Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe
-
Size
51KB
-
MD5
6b83ce04cb86dbe9ed4b86840a8102b0
-
SHA1
6cf65d902882a1b94f69ec9a1b853b31f05fc6da
-
SHA256
9d4230afa52fab1cedbd730ff8cecd247221d75a405b1784bb209d5234876dbc
-
SHA512
841ae1f92605dff409e7861cbfee2686293f3d8f30ac4e8f0071ae0c7e20f776a1f9433163ad20031b3434bbdc9ad26b95d0063c3cc0e6db229845f77ecc909a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoYd:ymb3NkkiQ3mdBjFo+
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/2900-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2016-20-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2016-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2524-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2452-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2488-59-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2488-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2116-69-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2116-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2328-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2688-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2736-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1656-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1644-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2388-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2648-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2828-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1264-207-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/908-226-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1676-243-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1312-252-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1152-270-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2988-288-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2016 1nbtbb.exe 3052 pdpvv.exe 2524 pjjvj.exe 2452 lxxlxxr.exe 2488 hbhhbh.exe 2116 hbtbbb.exe 2328 3jjjp.exe 2448 frxflrx.exe 1016 xlfxffr.exe 2688 hhhbtb.exe 2736 5nhbbb.exe 1656 3pvvj.exe 1644 jdvpv.exe 548 rllrffr.exe 2388 bbnbtb.exe 2648 nbttbt.exe 2876 dvjvp.exe 2044 xrxrxxf.exe 2828 lrxllrf.exe 2416 hbttbn.exe 1264 bbtbnh.exe 528 pjppv.exe 908 fflxlfl.exe 636 1frrffl.exe 1676 tnnbbh.exe 1312 nbbhht.exe 1680 5jvvj.exe 1152 lxllllx.exe 1220 9llrxxf.exe 2988 thtntn.exe 2812 9vpvj.exe 2232 vjjjj.exe 1612 rfrlffl.exe 2468 bbnbhn.exe 1528 hthnnh.exe 2568 9dppd.exe 2004 1xlfxxf.exe 2188 fllffxx.exe 2584 tnbhnh.exe 2624 5vdjv.exe 2548 xlrlflf.exe 2348 rrrfxff.exe 2332 hhbtnh.exe 3064 3tbhnn.exe 2404 pjvvv.exe 2692 7vdvv.exe 2688 xfllfxx.exe 2872 9hbbhh.exe 760 5nbhnn.exe 1556 bnbbhh.exe 2076 7vdjv.exe 1548 vjvpp.exe 1508 lfllffl.exe 1440 5ffxllf.exe 628 nhnbhh.exe 1260 bthnnn.exe 1992 vjjdj.exe 2272 ppdvd.exe 2192 9jjdj.exe 336 frxxrrr.exe 1236 7tbtth.exe 1700 1nbnnh.exe 836 dvppv.exe 572 5vjpp.exe -
