Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
670740808abe445f88c216c2287bef30_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
670740808abe445f88c216c2287bef30_NeikiAnalytics.exe
-
Size
80KB
-
MD5
670740808abe445f88c216c2287bef30
-
SHA1
88b3a8503cc8ad00fb0fbcf546fa7dd020946aed
-
SHA256
2a7d2ae6f8ff7f5ec0569922128e98b8ce21414a44c5ec2e0d3489d2fcdb2299
-
SHA512
aebe8afcdc667d682ca443c515923d0706c080301eaf4fc5cb20dc50a60225f2ca7b71d7904c68e4f7782a72a977dc59d57634044f8725c65dc9da7c295f7391
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5Qu:ymb3NkkiQ3mdBjFoLkmx/g8ZKzQu
Malware Config
Signatures
-
Detect Blackmoon payload 29 IoCs
resource yara_rule behavioral2/memory/3792-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1204-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3232-21-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2136-28-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1312-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1284-50-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3132-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/744-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4824-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1696-71-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2812-81-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2812-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5028-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4804-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5060-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4368-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4552-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4324-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4308-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5036-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3748-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1236-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5100-158-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2140-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1792-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3120-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4732-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3904-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2568-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1204 fxffxff.exe 3232 04866.exe 2136 thnhbb.exe 1312 pjvvp.exe 3132 bnnbtn.exe 1284 60220.exe 744 484868.exe 4824 xrrlxxx.exe 1696 dvvvp.exe 2812 2066066.exe 5028 pjppp.exe 4804 g4048.exe 5060 064888.exe 4368 ddppp.exe 4552 jdjdd.exe 4324 606062.exe 4308 o244448.exe 5036 646864.exe 4244 pvjpj.exe 3748 600844.exe 2532 tthhbb.exe 1236 00282.exe 5100 dpvjd.exe 2140 48606.exe 1792 80604.exe 3120 bnnhtb.exe 4732 5llfxrr.exe 3904 jdvvv.exe 2568 082004.exe 3228 824828.exe 3200 7xfxxlf.exe 1456 064444.exe 4744 pvvdj.exe 2732 e68204.exe 2124 frrrlrl.exe 4748 62888.exe 3456 lxfxlll.exe 2224 48482.exe 4252 rfrrrrx.exe 3792 hbhhhn.exe 2688 4860660.exe 532 02448.exe 4264 rlfrlfr.exe 3232 xlxrllf.exe 2452 8228288.exe 4772 btnnhh.exe 3132 5ffrllf.exe 1016 6866060.exe 4800 bnbbnn.exe 1556 m4064.exe 1696 tnnbtt.exe 4036 vpdjd.exe 1780 862266.exe 5028 o286448.exe 4304 60006.exe 4884 608844.exe 3156 2622000.exe 1796 bthnth.exe 4856 80004.exe 1108 3hnhtt.exe 964 i400000.exe 3804 c262666.exe 4608 dpjdv.exe 368 vpdjp.exe -
