xrrfrf.exe 3796 bhntnn.exe 3004 vjvvp.exe 3780 pvvpd.exe 736 xflfxxr.exe 4888 rfxrrll.exe 1704 1tbbtt.exe 4732 btbbtt.exe 4092 jdvdv.exe 1156 fxflfxr.exe 4500 xrrlllf.exe 2336 5bhtbb.exe 4676 nnthhb.exe 1688 9xxrfxx.exe 908 5tttnt.exe 2792 dpjdd.exe 2172 dvvvj.exe 2556 fllfxff.exe 4408 9bbttt.exe 1464 1jvpp.exe 1472 9vjjj.exe 4352 xrrlfll.exe 968 lrrxxfx.exe 3648 btnnhh.exe 3840 bhhbtn.exe 4456 dppvv.exe 712 5rxxfff.exe 3168 fxffrrr.exe 1576 nttbhn.exe 1932 5hbthn.exe 636 jdvpd.exe 2328 rxfxxrf.exe 3804 xrfrfrl.exe 2744 hbbhhn.exe 4468 hnthtn.exe 3248 vjjdv.exe 4872 1pjdv.exe 4892 5xlfflr.exe 4016 lrrlfff.exe 2728 nbhhbt.exe 4060 nnhhhn.exe 4556 ppppj.exe 4976 dvdvd.exe 1668 7lxrrll.exe 3780 3llrrrr.exe 1560 rxlfxxx.exe 1700 7tnnnn.exe 4888 hnttnn.exe 4504 pjpjv.exe 1704 pdjjj.exe 2416 9fllrrr.exe -
resource yara_rule behavioral2/memory/2028-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3360-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3360-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3360-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4496-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2092-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4228-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1140-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2460-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3468-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1348-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/856-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/856-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/856-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2236-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3900-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4140-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4060-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3796-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3004-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/736-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1704-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4092-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1156-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4500-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4676-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/908-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2792-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2556-207-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2028 wrote to memory of 3360 2028 8e88a18128b197533de31b961a56cc10_NeikiAnalytics.exe 82 PID 2028 wrote to memory of 3360 2028 8e88a18128b197533de31b961a56cc10_NeikiAnalytics.exe 82 PID 2028 wrote to memory of 3360 2028 8e88a18128b197533de31b961a56cc10_NeikiAnalytics.exe 82 PID 3360 wrote to memory of 4496 3360 frxlflx.exe 83 PID 3360 wrote to memory of 4496 3360 frxlflx.exe 83 PID 3360 wrote to memory of 4496 3360 frxlflx.exe 83 PID 4496 wrote to memory of 4228 4496 9rrrlll.exe 84 PID 4496 wrote to memory of 4228 4496 9rrrlll.exe 84 PID 4496 wrote to memory of 4228 4496 9rrrlll.exe 84 PID 4228 wrote to memory of 2092 4228 5nbbnn.exe 85 PID 4228 wrote to memory of 2092 4228 5nbbnn.exe 85 PID 4228 wrote to memory of 2092 4228 5nbbnn.exe 85 PID 2092 wrote to memory of 1140 2092 jddvj.exe 86 PID 2092 wrote to memory of 1140 