Analysis
-
max time kernel
150s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a416cb69bb0f66fa7280dc7dc6c63010_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
a416cb69bb0f66fa7280dc7dc6c63010_NeikiAnalytics.exe
-
Size
123KB
-
MD5
a416cb69bb0f66fa7280dc7dc6c63010
-
SHA1
5842a369d8426843b895b3381710dd5874cbfe11
-
SHA256
858abb320501f986406a26f18f49d5b01596378e3d5de8229465ec8849b28dc3
-
SHA512
f13990bd50ab41c9d236f899f5a79678ae26e45fc4947ce2a4346cdfd8f3b3c383e11483eb4b89d5ee26a32110f4bd1b4073941c536a73a9a6ec4cf444008e57
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX90If9y1:n3C9BRW0j/uVEZFmI+
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral2/memory/2216-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2128-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4872-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4876-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2940-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2568-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5036-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1564-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2940-35-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3612-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2340-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5040-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3112-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3276-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4372-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3288-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/540-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4100-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3116-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4448-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/812-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3172-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2128 jdvvd.exe 4872 fxffxxf.exe 4876 tthnbn.exe 2940 9hhhnn.exe 2568 vddpd.exe 5036 rfrlxrl.exe 1564 tbhnnh.exe 516 1hnthn.exe 3612 jpjjj.exe 2340 frlfrfx.exe 5040 bnnhnh.exe 3112 5ddpd.exe 3876 1jvjd.exe 3276 rfrfxrr.exe 2220 bhnhbb.exe 4372 5dvvj.exe 3288 rrfllxr.exe 540 9lfxlfr.exe 4100 nhhbnh.exe 644 xllxlfr.exe 3116 hbthtt.exe 4448 dvvpj.exe 1264 pdjdp.exe 2764 xlrrlfx.exe 812 thbtnh.exe 3920 ddjdd.exe 4076 jvpdp.exe 4028 1xfxxlx.exe 764 hntnnh.exe 4548 jvvjd.exe 3172 xrrxfxf.exe 4296 5xxrlfl.exe 1648 7hhbhb.exe 5032 vjjvp.exe 3464 vjjvj.exe 1736 bnhthb.exe 3600 jdpjd.exe 1388 vpjpj.exe 1656 xffxrlf.exe 448 hhtbhh.exe 4924 hbtttb.exe 3188 pjddp.exe 4872 jvdvp.exe 1036 xrllxxr.exe 4624 7xlllll.exe 4896 tbbntb.exe 4832 bnhntn.exe 1332 pppjd.exe 4044 vjddd.exe 3528 rxfrlll.exe 4936 9xxrlfx.exe 3612 7btnnn.exe 1644 thhbtn.exe 5088 5vdvj.exe 952 pjjjd.exe 4300 lxfxlfr.exe 4712 rfflxfr.exe 1088 nnnnbn.exe 4384 thttnb.exe 3524 vpdpd.exe 4372 rxfxxff.exe 2292 rxrxffr.exe 3056 bbtnhh.exe 2484 hhhbth.exe -