resource yara_rule behavioral2/memory/3792-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1204-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1204-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1204-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1204-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3232-21-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2136-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3132-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1312-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1284-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3132-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/744-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4824-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1696-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2812-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5028-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4804-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5060-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4368-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4552-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4324-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4308-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5036-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3748-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1236-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5100-158-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2140-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1792-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3120-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4732-183-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3904-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2568-194-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3792 wrote to memory of 1204 3792 670740808abe445f88c216c2287bef30_NeikiAnalytics.exe 83 PID 3792 wrote to memory of 1204 3792 670740808abe445f88c216c2287bef30_NeikiAnalytics.exe 83 PID 3792 wrote to memory of 1204 3792 670740808abe445f88c216c2287bef30_NeikiAnalytics.exe 83 PID 1204 wrote to memory of 3232 1204 fxffxff.exe 84 PID 1204 wrote to memory of 3232 1204 fxffxff.exe 84 PID 1204 wrote to memory of 3232 1204 fxffxff.exe 84 PID 3232 wrote to memory of 2136 3232 04866.exe 85 PID 3232 wrote to memory of 2136 3232 04866.exe 85 PID 3232 wrote to memory of 2136 3232 04866.exe 85 PID 2136 wrote to memory of 1312 2136 thnhbb.exe 86 PID 2136 wrote to memory of 1312 2136 thnhbb.exe 86 PID 2136 wrote to memory of 1312 2136 thnhbb.exe 86 PID 1312 wrote to memory of 3132 1312 pjvvp.exe 87 PID 1312 wrote to memory of 3132 1312 pjvvp.exe 87 PID 1312 wrote to memory of 3132 1312 pjvvp.exe 87 PID 3132 wrote to memory of 1284 3132 bnnbtn.exe 88 PID 3132 wrote to memory of 1284 3132 bnnbtn.exe 88 PID 3132 wrote to memory of 1284 3132 bnnbtn.exe 88 PID 1284 wrote to memory of 744 1284 60220.exe 89 PID 1284 wrote to memory of 744 1284 60220.exe 89 PID 1284 wrote to memory of 