2092 jddvj.exe 86 PID 2092 wrote to memory of 1140 2092 jddvj.exe 86 PID 1140 wrote to memory of 2460 1140 5dvpj.exe 87 PID 1140 wrote to memory of 2460 1140 5dvpj.exe 87 PID 1140 wrote to memory of 2460 1140 5dvpj.exe 87 PID 2460 wrote to memory of 3468 2460 rlxxlxr.exe 89 PID 2460 wrote to memory of 3468 2460 rlxxlxr.exe 89 PID 2460 wrote to memory of 3468 2460 rlxxlxr.exe 89 PID 3468 wrote to memory of 1348 3468 bnbhbb.exe 90 PID 3468 wrote to memory of 1348 3468 bnbhbb.exe 90 PID 3468 wrote to memory of 1348 3468 bnbhbb.exe 90 PID 1348 wrote to memory of 856 1348 vdjjv.exe 91 PID 1348 wrote to memory of 856 1348 vdjjv.exe 91 PID 1348 wrote to memory of 856 1348 vdjjv.exe 91 PID 856 wrote to memory of 2236 856 pjdvp.exe 92 PID 856 wrote to memory of 2236 856 pjdvp.exe 92 PID 856 wrote to memory of 2236 856 pjdvp.exe 92 PID 2236 wrote to memory of 4028 2236 fflfxrl.exe 93 PID 2236 wrote to memory of 4028 2236 fflfxrl.exe 93 PID 2236 wrote to memory of 4028 2236 fflfxrl.exe 93 PID 4028 wrote to memory of 3900 4028 5hhbbb.exe 94 PID 4028 wrote to memory of 3900 4028 5hhbbb.exe 94 PID 4028 wrote to memory of 3900 4028 5hhbbb.exe 94 PID 3900 wrote to memory of 4140 3900 jdvpp.exe 96 PID 3900 wrote to memory of 4140 3900 jdvpp.exe 96 PID 3900 wrote to memory of 4140 3900 jdvpp.exe 96 PID 4140 wrote to memory of 4060 4140 7vvpj.exe 97 PID 4140 wrote to memory of 4060 4140 7vvpj.exe 97 PID 4140 wrote to memory of 4060 4140 7vvpj.exe 97 PID 4060 wrote to memory of 3796 4060 3xrrfrf.exe 98 PID 4060 wrote to memory of 3796 4060 3xrrfrf.exe 98 PID 4060 wrote to memory of 3796 4060 3xrrfrf.exe 98 PID 3796 wrote to memory of 3004 3796 bhntnn.exe 99 PID 3796 wrote to memory of 3004 3796 bhntnn.exe 99 PID 3796 wrote to memory of 3004 3796 bhntnn.exe 99 PID 3004 wrote to memory of 3780 3004 vjvvp.exe 100 PID 3004 wrote to memory of 3780 3004 vjvvp.exe 100 PID 3004 wrote to memory of 3780 3004 vjvvp.exe 100 PID 3780 wrote to memory of 736 3780 pvvpd.exe 101 PID 3780 wrote to memory of 736 3780 pvvpd.exe 101 PID 3780 wrote to memory of 736 3780 pvvpd.exe 101 PID 736 wrote to memory of 4888 736 xflfxxr.exe 102 PID 736 wrote to memory of 4888 736 xflfxxr.exe 102 PID 736 wrote to memory of 4888 736 xflfxxr.exe 102 PID 4888 wrote to memory of 1704 4888 rfxrrll.exe 103 PID 4888 wrote to memory of 1704 4888 rfxrrll.exe 103 PID 4888 wrote to memory of 1704 4888 rfxrrll.exe 103 PID 1704 wrote to memory of 4732 1704 1tbbtt.exe 104 PID 1704 wrote to memory of 4732 1704 1tbbtt.exe 104 PID 1704 wrote to memory of 4732 1704 1tbbtt.exe 104 PID 4732 wrote to memory of 4092 4732 btbbtt.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e88a18128b197533de31b961a56cc10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8e88a18128b197533de31b961a56cc10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\frxlflx.exec:\frxlflx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3360 -
\??\c:\9rrrlll.exec:\9rrrlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4496 -
\??\c:\5nbbnn.exec:\5nbbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4228 -
\??\c:\jddvj.exec:\jddvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2092 -
\??\c:\5dvpj.exec:\5dvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1140 -
\??\c:\rlxxlxr.exec:\rlxxlxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\bnbhbb.exec:\bnbhbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3468 -
