Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe
-
Size
82KB
-
MD5
6e6baa46a732b86d5a8755752e39f070
-
SHA1
89220fe51ef6ea9573422a200bf314711fbbb19b
-
SHA256
0a222ef2c91b648998dbc01bf90ba57b0f189c900cd4ed3930b0e9b41d1d680a
-
SHA512
41f66dfb701023f33d7661cde3aab6f98667ae1cd4c9f01551e046045c170f1081a329aa80a4afbf5b8acceb8765c32454c475d99d3e222ed1a70cad722ec35c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsvE:ymb3NkkiQ3mdBjFIWeFGyA9P5
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral1/memory/1868-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1868-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2168-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2584-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2704-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2844-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2840-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2380-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2496-79-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2448-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/836-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2592-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/940-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2376-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2032-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2008-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1972-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/680-233-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1152-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1264-250-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/896-268-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2128-277-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/776-286-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/324-296-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2168 vjvdp.exe 2584 rfrrrlx.exe 2704 jdpjd.exe 2844 rllxlxf.exe 2840 xxllxlr.exe 2380 9bbntt.exe 2496 jdvvj.exe 2392 rrfrrxr.exe 2448 3fllllx.exe 836 5nntht.exe 2592 5dpvd.exe 1212 3rlrxxr.exe 336 lfrflxf.exe 940 bnnntn.exe 2376 jdpvj.exe 2444 jjjjp.exe 2032 3rffllx.exe 2008 btbbtt.exe 2312 tnhhbn.exe 1972 vvjpd.exe 1992 rlfxlxl.exe 768 3lflrxx.exe 1400 nhhhbh.exe 680 5hbhbh.exe 1152 5jjpv.exe 1264 jddvd.exe 2836 bbbnht.exe 896 hnbnhn.exe 2128 vpvdj.exe 776 fxrrxfl.exe 324 nhtbhn.exe 1420 1bthbb.exe 2172 vvpvp.exe 1728 3ppvj.exe 2976 rlflrxl.exe 2672 nhbbbb.exe 2640 nnttnt.exe 2720 jjdjp.exe 2708 xrxllrx.exe 2760 fxffxrl.exe 2520 3ffrrrx.exe 2412 bbnhhb.exe 2508 bnhnnn.exe 2496 vpdpv.exe 2424 7jvdj.exe 1312 1lflxfl.exe 2480 1frrxxf.exe 2820 tnhntt.exe 1020 tnbbbh.exe 268 jjpjj.exe 988 9pjjj.exe 1224 xrlrflf.exe 1564 llllffx.exe 620 hbntbh.exe 2036 tnbhnt.exe 2012 7jddj.exe 2252 vvjdv.exe 2588 llxlrxx.exe 1944 1rflxxr.exe 2440 tnthnt.exe 380 7nbbnn.exe 1028 jdjvd.exe 1572 pdpjp.exe 688 1jdjv.exe -
