Analysis
-
max time kernel
138s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
670740808abe445f88c216c2287bef30_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
670740808abe445f88c216c2287bef30_NeikiAnalytics.exe
-
Size
80KB
-
MD5
670740808abe445f88c216c2287bef30
-
SHA1
88b3a8503cc8ad00fb0fbcf546fa7dd020946aed
-
SHA256
2a7d2ae6f8ff7f5ec0569922128e98b8ce21414a44c5ec2e0d3489d2fcdb2299
-
SHA512
aebe8afcdc667d682ca443c515923d0706c080301eaf4fc5cb20dc50a60225f2ca7b71d7904c68e4f7782a72a977dc59d57634044f8725c65dc9da7c295f7391
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5Qu:ymb3NkkiQ3mdBjFoLkmx/g8ZKzQu
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
resource yara_rule behavioral1/memory/1728-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1628-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2184-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2392-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2872-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2624-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2380-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1648-280-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/884-298-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/780-218-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2216-209-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2900-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1672-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2036-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2352-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2340-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/112-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2392-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2312-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2608-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1724-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1628 vdjpp.exe 1724 fxxrxff.exe 2608 xlrlxff.exe 2544 9tthth.exe 2184 ddvpd.exe 2312 vpdpv.exe 2392 lxlxxfl.exe 2872 frxxfll.exe 112 9bnnhn.exe 2624 bbthnb.exe 2752 vpddp.exe 1248 jdpvj.exe 1564 xlxfrrf.exe 2340 rrlrfll.exe 2352 bthnth.exe 2380 thtbhb.exe 2036 dddjj.exe 1672 xrrxxff.exe 2900 lxfrrll.exe 2244 nhbhtb.exe 2216 btthtt.exe 780 1hthnn.exe 952 7vjpv.exe 2896 fxxfxfr.exe 904 xxlxlff.exe 108 tttbnt.exe 1660 thnnbb.exe 1424 jpvvp.exe 1648 fxrfxfr.exe 604 fxrrflr.exe 884 nhthhn.exe 1832 bnhtbb.exe 1884 vpjvj.exe 2712 pjvvd.exe 2596 fllfllf.exe 2548 tnbtth.exe 2584 hhtnbh.exe 2620 jpdpp.exe 2184 jjdjj.exe 2684 frxfrrl.exe 2324 xxxfxfx.exe 2444 9nttnn.exe 2864 dddpv.exe 2648 jvvvv.exe 2768 3lrxxfr.exe 1760 5xlfrlr.exe 1572 nhbnnt.exe 2276 pppvp.exe 988 vvdvv.exe 2948 dpdjv.exe 836 fxrflrr.exe 2016 lxflxxf.exe 2004 3nbhnt.exe 1936 ttttnb.exe 2028 dvvdv.exe 1924 tnnntb.exe 1992 nbntbh.exe 2472 jvjvj.exe 2216 jjpdd.exe 1384 xrxxfxx.exe 1772 hnhnht.exe 1664 nhbhbt.exe 1680 jvjpd.exe 3016 pjjpv.exe -
