Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 12:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c842ce32f0152ab632117ad4ee510200_NeikiAnalytics.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
c842ce32f0152ab632117ad4ee510200_NeikiAnalytics.exe
-
Size
134KB
-
MD5
c842ce32f0152ab632117ad4ee510200
-
SHA1
5120273d5b2024152073dbe3e3a4a8682def1d50
-
SHA256
3e959f5ab1476d37ee7044bd7dbb12e59a720ecb626a38c948e52c5afb59b426
-
SHA512
3fcae24e624079d796bd4d4417919f9cf9d5a6eda40e9514db92fbab64d2e699dd99b53c2db987a26b1a3624b77b610f237742a4f0d5194c8c431921ae4cc2be
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGor1:n3C9BRW0j/1px+dG8
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral1/memory/1660-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2968-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2136-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2584-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2764-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2764-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2456-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2448-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2720-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2492-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2236-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1928-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/892-152-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2220-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2328-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2104-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1668-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2088-214-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1060-224-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2688-242-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/844-277-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1508-304-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2968-3256-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2968 thhnbn.exe 2136 dpppd.exe 2576 rrflxxl.exe 2584 nhbbhn.exe 2764 pjvdj.exe 2456 5rffxrr.exe 2448 7xlrrff.exe 2720 thttth.exe 548 dpdjp.exe 2492 dpdpp.exe 2692 xlffxrx.exe 2236 tnnnnn.exe 1928 1bbbnt.exe 892 jdpvd.exe 2220 lxlllrr.exe 2328 9rlxlfl.exe 1448 hhtthh.exe 2104 nhbbnb.exe 2304 pvvjv.exe 1668 9dddv.exe 2088 rrxlrxx.exe 1060 nbnbtb.exe 1652 hnbbht.exe 2688 jvdvv.exe 1796 3frlfff.exe 956 nnhtbn.exe 1328 tnnnbh.exe 844 3vppd.exe 308 rllfllr.exe 2292 tttthb.exe 1508 hhbtbn.exe 1724 dvjpv.exe 1608 fxllrxf.exe 1396 llflrxf.exe 2572 5nhtbt.exe 2540 nnthbh.exe 2564 9jdpv.exe 2728 5dvvd.exe 2744 ffrlllx.exe 2704 bntbbn.exe 2336 pdvjp.exe 2308 9fxflfl.exe 2600 rlrlrxl.exe 1592 xfrxxfr.exe 320 nbbbbt.exe 2672 bnbntn.exe 636 jjjpd.exe 1036 vjpjj.exe 1836 5xflxrx.exe 2224 rlrrffl.exe 2252 bnbbhb.exe 1572 nhtntn.exe 2368 dpdpv.exe 1316 1pvdv.exe 1448 7lxrlrr.exe 1300 xrxrfff.exe 1744 btbhnt.exe 2412 ntntnn.exe 2824 vpdjj.exe 584 9vvpd.exe 1064 fxffxxf.exe 1376 5htntn.exe 1860 tthbhn.exe 340 dvdvd.exe -
resource yara_rule behavioral1/memory/1660-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2136-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2136-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2136-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2136-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2584-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2448-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2720-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2236-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1928-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/892-152-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2220-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2328-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2104-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1668-206-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2088-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1060-224-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2688-242-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/844-277-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1508-304-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-3256-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1660 