Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2024 01:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b_NeikiAnalytics.exe
-
Size
84KB
-
MD5
11724532fd0d3c08467e9fc1bd551ab0
-
SHA1
1f3107b44a80fbd7081aed18cc675e2f6d58f4ce
-
SHA256
2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b
-
SHA512
71bc8e026d5fb20b52b7d4e209be65ad2345af585640bafc3141ebe066d60a857bc63e08479bfca4e6ae5c29d5a1861b208b0796778293e840b024c9188189d5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgC/KSLJMiY:ymb3NkkiQ3mdBjFI3eFZY
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
Processes:
resource yara_rule behavioral2/memory/3504-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4396-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1696-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1568-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1532-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2088-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1204-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4760-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4420-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/620-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2780-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1076-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2832-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2704-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4012-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4216-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2396-125-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/404-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2732-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1388-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3484-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3616-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5028-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5072-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2504-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
422048.exe0426460.exedvvpj.exe9bttnn.exebnttnn.exe46464.exe1ntnbh.exe404628.exe8400482.exe2682262.exeo804882.exepppvv.exetnhbnn.exenhnhbt.exe80880.exethnhbb.exe2240604.exe40886.exe280820.exe8282000.exerfxllfx.exerrlxxll.exe288402.exe8264820.exe3xllrxr.exe0628460.exerlxrrxf.exelxlfllr.exejvvvp.exenhnnht.exe000600.exe00604.exedvvvd.exerrxrllf.exe22026.exe04822.exe06840.exe00246.exe24600.exe9vjdj.exerlffxlf.exeq00000.exepvddv.exe466826.exec488280.exe4226004.exejddvp.exe26660.exe68482.exejjppp.exevjpdd.exei420448.exe4466000.exe4844844.exepddpp.exepvvvv.exe0400488.exe1dpjd.exe064062.exe26062.exe646648.exevpjdp.exe882222.exe0242226.exepid process 116 422048.exe 4396 0426460.exe 1696 dvvpj.exe 1568 9bttnn.exe 2088 bnttnn.exe 1532 46464.exe 816 1ntnbh.exe 1204 404628.exe 4760 8400482.exe 4420 2682262.exe 620 o804882.exe 2780 pppvv.exe 1076 tnhbnn.exe 2832 nhnhbt.exe 2704 80880.exe 4012 thnhbb.exe 4216 2240604.exe 2396 40886.exe 4868 280820.exe 404 8282000.exe 2732 rfxllfx.exe 1388 rrlxxll.exe 3484 288402.exe 1616 8264820.exe 3616 3xllrxr.exe 5028 0628460.exe 4568 rlxrrxf.exe 5072 lxlfllr.exe 2504 jvvvp.exe 2748 nhnnht.exe 648 000600.exe 4520 00604.exe 3644 dvvvd.exe 2352 rrxrllf.exe 4960 22026.exe 3040 04822.exe 440 06840.exe 4540 00246.exe 1692 24600.exe 2308 9vjdj.exe 4276 rlffxlf.exe 2480 q00000.exe 1688 pvddv.exe 456 466826.exe 1352 c488280.exe 3740 4226004.exe 4940 jddvp.exe 376 26660.exe 1788 68482.exe 1920 jjppp.exe 4036 vjpdd.exe 2188 i420448.exe 3024 4466000.exe 2744 4844844.exe 2416 pddpp.exe 4640 pvvvv.exe 2204 0400488.exe 4448 1dpjd.exe 4948 064062.exe 4064 26062.exe 624 646648.exe 2396 vpjdp.exe 676 882222.exe 228 0242226.exe -
