Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 00:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe
-
Size
78KB
-
MD5
63c5d387fa0518edd60f58ccebfa1e50
-
SHA1
7902a2b69154d84f923c7dade0e9a2d33aab8e0d
-
SHA256
bfc52a510582752e05ba47d7d85c7a4cd379131b1fb6f2c3f3285cf6ddb173a7
-
SHA512
8d55a258591680ff90a5a6aeb72fde994afa242086ad5b28f08cdd26e0cc00909e6ff10cc215ea6cfe62b8f00bd127de54eb0d10440565460d1770e7cc5ee315
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2wVEJjOBo99F:ymb3NkkiQ3mdBjF+3TU2KEJjE69F
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/2936-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2276-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2504-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2908-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2504-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2628-39-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2628-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2488-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2640-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2396-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2364-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1492-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2224-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2604-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1080-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2004-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2320-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1308-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2260-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2016-244-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/340-253-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2176-280-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2276 vtdtbpv.exe 2488 jdjrrf.exe 2628 xlbtlnx.exe 2504 dvhdt.exe 2908 dfvdn.exe 2640 vbfpbpj.exe 2396 jrdpxh.exe 2364 pdtpd.exe 1492 lpltnb.exe 2224 jtntp.exe 1712 hhpjpn.exe 2604 ndhfl.exe 1080 lrbxdjb.exe 2004 lhjpnr.exe 2700 lbxvrnr.exe 2320 vpnfjx.exe 1964 xtpvpp.exe 2212 lblfpxh.exe 1308 hprjd.exe 2728 ppnvhf.exe 2260 hpntdd.exe 1892 ndxlf.exe 2968 hbtdp.exe 3068 fdbjjhl.exe 2016 jprbxl.exe 340 nrvjnv.exe 2972 tbpfbr.exe 2952 bjjxp.exe 2176 xfvlvj.exe 2812 hxhtbb.exe 1212 fbxxj.exe 1952 blpbbnp.exe 2324 pjlxfh.exe 1720 bphfpp.exe 3004 rhfpfj.exe 2680 dhtfxbv.exe 2540 pnrbt.exe 2648 rrjdhf.exe 1716 xfbfx.exe 1584 vfhjh.exe 2484 tpxfhp.exe 2908 pvntj.exe 2500 vfjjdtt.exe 2412 vrtjjf.exe 2840 lplrpt.exe 2292 bbjnvb.exe 3032 djntdh.exe 1084 rnvbvd.exe 1588 vbtrp.exe 2456 jnxddp.exe 1184 vvfrp.exe 940 jpblbb.exe 1780 jjpdfr.exe 2004 pxrhvfh.exe 2236 nllptj.exe 1180 vjvbv.exe 1088 brbjn.exe 1748 nbxhbn.exe 1764 nbrxh.exe 2976 dlhvrv.exe 772 bdrrb.exe 2940 dbhtxd.exe 380 drtvb.exe 1056 jfhfb.exe -