744 1284 60220.exe 89 PID 744 wrote to memory of 4824 744 484868.exe 90 PID 744 wrote to memory of 4824 744 484868.exe 90 PID 744 wrote to memory of 4824 744 484868.exe 90 PID 4824 wrote to memory of 1696 4824 xrrlxxx.exe 91 PID 4824 wrote to memory of 1696 4824 xrrlxxx.exe 91 PID 4824 wrote to memory of 1696 4824 xrrlxxx.exe 91 PID 1696 wrote to memory of 2812 1696 dvvvp.exe 92 PID 1696 wrote to memory of 2812 1696 dvvvp.exe 92 PID 1696 wrote to memory of 2812 1696 dvvvp.exe 92 PID 2812 wrote to memory of 5028 2812 2066066.exe 93 PID 2812 wrote to memory of 5028 2812 2066066.exe 93 PID 2812 wrote to memory of 5028 2812 2066066.exe 93 PID 5028 wrote to memory of 4804 5028 pjppp.exe 94 PID 5028 wrote to memory of 4804 5028 pjppp.exe 94 PID 5028 wrote to memory of 4804 5028 pjppp.exe 94 PID 4804 wrote to memory of 5060 4804 g4048.exe 95 PID 4804 wrote to memory of 5060 4804 g4048.exe 95 PID 4804 wrote to memory of 5060 4804 g4048.exe 95 PID 5060 wrote to memory of 4368 5060 064888.exe 96 PID 5060 wrote to memory of 4368 5060 064888.exe 96 PID 5060 wrote to memory of 4368 5060 064888.exe 96 PID 4368 wrote to memory of 4552 4368 ddppp.exe 97 PID 4368 wrote to memory of 4552 4368 ddppp.exe 97 PID 4368 wrote to memory of 4552 4368 ddppp.exe 97 PID 4552 wrote to memory of 4324 4552 jdjdd.exe 98 PID 4552 wrote to memory of 4324 4552 jdjdd.exe 98 PID 4552 wrote to memory of 4324 4552 jdjdd.exe 98 PID 4324 wrote to memory of 4308 4324 606062.exe 100 PID 4324 wrote to memory of 4308 4324 606062.exe 100 PID 4324 wrote to memory of 4308 4324 606062.exe 100 PID 4308 wrote to memory of 5036 4308 o244448.exe 101 PID 4308 wrote to memory of 5036 4308 o244448.exe 101 PID 4308 wrote to memory of 5036 4308 o244448.exe 101 PID 5036 wrote to memory of 4244 5036 646864.exe 102 PID 5036 wrote to memory of 4244 5036 646864.exe 102 PID 5036 wrote to memory of 4244 5036 646864.exe 102 PID 4244 wrote to memory of 3748 4244 pvjpj.exe 103 PID 4244 wrote to memory of 3748 4244 pvjpj.exe 103 PID 4244 wrote to memory of 3748 4244 pvjpj.exe 103 PID 3748 wrote to memory of 2532 3748 600844.exe 104 PID 3748 wrote to memory of 2532 3748 600844.exe 104 PID 3748 wrote to memory of 2532 3748 600844.exe 104 PID 2532 wrote to memory of 1236 2532 tthhbb.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\670740808abe445f88c216c2287bef30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\670740808abe445f88c216c2287bef30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3792 -
\??\c:\fxffxff.exec:\fxffxff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1204 -
\??\c:\04866.exec:\04866.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3232 -
\??\c:\thnhbb.exec:\thnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2136 -
\??\c:\pjvvp.exec:\pjvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1312 -
\??\c:\bnnbtn.exec:\bnnbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3132 -
\??\c:\60220.exec:\60220.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1284 -
\??\c:\484868.exec:\484868.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:744 -
\??\c:\xrrlxxx.exec:\xrrlxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4824 -
\??\c:\dvvvp.exec:\dvvvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1696 -