resource yara_rule behavioral2/memory/2216-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2128-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4872-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4876-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2940-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2568-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2568-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2568-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5036-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1564-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3612-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2340-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5040-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3112-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3276-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4372-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3288-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/540-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4100-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3116-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4448-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/812-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3172-205-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2216 wrote to memory of 2128 2216 a416cb69bb0f66fa7280dc7dc6c63010_NeikiAnalytics.exe 82 PID 2216 wrote to memory of 2128 2216 a416cb69bb0f66fa7280dc7dc6c63010_NeikiAnalytics.exe 82 PID 2216 wrote to memory of 2128 2216 a416cb69bb0f66fa7280dc7dc6c63010_NeikiAnalytics.exe 82 PID 2128 wrote to memory of 4872 2128 jdvvd.exe 83 PID 2128 wrote to memory of 4872 2128 jdvvd.exe 83 PID 2128 wrote to memory of 4872 2128 jdvvd.exe 83 PID 4872 wrote to memory of 4876 4872 fxffxxf.exe 84 PID 4872 wrote to memory of 4876 4872 fxffxxf.exe 84 PID 4872 wrote to memory of 4876 4872 fxffxxf.exe 84 PID 4876 wrote to memory of 2940 4876 tthnbn.exe 85 PID 4876 wrote to memory of 2940 4876 tthnbn.exe 85 PID 4876 wrote to memory of 2940 4876 tthnbn.exe 85 PID 2940 wrote to memory of 2568 2940 9hhhnn.exe 86 PID 2940 wrote to memory of 2568 2940 9hhhnn.exe 86 PID 2940 wrote to memory of 2568 2940 9hhhnn.exe 86 PID 2568 wrote to memory of 5036 2568 vddpd.exe 87 PID 2568 wrote to memory of 5036 2568 vddpd.exe 87 PID 2568 wrote to memory of 5036 2568 vddpd.exe 87 PID 5036 wrote to memory of 1564 5036 rfrlxrl.exe 88 PID 5036 wrote to memory of 1564 5036 rfrlxrl.exe 88 PID 5036 wrote to memory of 1564 5036 rfrlxrl.exe 88 PID 1564 wrote to memory of 516 1564 tbhnnh.exe 89 PID 1564 wrote to memory of 516 1564 tbhnnh.exe 89 PID 1564 wrote to memory of 516 1564 tbhnnh.exe 89 PID 516 wrote to memory of 3612 516 1hnthn.exe 90 PID 516 wrote to memory of 3612 516 1hnthn.exe 90 PID 516 wrote to memory of 3612 516 1hnthn.exe 90 PID 3612 wrote to memory of 2340 3612 jpjjj.exe 91 PID 3612 wrote to memory of 2340 3612 jpjjj.exe 91 PID 3612 wrote to memory of 2340 3612 jpjjj.exe 91 PID 2340 wrote to memory of 5040 2340 frlfrfx.exe 92 PID 2340 wrote to memory of 5040 2340 