\??\c:\vdjjv.exec:\vdjjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1348 -
\??\c:\pjdvp.exec:\pjdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:856 -
\??\c:\fflfxrl.exec:\fflfxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2236 -
\??\c:\5hhbbb.exec:\5hhbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4028 -
\??\c:\jdvpp.exec:\jdvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3900 -
\??\c:\7vvpj.exec:\7vvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4140 -
\??\c:\3xrrfrf.exec:\3xrrfrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4060 -
\??\c:\bhntnn.exec:\bhntnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3796 -
\??\c:\vjvvp.exec:\vjvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3004 -
\??\c:\pvvpd.exec:\pvvpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3780 -
\??\c:\xflfxxr.exec:\xflfxxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:736 -
\??\c:\rfxrrll.exec:\rfxrrll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4888 -
\??\c:\1tbbtt.exec:\1tbbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1704 -
\??\c:\btbbtt.exec:\btbbtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4732 -
\??\c:\jdvdv.exec:\jdvdv.exe23⤵
- Executes dropped EXE
PID:4092 -
\??\c:\fxflfxr.exec:\fxflfxr.exe24⤵
- Executes dropped EXE
PID:1156 -
\??\c:\xrrlllf.exec:\xrrlllf.exe25⤵
- Executes dropped EXE
PID:4500 -
\??\c:\5bhtbb.exec:\5bhtbb.exe26⤵
- Executes dropped EXE
PID:2336 -
\??\c:\nnthhb.exec:\nnthhb.exe27⤵
- Executes dropped EXE
PID:4676 -
\??\c:\9xxrfxx.exec:\9xxrfxx.exe28⤵
- Executes dropped EXE
PID:1688 -
\??\c:\5tttnt.exec:\5tttnt.exe29⤵
- Executes dropped EXE
PID:908 -
\??\c:\dpjdd.exec:\dpjdd.exe30⤵
- Executes dropped EXE
PID:2792 -
\??\c:\dvvvj.exec:\dvvvj.exe31⤵
- Executes dropped EXE
PID:2172 -
\??\c:\fllfxff.exec:\fllfxff.exe32⤵
- Executes dropped EXE
PID:2556 -
\??\c:\9bbttt.exec:\9bbttt.exe33⤵
- Executes dropped EXE
PID:4408 -
\??\c:\1jvpp.exec:\1jvpp.exe34⤵
- Executes dropped EXE
PID:1464 -
\??\c:\9vjjj.exec:\9vjjj.exe35⤵
- Executes dropped EXE
PID:1472 -
\??\c:\xrrlfll.exec:\xrrlfll.exe36⤵
- Executes dropped EXE
PID:4352 -
\??\c:\lrrxxfx.exec:\lrrxxfx.exe37⤵
- Executes dropped EXE
PID:968 -
\??\c:\btnnhh.exec:\btnnhh.exe38⤵
- Executes dropped EXE
PID:3648 -
\??\c:\bhhbtn.exec:\bhhbtn.exe39⤵
- Executes dropped EXE
PID:3840 -
\??\c:\dppvv.exec:\dppvv.exe40⤵
- Executes dropped EXE
PID:4456 -
\??\c:\5rxxfff.exec:\5rxxfff.exe41⤵
- Executes dropped EXE
PID:712 -
\??\c:\fxffrrr.exec:\fxffrrr.exe42⤵
- Executes dropped EXE
PID:3168 -
\??\c:\nttbhn.exec:\nttbhn.exe43⤵
- Executes dropped EXE
PID:1576 -
\??\c:\5hbthn.exec:\5hbthn.exe44⤵
- Executes dropped EXE
PID:1932 -
\??\c:\jdvpd.exec:\jdvpd.exe45⤵
- Executes dropped EXE
PID:636 -
\??\c:\rxfxxrf.exec:\rxfxxrf.exe46⤵
- Executes dropped EXE
PID:2328 -
\??\c:\xrfrfrl.exec:\xrfrfrl.exe47⤵
- Executes dropped EXE
PID:3804 -
\??\c:\hbbhhn.exec:\hbbhhn.exe48⤵
- Executes dropped EXE
PID:2744 -
\??\c:\hnthtn.exec:\hnthtn.exe49⤵
- Executes dropped EXE
PID:4468 -
\??\c:\vjjdv.exec:\vjjdv.exe50⤵
- Executes dropped EXE
PID:3248 -
\??\c:\1pjdv.exec:\1pjdv.exe51⤵
- Executes dropped EXE
PID:4872 -
\??\c:\5xlfflr.exec:\5xlfflr.exe52⤵
- Executes dropped EXE
PID:4892 -
\??\c:\lrrlfff.exec:\lrrlfff.exe53⤵
- Executes dropped EXE
PID:4016 -
\??\c:\nbhhbt.exec:\nbhhbt.exe54⤵
- Executes dropped EXE
