Analysis
-
max time kernel
136s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6d4d504eea574a786cfa35fcc8450c20_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
6d4d504eea574a786cfa35fcc8450c20_NeikiAnalytics.exe
-
Size
70KB
-
MD5
6d4d504eea574a786cfa35fcc8450c20
-
SHA1
f0c2b390e6930c4c5e3d7b810d63a4afeba1e9f7
-
SHA256
a33f0ff1934b5e572a682e79b87942921e8738c8ab32bd6ff298a96e525bead6
-
SHA512
308986469d65f4eb4e688def17047897466323748664339c4c53c31693128daad4ad2e70ec09868ec05b629f1b134c41fcfdbb0379265a5db2bf882eba272e34
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnO:ymb3NkkiQ3mdBjFIgUEY
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/2196-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2420-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2756-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1232-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1924-299-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1716-290-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/696-272-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2208-209-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1884-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2796-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1544-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1660-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2296-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1816-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2924-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2572-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2612-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2656-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2092-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2152-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2152 1nnnbn.exe 2092 bntbtt.exe 2656 pjjpv.exe 2612 rrfxrxl.exe 2572 llfrfrf.exe 2576 llxlrlr.exe 2420 hhhthb.exe 2924 ppdjp.exe 1816 pjpdp.exe 2500 rlffllf.exe 2756 xxrlrxx.exe 2296 tnhnbh.exe 1232 tbhnhb.exe 2300 jjvjv.exe 1660 vdjjj.exe 1544 rlflxxf.exe 2780 lfrxflr.exe 2928 nbtbhn.exe 2796 pvpdp.exe 1884 jjdjj.exe 2208 vpjpv.exe 872 xlfllrr.exe 1508 9lrrrll.exe 1724 tbhnhn.exe 692 bhhnhh.exe 1016 ppjjp.exe 896 7vdpj.exe 696 rxrxfxr.exe 1536 xrrfflx.exe 1716 3lffrxf.exe 1924 bbbnbn.exe 2340 nntbnb.exe 3000 5vpjv.exe 1528 vvjjp.exe 2636 3dpvd.exe 2092 lxxrxrx.exe 2992 xxrrffl.exe 2432 ffllrrf.exe 2572 nhntnn.exe 2628 bntbtb.exe 2424 jdpjj.exe 2916 jdddp.exe 2536 vpjpv.exe 2724 5rlxllr.exe 2784 fxrxlrf.exe 2156 tnnthn.exe 1792 hthbhb.exe 2124 jdppv.exe 2952 dpdjd.exe 2460 lxllfrl.exe 1464 xlxxxxl.exe 1412 btbbnh.exe 2936 5btbtb.exe 2880 hbnhnt.exe 2928 dpdvv.exe 1896 5jvdp.exe 664 llrlrxr.exe 2944 lxflrxr.exe 1052 bttbnb.exe 556 bhnhtn.exe 780 ttnntt.exe 2060 1jdjj.exe 692 jjjjv.exe 1644 xrlxllx.exe -