frlfrfx.exe 92 PID 2340 wrote to memory of 5040 2340 frlfrfx.exe 92 PID 5040 wrote to memory of 3112 5040 bnnhnh.exe 93 PID 5040 wrote to memory of 3112 5040 bnnhnh.exe 93 PID 5040 wrote to memory of 3112 5040 bnnhnh.exe 93 PID 3112 wrote to memory of 3876 3112 5ddpd.exe 94 PID 3112 wrote to memory of 3876 3112 5ddpd.exe 94 PID 3112 wrote to memory of 3876 3112 5ddpd.exe 94 PID 3876 wrote to memory of 3276 3876 1jvjd.exe 95 PID 3876 wrote to memory of 3276 3876 1jvjd.exe 95 PID 3876 wrote to memory of 3276 3876 1jvjd.exe 95 PID 3276 wrote to memory of 2220 3276 rfrfxrr.exe 96 PID 3276 wrote to memory of 2220 3276 rfrfxrr.exe 96 PID 3276 wrote to memory of 2220 3276 rfrfxrr.exe 96 PID 2220 wrote to memory of 4372 2220 bhnhbb.exe 97 PID 2220 wrote to memory of 4372 2220 bhnhbb.exe 97 PID 2220 wrote to memory of 4372 2220 bhnhbb.exe 97 PID 4372 wrote to memory of 3288 4372 5dvvj.exe 98 PID 4372 wrote to memory of 3288 4372 5dvvj.exe 98 PID 4372 wrote to memory of 3288 4372 5dvvj.exe 98 PID 3288 wrote to memory of 540 3288 rrfllxr.exe 100 PID 3288 wrote to memory of 540 3288 rrfllxr.exe 100 PID 3288 wrote to memory of 540 3288 rrfllxr.exe 100 PID 540 wrote to memory of 4100 540 9lfxlfr.exe 101 PID 540 wrote to memory of 4100 540 9lfxlfr.exe 101 PID 540 wrote to memory of 4100 540 9lfxlfr.exe 101 PID 4100 wrote to memory of 644 4100 nhhbnh.exe 102 PID 4100 wrote to memory of 644 4100 nhhbnh.exe 102 PID 4100 wrote to memory of 644 4100 nhhbnh.exe 102 PID 644 wrote to memory of 3116 644 xllxlfr.exe 103 PID 644 wrote to memory of 3116 644 xllxlfr.exe 103 PID 644 wrote to memory of 3116 644 xllxlfr.exe 103 PID 3116 wrote to memory of 4448 3116 hbthtt.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\a416cb69bb0f66fa7280dc7dc6c63010_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a416cb69bb0f66fa7280dc7dc6c63010_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
\??\c:\jdvvd.exec:\jdvvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2128 -
\??\c:\fxffxxf.exec:\fxffxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4872 -
\??\c:\tthnbn.exec:\tthnbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4876 -
\??\c:\9hhhnn.exec:\9hhhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2940 -
\??\c:\vddpd.exec:\vddpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\rfrlxrl.exec:\rfrlxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5036 -
\??\c:\tbhnnh.exec:\tbhnnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\1hnthn.exec:\1hnthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:516 -
\??\c:\jpjjj.exec:\jpjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3612 -
\??\c:\frlfrfx.exec:\frlfrfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2340 -
\??\c:\bnnhnh.exec:\bnnhnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5040 -
\??\c:\5ddpd.exec:\5ddpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3112 -
\??\c:\1jvjd.exec:\1jvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3876 -
\??\c:\rfrfxrr.exec:\rfrfxrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3276 -