resource yara_rule behavioral1/memory/2936-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2276-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2504-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2908-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2504-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2504-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2628-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2488-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2640-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2396-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2364-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1492-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2224-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2604-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1080-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2004-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2320-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1308-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2260-208-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2016-244-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/340-253-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2176-280-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2936 wrote to memory of 2276 2936 63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe 28 PID 2936 wrote to memory of 2276 2936 63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe 28 PID 2936 wrote to memory of 2276 2936 63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe 28 PID 2936 wrote to memory of 2276 2936 63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe 28 PID 2276 wrote to memory of 2488 2276 vtdtbpv.exe 29 PID 2276 wrote to memory of 2488 2276 vtdtbpv.exe 29 PID 2276 wrote to memory of 2488 2276 vtdtbpv.exe 29 PID 2276 wrote to memory of 2488 2276 vtdtbpv.exe 29 PID 2488 wrote to memory of 2628 2488 jdjrrf.exe 30 PID 2488 wrote to memory of 2628 2488 jdjrrf.exe 30 PID 2488 wrote to memory of 2628 2488 jdjrrf.exe 30 PID 2488 wrote to memory of 2628 2488 jdjrrf.exe 30 PID 2628 wrote to memory of 2504 2628 xlbtlnx.exe 31 PID 2628 wrote to memory of 2504 2628 xlbtlnx.exe 31 PID 2628 wrote to memory of 2504 2628 xlbtlnx.exe 31 PID 2628 wrote to memory of 2504 2628 xlbtlnx.exe 31 PID 2504 wrote to memory of 2908 2504 dvhdt.exe 32 PID 2504 wrote to memory of 2908 2504 dvhdt.exe 32 PID 2504 wrote to memory of 2908 2504 dvhdt.exe 32 PID 2504 wrote to memory of 2908 2504 dvhdt.exe 32 PID 2908 wrote to memory of 2640 2908 dfvdn.exe 33 PID 2908 wrote to memory of 2640 2908 dfvdn.exe 33 PID 2908 wrote to memory of 2640 2908 dfvdn.exe 33 PID 2908 wrote to memory of 2640 2908 dfvdn.exe 33 PID 2640 wrote to memory of 2396 2640 vbfpbpj.exe 34 PID 2640 wrote to memory of 2396 2640 vbfpbpj.exe 34 PID 2640 wrote to memory of 2396 2640 vbfpbpj.exe 34 PID 2640 wrote to memory of 2396 2640 vbfpbpj.exe 34 PID 2396 wrote to memory of 2364 2396 jrdpxh.exe 35 PID 2396 wrote to memory of 2364 2396 jrdpxh.exe 35 PID 2396 wrote to memory of 2364 2396 jrdpxh.exe 