resource yara_rule behavioral1/memory/1728-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1628-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2184-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2392-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2872-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2624-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2380-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1648-280-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/884-298-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/780-218-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2216-209-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1672-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2036-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2352-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2340-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/112-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2392-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2392-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2392-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2312-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1724-24-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1728 wrote to memory of 1628 1728 670740808abe445f88c216c2287bef30_NeikiAnalytics.exe 28 PID 1728 wrote to memory of 1628 1728 670740808abe445f88c216c2287bef30_NeikiAnalytics.exe 28 PID 1728 wrote to memory of 1628 1728 670740808abe445f88c216c2287bef30_NeikiAnalytics.exe 28 PID 1728 wrote to memory of 1628 1728 670740808abe445f88c216c2287bef30_NeikiAnalytics.exe 28 PID 1628 wrote to memory of 1724 1628 vdjpp.exe 29 PID 1628 wrote to memory of 1724 1628 vdjpp.exe 29 PID 1628 wrote to memory of 1724 1628 vdjpp.exe 29 PID 1628 wrote to memory of 1724 1628 vdjpp.exe 29 PID 1724 wrote to memory of 2608 1724 fxxrxff.exe 30 PID 1724 wrote to memory of 2608 1724 fxxrxff.exe 30 PID 1724 wrote to memory of 2608 1724 fxxrxff.exe 30 PID 1724 wrote to memory of 2608 1724 fxxrxff.exe 30 PID 2608 wrote to memory of 2544 2608 xlrlxff.exe 31 PID 2608 wrote to memory of 2544 2608 xlrlxff.exe 31 PID 2608 wrote to memory of 2544 2608 xlrlxff.exe 31 PID 2608 wrote to memory of 2544 2608 xlrlxff.exe 31 PID 2544 wrote to memory of 2184 2544 9tthth.exe 32 PID 2544 wrote to memory of 2184 2544 9tthth.exe 32 PID 2544 wrote to memory of 2184 2544 9tthth.exe 32 PID 2544 wrote to memory of 2184 2544 9tthth.exe 32 PID 2184 wrote to memory of 2312 2184 ddvpd.exe 33 PID 2184 wrote to memory of 2312 2184 ddvpd.exe 33 PID 2184 wrote to memory of 2312 2184 ddvpd.exe 33 PID 2184 wrote to memory of 2312 2184 ddvpd.exe 33 PID 2312 wrote to memory of 2392 2312 vpdpv.exe 34 PID 2312 wrote to memory of 2392 2312 vpdpv.exe 34 PID 2312 wrote to memory of 2392 2312 vpdpv.exe 34 PID 2312 wrote to memory of 2392 2312 vpdpv.exe 34 PID 2392 wrote to memory of 2872 2392 lxlxxfl.exe 35 PID 2392 wrote to memory of 2872 2392 lxlxxfl.exe 35 PID 2392 wrote to memory of 2872 2392 lxlxxfl.exe 35 PID 2392 wrote to memory of 2872 