\??\c:\2066066.exec:\2066066.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2812 -
\??\c:\pjppp.exec:\pjppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5028 -
\??\c:\g4048.exec:\g4048.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4804 -
\??\c:\064888.exec:\064888.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5060 -
\??\c:\ddppp.exec:\ddppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4368 -
\??\c:\jdjdd.exec:\jdjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4552 -
\??\c:\606062.exec:\606062.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4324 -
\??\c:\o244448.exec:\o244448.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4308 -
\??\c:\646864.exec:\646864.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5036 -
\??\c:\pvjpj.exec:\pvjpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4244 -
\??\c:\600844.exec:\600844.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3748 -
\??\c:\tthhbb.exec:\tthhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\00282.exec:\00282.exe23⤵
- Executes dropped EXE
PID:1236 -
\??\c:\dpvjd.exec:\dpvjd.exe24⤵
- Executes dropped EXE
PID:5100 -
\??\c:\48606.exec:\48606.exe25⤵
- Executes dropped EXE
PID:2140 -
\??\c:\80604.exec:\80604.exe26⤵
- Executes dropped EXE
PID:1792 -
\??\c:\bnnhtb.exec:\bnnhtb.exe27⤵
- Executes dropped EXE
PID:3120 -
\??\c:\5llfxrr.exec:\5llfxrr.exe28⤵
- Executes dropped EXE
PID:4732 -
\??\c:\jdvvv.exec:\jdvvv.exe29⤵
- Executes dropped EXE
PID:3904 -
\??\c:\082004.exec:\082004.exe30⤵
- Executes dropped EXE
PID:2568 -
\??\c:\824828.exec:\824828.exe31⤵
- Executes dropped EXE
PID:3228 -
\??\c:\7xfxxlf.exec:\7xfxxlf.exe32⤵
- Executes dropped EXE
PID:3200 -
\??\c:\064444.exec:\064444.exe33⤵
- Executes dropped EXE
PID:1456 -
\??\c:\pvvdj.exec:\pvvdj.exe34⤵
- Executes dropped EXE
PID:4744 -
\??\c:\e68204.exec:\e68204.exe35⤵
- Executes dropped EXE
PID:2732 -
\??\c:\frrrlrl.exec:\frrrlrl.exe36⤵
- Executes dropped EXE
PID:2124 -
\??\c:\62888.exec:\62888.exe37⤵
- Executes dropped EXE
PID:4748 -
\??\c:\lxfxlll.exec:\lxfxlll.exe38⤵
- Executes dropped EXE
PID:3456 -
\??\c:\48482.exec:\48482.exe39⤵
- Executes dropped EXE
PID:2224 -
\??\c:\rfrrrrx.exec:\rfrrrrx.exe40⤵
- Executes dropped EXE
PID:4252 -
\??\c:\hbhhhn.exec:\hbhhhn.exe41⤵
- Executes dropped EXE
PID:3792 -
\??\c:\4860660.exec:\4860660.exe42⤵
- Executes dropped EXE
PID:2688 -
\??\c:\02448.exec:\02448.exe43⤵
- Executes dropped EXE
PID:532 -
\??\c:\rlfrlfr.exec:\rlfrlfr.exe44⤵
- Executes dropped EXE
PID:4264 -
\??\c:\xlxrllf.exec:\xlxrllf.exe45⤵
- Executes dropped EXE
PID:3232 -
\??\c:\8228288.exec:\8228288.exe46⤵
- Executes dropped EXE
PID:2452 -
\??\c:\btnnhh.exec:\btnnhh.exe47⤵
- Executes dropped EXE
PID:4772 -
\??\c:\5ffrllf.exec:\5ffrllf.exe48⤵
- Executes dropped EXE
PID:3132 -
\??\c:\6866060.exec:\6866060.exe49⤵
- Executes dropped EXE
PID:1016 -
\??\c:\bnbbnn.exec:\bnbbnn.exe50⤵
- Executes dropped EXE
PID:4800 -
\??\c:\m4064.exec:\m4064.exe51⤵
- Executes dropped EXE
PID:1556 -
\??\c:\tnnbtt.exec:\tnnbtt.exe52⤵
- Executes dropped EXE
PID:1696 -
\??\c:\vpdjd.exec:\vpdjd.exe53⤵
- Executes dropped EXE
PID:4036 -
\??\c:\862266.exec:\862266.exe54⤵
- Executes dropped EXE
PID:1780 -
\??\c:\o286448.exec:\o286448.exe55⤵
- Executes dropped EXE
PID:5028 -