35 PID 2396 wrote to memory of 2364 2396 jrdpxh.exe 35 PID 2364 wrote to memory of 1492 2364 pdtpd.exe 36 PID 2364 wrote to memory of 1492 2364 pdtpd.exe 36 PID 2364 wrote to memory of 1492 2364 pdtpd.exe 36 PID 2364 wrote to memory of 1492 2364 pdtpd.exe 36 PID 1492 wrote to memory of 2224 1492 lpltnb.exe 37 PID 1492 wrote to memory of 2224 1492 lpltnb.exe 37 PID 1492 wrote to memory of 2224 1492 lpltnb.exe 37 PID 1492 wrote to memory of 2224 1492 lpltnb.exe 37 PID 2224 wrote to memory of 1712 2224 jtntp.exe 38 PID 2224 wrote to memory of 1712 2224 jtntp.exe 38 PID 2224 wrote to memory of 1712 2224 jtntp.exe 38 PID 2224 wrote to memory of 1712 2224 jtntp.exe 38 PID 1712 wrote to memory of 2604 1712 hhpjpn.exe 39 PID 1712 wrote to memory of 2604 1712 hhpjpn.exe 39 PID 1712 wrote to memory of 2604 1712 hhpjpn.exe 39 PID 1712 wrote to memory of 2604 1712 hhpjpn.exe 39 PID 2604 wrote to memory of 1080 2604 ndhfl.exe 40 PID 2604 wrote to memory of 1080 2604 ndhfl.exe 40 PID 2604 wrote to memory of 1080 2604 ndhfl.exe 40 PID 2604 wrote to memory of 1080 2604 ndhfl.exe 40 PID 1080 wrote to memory of 2004 1080 lrbxdjb.exe 41 PID 1080 wrote to memory of 2004 1080 lrbxdjb.exe 41 PID 1080 wrote to memory of 2004 1080 lrbxdjb.exe 41 PID 1080 wrote to memory of 2004 1080 lrbxdjb.exe 41 PID 2004 wrote to memory of 2700 2004 lhjpnr.exe 42 PID 2004 wrote to memory of 2700 2004 lhjpnr.exe 42 PID 2004 wrote to memory of 2700 2004 lhjpnr.exe 42 PID 2004 wrote to memory of 2700 2004 lhjpnr.exe 42 PID 2700 wrote to memory of 2320 2700 lbxvrnr.exe 43 PID 2700 wrote to memory of 2320 2700 lbxvrnr.exe 43 PID 2700 wrote to memory of 2320 2700 lbxvrnr.exe 43 PID 2700 wrote to memory of 2320 2700 lbxvrnr.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\63c5d387fa0518edd60f58ccebfa1e50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2936 -
\??\c:\vtdtbpv.exec:\vtdtbpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2276 -
\??\c:\jdjrrf.exec:\jdjrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2488 -
\??\c:\xlbtlnx.exec:\xlbtlnx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\dvhdt.exec:\dvhdt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2504 -
\??\c:\dfvdn.exec:\dfvdn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2908 -
\??\c:\vbfpbpj.exec:\vbfpbpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2640 -
\??\c:\jrdpxh.exec:\jrdpxh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2396 -
\??\c:\pdtpd.exec:\pdtpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2364 -
\??\c:\lpltnb.exec:\lpltnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1492 -
\??\c:\jtntp.exec:\jtntp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2224 -
\??\c:\hhpjpn.exec:\hhpjpn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1712 -
\??\c:\ndhfl.exec:\ndhfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2604 -
\??\c:\lrbxdjb.exec:\lrbxdjb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1080 -
\??\c:\lhjpnr.exec:\lhjpnr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004 -
