Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe
-
Size
82KB
-
MD5
6a651ad4dc3a3dc7aed411daad5bb300
-
SHA1
22d1923587e880e23feb756a3a43d89ebe45d4c8
-
SHA256
b029a54766f7e82fadbd1212e6e6f0ee89b7af09273456a297d8b2c656f1db18
-
SHA512
8cf57b529d431c39706c6269e642334b15435bc0ad63744c1fc5416ad73853b3fb49d561bd612ead05366f82a87849dbfbb7993742a66e1d619f8e56ed6e260e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsvG:ymb3NkkiQ3mdBjFIWeFGyA9PD
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/1928-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2892-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1548-22-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1548-24-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1692-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1960-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3056-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4380-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1100-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/456-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1364-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2028-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3612-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2104-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2396-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4840-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/816-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1940-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3176-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3592-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1732-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2044-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2128-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1980-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2268-198-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4880-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2892 jdjjd.exe 1548 vjjdv.exe 1692 xlrlffx.exe 1960 bbhhhn.exe 3056 1djjv.exe 4380 dvvdv.exe 1560 5xxrfff.exe 1100 lfllffx.exe 456 tnhhbb.exe 1364 djpdv.exe 2028 xrfxrxr.exe 3612 xlrrrfx.exe 2104 hbhhbh.exe 5004 djpdj.exe 2396 vddjj.exe 4840 xlrlllr.exe 816 bhtbbh.exe 1940 3nnhbb.exe 3176 xlrxlff.exe 3220 btttbh.exe 3592 9btnbh.exe 2916 pjjdj.exe 1732 7rxfflr.exe 2044 lxxrrrl.exe 2128 ttnnhh.exe 1980 pdvpj.exe 4668 fxrxfxf.exe 3968 xlrrllf.exe 2456 bttnnn.exe 2268 vppdp.exe 4880 rxxxxfl.exe 3232 hhthnt.exe 4644 vpppj.exe 3120 rfrlfff.exe 2928 xxfxllf.exe 1928 htbbtb.exe 4888 lllxrlf.exe 4488 5tbtnn.exe 4228 pdjpp.exe 4764 3fxxxxr.exe 1448 xlrlfff.exe 2284 ttbbbb.exe 4032 nhtbnn.exe 1948 pvddv.exe 1472 7ddvp.exe 1620 frxrrrx.exe 3836 fxrfxxr.exe 4080 hbbnbh.exe 5068 nbbttt.exe 912 ppvjj.exe 1652 7xxxrll.exe 2104 lxxxxxr.exe 2292 ttbthn.exe 4072 nbhnbt.exe 4808 dpdvj.exe 3744 pdjvp.exe 5024 lfllflr.exe 3456 xrlflll.exe 3116 nttttt.exe 3368 pjvjp.exe 1492 frxrffx.exe 3220 xlfxrrl.exe 3592 tbbttt.exe 4884 tthbnn.exe -
