Analysis
-
max time kernel
150s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe
-
Size
51KB
-
MD5
6b83ce04cb86dbe9ed4b86840a8102b0
-
SHA1
6cf65d902882a1b94f69ec9a1b853b31f05fc6da
-
SHA256
9d4230afa52fab1cedbd730ff8cecd247221d75a405b1784bb209d5234876dbc
-
SHA512
841ae1f92605dff409e7861cbfee2686293f3d8f30ac4e8f0071ae0c7e20f776a1f9433163ad20031b3434bbdc9ad26b95d0063c3cc0e6db229845f77ecc909a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoYd:ymb3NkkiQ3mdBjFo+
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/3160-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1964-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1420-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1888-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4264-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1416-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4436-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3872-45-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3872-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3692-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3692-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2936-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4888-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4688-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2436-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2388-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5052-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/336-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4772-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4424-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4764-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1036-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2768-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2656-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4612-181-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4440-193-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1964 nbhnbb.exe 1420 vvpjd.exe 4264 dvjdp.exe 1888 lflfrrl.exe 3872 nbhhbb.exe 1416 jddvp.exe 4436 xlxlllf.exe 3936 rllfxfx.exe 3692 7bhbtb.exe 2936 djjdj.exe 4888 1rxxrxr.exe 4688 bnbntn.exe 2436 pvdvv.exe 2388 ddjvv.exe 5052 rllfrrr.exe 336 bthnbn.exe 3316 thhbbb.exe 4376 vjvpj.exe 4772 pjdvp.exe 4424 7flflrx.exe 4764 nntnhh.exe 2164 vvdvp.exe 1036 vjpjj.exe 4684 ffllrrx.exe 2768 thnnnn.exe 2656 bnttnb.exe 4612 1jppd.exe 3040 rxfxllf.exe 4440 ffxxrlf.exe 2536 httnhh.exe 3480 tnhbtt.exe 4432 vjjjv.exe 4256 lrxlfff.exe 4488 xlrrllf.exe 2212 5tbtnn.exe 3944 5vdvv.exe 2932 vppjv.exe 1544 1lrlfff.exe 2404 frllxxl.exe 4844 hbbbtt.exe 3624 vppjd.exe 1824 dvdjv.exe 3940 lrlffxl.exe 1420 rrffrrx.exe 2756 hhtnnn.exe 1888 vpvpj.exe 1404 jjjjd.exe 3872 xxrrlll.exe 64 bttnhh.exe 1820 hbbtnn.exe 4212 vpddv.exe 2372 jvjdv.exe 3692 xrxrxfx.exe 5060 bbnhbt.exe 2108 bhnbtt.exe 4012 vpjdd.exe 2256 xfrxrrl.exe 1696 xllfxrl.exe 3456 5tnnbb.exe 4976 nhbtbb.exe 2388 pjjjv.exe 5052 dvvpp.exe 2480 frrxffx.exe 2012 nntnnh.exe -