Processes:
resource yara_rule behavioral2/memory/3504-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4396-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1696-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1568-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1532-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2088-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1204-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4760-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4420-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4420-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/620-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2780-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1076-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2832-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2704-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4012-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4216-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2396-125-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/404-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2732-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1388-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3484-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3616-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5028-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5072-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2504-194-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b_NeikiAnalytics.exe422048.exe0426460.exedvvpj.exe9bttnn.exebnttnn.exe46464.exe1ntnbh.exe404628.exe8400482.exe2682262.exeo804882.exepppvv.exetnhbnn.exenhnhbt.exe80880.exethnhbb.exe2240604.exe40886.exe280820.exe8282000.exerfxllfx.exedescription pid process target process PID 3504 wrote to memory of 116 3504 2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b_NeikiAnalytics.exe 422048.exe PID 3504 wrote to memory of 116 3504 2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b_NeikiAnalytics.exe 422048.exe PID 3504 wrote to memory of 116 3504 2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b_NeikiAnalytics.exe 422048.exe PID 116 wrote to memory of 4396 116 422048.exe 0426460.exe PID 116 wrote to memory of 4396 116 422048.exe 0426460.exe PID 116 wrote to memory of 4396 116 422048.exe 0426460.exe PID 4396 wrote to memory of 1696 4396 0426460.exe dvvpj.exe PID 4396 wrote to memory of 1696 4396 0426460.exe dvvpj.exe PID 4396 wrote to memory of 1696 4396 0426460.exe dvvpj.exe PID 1696 wrote to memory of 1568 1696 dvvpj.exe 9bttnn.exe PID 1696 wrote to memory of 1568 1696 dvvpj.exe 9bttnn.exe PID 1696 wrote to memory of 1568 1696 dvvpj.exe 9bttnn.exe PID 1568 wrote to memory of 2088 1568 9bttnn.exe bnttnn.exe PID 1568 wrote to memory of 2088 1568 9bttnn.exe bnttnn.exe PID 1568 wrote to memory of 2088 1568 9bttnn.exe bnttnn.exe PID 2088 wrote to memory of 1532 2088 bnttnn.exe 46464.exe PID 2088 wrote to memory of 1532 2088 bnttnn.exe 46464.exe PID 2088 wrote to memory of 1532 2088 