\??\c:\bhnhbb.exec:\bhnhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\5dvvj.exec:\5dvvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4372 -
\??\c:\rrfllxr.exec:\rrfllxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3288 -
\??\c:\9lfxlfr.exec:\9lfxlfr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:540 -
\??\c:\nhhbnh.exec:\nhhbnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4100 -
\??\c:\xllxlfr.exec:\xllxlfr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:644 -
\??\c:\hbthtt.exec:\hbthtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3116 -
\??\c:\dvvpj.exec:\dvvpj.exe23⤵
- Executes dropped EXE
PID:4448 -
\??\c:\pdjdp.exec:\pdjdp.exe24⤵
- Executes dropped EXE
PID:1264 -
\??\c:\xlrrlfx.exec:\xlrrlfx.exe25⤵
- Executes dropped EXE
PID:2764 -
\??\c:\thbtnh.exec:\thbtnh.exe26⤵
- Executes dropped EXE
PID:812 -
\??\c:\ddjdd.exec:\ddjdd.exe27⤵
- Executes dropped EXE
PID:3920 -
\??\c:\jvpdp.exec:\jvpdp.exe28⤵
- Executes dropped EXE
PID:4076 -
\??\c:\1xfxxlx.exec:\1xfxxlx.exe29⤵
- Executes dropped EXE
PID:4028 -
\??\c:\hntnnh.exec:\hntnnh.exe30⤵
- Executes dropped EXE
PID:764 -
\??\c:\jvvjd.exec:\jvvjd.exe31⤵
- Executes dropped EXE
PID:4548 -
\??\c:\xrrxfxf.exec:\xrrxfxf.exe32⤵
- Executes dropped EXE
PID:3172 -
\??\c:\5xxrlfl.exec:\5xxrlfl.exe33⤵
- Executes dropped EXE
PID:4296 -
\??\c:\7hhbhb.exec:\7hhbhb.exe34⤵
- Executes dropped EXE
PID:1648 -
\??\c:\vjjvp.exec:\vjjvp.exe35⤵
- Executes dropped EXE
PID:5032 -
\??\c:\vjjvj.exec:\vjjvj.exe36⤵
- Executes dropped EXE
PID:3464 -
\??\c:\bnhthb.exec:\bnhthb.exe37⤵
- Executes dropped EXE
PID:1736 -
\??\c:\jdpjd.exec:\jdpjd.exe38⤵
- Executes dropped EXE
PID:3600 -
\??\c:\vpjpj.exec:\vpjpj.exe39⤵
- Executes dropped EXE
PID:1388 -
\??\c:\xffxrlf.exec:\xffxrlf.exe40⤵
- Executes dropped EXE
PID:1656 -
\??\c:\xrlxrrf.exec:\xrlxrrf.exe41⤵PID:4940
-
\??\c:\hhtbhh.exec:\hhtbhh.exe42⤵
- Executes dropped EXE
PID:448 -
\??\c:\hbtttb.exec:\hbtttb.exe43⤵
- Executes dropped EXE
PID:4924 -
\??\c:\pjddp.exec:\pjddp.exe44⤵
- Executes dropped EXE
PID:3188 -
\??\c:\jvdvp.exec:\jvdvp.exe45⤵
- Executes dropped EXE
PID:4872 -
\??\c:\xrllxxr.exec:\xrllxxr.exe46⤵
- Executes dropped EXE
PID:1036 -
\??\c:\7xlllll.exec:\7xlllll.exe47⤵
- Executes dropped EXE
PID:4624 -
\??\c:\tbbntb.exec:\tbbntb.exe48⤵
- Executes dropped EXE
PID:4896 -
\??\c:\bnhntn.exec:\bnhntn.exe49⤵
- Executes dropped EXE
PID:4832 -
\??\c:\pppjd.exec:\pppjd.exe50⤵
- Executes dropped EXE
PID:1332 -
\??\c:\vjddd.exec:\vjddd.exe51⤵
- Executes dropped EXE
PID:4044 -
\??\c:\rxfrlll.exec:\rxfrlll.exe52⤵
- Executes dropped EXE
PID:3528 -
\??\c:\9xxrlfx.exec:\9xxrlfx.exe53⤵
- Executes dropped EXE
PID:4936 -
\??\c:\7btnnn.exec:\7btnnn.exe54⤵
- Executes dropped EXE
PID:3612 -
\??\c:\thhbtn.exec:\thhbtn.exe55⤵
- Executes dropped EXE
PID:1644 -
\??\c:\5vdvj.exec:\5vdvj.exe56⤵
- Executes dropped EXE
PID:5088 -
\??\c:\pjjjd.exec:\pjjjd.exe57⤵
- Executes dropped EXE
PID:952 -
\??\c:\lxfxlfr.exec:\lxfxlfr.exe58⤵
- Executes dropped EXE
PID:4300 -
\??\c:\rfflxfr.exec:\rfflxfr.exe59⤵
- Executes dropped EXE