resource yara_rule behavioral1/memory/1868-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2168-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2584-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2704-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2844-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2840-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2380-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2448-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/836-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2592-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/940-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2376-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2032-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2008-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1972-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/680-233-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1152-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1264-250-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/896-268-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2128-277-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/776-286-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/324-296-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1868 wrote to memory of 2168 1868 6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe 28 PID 1868 wrote to memory of 2168 1868 6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe 28 PID 1868 wrote to memory of 2168 1868 6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe 28 PID 1868 wrote to memory of 2168 1868 6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe 28 PID 2168 wrote to memory of 2584 2168 vjvdp.exe 29 PID 2168 wrote to memory of 2584 2168 vjvdp.exe 29 PID 2168 wrote to memory of 2584 2168 vjvdp.exe 29 PID 2168 wrote to memory of 2584 2168 vjvdp.exe 29 PID 2584 wrote to memory of 2704 2584 rfrrrlx.exe 30 PID 2584 wrote to memory of 2704 2584 rfrrrlx.exe 30 PID 2584 wrote to memory of 2704 2584 rfrrrlx.exe 30 PID 2584 wrote to memory of 2704 2584 rfrrrlx.exe 30 PID 2704 wrote to memory of 2844 2704 jdpjd.exe 31 PID 2704 wrote to memory of 2844 2704 jdpjd.exe 31 PID 2704 wrote to memory of 2844 2704 jdpjd.exe 31 PID 2704 wrote to memory of 2844 2704 jdpjd.exe 31 PID 2844 wrote to memory of 2840 2844 rllxlxf.exe 32 PID 2844 wrote to memory of 2840 2844 rllxlxf.exe 32 PID 2844 wrote to memory of 2840 2844 rllxlxf.exe 32 PID 2844 wrote to memory of 2840 2844 rllxlxf.exe 32 PID 2840 wrote to memory of 2380 2840 xxllxlr.exe 33 PID 2840 wrote to memory of 2380 2840 xxllxlr.exe 33 PID 2840 wrote to memory of 2380 2840 xxllxlr.exe 33 PID 2840 wrote to memory of 2380 2840 xxllxlr.exe 33 PID 2380 wrote to memory of 2496 2380 9bbntt.exe 34 PID 2380 wrote to memory of 2496 2380 9bbntt.exe 34 PID 2380 wrote to memory of 2496 2380 9bbntt.exe 34 PID 2380 wrote to memory of 2496 2380 9bbntt.exe 34 PID 2496 wrote to memory of 2392 2496 jdvvj.exe 35 PID 2496 wrote to memory of 