resource yara_rule behavioral2/memory/1928-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2892-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2892-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1548-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1692-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1960-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1960-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3056-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4380-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1100-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/456-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1364-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2028-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3612-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2104-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2396-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4840-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/816-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1940-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3176-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3592-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1732-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2044-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2128-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1980-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2268-198-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4880-203-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1928 wrote to memory of 2892 1928 6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe 85 PID 1928 wrote to memory of 2892 1928 6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe 85 PID 1928 wrote to memory of 2892 1928 6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe 85 PID 2892 wrote to memory of 1548 2892 jdjjd.exe 86 PID 2892 wrote to memory of 1548 2892 jdjjd.exe 86 PID 2892 wrote to memory of 1548 2892 jdjjd.exe 86 PID 1548 wrote to memory of 1692 1548 vjjdv.exe 87 PID 1548 wrote to memory of 1692 1548 vjjdv.exe 87 PID 1548 wrote to memory of 1692 1548 vjjdv.exe 87 PID 1692 wrote to memory of 1960 1692 xlrlffx.exe 88 PID 1692 wrote to memory of 1960 1692 xlrlffx.exe 88 PID 1692 wrote to memory of 1960 1692 xlrlffx.exe 88 PID 1960 wrote to memory of 3056 1960 bbhhhn.exe 89 PID 1960 wrote to memory of 3056 1960 bbhhhn.exe 89 PID 1960 wrote to memory of 3056 1960 bbhhhn.exe 89 PID 3056 wrote to memory of 4380 3056 1djjv.exe 90 PID 3056 wrote to memory of 4380 3056 1djjv.exe 90 PID 3056 wrote to memory of 4380 3056 1djjv.exe 90 PID 4380 wrote to memory of 1560 4380 dvvdv.exe 91 PID 4380 wrote to memory of 1560 4380 dvvdv.exe 91 PID 4380 wrote to memory of 1560 4380 dvvdv.exe 91 PID 1560 wrote to memory of 1100 1560 5xxrfff.exe 92 PID 1560 wrote to memory of 1100 1560 5xxrfff.exe 92 PID 1560 wrote to memory of 1100 1560 5xxrfff.exe 92 PID 1100 wrote to memory of 456 1100 lfllffx.exe 93 PID 1100 wrote to memory of 456 1100 lfllffx.exe 93 PID 1100 wrote to memory of 456 1100 lfllffx.exe 93 PID 456 wrote to memory