wrote to memory of 2968 1660 c842ce32f0152ab632117ad4ee510200_NeikiAnalytics.exe 28 PID 1660 wrote to memory of 2968 1660 c842ce32f0152ab632117ad4ee510200_NeikiAnalytics.exe 28 PID 1660 wrote to memory of 2968 1660 c842ce32f0152ab632117ad4ee510200_NeikiAnalytics.exe 28 PID 1660 wrote to memory of 2968 1660 c842ce32f0152ab632117ad4ee510200_NeikiAnalytics.exe 28 PID 2968 wrote to memory of 2136 2968 thhnbn.exe 29 PID 2968 wrote to memory of 2136 2968 thhnbn.exe 29 PID 2968 wrote to memory of 2136 2968 thhnbn.exe 29 PID 2968 wrote to memory of 2136 2968 thhnbn.exe 29 PID 2136 wrote to memory of 2576 2136 dpppd.exe 30 PID 2136 wrote to memory of 2576 2136 dpppd.exe 30 PID 2136 wrote to memory of 2576 2136 dpppd.exe 30 PID 2136 wrote to memory of 2576 2136 dpppd.exe 30 PID 2576 wrote to memory of 2584 2576 rrflxxl.exe 31 PID 2576 wrote to memory of 2584 2576 rrflxxl.exe 31 PID 2576 wrote to memory of 2584 2576 rrflxxl.exe 31 PID 2576 wrote to memory of 2584 2576 rrflxxl.exe 31 PID 2584 wrote to memory of 2764 2584 nhbbhn.exe 32 PID 2584 wrote to memory of 2764 2584 nhbbhn.exe 32 PID 2584 wrote to memory of 2764 2584 nhbbhn.exe 32 PID 2584 wrote to memory of 2764 2584 nhbbhn.exe 32 PID 2764 wrote to memory of 2456 2764 pjvdj.exe 33 PID 2764 wrote to memory of 2456 2764 pjvdj.exe 33 PID 2764 wrote to memory of 2456 2764 pjvdj.exe 33 PID 2764 wrote to memory of 2456 2764 pjvdj.exe 33 PID 2456 wrote to memory of 2448 2456 5rffxrr.exe 34 PID 2456 wrote to memory of 2448 2456 5rffxrr.exe 34 PID 2456 wrote to memory of 2448 2456 5rffxrr.exe 34 PID 2456 wrote to memory of 2448 2456 5rffxrr.exe 34 PID 2448 wrote to memory of 2720 2448 7xlrrff.exe 35 PID 2448 wrote to memory of 2720 2448 7xlrrff.exe 35 PID 2448 wrote to memory of 2720 2448 7xlrrff.exe 35 PID 2448 wrote to memory of 2720 2448 7xlrrff.exe 35 PID 2720 wrote to memory of 548 2720 thttth.exe 36 PID 2720 wrote to memory of 548 2720 thttth.exe 36 PID 2720 wrote to memory of 548 2720 thttth.exe 36 PID 2720 wrote to memory of 548 2720 thttth.exe 36 PID 548 wrote to memory of 2492 548 dpdjp.exe 37 PID 548 wrote to memory of 2492 548 dpdjp.exe 37 PID 548 wrote to memory of 2492 548 dpdjp.exe 37 PID 548 wrote to memory of 2492 548 dpdjp.exe 37 PID 2492 wrote to memory of 2692 2492 dpdpp.exe 38 PID 2492 wrote to memory of 2692 2492 dpdpp.exe 38 PID 2492 wrote to memory of 2692 2492 dpdpp.exe 38 PID 2492 wrote to memory of 2692 2492 dpdpp.exe 38 PID 2692 wrote to memory of 2236 2692 xlffxrx.exe 39 PID 2692 wrote to memory of 2236 2692 xlffxrx.exe 39 PID 2692 wrote to memory of 2236 2692 xlffxrx.exe 39 PID 2692 wrote to memory of 2236 2692 xlffxrx.exe 39 PID 2236 wrote to memory of 1928 2236 tnnnnn.exe 40 PID 2236 wrote to memory of 1928 2236 tnnnnn.exe 40 PID 2236 wrote to memory of 1928 2236 tnnnnn.exe 40 PID 2236 wrote to memory of 1928 2236 tnnnnn.exe 40 PID 1928 wrote to memory of 892 1928 1bbbnt.exe 41 PID 1928 wrote to memory of 892 1928 1bbbnt.exe 41 PID 1928 wrote to memory of 892 1928 1bbbnt.exe 41 PID 1928 wrote to memory of 892 1928 1bbbnt.exe 41 PID 892 wrote to memory of 2220 892 jdpvd.exe 42 PID 892 wrote to memory of 2220 892 jdpvd.exe 42 PID 892 wrote to memory of 2220 892 jdpvd.exe 42 PID 892 wrote to memory of 2220 892 jdpvd.exe 42 PID 2220 wrote to memory of 2328 2220 lxlllrr.exe 43 PID 2220 wrote to memory of 2328 2220 lxlllrr.exe 43 PID 2220 wrote to memory of 2328 2220 lxlllrr.exe 43 PID 2220 wrote to memory of 2328 2220 lxlllrr.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c842ce32f0152ab632117ad4ee510200_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c842ce32f0152ab632117ad4ee510200_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1660 -
\??\c:\thhnbn.exec:\thhnbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\dpppd.exec:\dpppd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2136 -