\??\c:\lbxvrnr.exec:\lbxvrnr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\vpnfjx.exec:\vpnfjx.exe17⤵
- Executes dropped EXE
PID:2320 -
\??\c:\xtpvpp.exec:\xtpvpp.exe18⤵
- Executes dropped EXE
PID:1964 -
\??\c:\lblfpxh.exec:\lblfpxh.exe19⤵
- Executes dropped EXE
PID:2212 -
\??\c:\hprjd.exec:\hprjd.exe20⤵
- Executes dropped EXE
PID:1308 -
\??\c:\ppnvhf.exec:\ppnvhf.exe21⤵
- Executes dropped EXE
PID:2728 -
\??\c:\hpntdd.exec:\hpntdd.exe22⤵
- Executes dropped EXE
PID:2260 -
\??\c:\ndxlf.exec:\ndxlf.exe23⤵
- Executes dropped EXE
PID:1892 -
\??\c:\hbtdp.exec:\hbtdp.exe24⤵
- Executes dropped EXE
PID:2968 -
\??\c:\fdbjjhl.exec:\fdbjjhl.exe25⤵
- Executes dropped EXE
PID:3068 -
\??\c:\jprbxl.exec:\jprbxl.exe26⤵
- Executes dropped EXE
PID:2016 -
\??\c:\nrvjnv.exec:\nrvjnv.exe27⤵
- Executes dropped EXE
PID:340 -
\??\c:\tbpfbr.exec:\tbpfbr.exe28⤵
- Executes dropped EXE
PID:2972 -
\??\c:\bjjxp.exec:\bjjxp.exe29⤵
- Executes dropped EXE
PID:2952 -
\??\c:\xfvlvj.exec:\xfvlvj.exe30⤵
- Executes dropped EXE
PID:2176 -
\??\c:\hxhtbb.exec:\hxhtbb.exe31⤵
- Executes dropped EXE
PID:2812 -
\??\c:\fbxxj.exec:\fbxxj.exe32⤵
- Executes dropped EXE
PID:1212 -
\??\c:\blpbbnp.exec:\blpbbnp.exe33⤵
- Executes dropped EXE
PID:1952 -
\??\c:\pjlxfh.exec:\pjlxfh.exe34⤵
- Executes dropped EXE
PID:2324 -
\??\c:\bphfpp.exec:\bphfpp.exe35⤵
- Executes dropped EXE
PID:1720 -
\??\c:\rhfpfj.exec:\rhfpfj.exe36⤵
- Executes dropped EXE
PID:3004 -
\??\c:\dhtfxbv.exec:\dhtfxbv.exe37⤵
- Executes dropped EXE
PID:2680 -
\??\c:\pnrbt.exec:\pnrbt.exe38⤵
- Executes dropped EXE
PID:2540 -
\??\c:\rrjdhf.exec:\rrjdhf.exe39⤵
- Executes dropped EXE
PID:2648 -
\??\c:\xfbfx.exec:\xfbfx.exe40⤵
- Executes dropped EXE
PID:1716 -
\??\c:\vfhjh.exec:\vfhjh.exe41⤵
- Executes dropped EXE
PID:1584 -
\??\c:\tpxfhp.exec:\tpxfhp.exe42⤵
- Executes dropped EXE
PID:2484 -
\??\c:\pvntj.exec:\pvntj.exe43⤵
- Executes dropped EXE
PID:2908 -
\??\c:\vfjjdtt.exec:\vfjjdtt.exe44⤵
- Executes dropped EXE
PID:2500 -
\??\c:\vrtjjf.exec:\vrtjjf.exe45⤵
- Executes dropped EXE
PID:2412 -
\??\c:\lplrpt.exec:\lplrpt.exe46⤵
- Executes dropped EXE
PID:2840 -
\??\c:\bbjnvb.exec:\bbjnvb.exe47⤵
- Executes dropped EXE
PID:2292 -
\??\c:\djntdh.exec:\djntdh.exe48⤵
- Executes dropped EXE
PID:3032 -
\??\c:\rnvbvd.exec:\rnvbvd.exe49⤵
- Executes dropped EXE
PID:1084 -
\??\c:\vbtrp.exec:\vbtrp.exe50⤵
- Executes dropped EXE
PID:1588 -
\??\c:\jnxddp.exec:\jnxddp.exe51⤵
- Executes dropped EXE
PID:2456 -
\??\c:\vvfrp.exec:\vvfrp.exe52⤵
- Executes dropped EXE
PID:1184 -
\??\c:\jpblbb.exec:\jpblbb.exe53⤵
- Executes dropped EXE
PID:940 -
\??\c:\jjpdfr.exec:\jjpdfr.exe54⤵
- Executes dropped EXE
PID:1780 -
\??\c:\pxrhvfh.exec:\pxrhvfh.exe55⤵
- Executes dropped EXE
PID:2004 -
\??\c:\nllptj.exec:\nllptj.exe56⤵
- Executes dropped EXE
PID:2236 -
\??\c:\vjvbv.exec:\vjvbv.exe57⤵
- Executes dropped EXE
PID:1180 -
\??\c:\brbjn.exec:\brbjn.exe58⤵
- Executes dropped EXE
PID:1088 -
\??\c:\nbxhbn.exec:\nbxhbn.exe59⤵
- Executes dropped EXE