of 1364 456 tnhhbb.exe 94 PID 456 wrote to memory of 1364 456 tnhhbb.exe 94 PID 456 wrote to memory of 1364 456 tnhhbb.exe 94 PID 1364 wrote to memory of 2028 1364 djpdv.exe 95 PID 1364 wrote to memory of 2028 1364 djpdv.exe 95 PID 1364 wrote to memory of 2028 1364 djpdv.exe 95 PID 2028 wrote to memory of 3612 2028 xrfxrxr.exe 96 PID 2028 wrote to memory of 3612 2028 xrfxrxr.exe 96 PID 2028 wrote to memory of 3612 2028 xrfxrxr.exe 96 PID 3612 wrote to memory of 2104 3612 xlrrrfx.exe 97 PID 3612 wrote to memory of 2104 3612 xlrrrfx.exe 97 PID 3612 wrote to memory of 2104 3612 xlrrrfx.exe 97 PID 2104 wrote to memory of 5004 2104 hbhhbh.exe 99 PID 2104 wrote to memory of 5004 2104 hbhhbh.exe 99 PID 2104 wrote to memory of 5004 2104 hbhhbh.exe 99 PID 5004 wrote to memory of 2396 5004 djpdj.exe 100 PID 5004 wrote to memory of 2396 5004 djpdj.exe 100 PID 5004 wrote to memory of 2396 5004 djpdj.exe 100 PID 2396 wrote to memory of 4840 2396 vddjj.exe 101 PID 2396 wrote to memory of 4840 2396 vddjj.exe 101 PID 2396 wrote to memory of 4840 2396 vddjj.exe 101 PID 4840 wrote to memory of 816 4840 xlrlllr.exe 102 PID 4840 wrote to memory of 816 4840 xlrlllr.exe 102 PID 4840 wrote to memory of 816 4840 xlrlllr.exe 102 PID 816 wrote to memory of 1940 816 bhtbbh.exe 103 PID 816 wrote to memory of 1940 816 bhtbbh.exe 103 PID 816 wrote to memory of 1940 816 bhtbbh.exe 103 PID 1940 wrote to memory of 3176 1940 3nnhbb.exe 104 PID 1940 wrote to memory of 3176 1940 3nnhbb.exe 104 PID 1940 wrote to memory of 3176 1940 3nnhbb.exe 104 PID 3176 wrote to memory of 3220 3176 xlrxlff.exe 105 PID 3176 wrote to memory of 3220 3176 xlrxlff.exe 105 PID 3176 wrote to memory of 3220 3176 xlrxlff.exe 105 PID 3220 wrote to memory of 3592 3220 btttbh.exe 106 PID 3220 wrote to memory of 3592 3220 btttbh.exe 106 PID 3220 wrote to memory of 3592 3220 btttbh.exe 106 PID 3592 wrote to memory of 2916 3592 9btnbh.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a651ad4dc3a3dc7aed411daad5bb300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1928 -
\??\c:\jdjjd.exec:\jdjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\vjjdv.exec:\vjjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1548 -
\??\c:\xlrlffx.exec:\xlrlffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1692 -
\??\c:\bbhhhn.exec:\bbhhhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1960 -
\??\c:\1djjv.exec:\1djjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3056 -
\??\c:\dvvdv.exec:\dvvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4380 -
\??\c:\5xxrfff.exec:\5xxrfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1560 -
\??\c:\lfllffx.exec:\lfllffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1100 -
\??\c:\tnhhbb.exec:\tnhhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:456 -
\??\c:\djpdv.exec:\djpdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1364 -
\??\c:\xrfxrxr.exec:\xrfxrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\xlrrrfx.exec:\xlrrrfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3612 -
\??\c:\hbhhbh.exec:\hbhhbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2104 -