resource yara_rule behavioral2/memory/3160-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1964-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1420-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1888-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4264-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1416-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4436-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3872-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3692-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3692-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3692-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3692-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2936-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4888-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4688-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2436-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2388-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5052-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/336-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4772-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4424-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4764-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1036-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2768-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2656-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4612-181-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4440-193-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3160 wrote to memory of 1964 3160 6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe 82 PID 3160 wrote to memory of 1964 3160 6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe 82 PID 3160 wrote to memory of 1964 3160 6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe 82 PID 1964 wrote to memory of 1420 1964 nbhnbb.exe 83 PID 1964 wrote to memory of 1420 1964 nbhnbb.exe 83 PID 1964 wrote to memory of 1420 1964 nbhnbb.exe 83 PID 1420 wrote to memory of 4264 1420 vvpjd.exe 84 PID 1420 wrote to memory of 4264 1420 vvpjd.exe 84 PID 1420 wrote to memory of 4264 1420 vvpjd.exe 84 PID 4264 wrote to memory of 1888 4264 dvjdp.exe 85 PID 4264 wrote to memory of 1888 4264 dvjdp.exe 85 PID 4264 wrote to memory of 1888 4264 dvjdp.exe 85 PID 1888 wrote to memory of 3872 1888 lflfrrl.exe 86 PID 1888 wrote to memory of 3872 1888 lflfrrl.exe 86 PID 1888 wrote to memory of 3872 1888 lflfrrl.exe 86 PID 3872 wrote to memory of 1416 3872 nbhhbb.exe 87 PID 3872 wrote to memory of 1416 3872 nbhhbb.exe 87 PID 3872 wrote to memory of 1416 3872 nbhhbb.exe 87 PID 1416 wrote to memory of 4436 1416 jddvp.exe 88 PID 1416 wrote to memory of 4436 1416 jddvp.exe 88 PID 1416 wrote to memory of 4436 1416 jddvp.exe 88 PID 4436 wrote to memory of 3936 4436 xlxlllf.exe 89 PID 4436 wrote to memory of 3936 4436 xlxlllf.exe 89 PID 4436 wrote to memory of 3936 4436 xlxlllf.exe 89 PID 3936 wrote to memory of 3692 3936 rllfxfx.exe 90 PID 3936 wrote to memory of 3692 3936 rllfxfx.exe 90 PID 3936 wrote to memory of 3692 3936 rllfxfx.exe 90 PID 3692 wrote