bnttnn.exe 46464.exe PID 1532 wrote to memory of 816 1532 46464.exe 1ntnbh.exe PID 1532 wrote to memory of 816 1532 46464.exe 1ntnbh.exe PID 1532 wrote to memory of 816 1532 46464.exe 1ntnbh.exe PID 816 wrote to memory of 1204 816 1ntnbh.exe 404628.exe PID 816 wrote to memory of 1204 816 1ntnbh.exe 404628.exe PID 816 wrote to memory of 1204 816 1ntnbh.exe 404628.exe PID 1204 wrote to memory of 4760 1204 404628.exe 8400482.exe PID 1204 wrote to memory of 4760 1204 404628.exe 8400482.exe PID 1204 wrote to memory of 4760 1204 404628.exe 8400482.exe PID 4760 wrote to memory of 4420 4760 8400482.exe 2682262.exe PID 4760 wrote to memory of 4420 4760 8400482.exe 2682262.exe PID 4760 wrote to memory of 4420 4760 8400482.exe 2682262.exe PID 4420 wrote to memory of 620 4420 2682262.exe o804882.exe PID 4420 wrote to memory of 620 4420 2682262.exe o804882.exe PID 4420 wrote to memory of 620 4420 2682262.exe o804882.exe PID 620 wrote to memory of 2780 620 o804882.exe pppvv.exe PID 620 wrote to memory of 2780 620 o804882.exe pppvv.exe PID 620 wrote to memory of 2780 620 o804882.exe pppvv.exe PID 2780 wrote to memory of 1076 2780 pppvv.exe tnhbnn.exe PID 2780 wrote to memory of 1076 2780 pppvv.exe tnhbnn.exe PID 2780 wrote to memory of 1076 2780 pppvv.exe tnhbnn.exe PID 1076 wrote to memory of 2832 1076 tnhbnn.exe nhnhbt.exe PID 1076 wrote to memory of 2832 1076 tnhbnn.exe nhnhbt.exe PID 1076 wrote to memory of 2832 1076 tnhbnn.exe nhnhbt.exe PID 2832 wrote to memory of 2704 2832 nhnhbt.exe 80880.exe PID 2832 wrote to memory of 2704 2832 nhnhbt.exe 80880.exe PID 2832 wrote to memory of 2704 2832 nhnhbt.exe 80880.exe PID 2704 wrote to memory of 4012 2704 80880.exe thnhbb.exe PID 2704 wrote to memory of 4012 2704 80880.exe thnhbb.exe PID 2704 wrote to memory of 4012 2704 80880.exe thnhbb.exe PID 4012 wrote to memory of 4216 4012 thnhbb.exe 2240604.exe PID 4012 wrote to memory of 4216 4012 thnhbb.exe 2240604.exe PID 4012 wrote to memory of 4216 4012 thnhbb.exe 2240604.exe PID 4216 wrote to memory of 2396 4216 2240604.exe vpjdp.exe PID 4216 wrote to memory of 2396 4216 2240604.exe vpjdp.exe PID 4216 wrote to memory of 2396 4216 2240604.exe vpjdp.exe PID 2396 wrote to memory of 4868 2396 40886.exe 280820.exe PID 2396 wrote to memory of 4868 2396 40886.exe 280820.exe PID 2396 wrote to memory of 4868 2396 40886.exe 280820.exe PID 4868 wrote to memory of 404 4868 280820.exe 8282000.exe PID 4868 wrote to memory of 404 4868 280820.exe 8282000.exe PID 4868 wrote to memory of 404 4868 280820.exe 8282000.exe PID 404 wrote to memory of 2732 404 8282000.exe rfxllfx.exe PID 404 wrote to memory of 2732 404 8282000.exe rfxllfx.exe PID 404 wrote to memory of 2732 404 8282000.exe rfxllfx.exe PID 2732 wrote to memory of 1388 2732 rfxllfx.exe rrlxxll.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2afe639f268f7a1dd8d1dffcfd1f17e1331f2b8b489031bd6e753cf52404e27b_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3504 -
\??\c:\422048.exec:\422048.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:116 -
\??\c:\0426460.exec:\0426460.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4396 -
\??\c:\dvvpj.exec:\dvvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1696 -
\??\c:\9bttnn.exec:\9bttnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1568 -
\??\c:\bnttnn.exec:\bnttnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2088 -