\??\c:\60006.exec:\60006.exe56⤵
- Executes dropped EXE
PID:4304 -
\??\c:\608844.exec:\608844.exe57⤵
- Executes dropped EXE
PID:4884 -
\??\c:\2622000.exec:\2622000.exe58⤵
- Executes dropped EXE
PID:3156 -
\??\c:\bthnth.exec:\bthnth.exe59⤵
- Executes dropped EXE
PID:1796 -
\??\c:\80004.exec:\80004.exe60⤵
- Executes dropped EXE
PID:4856 -
\??\c:\3hnhtt.exec:\3hnhtt.exe61⤵
- Executes dropped EXE
PID:1108 -
\??\c:\i400000.exec:\i400000.exe62⤵
- Executes dropped EXE
PID:964 -
\??\c:\c262666.exec:\c262666.exe63⤵
- Executes dropped EXE
PID:3804 -
\??\c:\dpjdv.exec:\dpjdv.exe64⤵
- Executes dropped EXE
PID:4608 -
\??\c:\vpdjp.exec:\vpdjp.exe65⤵
- Executes dropped EXE
PID:368 -
\??\c:\408442.exec:\408442.exe66⤵PID:4508
-
\??\c:\9jpvp.exec:\9jpvp.exe67⤵PID:4964
-
\??\c:\fxxrxxx.exec:\fxxrxxx.exe68⤵PID:4188
-
\??\c:\bhbhhh.exec:\bhbhhh.exe69⤵PID:828
-
\??\c:\4488226.exec:\4488226.exe70⤵PID:1976
-
\??\c:\6044848.exec:\6044848.exe71⤵PID:3372
-
\??\c:\1dddv.exec:\1dddv.exe72⤵PID:4572
-
\??\c:\640244.exec:\640244.exe73⤵PID:2480
-
\??\c:\nnnhhb.exec:\nnnhhb.exe74⤵PID:2604
-
\??\c:\nhhnhh.exec:\nhhnhh.exe75⤵PID:3588
-
\??\c:\dvvvp.exec:\dvvvp.exe76⤵PID:3904
-
\??\c:\vjdvj.exec:\vjdvj.exe77⤵PID:2568
-
\??\c:\062666.exec:\062666.exe78⤵PID:4292
-
\??\c:\806604.exec:\806604.exe79⤵PID:3988
-
\??\c:\dvvpj.exec:\dvvpj.exe80⤵PID:2876
-
\??\c:\o660000.exec:\o660000.exe81⤵PID:4660
-
\??\c:\vppjj.exec:\vppjj.exe82⤵PID:1544
-
\??\c:\66264.exec:\66264.exe83⤵PID:712
-
\??\c:\httnbb.exec:\httnbb.exe84⤵PID:2212
-
\??\c:\86442.exec:\86442.exe85⤵PID:4540
-
\??\c:\5ttnbb.exec:\5ttnbb.exe86⤵PID:1624
-
\??\c:\k44488.exec:\k44488.exe87⤵PID:1972
-
\??\c:\rxxxllf.exec:\rxxxllf.exe88⤵PID:1704
-
\??\c:\200826.exec:\200826.exe89⤵PID:1212
-
\??\c:\2860488.exec:\2860488.exe90⤵PID:1204
-
\??\c:\48062.exec:\48062.exe91⤵PID:3912
-
\??\c:\djpdd.exec:\djpdd.exe92⤵PID:4264
-
\??\c:\5fffxxr.exec:\5fffxxr.exe93⤵PID:3232
-
\??\c:\lxrxrrr.exec:\lxrxrrr.exe94⤵PID:3672
-
\??\c:\66828.exec:\66828.exe95⤵PID:2628
-
\??\c:\llxxfxr.exec:\llxxfxr.exe96⤵PID:1252
-
\??\c:\002048.exec:\002048.exe97⤵PID:2440
-
\??\c:\tbbntn.exec:\tbbntn.exe98⤵PID:4524
-
\??\c:\04600.exec:\04600.exe99⤵PID:1916
-
\??\c:\66608.exec:\66608.exe100⤵PID:688
-
\??\c:\5htnbn.exec:\5htnbn.exe101⤵PID:1608
-
\??\c:\jdjvd.exec:\jdjvd.exe102⤵PID:2024
-
\??\c:\4460888.exec:\4460888.exe103⤵PID:4464
-
\??\c:\vppjd.exec:\vppjd.exe104⤵PID:4164
-
\??\c:\m8042.exec:\m8042.exe105⤵PID:244
-
\??\c:\262644.exec:\262644.exe106⤵PID:4368
-
\??\c:\1xfxlfx.exec:\1xfxlfx.exe107⤵PID:5116
-
\??\c:\nnhbtt.exec:\nnhbtt.exe108⤵PID:1864
-
\??\c:\xxxrllf.exec:\xxxrllf.exe109⤵PID:1108
-
\??\c:\880400.exec:\880400.exe110⤵PID:4444
-
\??\c:\9bbbtt.exec:\9bbbtt.exe111⤵PID:5056
-
\??\c:\i600444.exec:\i600444.exe112⤵PID:4608
-
\??\c:\48404.exec:\48404.exe113⤵PID:368
-
\??\c:\268000.exec:\268000.exe114⤵PID:2992
-
\??\c:\080044.exec:\080044.exe115⤵PID:4964
-
\??\c:\vpppj.exec:\vpppj.exe116⤵PID:4020
-
\??\c:\8400000.exec:\8400000.exe117⤵PID:2768
-
\??\c:\jdpjj.exec:\jdpjj.exe118⤵PID:1976
-
\??\c:\28482.exec:\28482.exe119⤵PID:3140
-
\??\c:\640448.exec:\640448.exe120⤵PID:4572
-
\??\c:\rffxllf.exec:\rffxllf.exe121⤵PID:392
-
\??\c:\0622660.exec:\0622660.exe122⤵PID:1632
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-