to memory of 2936 3692 7bhbtb.exe 91 PID 3692 wrote to memory of 2936 3692 7bhbtb.exe 91 PID 3692 wrote to memory of 2936 3692 7bhbtb.exe 91 PID 2936 wrote to memory of 4888 2936 djjdj.exe 92 PID 2936 wrote to memory of 4888 2936 djjdj.exe 92 PID 2936 wrote to memory of 4888 2936 djjdj.exe 92 PID 4888 wrote to memory of 4688 4888 1rxxrxr.exe 93 PID 4888 wrote to memory of 4688 4888 1rxxrxr.exe 93 PID 4888 wrote to memory of 4688 4888 1rxxrxr.exe 93 PID 4688 wrote to memory of 2436 4688 bnbntn.exe 94 PID 4688 wrote to memory of 2436 4688 bnbntn.exe 94 PID 4688 wrote to memory of 2436 4688 bnbntn.exe 94 PID 2436 wrote to memory of 2388 2436 pvdvv.exe 95 PID 2436 wrote to memory of 2388 2436 pvdvv.exe 95 PID 2436 wrote to memory of 2388 2436 pvdvv.exe 95 PID 2388 wrote to memory of 5052 2388 ddjvv.exe 96 PID 2388 wrote to memory of 5052 2388 ddjvv.exe 96 PID 2388 wrote to memory of 5052 2388 ddjvv.exe 96 PID 5052 wrote to memory of 336 5052 rllfrrr.exe 97 PID 5052 wrote to memory of 336 5052 rllfrrr.exe 97 PID 5052 wrote to memory of 336 5052 rllfrrr.exe 97 PID 336 wrote to memory of 3316 336 bthnbn.exe 99 PID 336 wrote to memory of 3316 336 bthnbn.exe 99 PID 336 wrote to memory of 3316 336 bthnbn.exe 99 PID 3316 wrote to memory of 4376 3316 thhbbb.exe 100 PID 3316 wrote to memory of 4376 3316 thhbbb.exe 100 PID 3316 wrote to memory of 4376 3316 thhbbb.exe 100 PID 4376 wrote to memory of 4772 4376 vjvpj.exe 101 PID 4376 wrote to memory of 4772 4376 vjvpj.exe 101 PID 4376 wrote to memory of 4772 4376 vjvpj.exe 101 PID 4772 wrote to memory of 4424 4772 pjdvp.exe 102 PID 4772 wrote to memory of 4424 4772 pjdvp.exe 102 PID 4772 wrote to memory of 4424 4772 pjdvp.exe 102 PID 4424 wrote to memory of 4764 4424 7flflrx.exe 103 PID 4424 wrote to memory of 4764 4424 7flflrx.exe 103 PID 4424 wrote to memory of 4764 4424 7flflrx.exe 103 PID 4764 wrote to memory of 2164 4764 nntnhh.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6b83ce04cb86dbe9ed4b86840a8102b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3160 -
\??\c:\nbhnbb.exec:\nbhnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\vvpjd.exec:\vvpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1420 -
\??\c:\dvjdp.exec:\dvjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4264 -
\??\c:\lflfrrl.exec:\lflfrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1888 -
\??\c:\nbhhbb.exec:\nbhhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3872 -
\??\c:\jddvp.exec:\jddvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1416 -
\??\c:\xlxlllf.exec:\xlxlllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4436 -
\??\c:\rllfxfx.exec:\rllfxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3936 -
\??\c:\7bhbtb.exec:\7bhbtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3692 -
\??\c:\djjdj.exec:\djjdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2936 -
\??\c:\1rxxrxr.exec:\1rxxrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4888 -
\??\c:\bnbntn.exec:\bnbntn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4688 -