PID:4712 -
\??\c:\nnnnbn.exec:\nnnnbn.exe60⤵
- Executes dropped EXE
PID:1088 -
\??\c:\thttnb.exec:\thttnb.exe61⤵
- Executes dropped EXE
PID:4384 -
\??\c:\vpdpd.exec:\vpdpd.exe62⤵
- Executes dropped EXE
PID:3524 -
\??\c:\rxfxxff.exec:\rxfxxff.exe63⤵
- Executes dropped EXE
PID:4372 -
\??\c:\rxrxffr.exec:\rxrxffr.exe64⤵
- Executes dropped EXE
PID:2292 -
\??\c:\bbtnhh.exec:\bbtnhh.exe65⤵
- Executes dropped EXE
PID:3056 -
\??\c:\hhhbth.exec:\hhhbth.exe66⤵
- Executes dropped EXE
PID:2484 -
\??\c:\pvvpj.exec:\pvvpj.exe67⤵PID:4460
-
\??\c:\jpjdp.exec:\jpjdp.exe68⤵PID:4100
-
\??\c:\7xrrxrx.exec:\7xrrxrx.exe69⤵PID:4264
-
\??\c:\nhthnt.exec:\nhthnt.exe70⤵PID:4912
-
\??\c:\3hnbtt.exec:\3hnbtt.exe71⤵PID:4140
-
\??\c:\pjpjv.exec:\pjpjv.exe72⤵PID:3608
-
\??\c:\pvpdv.exec:\pvpdv.exe73⤵PID:1676
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe74⤵PID:4584
-
\??\c:\llfxrlf.exec:\llfxrlf.exe75⤵PID:2356
-
\??\c:\7nnhbb.exec:\7nnhbb.exe76⤵PID:2764
-
\??\c:\bbhbnn.exec:\bbhbnn.exe77⤵PID:2232
-
\??\c:\jvvpj.exec:\jvvpj.exe78⤵PID:3316
-
\??\c:\7xlflff.exec:\7xlflff.exe79⤵PID:3956
-
\??\c:\7rrrffr.exec:\7rrrffr.exe80⤵PID:2528
-
\??\c:\nhnnth.exec:\nhnnth.exe81⤵PID:4080
-
\??\c:\thbnhn.exec:\thbnhn.exe82⤵PID:3324
-
\??\c:\jddvj.exec:\jddvj.exe83⤵PID:3716
-
\??\c:\vvjdv.exec:\vvjdv.exe84⤵PID:3132
-
\??\c:\7xxrllx.exec:\7xxrllx.exe85⤵PID:864
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe86⤵PID:1400
-
\??\c:\vddvj.exec:\vddvj.exe87⤵PID:1648
-
\??\c:\jppdp.exec:\jppdp.exe88⤵PID:2876
-
\??\c:\fffrfrl.exec:\fffrfrl.exe89⤵PID:4164
-
\??\c:\xrffxxr.exec:\xrffxxr.exe90⤵PID:4064
-
\??\c:\lfxxlfx.exec:\lfxxlfx.exe91⤵PID:3600
-
\??\c:\bnnhtt.exec:\bnnhtt.exe92⤵PID:4360
-
\??\c:\7hnbnn.exec:\7hnbnn.exe93⤵PID:2728
-
\??\c:\vvvjv.exec:\vvvjv.exe94⤵PID:4576
-
\??\c:\5pddp.exec:\5pddp.exe95⤵PID:368
-
\??\c:\fxxrffx.exec:\fxxrffx.exe96⤵PID:932
-
\??\c:\fxxrxrr.exec:\fxxrxrr.exe97⤵PID:4876
-
\??\c:\rrrfxrl.exec:\rrrfxrl.exe98⤵PID:624
-
\??\c:\1bhhhh.exec:\1bhhhh.exe99⤵PID:8
-
\??\c:\nbbttn.exec:\nbbttn.exe100⤵PID:1744
-
\??\c:\pdvjj.exec:\pdvjj.exe101⤵PID:2028
-
\??\c:\jpjvj.exec:\jpjvj.exe102⤵PID:720
-
\??\c:\1frfrlx.exec:\1frfrlx.exe103⤵PID:4068
-
\??\c:\ffflrfl.exec:\ffflrfl.exe104⤵PID:4604
-
\??\c:\bhhntt.exec:\bhhntt.exe105⤵PID:884
-
\??\c:\htttbt.exec:\htttbt.exe106⤵PID:3644
-
\??\c:\7jdpd.exec:\7jdpd.exe107⤵PID:4544
-
\??\c:\frrlxrl.exec:\frrlxrl.exe108⤵PID:5040
-
\??\c:\xxfrfxr.exec:\xxfrfxr.exe109⤵PID:3112
-
\??\c:\nnnhhb.exec:\nnnhhb.exe110⤵PID:4056
-
\??\c:\9ddvj.exec:\9ddvj.exe111⤵PID:3960
-
\??\c:\dvpjv.exec:\dvpjv.exe112⤵PID:3048
-
\??\c:\3fxlxrl.exec:\3fxlxrl.exe113⤵PID:1812
-
\??\c:\ffffxrr.exec:\ffffxrr.exe114⤵PID:4816
-
\??\c:\3hnbtn.exec:\3hnbtn.exe115⤵PID:4868
-
\??\c:\nhttnn.exec:\nhttnn.exe116⤵PID:1188
-
\??\c:\jjjdp.exec:\jjjdp.exe117⤵PID:4152
-
\??\c:\jddpd.exec:\jddpd.exe118⤵PID:3732
-
\??\c:\dvvpv.exec:\dvvpv.exe119⤵PID:4280
-
\??\c:\xxfxrff.exec:\xxfxrff.exe120⤵PID:4248
-
\??\c:\nbnhtn.exec:\nbnhtn.exe121⤵PID:1840
-
\??\c:\nbthhb.exec:\nbthhb.exe122⤵PID:3552
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-