resource yara_rule behavioral1/memory/2900-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2016-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2452-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2488-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2116-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2328-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2448-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2448-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2448-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2688-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1656-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1644-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2388-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2648-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2828-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1264-207-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/908-226-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1676-243-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1312-252-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1152-270-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2988-288-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2900 wrote to memory of 2016 2900 6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe 28 PID 2900 wrote to memory of 2016 2900 6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe 28 PID 2900 wrote to memory of 2016 2900 6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe 28 PID 2900 wrote to memory of 2016 2900 6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe 28 PID 2016 wrote to memory of 3052 2016 1nbtbb.exe 29 PID 2016 wrote to memory of 3052 2016 1nbtbb.exe 29 PID 2016 wrote to memory of 3052 2016 1nbtbb.exe 29 PID 2016 wrote to memory of 3052 2016 1nbtbb.exe 29 PID 3052 wrote to memory of 2524 3052 pdpvv.exe 30 PID 3052 wrote to memory of 2524 3052 pdpvv.exe 30 PID 3052 wrote to memory of 2524 3052 pdpvv.exe 30 PID 3052 wrote to memory of 2524 3052 pdpvv.exe 30 PID 2524 wrote to memory of 2452 2524 pjjvj.exe 31 PID 2524 wrote to memory of 2452 2524 pjjvj.exe 31 PID 2524 wrote to memory of 2452 2524 pjjvj.exe 31 PID 2524 wrote to memory of 2452 2524 pjjvj.exe 31 PID 2452 wrote to memory of 2488 2452 lxxlxxr.exe 32 PID 2452 wrote to memory of 2488 2452 lxxlxxr.exe 32 PID 2452 wrote to memory of 2488 2452 lxxlxxr.exe 32 PID 2452 wrote to memory of 2488 2452 lxxlxxr.exe 32 PID 2488 wrote to memory of 2116 2488 hbhhbh.exe 33 PID 2488 wrote to memory of 2116 2488 hbhhbh.exe 33 PID 2488 wrote to memory of 2116 2488 hbhhbh.exe 33 PID 2488 wrote to memory of 2116 2488 hbhhbh.exe 33 PID 2116 wrote to memory of 2328 2116 hbtbbb.exe 34 PID 2116 wrote to memory of 2328 2116 hbtbbb.exe 34 PID 2116 wrote to memory of 2328 2116 hbtbbb.exe 34 PID 2116 wrote to memory of 2328 2116 hbtbbb.exe 34 PID 2328 wrote to memory of 2448 2328 3jjjp.exe 35 PID 2328 wrote to memory of 2448 2328 3jjjp.exe 35 PID 2328 wrote to memory of 2448 