resource yara_rule behavioral1/memory/2196-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2420-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2756-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1232-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1924-299-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1716-290-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/696-272-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2208-209-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1884-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2796-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1544-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1660-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2296-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1816-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2924-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2420-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2572-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2612-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2656-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2656-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2656-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2092-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2152-14-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2152 2196 6d4d504eea574a786cfa35fcc8450c20_NeikiAnalytics.exe 28 PID 2196 wrote to memory of 2152 2196 6d4d504eea574a786cfa35fcc8450c20_NeikiAnalytics.exe 28 PID 2196 wrote to memory of 2152 2196 6d4d504eea574a786cfa35fcc8450c20_NeikiAnalytics.exe 28 PID 2196 wrote to memory of 2152 2196 6d4d504eea574a786cfa35fcc8450c20_NeikiAnalytics.exe 28 PID 2152 wrote to memory of 2092 2152 1nnnbn.exe 29 PID 2152 wrote to memory of 2092 2152 1nnnbn.exe 29 PID 2152 wrote to memory of 2092 2152 1nnnbn.exe 29 PID 2152 wrote to memory of 2092 2152 1nnnbn.exe 29 PID 2092 wrote to memory of 2656 2092 bntbtt.exe 30 PID 2092 wrote to memory of 2656 2092 bntbtt.exe 30 PID 2092 wrote to memory of 2656 2092 bntbtt.exe 30 PID 2092 wrote to memory of 2656 2092 bntbtt.exe 30 PID 2656 wrote to memory of 2612 2656 pjjpv.exe 31 PID 2656 wrote to memory of 2612 2656 pjjpv.exe 31 PID 2656 wrote to memory of 2612 2656 pjjpv.exe 31 PID 2656 wrote to memory of 2612 2656 pjjpv.exe 31 PID 2612 wrote to memory of 2572 2612 rrfxrxl.exe 32 PID 2612 wrote to memory of 2572 2612 rrfxrxl.exe 32 PID 2612 wrote to memory of 2572 2612 rrfxrxl.exe 32 PID 2612 wrote to memory of 2572 2612 rrfxrxl.exe 32 PID 2572 wrote to memory of 2576 2572 llfrfrf.exe 33 PID 2572 wrote to memory of 2576 2572 llfrfrf.exe 33 PID 2572 wrote to memory of 2576 2572 llfrfrf.exe 33 PID 2572 wrote to memory of 2576 2572 llfrfrf.exe 33 PID 2576 wrote to memory of 2420 2576 llxlrlr.exe 34 PID 2576 wrote to memory of 2420 2576 llxlrlr.exe 34 PID 2576 wrote to memory of 2420 2576 llxlrlr.exe 34 PID 2576 wrote to memory of 2420 2576 llxlrlr.exe 34 PID 2420 wrote to memory of 2924 2420 hhhthb.exe 35 PID 2420 wrote to memory of 2924 2420 hhhthb.exe 35 PID 2420 wrote to memory of 2924 2420 hhhthb.exe 35 PID 2420 wrote to memory of 2924 