PID:1748 -
\??\c:\nbrxh.exec:\nbrxh.exe60⤵
- Executes dropped EXE
PID:1764 -
\??\c:\dlhvrv.exec:\dlhvrv.exe61⤵
- Executes dropped EXE
PID:2976 -
\??\c:\bdrrb.exec:\bdrrb.exe62⤵
- Executes dropped EXE
PID:772 -
\??\c:\dbhtxd.exec:\dbhtxd.exe63⤵
- Executes dropped EXE
PID:2940 -
\??\c:\drtvb.exec:\drtvb.exe64⤵
- Executes dropped EXE
PID:380 -
\??\c:\jfhfb.exec:\jfhfb.exe65⤵
- Executes dropped EXE
PID:1056 -
\??\c:\rfhnn.exec:\rfhnn.exe66⤵PID:1320
-
\??\c:\hrvtnb.exec:\hrvtnb.exe67⤵PID:1848
-
\??\c:\fxhjhv.exec:\fxhjhv.exe68⤵PID:1812
-
\??\c:\pllbd.exec:\pllbd.exe69⤵PID:808
-
\??\c:\rrptdtr.exec:\rrptdtr.exe70⤵PID:1828
-
\??\c:\jjprr.exec:\jjprr.exe71⤵PID:1968
-
\??\c:\rlpbf.exec:\rlpbf.exe72⤵PID:1516
-
\??\c:\hrjhll.exec:\hrjhll.exe73⤵PID:2176
-
\??\c:\rjpxtn.exec:\rjpxtn.exe74⤵PID:1760
-
\??\c:\xlpnfnh.exec:\xlpnfnh.exe75⤵PID:1000
-
\??\c:\bdlrt.exec:\bdlrt.exe76⤵PID:1148
-
\??\c:\prpbtd.exec:\prpbtd.exe77⤵PID:2296
-
\??\c:\bjrhxfj.exec:\bjrhxfj.exe78⤵PID:2160
-
\??\c:\vnjfdn.exec:\vnjfdn.exe79⤵PID:1720
-
\??\c:\pfflbf.exec:\pfflbf.exe80⤵PID:2248
-
\??\c:\hjrhb.exec:\hjrhb.exe81⤵PID:2772
-
\??\c:\tvtvj.exec:\tvtvj.exe82⤵PID:2524
-
\??\c:\rtvjtj.exec:\rtvjtj.exe83⤵PID:2596
-
\??\c:\vpnlbdp.exec:\vpnlbdp.exe84⤵PID:2512
-
\??\c:\bbvpp.exec:\bbvpp.exe85⤵PID:2724
-
\??\c:\vhjvfl.exec:\vhjvfl.exe86⤵PID:2872
-
\??\c:\hbdfpll.exec:\hbdfpll.exe87⤵PID:3040
-
\??\c:\pxbjrjn.exec:\pxbjrjn.exe88⤵PID:2424
-
\??\c:\htnln.exec:\htnln.exe89⤵PID:2460
-
\??\c:\vhvjj.exec:\vhvjj.exe90⤵PID:2840
-
\??\c:\jtpvjtb.exec:\jtpvjtb.exe91⤵PID:2292
-
\??\c:\pndjtbj.exec:\pndjtbj.exe92⤵PID:2380
-
\??\c:\flvftr.exec:\flvftr.exe93⤵PID:1084
-
\??\c:\bdjjbvt.exec:\bdjjbvt.exe94⤵PID:2632
-
\??\c:\hvjbf.exec:\hvjbf.exe95⤵PID:2456
-
\??\c:\pnbln.exec:\pnbln.exe96⤵PID:1184
-
\??\c:\prnvh.exec:\prnvh.exe97⤵PID:1896
-
\??\c:\fnnrt.exec:\fnnrt.exe98⤵PID:1780
-
\??\c:\vjhbfr.exec:\vjhbfr.exe99⤵PID:2004
-
\??\c:\ffbrndr.exec:\ffbrndr.exe100⤵PID:2236
-
\??\c:\nfxhj.exec:\nfxhj.exe101⤵PID:1548
-
\??\c:\bjvbxpp.exec:\bjvbxpp.exe102⤵PID:1572
-
\??\c:\ftdtxb.exec:\ftdtxb.exe103⤵PID:1636
-
\??\c:\jblddbt.exec:\jblddbt.exe104⤵PID:1640
-
\??\c:\xpxhv.exec:\xpxhv.exe105⤵PID:2816
-
\??\c:\lbhvv.exec:\lbhvv.exe106⤵PID:2280
-
\??\c:\llrbvd.exec:\llrbvd.exe107⤵PID:2780
-
\??\c:\hhrrhfv.exec:\hhrrhfv.exe108⤵PID:628
-
\??\c:\nvjht.exec:\nvjht.exe109⤵PID:2060
-
\??\c:\bbhrjr.exec:\bbhrjr.exe110⤵PID:2964
-
\??\c:\hxjhrff.exec:\hxjhrff.exe111⤵PID:2212
-
\??\c:\trjblv.exec:\trjblv.exe112⤵PID:1052
-
\??\c:\xbvxtv.exec:\xbvxtv.exe113⤵PID:1352
-
\??\c:\xjntlbn.exec:\xjntlbn.exe114⤵PID:2344
-
\??\c:\hjlldhh.exec:\hjlldhh.exe115⤵PID:1620
-
\??\c:\jnlfflv.exec:\jnlfflv.exe116⤵PID:1020
-
\??\c:\xhbbnb.exec:\xhbbnb.exe117⤵PID:2808
-
\??\c:\dtnjvhd.exec:\dtnjvhd.exe118⤵PID:2104
-
\??\c:\dbvfh.exec:\dbvfh.exe119⤵PID:2784
-
\??\c:\tvrxhhr.exec:\tvrxhhr.exe120⤵PID:880
-
\??\c:\dljxfd.exec:\dljxfd.exe121⤵PID:944
-
\??\c:\vltbhtf.exec:\vltbhtf.exe122⤵PID:2296
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-