2392 2496 jdvvj.exe 35 PID 2496 wrote to memory of 2392 2496 jdvvj.exe 35 PID 2496 wrote to memory of 2392 2496 jdvvj.exe 35 PID 2392 wrote to memory of 2448 2392 rrfrrxr.exe 36 PID 2392 wrote to memory of 2448 2392 rrfrrxr.exe 36 PID 2392 wrote to memory of 2448 2392 rrfrrxr.exe 36 PID 2392 wrote to memory of 2448 2392 rrfrrxr.exe 36 PID 2448 wrote to memory of 836 2448 3fllllx.exe 37 PID 2448 wrote to memory of 836 2448 3fllllx.exe 37 PID 2448 wrote to memory of 836 2448 3fllllx.exe 37 PID 2448 wrote to memory of 836 2448 3fllllx.exe 37 PID 836 wrote to memory of 2592 836 5nntht.exe 38 PID 836 wrote to memory of 2592 836 5nntht.exe 38 PID 836 wrote to memory of 2592 836 5nntht.exe 38 PID 836 wrote to memory of 2592 836 5nntht.exe 38 PID 2592 wrote to memory of 1212 2592 5dpvd.exe 39 PID 2592 wrote to memory of 1212 2592 5dpvd.exe 39 PID 2592 wrote to memory of 1212 2592 5dpvd.exe 39 PID 2592 wrote to memory of 1212 2592 5dpvd.exe 39 PID 1212 wrote to memory of 336 1212 3rlrxxr.exe 40 PID 1212 wrote to memory of 336 1212 3rlrxxr.exe 40 PID 1212 wrote to memory of 336 1212 3rlrxxr.exe 40 PID 1212 wrote to memory of 336 1212 3rlrxxr.exe 40 PID 336 wrote to memory of 940 336 lfrflxf.exe 41 PID 336 wrote to memory of 940 336 lfrflxf.exe 41 PID 336 wrote to memory of 940 336 lfrflxf.exe 41 PID 336 wrote to memory of 940 336 lfrflxf.exe 41 PID 940 wrote to memory of 2376 940 bnnntn.exe 42 PID 940 wrote to memory of 2376 940 bnnntn.exe 42 PID 940 wrote to memory of 2376 940 bnnntn.exe 42 PID 940 wrote to memory of 2376 940 bnnntn.exe 42 PID 2376 wrote to memory of 2444 2376 jdpvj.exe 43 PID 2376 wrote to memory of 2444 2376 jdpvj.exe 43 PID 2376 wrote to memory of 2444 2376 jdpvj.exe 43 PID 2376 wrote to memory of 2444 2376 jdpvj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6e6baa46a732b86d5a8755752e39f070_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1868 -
\??\c:\vjvdp.exec:\vjvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2168 -
\??\c:\rfrrrlx.exec:\rfrrrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\jdpjd.exec:\jdpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\rllxlxf.exec:\rllxlxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2844 -
\??\c:\xxllxlr.exec:\xxllxlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2840 -
\??\c:\9bbntt.exec:\9bbntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\jdvvj.exec:\jdvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\rrfrrxr.exec:\rrfrrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\3fllllx.exec:\3fllllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2448 -
\??\c:\5nntht.exec:\5nntht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:836 -
\??\c:\5dpvd.exec:\5dpvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2592 -
\??\c:\3rlrxxr.exec:\3rlrxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1212 -
\??\c:\lfrflxf.exec:\lfrflxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:336 -
\??\c:\bnnntn.exec:\bnnntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:940 -