2420 hhhthb.exe 35 PID 2924 wrote to memory of 1816 2924 ppdjp.exe 36 PID 2924 wrote to memory of 1816 2924 ppdjp.exe 36 PID 2924 wrote to memory of 1816 2924 ppdjp.exe 36 PID 2924 wrote to memory of 1816 2924 ppdjp.exe 36 PID 1816 wrote to memory of 2500 1816 pjpdp.exe 37 PID 1816 wrote to memory of 2500 1816 pjpdp.exe 37 PID 1816 wrote to memory of 2500 1816 pjpdp.exe 37 PID 1816 wrote to memory of 2500 1816 pjpdp.exe 37 PID 2500 wrote to memory of 2756 2500 rlffllf.exe 38 PID 2500 wrote to memory of 2756 2500 rlffllf.exe 38 PID 2500 wrote to memory of 2756 2500 rlffllf.exe 38 PID 2500 wrote to memory of 2756 2500 rlffllf.exe 38 PID 2756 wrote to memory of 2296 2756 xxrlrxx.exe 39 PID 2756 wrote to memory of 2296 2756 xxrlrxx.exe 39 PID 2756 wrote to memory of 2296 2756 xxrlrxx.exe 39 PID 2756 wrote to memory of 2296 2756 xxrlrxx.exe 39 PID 2296 wrote to memory of 1232 2296 tnhnbh.exe 40 PID 2296 wrote to memory of 1232 2296 tnhnbh.exe 40 PID 2296 wrote to memory of 1232 2296 tnhnbh.exe 40 PID 2296 wrote to memory of 1232 2296 tnhnbh.exe 40 PID 1232 wrote to memory of 2300 1232 tbhnhb.exe 41 PID 1232 wrote to memory of 2300 1232 tbhnhb.exe 41 PID 1232 wrote to memory of 2300 1232 tbhnhb.exe 41 PID 1232 wrote to memory of 2300 1232 tbhnhb.exe 41 PID 2300 wrote to memory of 1660 2300 jjvjv.exe 42 PID 2300 wrote to memory of 1660 2300 jjvjv.exe 42 PID 2300 wrote to memory of 1660 2300 jjvjv.exe 42 PID 2300 wrote to memory of 1660 2300 jjvjv.exe 42 PID 1660 wrote to memory of 1544 1660 vdjjj.exe 43 PID 1660 wrote to memory of 1544 1660 vdjjj.exe 43 PID 1660 wrote to memory of 1544 1660 vdjjj.exe 43 PID 1660 wrote to memory of 1544 1660 vdjjj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6d4d504eea574a786cfa35fcc8450c20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6d4d504eea574a786cfa35fcc8450c20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2196 -
\??\c:\1nnnbn.exec:\1nnnbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2152 -
\??\c:\bntbtt.exec:\bntbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2092 -
\??\c:\pjjpv.exec:\pjjpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2656 -
\??\c:\rrfxrxl.exec:\rrfxrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2612 -
\??\c:\llfrfrf.exec:\llfrfrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2572 -
\??\c:\llxlrlr.exec:\llxlrlr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\hhhthb.exec:\hhhthb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\ppdjp.exec:\ppdjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2924 -
\??\c:\pjpdp.exec:\pjpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1816 -
\??\c:\rlffllf.exec:\rlffllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\xxrlrxx.exec:\xxrlrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2756 -
\??\c:\tnhnbh.exec:\tnhnbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2296 -
\??\c:\tbhnhb.exec:\tbhnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1232 -
\??\c:\jjvjv.exec:\jjvjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2300 -