2328 3jjjp.exe 35 PID 2328 wrote to memory of 2448 2328 3jjjp.exe 35 PID 2448 wrote to memory of 1016 2448 frxflrx.exe 36 PID 2448 wrote to memory of 1016 2448 frxflrx.exe 36 PID 2448 wrote to memory of 1016 2448 frxflrx.exe 36 PID 2448 wrote to memory of 1016 2448 frxflrx.exe 36 PID 1016 wrote to memory of 2688 1016 xlfxffr.exe 37 PID 1016 wrote to memory of 2688 1016 xlfxffr.exe 37 PID 1016 wrote to memory of 2688 1016 xlfxffr.exe 37 PID 1016 wrote to memory of 2688 1016 xlfxffr.exe 37 PID 2688 wrote to memory of 2736 2688 hhhbtb.exe 38 PID 2688 wrote to memory of 2736 2688 hhhbtb.exe 38 PID 2688 wrote to memory of 2736 2688 hhhbtb.exe 38 PID 2688 wrote to memory of 2736 2688 hhhbtb.exe 38 PID 2736 wrote to memory of 1656 2736 5nhbbb.exe 39 PID 2736 wrote to memory of 1656 2736 5nhbbb.exe 39 PID 2736 wrote to memory of 1656 2736 5nhbbb.exe 39 PID 2736 wrote to memory of 1656 2736 5nhbbb.exe 39 PID 1656 wrote to memory of 1644 1656 3pvvj.exe 40 PID 1656 wrote to memory of 1644 1656 3pvvj.exe 40 PID 1656 wrote to memory of 1644 1656 3pvvj.exe 40 PID 1656 wrote to memory of 1644 1656 3pvvj.exe 40 PID 1644 wrote to memory of 548 1644 jdvpv.exe 41 PID 1644 wrote to memory of 548 1644 jdvpv.exe 41 PID 1644 wrote to memory of 548 1644 jdvpv.exe 41 PID 1644 wrote to memory of 548 1644 jdvpv.exe 41 PID 548 wrote to memory of 2388 548 rllrffr.exe 42 PID 548 wrote to memory of 2388 548 rllrffr.exe 42 PID 548 wrote to memory of 2388 548 rllrffr.exe 42 PID 548 wrote to memory of 2388 548 rllrffr.exe 42 PID 2388 wrote to memory of 2648 2388 bbnbtb.exe 43 PID 2388 wrote to memory of 2648 2388 bbnbtb.exe 43 PID 2388 wrote to memory of 2648 2388 bbnbtb.exe 43 PID 2388 wrote to memory of 2648 2388 bbnbtb.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\1nbtbb.exec:\1nbtbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2016 -
\??\c:\pdpvv.exec:\pdpvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3052 -
\??\c:\pjjvj.exec:\pjjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\lxxlxxr.exec:\lxxlxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\hbhhbh.exec:\hbhhbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2488 -
\??\c:\hbtbbb.exec:\hbtbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2116 -
\??\c:\3jjjp.exec:\3jjjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2328 -
\??\c:\frxflrx.exec:\frxflrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2448 -
\??\c:\xlfxffr.exec:\xlfxffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1016 -
\??\c:\hhhbtb.exec:\hhhbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\5nhbbb.exec:\5nhbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\3pvvj.exec:\3pvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1656 -
\??\c:\jdvpv.exec:\jdvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1644 -
\??\c:\rllrffr.exec:\rllrffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:548 -
\??\c:\bbnbtb.exec:\bbnbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\nbttbt.exec:\nbttbt.exe17⤵