\??\c:\pvdvv.exec:\pvdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\ddjvv.exec:\ddjvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\rllfrrr.exec:\rllfrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5052 -
\??\c:\bthnbn.exec:\bthnbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:336 -
\??\c:\thhbbb.exec:\thhbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3316 -
\??\c:\vjvpj.exec:\vjvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4376 -
\??\c:\pjdvp.exec:\pjdvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4772 -
\??\c:\7flflrx.exec:\7flflrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4424 -
\??\c:\nntnhh.exec:\nntnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4764 -
\??\c:\vvdvp.exec:\vvdvp.exe23⤵
- Executes dropped EXE
PID:2164 -
\??\c:\vjpjj.exec:\vjpjj.exe24⤵
- Executes dropped EXE
PID:1036 -
\??\c:\ffllrrx.exec:\ffllrrx.exe25⤵
- Executes dropped EXE
PID:4684 -
\??\c:\thnnnn.exec:\thnnnn.exe26⤵
- Executes dropped EXE
PID:2768 -
\??\c:\bnttnb.exec:\bnttnb.exe27⤵
- Executes dropped EXE
PID:2656 -
\??\c:\1jppd.exec:\1jppd.exe28⤵
- Executes dropped EXE
PID:4612 -
\??\c:\rxfxllf.exec:\rxfxllf.exe29⤵
- Executes dropped EXE
PID:3040 -
\??\c:\ffxxrlf.exec:\ffxxrlf.exe30⤵
- Executes dropped EXE
PID:4440 -
\??\c:\httnhh.exec:\httnhh.exe31⤵
- Executes dropped EXE
PID:2536 -
\??\c:\tnhbtt.exec:\tnhbtt.exe32⤵
- Executes dropped EXE
PID:3480 -
\??\c:\vjjjv.exec:\vjjjv.exe33⤵
- Executes dropped EXE
PID:4432 -
\??\c:\lrxlfff.exec:\lrxlfff.exe34⤵
- Executes dropped EXE
PID:4256 -
\??\c:\xlrrllf.exec:\xlrrllf.exe35⤵
- Executes dropped EXE
PID:4488 -
\??\c:\5tbtnn.exec:\5tbtnn.exe36⤵
- Executes dropped EXE
PID:2212 -
\??\c:\5vdvv.exec:\5vdvv.exe37⤵
- Executes dropped EXE
PID:3944 -
\??\c:\vppjv.exec:\vppjv.exe38⤵
- Executes dropped EXE
PID:2932 -
\??\c:\1lrlfff.exec:\1lrlfff.exe39⤵
- Executes dropped EXE
PID:1544 -
\??\c:\frllxxl.exec:\frllxxl.exe40⤵
- Executes dropped EXE
PID:2404 -
\??\c:\hbbbtt.exec:\hbbbtt.exe41⤵
- Executes dropped EXE
PID:4844 -
\??\c:\vppjd.exec:\vppjd.exe42⤵
- Executes dropped EXE
PID:3624 -
\??\c:\dvdjv.exec:\dvdjv.exe43⤵
- Executes dropped EXE
PID:1824 -
\??\c:\lrlffxl.exec:\lrlffxl.exe44⤵
- Executes dropped EXE
PID:3940 -
\??\c:\rrffrrx.exec:\rrffrrx.exe45⤵
- Executes dropped EXE
PID:1420 -
\??\c:\hhtnnn.exec:\hhtnnn.exe46⤵
- Executes dropped EXE
PID:2756 -
\??\c:\vpvpj.exec:\vpvpj.exe47⤵
- Executes dropped EXE
PID:1888 -
\??\c:\jjjjd.exec:\jjjjd.exe48⤵
- Executes dropped EXE
PID:1404 -
\??\c:\xxrrlll.exec:\xxrrlll.exe49⤵
- Executes dropped EXE
PID:3872 -
\??\c:\bttnhh.exec:\bttnhh.exe50⤵
- Executes dropped EXE
PID:64 -
\??\c:\hbbtnn.exec:\hbbtnn.exe51⤵
- Executes dropped EXE
PID:1820 -
\??\c:\vpddv.exec:\vpddv.exe52⤵
- Executes dropped EXE
PID:4212 -
\??\c:\jvjdv.exec:\jvjdv.exe53⤵
- Executes dropped EXE
PID:2372 -
\??\c:\xrxrxfx.exec:\xrxrxfx.exe54⤵
- Executes dropped EXE
PID:3692 -
\??\c:\bbnhbt.exec:\bbnhbt.exe55⤵
- Executes dropped EXE
PID:5060 -
\??\c:\bhnbtt.exec:\bhnbtt.exe56⤵
- Executes dropped EXE
PID:2108 -
\??\c:\vpjdd.exec:\vpjdd.exe57⤵
- Executes dropped EXE
PID:4012 -
\??\c:\xfrxrrl.exec:\xfrxrrl.exe58⤵
- Executes dropped EXE
PID:2256 -