\??\c:\vdjjj.exec:\vdjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1660 -
\??\c:\rlflxxf.exec:\rlflxxf.exe17⤵
- Executes dropped EXE
PID:1544 -
\??\c:\lfrxflr.exec:\lfrxflr.exe18⤵
- Executes dropped EXE
PID:2780 -
\??\c:\nbtbhn.exec:\nbtbhn.exe19⤵
- Executes dropped EXE
PID:2928 -
\??\c:\pvpdp.exec:\pvpdp.exe20⤵
- Executes dropped EXE
PID:2796 -
\??\c:\jjdjj.exec:\jjdjj.exe21⤵
- Executes dropped EXE
PID:1884 -
\??\c:\vpjpv.exec:\vpjpv.exe22⤵
- Executes dropped EXE
PID:2208 -
\??\c:\xlfllrr.exec:\xlfllrr.exe23⤵
- Executes dropped EXE
PID:872 -
\??\c:\9lrrrll.exec:\9lrrrll.exe24⤵
- Executes dropped EXE
PID:1508 -
\??\c:\tbhnhn.exec:\tbhnhn.exe25⤵
- Executes dropped EXE
PID:1724 -
\??\c:\bhhnhh.exec:\bhhnhh.exe26⤵
- Executes dropped EXE
PID:692 -
\??\c:\ppjjp.exec:\ppjjp.exe27⤵
- Executes dropped EXE
PID:1016 -
\??\c:\7vdpj.exec:\7vdpj.exe28⤵
- Executes dropped EXE
PID:896 -
\??\c:\rxrxfxr.exec:\rxrxfxr.exe29⤵
- Executes dropped EXE
PID:696 -
\??\c:\xrrfflx.exec:\xrrfflx.exe30⤵
- Executes dropped EXE
PID:1536 -
\??\c:\3lffrxf.exec:\3lffrxf.exe31⤵
- Executes dropped EXE
PID:1716 -
\??\c:\bbbnbn.exec:\bbbnbn.exe32⤵
- Executes dropped EXE
PID:1924 -
\??\c:\nntbnb.exec:\nntbnb.exe33⤵
- Executes dropped EXE
PID:2340 -
\??\c:\5vpjv.exec:\5vpjv.exe34⤵
- Executes dropped EXE
PID:3000 -
\??\c:\vvjjp.exec:\vvjjp.exe35⤵
- Executes dropped EXE
PID:1528 -
\??\c:\3dpvd.exec:\3dpvd.exe36⤵
- Executes dropped EXE
PID:2636 -
\??\c:\lxxrxrx.exec:\lxxrxrx.exe37⤵
- Executes dropped EXE
PID:2092 -
\??\c:\xxrrffl.exec:\xxrrffl.exe38⤵
- Executes dropped EXE
PID:2992 -
\??\c:\ffllrrf.exec:\ffllrrf.exe39⤵
- Executes dropped EXE
PID:2432 -
\??\c:\nhntnn.exec:\nhntnn.exe40⤵
- Executes dropped EXE
PID:2572 -
\??\c:\bntbtb.exec:\bntbtb.exe41⤵
- Executes dropped EXE
PID:2628 -
\??\c:\jdpjj.exec:\jdpjj.exe42⤵
- Executes dropped EXE
PID:2424 -
\??\c:\jdddp.exec:\jdddp.exe43⤵
- Executes dropped EXE
PID:2916 -
\??\c:\vpjpv.exec:\vpjpv.exe44⤵
- Executes dropped EXE
PID:2536 -
\??\c:\5rlxllr.exec:\5rlxllr.exe45⤵
- Executes dropped EXE
PID:2724 -
\??\c:\fxrxlrf.exec:\fxrxlrf.exe46⤵
- Executes dropped EXE
PID:2784 -
\??\c:\tnnthn.exec:\tnnthn.exe47⤵
- Executes dropped EXE
PID:2156 -
\??\c:\hthbhb.exec:\hthbhb.exe48⤵
- Executes dropped EXE
PID:1792 -
\??\c:\jdppv.exec:\jdppv.exe49⤵
- Executes dropped EXE
PID:2124 -
\??\c:\dpdjd.exec:\dpdjd.exe50⤵
- Executes dropped EXE
PID:2952 -
\??\c:\lxllfrl.exec:\lxllfrl.exe51⤵
- Executes dropped EXE
PID:2460 -
\??\c:\xlxxxxl.exec:\xlxxxxl.exe52⤵
- Executes dropped EXE
PID:1464 -
\??\c:\btbbnh.exec:\btbbnh.exe53⤵
- Executes dropped EXE
PID:1412 -
\??\c:\5btbtb.exec:\5btbtb.exe54⤵
- Executes dropped EXE
PID:2936 -
\??\c:\hbnhnt.exec:\hbnhnt.exe55⤵
- Executes dropped EXE
PID:2880 -
\??\c:\dpdvv.exec:\dpdvv.exe56⤵
- Executes dropped EXE
PID:2928 -
\??\c:\5jvdp.exec:\5jvdp.exe57⤵
- Executes dropped EXE
PID:1896 -
\??\c:\llrlrxr.exec:\llrlrxr.exe58⤵
- Executes dropped EXE
PID:664 -
\??\c:\lxflrxr.exec:\lxflrxr.exe59⤵
- Executes dropped EXE