2392 lxlxxfl.exe 35 PID 2872 wrote to memory of 112 2872 frxxfll.exe 36 PID 2872 wrote to memory of 112 2872 frxxfll.exe 36 PID 2872 wrote to memory of 112 2872 frxxfll.exe 36 PID 2872 wrote to memory of 112 2872 frxxfll.exe 36 PID 112 wrote to memory of 2624 112 9bnnhn.exe 37 PID 112 wrote to memory of 2624 112 9bnnhn.exe 37 PID 112 wrote to memory of 2624 112 9bnnhn.exe 37 PID 112 wrote to memory of 2624 112 9bnnhn.exe 37 PID 2624 wrote to memory of 2752 2624 bbthnb.exe 38 PID 2624 wrote to memory of 2752 2624 bbthnb.exe 38 PID 2624 wrote to memory of 2752 2624 bbthnb.exe 38 PID 2624 wrote to memory of 2752 2624 bbthnb.exe 38 PID 2752 wrote to memory of 1248 2752 vpddp.exe 39 PID 2752 wrote to memory of 1248 2752 vpddp.exe 39 PID 2752 wrote to memory of 1248 2752 vpddp.exe 39 PID 2752 wrote to memory of 1248 2752 vpddp.exe 39 PID 1248 wrote to memory of 1564 1248 jdpvj.exe 40 PID 1248 wrote to memory of 1564 1248 jdpvj.exe 40 PID 1248 wrote to memory of 1564 1248 jdpvj.exe 40 PID 1248 wrote to memory of 1564 1248 jdpvj.exe 40 PID 1564 wrote to memory of 2340 1564 xlxfrrf.exe 41 PID 1564 wrote to memory of 2340 1564 xlxfrrf.exe 41 PID 1564 wrote to memory of 2340 1564 xlxfrrf.exe 41 PID 1564 wrote to memory of 2340 1564 xlxfrrf.exe 41 PID 2340 wrote to memory of 2352 2340 rrlrfll.exe 42 PID 2340 wrote to memory of 2352 2340 rrlrfll.exe 42 PID 2340 wrote to memory of 2352 2340 rrlrfll.exe 42 PID 2340 wrote to memory of 2352 2340 rrlrfll.exe 42 PID 2352 wrote to memory of 2380 2352 bthnth.exe 43 PID 2352 wrote to memory of 2380 2352 bthnth.exe 43 PID 2352 wrote to memory of 2380 2352 bthnth.exe 43 PID 2352 wrote to memory of 2380 2352 bthnth.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\670740808abe445f88c216c2287bef30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\670740808abe445f88c216c2287bef30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1728 -
\??\c:\vdjpp.exec:\vdjpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1628 -
\??\c:\fxxrxff.exec:\fxxrxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1724 -
\??\c:\xlrlxff.exec:\xlrlxff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\9tthth.exec:\9tthth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\ddvpd.exec:\ddvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\vpdpv.exec:\vpdpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312 -
\??\c:\lxlxxfl.exec:\lxlxxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\frxxfll.exec:\frxxfll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2872 -
\??\c:\9bnnhn.exec:\9bnnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:112 -
\??\c:\bbthnb.exec:\bbthnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2624 -
\??\c:\vpddp.exec:\vpddp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\jdpvj.exec:\jdpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1248 -
\??\c:\xlxfrrf.exec:\xlxfrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\rrlrfll.exec:\rrlrfll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2340 -