PID:2728 -
\??\c:\nnhhhn.exec:\nnhhhn.exe55⤵
- Executes dropped EXE
PID:4060 -
\??\c:\ppppj.exec:\ppppj.exe56⤵
- Executes dropped EXE
PID:4556 -
\??\c:\dvdvd.exec:\dvdvd.exe57⤵
- Executes dropped EXE
PID:4976 -
\??\c:\7lxrrll.exec:\7lxrrll.exe58⤵
- Executes dropped EXE
PID:1668 -
\??\c:\3llrrrr.exec:\3llrrrr.exe59⤵
- Executes dropped EXE
PID:3780 -
\??\c:\rxlfxxx.exec:\rxlfxxx.exe60⤵
- Executes dropped EXE
PID:1560 -
\??\c:\7tnnnn.exec:\7tnnnn.exe61⤵
- Executes dropped EXE
PID:1700 -
\??\c:\hnttnn.exec:\hnttnn.exe62⤵
- Executes dropped EXE
PID:4888 -
\??\c:\pjpjv.exec:\pjpjv.exe63⤵
- Executes dropped EXE
PID:4504 -
\??\c:\pdjjj.exec:\pdjjj.exe64⤵
- Executes dropped EXE
PID:1704 -
\??\c:\9fllrrr.exec:\9fllrrr.exe65⤵
- Executes dropped EXE
PID:2416 -
\??\c:\5llllll.exec:\5llllll.exe66⤵PID:1344
-
\??\c:\httbtb.exec:\httbtb.exe67⤵PID:5092
-
\??\c:\jpvpp.exec:\jpvpp.exe68⤵PID:1608
-
\??\c:\pjdvj.exec:\pjdvj.exe69⤵PID:2536
-
\??\c:\lfllrrx.exec:\lfllrrx.exe70⤵PID:4884
-
\??\c:\7hbbhh.exec:\7hbbhh.exe71⤵PID:4100
-
\??\c:\3dddd.exec:\3dddd.exe72⤵PID:4944
-
\??\c:\jvpjv.exec:\jvpjv.exe73⤵PID:4040
-
\??\c:\lfxrrfx.exec:\lfxrrfx.exe74⤵PID:5096
-
\??\c:\7lrlfff.exec:\7lrlfff.exe75⤵PID:1720
-
\??\c:\bhnntt.exec:\bhnntt.exe76⤵PID:3084
-
\??\c:\bnttnt.exec:\bnttnt.exe77⤵PID:2852
-
\??\c:\5dddp.exec:\5dddp.exe78⤵PID:3712
-
\??\c:\7vvpj.exec:\7vvpj.exe79⤵PID:1152
-
\??\c:\ffrlffx.exec:\ffrlffx.exe80⤵PID:4536
-
\??\c:\xffrlrx.exec:\xffrlrx.exe81⤵PID:1756
-
\??\c:\bttnnt.exec:\bttnnt.exe82⤵PID:4120
-
\??\c:\tnhhbb.exec:\tnhhbb.exe83⤵PID:1644
-
\??\c:\hnnnhb.exec:\hnnnhb.exe84⤵PID:1204
-
\??\c:\3vvvp.exec:\3vvvp.exe85⤵PID:3840
-
\??\c:\rlllllr.exec:\rlllllr.exe86⤵PID:4456
-
\??\c:\3xrrlxr.exec:\3xrrlxr.exe87⤵PID:3268
-
\??\c:\tbnnnt.exec:\tbnnnt.exe88⤵PID:4088
-
\??\c:\nhbttn.exec:\nhbttn.exe89⤵PID:2520
-
\??\c:\pvdvv.exec:\pvdvv.exe90⤵PID:4524
-
\??\c:\lflfrxr.exec:\lflfrxr.exe91⤵PID:3052
-
\??\c:\flflxlr.exec:\flflxlr.exe92⤵PID:3644
-
\??\c:\7nnnnn.exec:\7nnnnn.exe93⤵PID:408
-
\??\c:\tnhhhh.exec:\tnhhhh.exe94⤵PID:3432
-
\??\c:\1ppjd.exec:\1ppjd.exe95⤵PID:2156
-
\??\c:\ffrlxxr.exec:\ffrlxxr.exe96⤵PID:4036
-
\??\c:\7fffffx.exec:\7fffffx.exe97⤵PID:3652
-
\??\c:\nbnttb.exec:\nbnttb.exe98⤵PID:760
-
\??\c:\5ttnhh.exec:\5ttnhh.exe99⤵PID:2388
-
\??\c:\3vvjp.exec:\3vvjp.exe100⤵PID:2868
-
\??\c:\1dvpd.exec:\1dvpd.exe101⤵PID:5104
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe102⤵PID:3676
-
\??\c:\5xxlffr.exec:\5xxlffr.exe103⤵PID:4976
-
\??\c:\nnnhnn.exec:\nnnhnn.exe104⤵PID:2768
-
\??\c:\hbbttt.exec:\hbbttt.exe105⤵PID:3440
-
\??\c:\3djjj.exec:\3djjj.exe106⤵PID:2940
-
\??\c:\djjjd.exec:\djjjd.exe107⤵PID:216
-
\??\c:\llfxlll.exec:\llfxlll.exe108⤵PID:4888
-
\??\c:\rlllllf.exec:\rlllllf.exe109⤵PID:4440
-
\??\c:\ttbtnn.exec:\ttbtnn.exe110⤵PID:4732
-
\??\c:\3djdp.exec:\3djdp.exe111⤵PID:2416
-
\??\c:\dvvvd.exec:\dvvvd.exe112⤵PID:1344
-
\??\c:\9rxrrrr.exec:\9rxrrrr.exe113⤵PID:5092
-
\??\c:\3lrrxxx.exec:\3lrrxxx.exe114⤵PID:4800
-
\??\c:\1tbttt.exec:\1tbttt.exe115⤵PID:2972
-
\??\c:\bbbbtb.exec:\bbbbtb.exe116⤵PID:4676
-
\??\c:\vpdvv.exec:\vpdvv.exe117⤵PID:2272
-
\??\c:\ddddp.exec:\ddddp.exe118⤵PID:4944
-
\??\c:\llxlxxx.exec:\llxlxxx.exe119⤵PID:3332
-
\??\c:\rxflrfr.exec:\rxflrfr.exe120⤵PID:396
-
\??\c:\nbbtbb.exec:\nbbtbb.exe121⤵PID:4980
-
\??\c:\ttbbbb.exec:\ttbbbb.exe122⤵PID:552
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-