\??\c:\46464.exec:\46464.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1532 -
\??\c:\1ntnbh.exec:\1ntnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:816 -
\??\c:\404628.exec:\404628.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1204 -
\??\c:\8400482.exec:\8400482.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4760 -
\??\c:\2682262.exec:\2682262.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4420 -
\??\c:\o804882.exec:\o804882.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:620 -
\??\c:\pppvv.exec:\pppvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\tnhbnn.exec:\tnhbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1076 -
\??\c:\nhnhbt.exec:\nhnhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2832 -
\??\c:\80880.exec:\80880.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\thnhbb.exec:\thnhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4012 -
\??\c:\2240604.exec:\2240604.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4216 -
\??\c:\40886.exec:\40886.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2396 -
\??\c:\280820.exec:\280820.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4868 -
\??\c:\8282000.exec:\8282000.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:404 -
\??\c:\rfxllfx.exec:\rfxllfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\rrlxxll.exec:\rrlxxll.exe23⤵
- Executes dropped EXE
PID:1388 -
\??\c:\288402.exec:\288402.exe24⤵
- Executes dropped EXE
PID:3484 -
\??\c:\8264820.exec:\8264820.exe25⤵
- Executes dropped EXE
PID:1616 -
\??\c:\3xllrxr.exec:\3xllrxr.exe26⤵
- Executes dropped EXE
PID:3616 -
\??\c:\0628460.exec:\0628460.exe27⤵
- Executes dropped EXE
PID:5028 -
\??\c:\rlxrrxf.exec:\rlxrrxf.exe28⤵
- Executes dropped EXE
PID:4568 -
\??\c:\lxlfllr.exec:\lxlfllr.exe29⤵
- Executes dropped EXE
PID:5072 -
\??\c:\jvvvp.exec:\jvvvp.exe30⤵
- Executes dropped EXE
PID:2504 -
\??\c:\nhnnht.exec:\nhnnht.exe31⤵
- Executes dropped EXE
PID:2748 -
\??\c:\000600.exec:\000600.exe32⤵
- Executes dropped EXE
PID:648 -
\??\c:\00604.exec:\00604.exe33⤵
- Executes dropped EXE
PID:4520 -
\??\c:\dvvvd.exec:\dvvvd.exe34⤵
- Executes dropped EXE
PID:3644 -
\??\c:\rrxrllf.exec:\rrxrllf.exe35⤵
- Executes dropped EXE
PID:2352 -
\??\c:\22026.exec:\22026.exe36⤵
- Executes dropped EXE
PID:4960 -
\??\c:\04822.exec:\04822.exe37⤵
- Executes dropped EXE
PID:3040 -
\??\c:\06840.exec:\06840.exe38⤵
- Executes dropped EXE
PID:440 -
\??\c:\00246.exec:\00246.exe39⤵
- Executes dropped EXE
PID:4540 -
\??\c:\24600.exec:\24600.exe40⤵
- Executes dropped EXE
PID:1692 -
\??\c:\9vjdj.exec:\9vjdj.exe41⤵
- Executes dropped EXE
PID:2308 -
\??\c:\rlffxlf.exec:\rlffxlf.exe42⤵
- Executes dropped EXE
PID:4276 -
\??\c:\q00000.exec:\q00000.exe43⤵
- Executes dropped EXE
PID:2480 -
\??\c:\pvddv.exec:\pvddv.exe44⤵
- Executes dropped EXE
PID:1688 -
\??\c:\466826.exec:\466826.exe45⤵
- Executes dropped EXE
PID:456 -
\??\c:\c488280.exec:\c488280.exe46⤵
- Executes dropped EXE
PID:1352 -
\??\c:\4226004.exec:\4226004.exe47⤵
- Executes dropped EXE
PID:3740 -
\??\c:\jddvp.exec:\jddvp.exe48⤵
- Executes dropped EXE
PID:4940 -
\??\c:\26660.exec:\26660.exe49⤵
- Executes dropped EXE
PID:376 -
\??\c:\68482.exec:\68482.exe50⤵
- Executes dropped EXE
PID:1788 -
\??\c:\jjppp.exec:\jjppp.exe51⤵
- Executes dropped EXE
PID:1920 -
\??\c:\vjpdd.exec:\vjpdd.exe52⤵
- Executes dropped EXE
PID:4036 -
\??\c:\i420448.exec:\i420448.exe53⤵
- Executes dropped EXE
PID:2188 -