\??\c:\bthnth.exec:\bthnth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2352 -
\??\c:\thtbhb.exec:\thtbhb.exe17⤵
- Executes dropped EXE
PID:2380 -
\??\c:\dddjj.exec:\dddjj.exe18⤵
- Executes dropped EXE
PID:2036 -
\??\c:\xrrxxff.exec:\xrrxxff.exe19⤵
- Executes dropped EXE
PID:1672 -
\??\c:\lxfrrll.exec:\lxfrrll.exe20⤵
- Executes dropped EXE
PID:2900 -
\??\c:\nhbhtb.exec:\nhbhtb.exe21⤵
- Executes dropped EXE
PID:2244 -
\??\c:\btthtt.exec:\btthtt.exe22⤵
- Executes dropped EXE
PID:2216 -
\??\c:\1hthnn.exec:\1hthnn.exe23⤵
- Executes dropped EXE
PID:780 -
\??\c:\7vjpv.exec:\7vjpv.exe24⤵
- Executes dropped EXE
PID:952 -
\??\c:\fxxfxfr.exec:\fxxfxfr.exe25⤵
- Executes dropped EXE
PID:2896 -
\??\c:\xxlxlff.exec:\xxlxlff.exe26⤵
- Executes dropped EXE
PID:904 -
\??\c:\tttbnt.exec:\tttbnt.exe27⤵
- Executes dropped EXE
PID:108 -
\??\c:\thnnbb.exec:\thnnbb.exe28⤵
- Executes dropped EXE
PID:1660 -
\??\c:\jpvvp.exec:\jpvvp.exe29⤵
- Executes dropped EXE
PID:1424 -
\??\c:\fxrfxfr.exec:\fxrfxfr.exe30⤵
- Executes dropped EXE
PID:1648 -
\??\c:\fxrrflr.exec:\fxrrflr.exe31⤵
- Executes dropped EXE
PID:604 -
\??\c:\nhthhn.exec:\nhthhn.exe32⤵
- Executes dropped EXE
PID:884 -
\??\c:\bnhtbb.exec:\bnhtbb.exe33⤵
- Executes dropped EXE
PID:1832 -
\??\c:\vpjvj.exec:\vpjvj.exe34⤵
- Executes dropped EXE
PID:1884 -
\??\c:\pjvvd.exec:\pjvvd.exe35⤵
- Executes dropped EXE
PID:2712 -
\??\c:\fllfllf.exec:\fllfllf.exe36⤵
- Executes dropped EXE
PID:2596 -
\??\c:\tnbtth.exec:\tnbtth.exe37⤵
- Executes dropped EXE
PID:2548 -
\??\c:\hhtnbh.exec:\hhtnbh.exe38⤵
- Executes dropped EXE
PID:2584 -
\??\c:\jpdpp.exec:\jpdpp.exe39⤵
- Executes dropped EXE
PID:2620 -
\??\c:\jjdjj.exec:\jjdjj.exe40⤵
- Executes dropped EXE
PID:2184 -
\??\c:\frxfrrl.exec:\frxfrrl.exe41⤵
- Executes dropped EXE
PID:2684 -
\??\c:\xxxfxfx.exec:\xxxfxfx.exe42⤵
- Executes dropped EXE
PID:2324 -
\??\c:\9nttnn.exec:\9nttnn.exe43⤵
- Executes dropped EXE
PID:2444 -
\??\c:\dddpv.exec:\dddpv.exe44⤵
- Executes dropped EXE
PID:2864 -
\??\c:\jvvvv.exec:\jvvvv.exe45⤵
- Executes dropped EXE
PID:2648 -
\??\c:\3lrxxfr.exec:\3lrxxfr.exe46⤵
- Executes dropped EXE
PID:2768 -
\??\c:\5xlfrlr.exec:\5xlfrlr.exe47⤵
- Executes dropped EXE
PID:1760 -
\??\c:\nhbnnt.exec:\nhbnnt.exe48⤵
- Executes dropped EXE
PID:1572 -
\??\c:\pppvp.exec:\pppvp.exe49⤵
- Executes dropped EXE
PID:2276 -
\??\c:\vvdvv.exec:\vvdvv.exe50⤵
- Executes dropped EXE
PID:988 -
\??\c:\dpdjv.exec:\dpdjv.exe51⤵
- Executes dropped EXE
PID:2948 -
\??\c:\fxrflrr.exec:\fxrflrr.exe52⤵
- Executes dropped EXE
PID:836 -
\??\c:\lxflxxf.exec:\lxflxxf.exe53⤵
- Executes dropped EXE
PID:2016 -
\??\c:\3nbhnt.exec:\3nbhnt.exe54⤵
- Executes dropped EXE
PID:2004 -
\??\c:\ttttnb.exec:\ttttnb.exe55⤵
- Executes dropped EXE
PID:1936 -
\??\c:\dvvdv.exec:\dvvdv.exe56⤵
- Executes dropped EXE
PID:2028 -
\??\c:\tnnntb.exec:\tnnntb.exe57⤵
- Executes dropped EXE
PID:1924 -
\??\c:\nbntbh.exec:\nbntbh.exe58⤵
- Executes dropped EXE
PID:1992 -
\??\c:\jvjvj.exec:\jvjvj.exe59⤵
- Executes dropped EXE
PID:2472 -
\??\c:\jjpdd.exec:\jjpdd.exe60⤵