\??\c:\xllfxrl.exec:\xllfxrl.exe59⤵
- Executes dropped EXE
PID:1696 -
\??\c:\5tnnbb.exec:\5tnnbb.exe60⤵
- Executes dropped EXE
PID:3456 -
\??\c:\nhbtbb.exec:\nhbtbb.exe61⤵
- Executes dropped EXE
PID:4976 -
\??\c:\pjjjv.exec:\pjjjv.exe62⤵
- Executes dropped EXE
PID:2388 -
\??\c:\dvvpp.exec:\dvvpp.exe63⤵
- Executes dropped EXE
PID:5052 -
\??\c:\frrxffx.exec:\frrxffx.exe64⤵
- Executes dropped EXE
PID:2480 -
\??\c:\nntnnh.exec:\nntnnh.exe65⤵
- Executes dropped EXE
PID:2012 -
\??\c:\tbbbtt.exec:\tbbbtt.exe66⤵PID:4520
-
\??\c:\vjpdj.exec:\vjpdj.exe67⤵PID:1332
-
\??\c:\jvdvp.exec:\jvdvp.exe68⤵PID:2920
-
\??\c:\1flffff.exec:\1flffff.exe69⤵PID:1912
-
\??\c:\7lllxxr.exec:\7lllxxr.exe70⤵PID:4764
-
\??\c:\ntbtnt.exec:\ntbtnt.exe71⤵PID:2304
-
\??\c:\pjvpp.exec:\pjvpp.exe72⤵PID:2220
-
\??\c:\dddvp.exec:\dddvp.exe73⤵PID:4180
-
\??\c:\xlxrfff.exec:\xlxrfff.exe74⤵PID:4908
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe75⤵PID:3604
-
\??\c:\hbbttt.exec:\hbbttt.exe76⤵PID:1348
-
\??\c:\jjjdp.exec:\jjjdp.exe77⤵PID:1296
-
\??\c:\rxlxrxr.exec:\rxlxrxr.exe78⤵PID:1928
-
\??\c:\9rxrxxf.exec:\9rxrxxf.exe79⤵PID:4336
-
\??\c:\xlxrllf.exec:\xlxrllf.exe80⤵PID:3784
-
\??\c:\bbnhtt.exec:\bbnhtt.exe81⤵PID:2420
-
\??\c:\vvpdv.exec:\vvpdv.exe82⤵PID:4616
-
\??\c:\pdjpv.exec:\pdjpv.exe83⤵PID:2708
-
\??\c:\lffllff.exec:\lffllff.exe84⤵PID:212
-
\??\c:\ttbbth.exec:\ttbbth.exe85⤵PID:688
-
\??\c:\jjjpp.exec:\jjjpp.exe86⤵PID:1280
-
\??\c:\9nhbtt.exec:\9nhbtt.exe87⤵PID:728
-
\??\c:\vjpjj.exec:\vjpjj.exe88⤵PID:720
-
\??\c:\vpdvp.exec:\vpdvp.exe89⤵PID:1804
-
\??\c:\9ffxlfx.exec:\9ffxlfx.exe90⤵PID:1780
-
\??\c:\rrllfff.exec:\rrllfff.exe91⤵PID:2176
-
\??\c:\7bbbth.exec:\7bbbth.exe92⤵PID:4320
-
\??\c:\5vjpj.exec:\5vjpj.exe93⤵PID:4608
-
\??\c:\dvjpj.exec:\dvjpj.exe94⤵PID:3160
-
\??\c:\lllfxxx.exec:\lllfxxx.exe95⤵PID:1824
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe96⤵PID:2584
-
\??\c:\1tntnn.exec:\1tntnn.exe97⤵PID:1708
-
\??\c:\3bhbtt.exec:\3bhbtt.exe98⤵PID:2756
-
\??\c:\vvjjj.exec:\vvjjj.exe99⤵PID:3956
-
\??\c:\frxrfxx.exec:\frxrfxx.exe100⤵PID:2752
-
\??\c:\rflfllf.exec:\rflfllf.exe101⤵PID:4624
-
\??\c:\thnhht.exec:\thnhht.exe102⤵PID:4568
-
\??\c:\nnbtbt.exec:\nnbtbt.exe103⤵PID:4436
-
\??\c:\1vppp.exec:\1vppp.exe104⤵PID:3648
-
\??\c:\djvpj.exec:\djvpj.exe105⤵PID:3424
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe106⤵PID:1836
-
\??\c:\tthhtt.exec:\tthhtt.exe107⤵PID:536
-
\??\c:\hhntht.exec:\hhntht.exe108⤵PID:4828
-
\??\c:\lllfxxx.exec:\lllfxxx.exe109⤵PID:896
-
\??\c:\rflfxxr.exec:\rflfxxr.exe110⤵PID:4688
-
\??\c:\thtnbb.exec:\thtnbb.exe111⤵PID:640
-
\??\c:\rxllfff.exec:\rxllfff.exe112⤵PID:4952
-
\??\c:\nhthtn.exec:\nhthtn.exe113⤵PID:1140
-
\??\c:\pdjdv.exec:\pdjdv.exe114⤵PID:1792
-
\??\c:\rflfrxr.exec:\rflfrxr.exe115⤵PID:4192
-
\??\c:\rxxrllf.exec:\rxxrllf.exe116⤵PID:3052
-
\??\c:\nhhnhb.exec:\nhhnhb.exe117⤵PID:4648
-
\??\c:\ntbtnn.exec:\ntbtnn.exe118⤵PID:3952
-
\??\c:\vjvpd.exec:\vjvpd.exe119⤵PID:4772
-
\??\c:\llrfffl.exec:\llrfffl.exe120⤵PID:4424
-
\??\c:\1rxxrxr.exec:\1rxxrxr.exe121⤵PID:3332
-
\??\c:\3ttttt.exec:\3ttttt.exe122⤵PID:3180
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-