\??\c:\4466000.exec:\4466000.exe54⤵
- Executes dropped EXE
PID:3024 -
\??\c:\4844844.exec:\4844844.exe55⤵
- Executes dropped EXE
PID:2744 -
\??\c:\pddpp.exec:\pddpp.exe56⤵
- Executes dropped EXE
PID:2416 -
\??\c:\pvvvv.exec:\pvvvv.exe57⤵
- Executes dropped EXE
PID:4640 -
\??\c:\0400488.exec:\0400488.exe58⤵
- Executes dropped EXE
PID:2204 -
\??\c:\1dpjd.exec:\1dpjd.exe59⤵
- Executes dropped EXE
PID:4448 -
\??\c:\064062.exec:\064062.exe60⤵
- Executes dropped EXE
PID:4948 -
\??\c:\26062.exec:\26062.exe61⤵
- Executes dropped EXE
PID:4064 -
\??\c:\646648.exec:\646648.exe62⤵
- Executes dropped EXE
PID:624 -
\??\c:\vpjdp.exec:\vpjdp.exe63⤵
- Executes dropped EXE
PID:2396 -
\??\c:\882222.exec:\882222.exe64⤵
- Executes dropped EXE
PID:676 -
\??\c:\0242226.exec:\0242226.exe65⤵
- Executes dropped EXE
PID:228 -
\??\c:\q42848.exec:\q42848.exe66⤵PID:3452
-
\??\c:\nnbbbb.exec:\nnbbbb.exe67⤵PID:2388
-
\??\c:\8262666.exec:\8262666.exe68⤵PID:1252
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe69⤵PID:3484
-
\??\c:\rxxxrlf.exec:\rxxxrlf.exe70⤵PID:2976
-
\??\c:\jjjjp.exec:\jjjjp.exe71⤵PID:528
-
\??\c:\e26666.exec:\e26666.exe72⤵PID:3624
-
\??\c:\htnnnt.exec:\htnnnt.exe73⤵PID:2724
-
\??\c:\424246.exec:\424246.exe74⤵PID:2244
-
\??\c:\lxxrllf.exec:\lxxrllf.exe75⤵PID:2080
-
\??\c:\btbbtb.exec:\btbbtb.exe76⤵PID:3996
-
\??\c:\424000.exec:\424000.exe77⤵PID:2748
-
\??\c:\42260.exec:\42260.exe78⤵PID:648
-
\??\c:\htbtnn.exec:\htbtnn.exe79⤵PID:2184
-
\??\c:\jdpjv.exec:\jdpjv.exe80⤵PID:4664
-
\??\c:\0448648.exec:\0448648.exe81⤵PID:716
-
\??\c:\fxxrfff.exec:\fxxrfff.exe82⤵PID:2128
-
\??\c:\84642.exec:\84642.exe83⤵PID:2924
-
\??\c:\w26262.exec:\w26262.exe84⤵PID:3040
-
\??\c:\jppvv.exec:\jppvv.exe85⤵PID:4904
-
\??\c:\rxxxrlf.exec:\rxxxrlf.exe86⤵PID:1232
-
\??\c:\8244484.exec:\8244484.exe87⤵PID:3988
-
\??\c:\hhtntt.exec:\hhtntt.exe88⤵PID:220
-
\??\c:\5rrxxrr.exec:\5rrxxrr.exe89⤵PID:5092
-
\??\c:\vvppp.exec:\vvppp.exe90⤵PID:4276
-
\??\c:\9bbntn.exec:\9bbntn.exe91⤵PID:2480
-
\??\c:\66266.exec:\66266.exe92⤵PID:4364
-
\??\c:\nththb.exec:\nththb.exe93⤵PID:456
-
\??\c:\02808.exec:\02808.exe94⤵PID:1352
-
\??\c:\bnbtnn.exec:\bnbtnn.exe95⤵PID:3740
-
\??\c:\404486.exec:\404486.exe96⤵PID:816
-
\??\c:\8268404.exec:\8268404.exe97⤵PID:376
-
\??\c:\5frllfl.exec:\5frllfl.exe98⤵PID:3652
-
\??\c:\tbbhht.exec:\tbbhht.exe99⤵PID:2292
-
\??\c:\hbbnnt.exec:\hbbnnt.exe100⤵PID:1308
-
\??\c:\rfxxrlx.exec:\rfxxrlx.exe101⤵PID:2680
-
\??\c:\6242266.exec:\6242266.exe102⤵PID:1900
-
\??\c:\484822.exec:\484822.exe103⤵PID:2268
-
\??\c:\jdppv.exec:\jdppv.exe104⤵PID:4656
-
\??\c:\hnhhbh.exec:\hnhhbh.exe105⤵PID:1960
-
\??\c:\2460000.exec:\2460000.exe106⤵PID:1620
-
\??\c:\620206.exec:\620206.exe107⤵PID:1152
-
\??\c:\8404004.exec:\8404004.exe108⤵PID:3936
-
\??\c:\026482.exec:\026482.exe109⤵PID:536
-
\??\c:\06446.exec:\06446.exe110⤵PID:4868
-
\??\c:\hntbbn.exec:\hntbbn.exe111⤵PID:2464
-
\??\c:\668000.exec:\668000.exe112⤵PID:1388
-
\??\c:\s8048.exec:\s8048.exe113⤵PID:4184
-
\??\c:\6402666.exec:\6402666.exe114⤵PID:3180
-
\??\c:\k20066.exec:\k20066.exe115⤵PID:2320
-
\??\c:\c604826.exec:\c604826.exe116⤵PID:3616
-
\??\c:\frlfxxx.exec:\frlfxxx.exe117⤵PID:1188
-
\??\c:\s2666.exec:\s2666.exe118⤵PID:5028
-
\??\c:\fxxxlff.exec:\fxxxlff.exe119⤵PID:4568
-
\??\c:\8260266.exec:\8260266.exe120⤵PID:4736
-
\??\c:\0048046.exec:\0048046.exe121⤵PID:1536
-
\??\c:\200444.exec:\200444.exe122⤵PID:4888
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-