- Executes dropped EXE
PID:2216 -
\??\c:\xrxxfxx.exec:\xrxxfxx.exe61⤵
- Executes dropped EXE
PID:1384 -
\??\c:\hnhnht.exec:\hnhnht.exe62⤵
- Executes dropped EXE
PID:1772 -
\??\c:\nhbhbt.exec:\nhbhbt.exe63⤵
- Executes dropped EXE
PID:1664 -
\??\c:\jvjpd.exec:\jvjpd.exe64⤵
- Executes dropped EXE
PID:1680 -
\??\c:\pjjpv.exec:\pjjpv.exe65⤵
- Executes dropped EXE
PID:3016 -
\??\c:\ffrrrll.exec:\ffrrrll.exe66⤵PID:1780
-
\??\c:\xflxfff.exec:\xflxfff.exe67⤵PID:632
-
\??\c:\bhhbbt.exec:\bhhbbt.exe68⤵PID:2124
-
\??\c:\5nntbb.exec:\5nntbb.exe69⤵PID:1644
-
\??\c:\bhnnbb.exec:\bhnnbb.exe70⤵PID:1012
-
\??\c:\vvppv.exec:\vvppv.exe71⤵PID:604
-
\??\c:\vjvpv.exec:\vjvpv.exe72⤵PID:2832
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe73⤵PID:1608
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe74⤵PID:888
-
\??\c:\9bhhbb.exec:\9bhhbb.exe75⤵PID:2536
-
\??\c:\bhbbbt.exec:\bhbbbt.exe76⤵PID:2968
-
\??\c:\hthhnn.exec:\hthhnn.exe77⤵PID:2716
-
\??\c:\xlfrrxr.exec:\xlfrrxr.exe78⤵PID:2608
-
\??\c:\tbhbhh.exec:\tbhbhh.exe79⤵PID:2512
-
\??\c:\3jdjv.exec:\3jdjv.exe80⤵PID:2584
-
\??\c:\rfrrrfl.exec:\rfrrrfl.exe81⤵PID:2620
-
\??\c:\nnbbtt.exec:\nnbbtt.exe82⤵PID:2404
-
\??\c:\5tthtb.exec:\5tthtb.exe83⤵PID:2232
-
\??\c:\jddjd.exec:\jddjd.exe84⤵PID:2392
-
\??\c:\llfrflx.exec:\llfrflx.exe85⤵PID:240
-
\??\c:\hnnttt.exec:\hnnttt.exe86⤵PID:2632
-
\??\c:\vddvd.exec:\vddvd.exe87⤵PID:2732
-
\??\c:\9fflffl.exec:\9fflffl.exe88⤵PID:2840
-
\??\c:\bhhhnb.exec:\bhhhnb.exe89⤵PID:1552
-
\??\c:\djjdj.exec:\djjdj.exe90⤵PID:1616
-
\??\c:\llxrrrr.exec:\llxrrrr.exe91⤵PID:1584
-
\??\c:\nbbnnb.exec:\nbbnnb.exe92⤵PID:1004
-
\??\c:\jppvj.exec:\jppvj.exe93⤵PID:2740
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe94⤵PID:2892
-
\??\c:\lxxrxrr.exec:\lxxrxrr.exe95⤵PID:2828
-
\??\c:\bbbbhb.exec:\bbbbhb.exe96⤵PID:2040
-
\??\c:\pvpdj.exec:\pvpdj.exe97⤵PID:2916
-
\??\c:\xlrllll.exec:\xlrllll.exe98⤵PID:1984
-
\??\c:\3htthb.exec:\3htthb.exe99⤵PID:2212
-
\??\c:\vjpvj.exec:\vjpvj.exe100⤵PID:1336
-
\??\c:\rlxrxrr.exec:\rlxrxrr.exe101⤵PID:572
-
\??\c:\tnbhnt.exec:\tnbhnt.exe102⤵PID:1176
-
\??\c:\1jjpd.exec:\1jjpd.exe103⤵PID:528
-
\??\c:\7lrlflr.exec:\7lrlflr.exe104⤵PID:1452
-
\??\c:\btnhhb.exec:\btnhhb.exe105⤵PID:700
-
\??\c:\tnnbbh.exec:\tnnbbh.exe106⤵PID:788
-
\??\c:\hnntnt.exec:\hnntnt.exe107⤵PID:332
-
\??\c:\jvjpv.exec:\jvjpv.exe108⤵PID:536
-
\??\c:\vjpjp.exec:\vjpjp.exe109⤵PID:1988
-
\??\c:\5lxrfff.exec:\5lxrfff.exe110⤵PID:320
-
\??\c:\rlrflrx.exec:\rlrflrx.exe111⤵PID:1648
-
\??\c:\1frrfxf.exec:\1frrfxf.exe112⤵PID:1416
-
\??\c:\7bnbbt.exec:\7bnbbt.exe113⤵PID:1592
-
\??\c:\nhtthh.exec:\nhtthh.exe114⤵PID:1528
-
\??\c:\ddvpj.exec:\ddvpj.exe115⤵PID:2208
-
\??\c:\7rlrfxf.exec:\7rlrfxf.exe116⤵PID:1632
-
\??\c:\xlrlrrf.exec:\xlrlrrf.exe117⤵PID:2600
-
\??\c:\lxffrrr.exec:\lxffrrr.exe118⤵PID:1000
-
\??\c:\bnnthb.exec:\bnnthb.exe119⤵PID:1964
-
\??\c:\tnbhhn.exec:\tnbhhn.exe120⤵PID:2548
-
\??\c:\1vvpv.exec:\1vvpv.exe121⤵PID:2544
-
\??\c:\9jddj.exec:\9jddj.exe122⤵PID:1856
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-