\??\c:\djpdj.exec:\djpdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5004 -
\??\c:\vddjj.exec:\vddjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2396 -
\??\c:\xlrlllr.exec:\xlrlllr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4840 -
\??\c:\bhtbbh.exec:\bhtbbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:816 -
\??\c:\3nnhbb.exec:\3nnhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1940 -
\??\c:\xlrxlff.exec:\xlrxlff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3176 -
\??\c:\btttbh.exec:\btttbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3220 -
\??\c:\9btnbh.exec:\9btnbh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3592 -
\??\c:\pjjdj.exec:\pjjdj.exe23⤵
- Executes dropped EXE
PID:2916 -
\??\c:\7rxfflr.exec:\7rxfflr.exe24⤵
- Executes dropped EXE
PID:1732 -
\??\c:\lxxrrrl.exec:\lxxrrrl.exe25⤵
- Executes dropped EXE
PID:2044 -
\??\c:\ttnnhh.exec:\ttnnhh.exe26⤵
- Executes dropped EXE
PID:2128 -
\??\c:\pdvpj.exec:\pdvpj.exe27⤵
- Executes dropped EXE
PID:1980 -
\??\c:\fxrxfxf.exec:\fxrxfxf.exe28⤵
- Executes dropped EXE
PID:4668 -
\??\c:\xlrrllf.exec:\xlrrllf.exe29⤵
- Executes dropped EXE
PID:3968 -
\??\c:\bttnnn.exec:\bttnnn.exe30⤵
- Executes dropped EXE
PID:2456 -
\??\c:\vppdp.exec:\vppdp.exe31⤵
- Executes dropped EXE
PID:2268 -
\??\c:\rxxxxfl.exec:\rxxxxfl.exe32⤵
- Executes dropped EXE
PID:4880 -
\??\c:\hhthnt.exec:\hhthnt.exe33⤵
- Executes dropped EXE
PID:3232 -
\??\c:\vpppj.exec:\vpppj.exe34⤵
- Executes dropped EXE
PID:4644 -
\??\c:\rfrlfff.exec:\rfrlfff.exe35⤵
- Executes dropped EXE
PID:3120 -
\??\c:\xxfxllf.exec:\xxfxllf.exe36⤵
- Executes dropped EXE
PID:2928 -
\??\c:\htbbtb.exec:\htbbtb.exe37⤵
- Executes dropped EXE
PID:1928 -
\??\c:\lllxrlf.exec:\lllxrlf.exe38⤵
- Executes dropped EXE
PID:4888 -
\??\c:\5tbtnn.exec:\5tbtnn.exe39⤵
- Executes dropped EXE
PID:4488 -
\??\c:\pdjpp.exec:\pdjpp.exe40⤵
- Executes dropped EXE
PID:4228 -
\??\c:\3fxxxxr.exec:\3fxxxxr.exe41⤵
- Executes dropped EXE
PID:4764 -
\??\c:\xlrlfff.exec:\xlrlfff.exe42⤵
- Executes dropped EXE
PID:1448 -
\??\c:\ttbbbb.exec:\ttbbbb.exe43⤵
- Executes dropped EXE
PID:2284 -
\??\c:\nhtbnn.exec:\nhtbnn.exe44⤵
- Executes dropped EXE
PID:4032 -
\??\c:\pvddv.exec:\pvddv.exe45⤵
- Executes dropped EXE
PID:1948 -
\??\c:\7ddvp.exec:\7ddvp.exe46⤵
- Executes dropped EXE
PID:1472 -
\??\c:\frxrrrx.exec:\frxrrrx.exe47⤵
- Executes dropped EXE
PID:1620 -
\??\c:\fxrfxxr.exec:\fxrfxxr.exe48⤵
- Executes dropped EXE
PID:3836 -
\??\c:\hbbnbh.exec:\hbbnbh.exe49⤵
- Executes dropped EXE
PID:4080 -
\??\c:\nbbttt.exec:\nbbttt.exe50⤵
- Executes dropped EXE
PID:5068 -
\??\c:\ppvjj.exec:\ppvjj.exe51⤵
- Executes dropped EXE
PID:912 -
\??\c:\7xxxrll.exec:\7xxxrll.exe52⤵
- Executes dropped EXE
PID:1652 -
\??\c:\lxxxxxr.exec:\lxxxxxr.exe53⤵
- Executes dropped EXE
PID:2104 -
\??\c:\ttbthn.exec:\ttbthn.exe54⤵
- Executes dropped EXE
PID:2292 -
\??\c:\nbhnbt.exec:\nbhnbt.exe55⤵
- Executes dropped EXE
PID:4072 -
\??\c:\dpdvj.exec:\dpdvj.exe56⤵
- Executes dropped EXE
PID:4808 -
\??\c:\pdjvp.exec:\pdjvp.exe57⤵
- Executes dropped EXE
PID:3744 -
\??\c:\lfllflr.exec:\lfllflr.exe58⤵