- Executes dropped EXE
PID:2648 -
\??\c:\dvjvp.exec:\dvjvp.exe18⤵
- Executes dropped EXE
PID:2876 -
\??\c:\xrxrxxf.exec:\xrxrxxf.exe19⤵
- Executes dropped EXE
PID:2044 -
\??\c:\lrxllrf.exec:\lrxllrf.exe20⤵
- Executes dropped EXE
PID:2828 -
\??\c:\hbttbn.exec:\hbttbn.exe21⤵
- Executes dropped EXE
PID:2416 -
\??\c:\bbtbnh.exec:\bbtbnh.exe22⤵
- Executes dropped EXE
PID:1264 -
\??\c:\pjppv.exec:\pjppv.exe23⤵
- Executes dropped EXE
PID:528 -
\??\c:\fflxlfl.exec:\fflxlfl.exe24⤵
- Executes dropped EXE
PID:908 -
\??\c:\1frrffl.exec:\1frrffl.exe25⤵
- Executes dropped EXE
PID:636 -
\??\c:\tnnbbh.exec:\tnnbbh.exe26⤵
- Executes dropped EXE
PID:1676 -
\??\c:\nbbhht.exec:\nbbhht.exe27⤵
- Executes dropped EXE
PID:1312 -
\??\c:\5jvvj.exec:\5jvvj.exe28⤵
- Executes dropped EXE
PID:1680 -
\??\c:\lxllllx.exec:\lxllllx.exe29⤵
- Executes dropped EXE
PID:1152 -
\??\c:\9llrxxf.exec:\9llrxxf.exe30⤵
- Executes dropped EXE
PID:1220 -
\??\c:\thtntn.exec:\thtntn.exe31⤵
- Executes dropped EXE
PID:2988 -
\??\c:\9vpvj.exec:\9vpvj.exe32⤵
- Executes dropped EXE
PID:2812 -
\??\c:\vjjjj.exec:\vjjjj.exe33⤵
- Executes dropped EXE
PID:2232 -
\??\c:\rfrlffl.exec:\rfrlffl.exe34⤵
- Executes dropped EXE
PID:1612 -
\??\c:\rlfffll.exec:\rlfffll.exe35⤵PID:2756
-
\??\c:\bbnbhn.exec:\bbnbhn.exe36⤵
- Executes dropped EXE
PID:2468 -
\??\c:\hthnnh.exec:\hthnnh.exe37⤵
- Executes dropped EXE
PID:1528 -
\??\c:\9dppd.exec:\9dppd.exe38⤵
- Executes dropped EXE
PID:2568 -
\??\c:\1xlfxxf.exec:\1xlfxxf.exe39⤵
- Executes dropped EXE
PID:2004 -
\??\c:\fllffxx.exec:\fllffxx.exe40⤵
- Executes dropped EXE
PID:2188 -
\??\c:\tnbhnh.exec:\tnbhnh.exe41⤵
- Executes dropped EXE
PID:2584 -
\??\c:\5vdjv.exec:\5vdjv.exe42⤵
- Executes dropped EXE
PID:2624 -
\??\c:\xlrlflf.exec:\xlrlflf.exe43⤵
- Executes dropped EXE
PID:2548 -
\??\c:\rrrfxff.exec:\rrrfxff.exe44⤵
- Executes dropped EXE
PID:2348 -
\??\c:\hhbtnh.exec:\hhbtnh.exe45⤵
- Executes dropped EXE
PID:2332 -
\??\c:\3tbhnn.exec:\3tbhnn.exe46⤵
- Executes dropped EXE
PID:3064 -
\??\c:\pjvvv.exec:\pjvvv.exe47⤵
- Executes dropped EXE
PID:2404 -
\??\c:\7vdvv.exec:\7vdvv.exe48⤵
- Executes dropped EXE
PID:2692 -
\??\c:\xfllfxx.exec:\xfllfxx.exe49⤵
- Executes dropped EXE
PID:2688 -
\??\c:\9hbbhh.exec:\9hbbhh.exe50⤵
- Executes dropped EXE
PID:2872 -
\??\c:\5nbhnn.exec:\5nbhnn.exe51⤵
- Executes dropped EXE
PID:760 -
\??\c:\bnbbhh.exec:\bnbbhh.exe52⤵
- Executes dropped EXE
PID:1556 -
\??\c:\7vdjv.exec:\7vdjv.exe53⤵
- Executes dropped EXE
PID:2076 -
\??\c:\vjvpp.exec:\vjvpp.exe54⤵
- Executes dropped EXE
PID:1548 -
\??\c:\lfllffl.exec:\lfllffl.exe55⤵
- Executes dropped EXE
PID:1508 -
\??\c:\5ffxllf.exec:\5ffxllf.exe56⤵
- Executes dropped EXE
PID:1440 -
\??\c:\nhnbhh.exec:\nhnbhh.exe57⤵
- Executes dropped EXE
PID:628 -
\??\c:\bthnnn.exec:\bthnnn.exe58⤵
- Executes dropped EXE
PID:1260 -
\??\c:\vjjdj.exec:\vjjdj.exe59⤵
- Executes dropped EXE
PID:1992 -
\??\c:\ppdvd.exec:\ppdvd.exe60⤵
- Executes dropped EXE