PID:2944 -
\??\c:\bttbnb.exec:\bttbnb.exe60⤵
- Executes dropped EXE
PID:1052 -
\??\c:\bhnhtn.exec:\bhnhtn.exe61⤵
- Executes dropped EXE
PID:556 -
\??\c:\ttnntt.exec:\ttnntt.exe62⤵
- Executes dropped EXE
PID:780 -
\??\c:\1jdjj.exec:\1jdjj.exe63⤵
- Executes dropped EXE
PID:2060 -
\??\c:\jjjjv.exec:\jjjjv.exe64⤵
- Executes dropped EXE
PID:692 -
\??\c:\xrlxllx.exec:\xrlxllx.exe65⤵
- Executes dropped EXE
PID:1644 -
\??\c:\llffllx.exec:\llffllx.exe66⤵PID:1568
-
\??\c:\5fflrrr.exec:\5fflrrr.exe67⤵PID:884
-
\??\c:\bnbhhn.exec:\bnbhhn.exe68⤵PID:344
-
\??\c:\fxrxlxl.exec:\fxrxlxl.exe69⤵PID:648
-
\??\c:\lfxffff.exec:\lfxffff.exe70⤵PID:476
-
\??\c:\thnnnt.exec:\thnnnt.exe71⤵PID:880
-
\??\c:\thnnbt.exec:\thnnbt.exe72⤵PID:2496
-
\??\c:\5vjvj.exec:\5vjvj.exe73⤵PID:2040
-
\??\c:\vjdjp.exec:\vjdjp.exe74⤵PID:756
-
\??\c:\vjdjv.exec:\vjdjv.exe75⤵PID:1528
-
\??\c:\lxlfffl.exec:\lxlfffl.exe76⤵PID:1780
-
\??\c:\fxffllr.exec:\fxffllr.exe77⤵PID:2264
-
\??\c:\xrllxxl.exec:\xrllxxl.exe78⤵PID:2624
-
\??\c:\thntnh.exec:\thntnh.exe79⤵PID:2992
-
\??\c:\pjvvj.exec:\pjvvj.exe80⤵PID:2720
-
\??\c:\ddpvd.exec:\ddpvd.exe81⤵PID:2468
-
\??\c:\frrrfrl.exec:\frrrfrl.exe82⤵PID:2920
-
\??\c:\lxrxlfr.exec:\lxrxlfr.exe83⤵PID:108
-
\??\c:\xxrrfrx.exec:\xxrrfrx.exe84⤵PID:1444
-
\??\c:\5bhbhh.exec:\5bhbhh.exe85⤵PID:2588
-
\??\c:\jddpv.exec:\jddpv.exe86⤵PID:2560
-
\??\c:\vjjdd.exec:\vjjdd.exe87⤵PID:2724
-
\??\c:\rxxflrl.exec:\rxxflrl.exe88⤵PID:2120
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe89⤵PID:2156
-
\??\c:\bhthbb.exec:\bhthbb.exe90⤵PID:1792
-
\??\c:\nnbnbb.exec:\nnbnbb.exe91⤵PID:2116
-
\??\c:\jpdpd.exec:\jpdpd.exe92⤵PID:2304
-
\??\c:\5vjpv.exec:\5vjpv.exe93⤵PID:1632
-
\??\c:\xrllrrr.exec:\xrllrrr.exe94⤵PID:1576
-
\??\c:\lxrrrxf.exec:\lxrrrxf.exe95⤵PID:1432
-
\??\c:\htbbbt.exec:\htbbbt.exe96⤵PID:2904
-
\??\c:\nnhbbt.exec:\nnhbbt.exe97⤵PID:2940
-
\??\c:\jdvvd.exec:\jdvvd.exe98⤵PID:2256
-
\??\c:\5dpjd.exec:\5dpjd.exe99⤵PID:2384
-
\??\c:\rlrlxfr.exec:\rlrlxfr.exe100⤵PID:1408
-
\??\c:\rflrrlr.exec:\rflrrlr.exe101⤵PID:1596
-
\??\c:\5tnnnt.exec:\5tnnnt.exe102⤵PID:808
-
\??\c:\bbhhnn.exec:\bbhhnn.exe103⤵PID:2492
-
\??\c:\pdjdd.exec:\pdjdd.exe104⤵PID:3056
-
\??\c:\pjvjj.exec:\pjvjj.exe105⤵PID:2244
-
\??\c:\fffxxll.exec:\fffxxll.exe106⤵PID:1952
-
\??\c:\lfrrrlr.exec:\lfrrrlr.exe107⤵PID:1260
-
\??\c:\btbnhh.exec:\btbnhh.exe108⤵PID:2320
-
\??\c:\htbttn.exec:\htbttn.exe109⤵PID:696
-
\??\c:\vpvdd.exec:\vpvdd.exe110⤵PID:1164
-
\??\c:\vppdv.exec:\vppdv.exe111⤵PID:1716
-
\??\c:\rrrxflr.exec:\rrrxflr.exe112⤵PID:1396
-
\??\c:\xrfxflr.exec:\xrfxflr.exe113⤵PID:2596
-
\??\c:\jddpp.exec:\jddpp.exe114⤵PID:628
-
\??\c:\lfrxllr.exec:\lfrxllr.exe115⤵PID:2316
-
\??\c:\fxlrrrr.exec:\fxlrrrr.exe116⤵PID:2676
-
\??\c:\1tnthh.exec:\1tnthh.exe117⤵PID:2616
-
\??\c:\vppvd.exec:\vppvd.exe118⤵PID:2592
-
\??\c:\rlrrxfr.exec:\rlrrxfr.exe119⤵PID:2284
-
\??\c:\lfllxxx.exec:\lfllxxx.exe120⤵PID:2584
-
\??\c:\tbnbbb.exec:\tbnbbb.exe121⤵PID:1400
-
\??\c:\vpdjp.exec:\vpdjp.exe122⤵PID:2456
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-