- Executes dropped EXE
PID:5024 -
\??\c:\xrlflll.exec:\xrlflll.exe59⤵
- Executes dropped EXE
PID:3456 -
\??\c:\nttttt.exec:\nttttt.exe60⤵
- Executes dropped EXE
PID:3116 -
\??\c:\pjvjp.exec:\pjvjp.exe61⤵
- Executes dropped EXE
PID:3368 -
\??\c:\frxrffx.exec:\frxrffx.exe62⤵
- Executes dropped EXE
PID:1492 -
\??\c:\xlfxrrl.exec:\xlfxrrl.exe63⤵
- Executes dropped EXE
PID:3220 -
\??\c:\tbbttt.exec:\tbbttt.exe64⤵
- Executes dropped EXE
PID:3592 -
\??\c:\tthbnn.exec:\tthbnn.exe65⤵
- Executes dropped EXE
PID:4884 -
\??\c:\dvvjd.exec:\dvvjd.exe66⤵PID:468
-
\??\c:\1xxlffx.exec:\1xxlffx.exe67⤵PID:1856
-
\??\c:\rlffxxx.exec:\rlffxxx.exe68⤵PID:3520
-
\??\c:\htttnn.exec:\htttnn.exe69⤵PID:644
-
\??\c:\nhnhhh.exec:\nhnhhh.exe70⤵PID:2128
-
\??\c:\ppvdd.exec:\ppvdd.exe71⤵PID:3568
-
\??\c:\ffxrxxr.exec:\ffxrxxr.exe72⤵PID:4276
-
\??\c:\3xffxxx.exec:\3xffxxx.exe73⤵PID:3964
-
\??\c:\hhhhbh.exec:\hhhhbh.exe74⤵PID:2944
-
\??\c:\bbbbhh.exec:\bbbbhh.exe75⤵PID:1048
-
\??\c:\dvdvd.exec:\dvdvd.exe76⤵PID:2268
-
\??\c:\jpjdv.exec:\jpjdv.exe77⤵PID:1268
-
\??\c:\fxlfxrr.exec:\fxlfxrr.exe78⤵PID:4436
-
\??\c:\hnttnn.exec:\hnttnn.exe79⤵PID:4308
-
\??\c:\bhhbbt.exec:\bhhbbt.exe80⤵PID:336
-
\??\c:\7jdvp.exec:\7jdvp.exe81⤵PID:4332
-
\??\c:\flxrfll.exec:\flxrfll.exe82⤵PID:4300
-
\??\c:\flxrlfx.exec:\flxrlfx.exe83⤵PID:4544
-
\??\c:\7ntnnn.exec:\7ntnnn.exe84⤵PID:2504
-
\??\c:\btbbtt.exec:\btbbtt.exe85⤵PID:1844
-
\??\c:\jvppp.exec:\jvppp.exe86⤵PID:4412
-
\??\c:\vpjdv.exec:\vpjdv.exe87⤵PID:3104
-
\??\c:\rlllfff.exec:\rlllfff.exe88⤵PID:4724
-
\??\c:\lxfxrxr.exec:\lxfxrxr.exe89⤵PID:3060
-
\??\c:\hthbtt.exec:\hthbtt.exe90⤵PID:1728
-
\??\c:\thhbtn.exec:\thhbtn.exe91⤵PID:2040
-
\??\c:\vjvvp.exec:\vjvvp.exe92⤵PID:1848
-
\??\c:\7llfrrl.exec:\7llfrrl.exe93⤵PID:5032
-
\??\c:\lffxrrr.exec:\lffxrrr.exe94⤵PID:5020
-
\??\c:\tbnbtn.exec:\tbnbtn.exe95⤵PID:3132
-
\??\c:\nhnbtt.exec:\nhnbtt.exe96⤵PID:4420
-
\??\c:\3pvpv.exec:\3pvpv.exe97⤵PID:4512
-
\??\c:\dddjd.exec:\dddjd.exe98⤵PID:2968
-
\??\c:\flxrffx.exec:\flxrffx.exe99⤵PID:4964
-
\??\c:\xrxlrrl.exec:\xrxlrrl.exe100⤵PID:3732
-
\??\c:\hbbthh.exec:\hbbthh.exe101⤵PID:4500
-
\??\c:\btnnhb.exec:\btnnhb.exe102⤵PID:4132
-
\??\c:\jvjvd.exec:\jvjvd.exe103⤵PID:4840
-
\??\c:\vjjpp.exec:\vjjpp.exe104⤵PID:1940
-
\??\c:\lrrlfff.exec:\lrrlfff.exe105⤵PID:4632
-
\??\c:\rrrrllf.exec:\rrrrllf.exe106⤵PID:1772
-
\??\c:\bnhbtt.exec:\bnhbtt.exe107⤵PID:2632
-
\??\c:\1vvvj.exec:\1vvvj.exe108⤵PID:2856
-
\??\c:\vddjp.exec:\vddjp.exe109⤵PID:404
-
\??\c:\lffxffx.exec:\lffxffx.exe110⤵PID:4572
-
\??\c:\hthhtn.exec:\hthhtn.exe111⤵PID:2592
-
\??\c:\hntbht.exec:\hntbht.exe112⤵PID:4068
-
\??\c:\jddvp.exec:\jddvp.exe113⤵PID:3520
-
\??\c:\ppppj.exec:\ppppj.exe114⤵PID:3924
-
\??\c:\rffxxxr.exec:\rffxxxr.exe115⤵PID:1944
-
\??\c:\xxfxxxr.exec:\xxfxxxr.exe116⤵PID:3164
-
\??\c:\hbthbt.exec:\hbthbt.exe117⤵PID:4876
-
\??\c:\hbnhbb.exec:\hbnhbb.exe118⤵PID:3964
-
\??\c:\jppjj.exec:\jppjj.exe119⤵PID:2392
-
\??\c:\5jdpv.exec:\5jdpv.exe120⤵PID:1048
-
\??\c:\xxxrrxx.exec:\xxxrrxx.exe121⤵PID:3244
-
\??\c:\xxxxxxr.exec:\xxxxxxr.exe122⤵PID:1268
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-