PID:2272 -
\??\c:\9jjdj.exec:\9jjdj.exe61⤵
- Executes dropped EXE
PID:2192 -
\??\c:\frxxrrr.exec:\frxxrrr.exe62⤵
- Executes dropped EXE
PID:336 -
\??\c:\7tbtth.exec:\7tbtth.exe63⤵
- Executes dropped EXE
PID:1236 -
\??\c:\1nbnnh.exec:\1nbnnh.exe64⤵
- Executes dropped EXE
PID:1700 -
\??\c:\dvppv.exec:\dvppv.exe65⤵
- Executes dropped EXE
PID:836 -
\??\c:\5vjpp.exec:\5vjpp.exe66⤵
- Executes dropped EXE
PID:572 -
\??\c:\5xxxffl.exec:\5xxxffl.exe67⤵PID:1868
-
\??\c:\9fllllr.exec:\9fllllr.exe68⤵PID:1296
-
\??\c:\bntthh.exec:\bntthh.exe69⤵PID:1668
-
\??\c:\3bhbtt.exec:\3bhbtt.exe70⤵PID:1684
-
\??\c:\bntnbb.exec:\bntnbb.exe71⤵PID:900
-
\??\c:\jpdvd.exec:\jpdvd.exe72⤵PID:704
-
\??\c:\pjdpp.exec:\pjdpp.exe73⤵PID:2284
-
\??\c:\1rffffx.exec:\1rffffx.exe74⤵PID:2988
-
\??\c:\ffflflx.exec:\ffflflx.exe75⤵PID:2792
-
\??\c:\3hbthb.exec:\3hbthb.exe76⤵PID:1428
-
\??\c:\tbntbh.exec:\tbntbh.exe77⤵PID:2252
-
\??\c:\jvppp.exec:\jvppp.exe78⤵PID:2956
-
\??\c:\7jjjd.exec:\7jjjd.exe79⤵PID:1504
-
\??\c:\vddvv.exec:\vddvv.exe80⤵PID:2528
-
\??\c:\rlflflx.exec:\rlflflx.exe81⤵PID:2904
-
\??\c:\7xfrrlx.exec:\7xfrrlx.exe82⤵PID:2600
-
\??\c:\tnhhtb.exec:\tnhhtb.exe83⤵PID:2512
-
\??\c:\thnttt.exec:\thnttt.exe84⤵PID:2472
-
\??\c:\tttnnt.exec:\tttnnt.exe85⤵PID:2500
-
\??\c:\vjjdj.exec:\vjjdj.exe86⤵PID:2340
-
\??\c:\pjjjj.exec:\pjjjj.exe87⤵PID:2440
-
\??\c:\xrxrrrf.exec:\xrxrrrf.exe88⤵PID:2844
-
\??\c:\fxflrrx.exec:\fxflrrx.exe89⤵PID:2644
-
\??\c:\nnhbnt.exec:\nnhbnt.exe90⤵PID:332
-
\??\c:\1tnhth.exec:\1tnhth.exe91⤵PID:2856
-
\??\c:\bthhnt.exec:\bthhnt.exe92⤵PID:2660
-
\??\c:\pvvvj.exec:\pvvvj.exe93⤵PID:1708
-
\??\c:\ppjpd.exec:\ppjpd.exe94⤵PID:300
-
\??\c:\lxrxlrx.exec:\lxrxlrx.exe95⤵PID:288
-
\??\c:\xrxlxfl.exec:\xrxlxfl.exe96⤵PID:320
-
\??\c:\5bnhnh.exec:\5bnhnh.exe97⤵PID:2664
-
\??\c:\bnnntt.exec:\bnnntt.exe98⤵PID:2296
-
\??\c:\vpvvp.exec:\vpvvp.exe99⤵PID:1520
-
\??\c:\dpjpj.exec:\dpjpj.exe100⤵PID:1468
-
\??\c:\pppjd.exec:\pppjd.exe101⤵PID:1572
-
\??\c:\xffrxll.exec:\xffrxll.exe102⤵PID:2024
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe103⤵PID:1816
-
\??\c:\hbttbb.exec:\hbttbb.exe104⤵PID:536
-
\??\c:\dpjjv.exec:\dpjjv.exe105⤵PID:596
-
\??\c:\pdppv.exec:\pdppv.exe106⤵PID:700
-
\??\c:\fxfrffr.exec:\fxfrffr.exe107⤵PID:1864
-
\??\c:\lrxrlff.exec:\lrxrlff.exe108⤵PID:2308
-
\??\c:\btbthh.exec:\btbthh.exe109⤵PID:1628
-
\??\c:\bnttbb.exec:\bnttbb.exe110⤵PID:952
-
\??\c:\jdjpv.exec:\jdjpv.exe111⤵PID:1292
-
\??\c:\1vdjj.exec:\1vdjj.exe112⤵PID:2980
-
\??\c:\rlxlrlr.exec:\rlxlrlr.exe113⤵PID:2968
-
\??\c:\frrfxlx.exec:\frrfxlx.exe114⤵PID:272
-
\??\c:\htbhnt.exec:\htbhnt.exe115⤵PID:2088
-
\??\c:\htbbtt.exec:\htbbtt.exe116⤵PID:2260
-
\??\c:\dpdjj.exec:\dpdjj.exe117⤵PID:1432
-
\??\c:\7jdvp.exec:\7jdvp.exe118⤵PID:2924
-
\??\c:\5xffrrx.exec:\5xffrrx.exe119⤵PID:2944
-
\??\c:\frrrxxr.exec:\frrrxxr.exe120⤵PID:1244
-
\??\c:\lrxrxll.exec:\lrxrxll.exe121⤵PID:856
-
\??\c:\htbhnn.exec:\htbhnn.exe122⤵PID:1532
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-