\??\c:\jdpvj.exec:\jdpvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2376 -
\??\c:\jjjjp.exec:\jjjjp.exe17⤵
- Executes dropped EXE
PID:2444 -
\??\c:\3rffllx.exec:\3rffllx.exe18⤵
- Executes dropped EXE
PID:2032 -
\??\c:\btbbtt.exec:\btbbtt.exe19⤵
- Executes dropped EXE
PID:2008 -
\??\c:\tnhhbn.exec:\tnhhbn.exe20⤵
- Executes dropped EXE
PID:2312 -
\??\c:\vvjpd.exec:\vvjpd.exe21⤵
- Executes dropped EXE
PID:1972 -
\??\c:\rlfxlxl.exec:\rlfxlxl.exe22⤵
- Executes dropped EXE
PID:1992 -
\??\c:\3lflrxx.exec:\3lflrxx.exe23⤵
- Executes dropped EXE
PID:768 -
\??\c:\nhhhbh.exec:\nhhhbh.exe24⤵
- Executes dropped EXE
PID:1400 -
\??\c:\5hbhbh.exec:\5hbhbh.exe25⤵
- Executes dropped EXE
PID:680 -
\??\c:\5jjpv.exec:\5jjpv.exe26⤵
- Executes dropped EXE
PID:1152 -
\??\c:\jddvd.exec:\jddvd.exe27⤵
- Executes dropped EXE
PID:1264 -
\??\c:\bbbnht.exec:\bbbnht.exe28⤵
- Executes dropped EXE
PID:2836 -
\??\c:\hnbnhn.exec:\hnbnhn.exe29⤵
- Executes dropped EXE
PID:896 -
\??\c:\vpvdj.exec:\vpvdj.exe30⤵
- Executes dropped EXE
PID:2128 -
\??\c:\fxrrxfl.exec:\fxrrxfl.exe31⤵
- Executes dropped EXE
PID:776 -
\??\c:\nhtbhn.exec:\nhtbhn.exe32⤵
- Executes dropped EXE
PID:324 -
\??\c:\1bthbb.exec:\1bthbb.exe33⤵
- Executes dropped EXE
PID:1420 -
\??\c:\vvpvp.exec:\vvpvp.exe34⤵
- Executes dropped EXE
PID:2172 -
\??\c:\3ppvj.exec:\3ppvj.exe35⤵
- Executes dropped EXE
PID:1728 -
\??\c:\rlflrxl.exec:\rlflrxl.exe36⤵
- Executes dropped EXE
PID:2976 -
\??\c:\nhbbbb.exec:\nhbbbb.exe37⤵
- Executes dropped EXE
PID:2672 -
\??\c:\nnttnt.exec:\nnttnt.exe38⤵
- Executes dropped EXE
PID:2640 -
\??\c:\jjdjp.exec:\jjdjp.exe39⤵
- Executes dropped EXE
PID:2720 -
\??\c:\xrxllrx.exec:\xrxllrx.exe40⤵
- Executes dropped EXE
PID:2708 -
\??\c:\fxffxrl.exec:\fxffxrl.exe41⤵
- Executes dropped EXE
PID:2760 -
\??\c:\3ffrrrx.exec:\3ffrrrx.exe42⤵
- Executes dropped EXE
PID:2520 -
\??\c:\bbnhhb.exec:\bbnhhb.exe43⤵
- Executes dropped EXE
PID:2412 -
\??\c:\bnhnnn.exec:\bnhnnn.exe44⤵
- Executes dropped EXE
PID:2508 -
\??\c:\vpdpv.exec:\vpdpv.exe45⤵
- Executes dropped EXE
PID:2496 -
\??\c:\7jvdj.exec:\7jvdj.exe46⤵
- Executes dropped EXE
PID:2424 -
\??\c:\1lflxfl.exec:\1lflxfl.exe47⤵
- Executes dropped EXE
PID:1312 -
\??\c:\1frrxxf.exec:\1frrxxf.exe48⤵
- Executes dropped EXE
PID:2480 -
\??\c:\tnhntt.exec:\tnhntt.exe49⤵
- Executes dropped EXE
PID:2820 -
\??\c:\tnbbbh.exec:\tnbbbh.exe50⤵
- Executes dropped EXE
PID:1020 -
\??\c:\jjpjj.exec:\jjpjj.exe51⤵
- Executes dropped EXE
PID:268 -
\??\c:\9pjjj.exec:\9pjjj.exe52⤵
- Executes dropped EXE
PID:988 -
\??\c:\xrlrflf.exec:\xrlrflf.exe53⤵
- Executes dropped EXE
PID:1224 -
\??\c:\llllffx.exec:\llllffx.exe54⤵
- Executes dropped EXE
PID:1564 -
\??\c:\hbntbh.exec:\hbntbh.exe55⤵
- Executes dropped EXE
PID:620 -
\??\c:\tnbhnt.exec:\tnbhnt.exe56⤵
- Executes dropped EXE
PID:2036 -
\??\c:\7jddj.exec:\7jddj.exe57⤵
- Executes dropped EXE
PID:2012 -
\??\c:\vvjdv.exec:\vvjdv.exe58⤵
- Executes dropped EXE
PID:2252 -
\??\c:\llxlrxx.exec:\llxlrxx.exe59⤵
- Executes dropped EXE
PID:2588 -
\??\c:\1rflxxr.exec:\1rflxxr.exe60⤵
- Executes dropped EXE
PID:1944 -
\??\c:\tnthnt.exec:\tnthnt.exe61⤵
- Executes dropped EXE
PID:2440 -
\??\c:\7nbbnn.exec:\7nbbnn.exe62⤵
- Executes dropped EXE
PID:380 -
\??\c:\jdjvd.exec:\jdjvd.exe63⤵
- Executes dropped EXE
PID:1028 -
\??\c:\pdpjp.exec:\pdpjp.exe64⤵
- Executes dropped EXE
PID:1572 -
\??\c:\1jdjv.exec:\1jdjv.exe65⤵
- Executes dropped EXE
PID:688 -
\??\c:\lrxxxxx.exec:\lrxxxxx.exe66⤵PID:1080
-
\??\c:\bthnnn.exec:\bthnnn.exe67⤵PID:564
-
\??\c:\tnhthn.exec:\tnhthn.exe68⤵PID:1284
-
\??\c:\vpjvv.exec:\vpjvv.exe69⤵PID:1900
-
\??\c:\jvpdd.exec:\jvpdd.exe70⤵PID:748
-
\??\c:\rlxflll.exec:\rlxflll.exe71⤵PID:2880
-
\??\c:\xlffrrx.exec:\xlffrrx.exe72⤵PID:2180
-
\??\c:\hnbttt.exec:\hnbttt.exe73⤵PID:2140
-
\??\c:\nhttbh.exec:\nhttbh.exe74⤵PID:2876
-
\??\c:\vjvvj.exec:\vjvvj.exe75⤵PID:2076
-
\??\c:\dvpdp.exec:\dvpdp.exe76⤵PID:1748
-
\??\c:\rlrxxlr.exec:\rlrxxlr.exe77⤵PID:2888
-
\??\c:\frflrxx.exec:\frflrxx.exe78⤵PID:2348
-
\??\c:\bntbnh.exec:\bntbnh.exe79⤵PID:2304
-
\??\c:\hbhhhn.exec:\hbhhhn.exe80⤵PID:2692
-
\??\c:\vjddd.exec:\vjddd.exe81⤵PID:2684
-
\??\c:\jdddj.exec:\jdddj.exe82⤵PID:2748
-
\??\c:\vpdjv.exec:\vpdjv.exe83⤵PID:2704
-
\??\c:\frxxffl.exec:\frxxffl.exe84⤵PID:2768
-
\??\c:\xrlxllr.exec:\xrlxllr.exe85⤵PID:2516
-
\??\c:\1bhntn.exec:\1bhntn.exe86⤵PID:2524
-
\??\c:\hhttbh.exec:\hhttbh.exe87⤵PID:2512
-
\??\c:\jvdvd.exec:\jvdvd.exe88⤵PID:2928
-
\??\c:\pjddj.exec:\pjddj.exe89⤵PID:2384
-
\??\c:\xlxxxfr.exec:\xlxxxfr.exe90⤵PID:2728
-
\??\c:\7rllxxl.exec:\7rllxxl.exe91⤵PID:2560
-
\??\c:\5tnntt.exec:\5tnntt.exe92⤵PID:2592
-
\??\c:\9nhbtt.exec:\9nhbtt.exe93⤵PID:2736
-
\??\c:\pjdpv.exec:\pjdpv.exe94⤵PID:1584
-
\??\c:\dvpvd.exec:\dvpvd.exe95⤵PID:1644
-
\??\c:\lfxxxfl.exec:\lfxxxfl.exe96⤵PID:1664
-
\??\c:\fffrlxr.exec:\fffrlxr.exe97⤵PID:1356
-
\??\c:\1nbhnt.exec:\1nbhnt.exe98⤵PID:1652
-
\??\c:\3tnthn.exec:\3tnthn.exe99⤵PID:2036
-
\??\c:\5dddj.exec:\5dddj.exe100⤵PID:2428
-
\??\c:\vvjvd.exec:\vvjvd.exe101⤵PID:2208
-
\??\c:\vvjpd.exec:\vvjpd.exe102⤵PID:2804
-
\??\c:\ffxxffl.exec:\ffxxffl.exe103⤵PID:1924
-
\??\c:\rlrrxxx.exec:\rlrrxxx.exe104⤵PID:1200
-
\??\c:\5nhhnt.exec:\5nhhnt.exe105⤵PID:1412
-
\??\c:\tntttt.exec:\tntttt.exe106⤵PID:1048
-
\??\c:\jdpjj.exec:\jdpjj.exe107⤵PID:2532
-
\??\c:\9dvdd.exec:\9dvdd.exe108⤵PID:560
-
\??\c:\pdvvd.exec:\pdvvd.exe109⤵PID:1152
-
\??\c:\xrllrrx.exec:\xrllrrx.exe110⤵PID:760
-
\??\c:\xxrflrf.exec:\xxrflrf.exe111⤵PID:1576
-
\??\c:\hbntbh.exec:\hbntbh.exe112⤵PID:2332
-
\??\c:\nhtttn.exec:\nhtttn.exe113⤵PID:748
-
\??\c:\vjpjp.exec:\vjpjp.exe114⤵PID:2852
-
\??\c:\jjvvj.exec:\jjvvj.exe115⤵PID:296
-
\??\c:\xrxffrx.exec:\xrxffrx.exe116⤵PID:3048
-
\??\c:\1lxlxfl.exec:\1lxlxfl.exe117⤵PID:1460
-
\??\c:\tnhhtb.exec:\tnhhtb.exe118⤵PID:1420
-
\??\c:\nhtbnh.exec:\nhtbnh.exe119⤵PID:1628
-
\??\c:\dvdvj.exec:\dvdvj.exe120⤵PID:1728
-
\??\c:\jjpjv.exec:\jjpjv.exe121⤵PID:2976
-
\??\c:\xrlfllf.exec:\xrlfllf.exe122⤵PID:2672
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-