\??\c:\rrflxxl.exec:\rrflxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\nhbbhn.exec:\nhbbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\pjvdj.exec:\pjvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\5rffxrr.exec:\5rffxrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\7xlrrff.exec:\7xlrrff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2448 -
\??\c:\thttth.exec:\thttth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\dpdjp.exec:\dpdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:548 -
\??\c:\dpdpp.exec:\dpdpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\xlffxrx.exec:\xlffxrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\tnnnnn.exec:\tnnnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2236 -
\??\c:\1bbbnt.exec:\1bbbnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1928 -
\??\c:\jdpvd.exec:\jdpvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:892 -
\??\c:\lxlllrr.exec:\lxlllrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\9rlxlfl.exec:\9rlxlfl.exe17⤵
- Executes dropped EXE
PID:2328 -
\??\c:\hhtthh.exec:\hhtthh.exe18⤵
- Executes dropped EXE
PID:1448 -
\??\c:\nhbbnb.exec:\nhbbnb.exe19⤵
- Executes dropped EXE
PID:2104 -
\??\c:\pvvjv.exec:\pvvjv.exe20⤵
- Executes dropped EXE
PID:2304 -
\??\c:\9dddv.exec:\9dddv.exe21⤵
- Executes dropped EXE
PID:1668 -
\??\c:\rrxlrxx.exec:\rrxlrxx.exe22⤵
- Executes dropped EXE
PID:2088 -
\??\c:\nbnbtb.exec:\nbnbtb.exe23⤵
- Executes dropped EXE
PID:1060 -
\??\c:\hnbbht.exec:\hnbbht.exe24⤵
- Executes dropped EXE
PID:1652 -
\??\c:\jvdvv.exec:\jvdvv.exe25⤵
- Executes dropped EXE
PID:2688 -
\??\c:\3frlfff.exec:\3frlfff.exe26⤵
- Executes dropped EXE
PID:1796 -
\??\c:\nnhtbn.exec:\nnhtbn.exe27⤵
- Executes dropped EXE
PID:956 -
\??\c:\tnnnbh.exec:\tnnnbh.exe28⤵
- Executes dropped EXE
PID:1328 -
\??\c:\3vppd.exec:\3vppd.exe29⤵
- Executes dropped EXE
PID:844 -
\??\c:\rllfllr.exec:\rllfllr.exe30⤵
- Executes dropped EXE
PID:308 -
\??\c:\tttthb.exec:\tttthb.exe31⤵
- Executes dropped EXE
PID:2292 -
\??\c:\hhbtbn.exec:\hhbtbn.exe32⤵
- Executes dropped EXE
PID:1508 -
\??\c:\dvjpv.exec:\dvjpv.exe33⤵
- Executes dropped EXE
PID:1724 -
\??\c:\pjpvd.exec:\pjpvd.exe34⤵PID:2948
-
\??\c:\fxllrxf.exec:\fxllrxf.exe35⤵
- Executes dropped EXE
PID:1608 -
\??\c:\llflrxf.exec:\llflrxf.exe36⤵
- Executes dropped EXE
PID:1396 -
\??\c:\5nhtbt.exec:\5nhtbt.exe37⤵
- Executes dropped EXE
PID:2572 -
\??\c:\nnthbh.exec:\nnthbh.exe38⤵
- Executes dropped EXE
PID:2540 -
\??\c:\9jdpv.exec:\9jdpv.exe39⤵
- Executes dropped EXE
PID:2564 -
\??\c:\5dvvd.exec:\5dvvd.exe40⤵
- Executes dropped EXE
PID:2728 -
\??\c:\ffrlllx.exec:\ffrlllx.exe41⤵
- Executes dropped EXE
PID:2744 -
\??\c:\bntbbn.exec:\bntbbn.exe42⤵
- Executes dropped EXE
PID:2704 -
\??\c:\pdvjp.exec:\pdvjp.exe43⤵
- Executes dropped EXE
PID:2336 -
\??\c:\9fxflfl.exec:\9fxflfl.exe44⤵
- Executes dropped EXE
PID:2308 -
\??\c:\rlrlrxl.exec:\rlrlrxl.exe45⤵
- Executes dropped EXE
PID:2600 -
\??\c:\xfrxxfr.exec:\xfrxxfr.exe46⤵
- Executes dropped EXE
PID:1592 -
\??\c:\nbbbbt.exec:\nbbbbt.exe47⤵
- Executes dropped EXE
PID:320 -
\??\c:\bnbntn.exec:\bnbntn.exe48⤵
- Executes dropped EXE
PID:2672 -
\??\c:\jjjpd.exec:\jjjpd.exe49⤵
- Executes dropped EXE
PID:636 -
\??\c:\vjpjj.exec:\vjpjj.exe50⤵
- Executes dropped EXE
PID:1036 -
\??\c:\5xflxrx.exec:\5xflxrx.exe51⤵
- Executes dropped EXE
PID:1836 -
\??\c:\rlrrffl.exec:\rlrrffl.exe52⤵
- Executes dropped EXE
PID:2224 -
\??\c:\bnbbhb.exec:\bnbbhb.exe53⤵
- Executes dropped EXE
PID:2252 -
\??\c:\nhtntn.exec:\nhtntn.exe54⤵
- Executes dropped EXE
PID:1572 -
\??\c:\dpdpv.exec:\dpdpv.exe55⤵
- Executes dropped EXE
PID:2368 -
\??\c:\1pvdv.exec:\1pvdv.exe56⤵
- Executes dropped EXE
PID:1316 -
\??\c:\7lxrlrr.exec:\7lxrlrr.exe57⤵
- Executes dropped EXE
PID:1448 -
\??\c:\xrxrfff.exec:\xrxrfff.exe58⤵
- Executes dropped EXE
PID:1300 -
\??\c:\btbhnt.exec:\btbhnt.exe59⤵
- Executes dropped EXE
PID:1744 -
\??\c:\ntntnn.exec:\ntntnn.exe60⤵
- Executes dropped EXE
PID:2412 -
\??\c:\vpdjj.exec:\vpdjj.exe61⤵
- Executes dropped EXE
PID:2824 -
\??\c:\9vvpd.exec:\9vvpd.exe62⤵
- Executes dropped EXE
PID:584 -
\??\c:\fxffxxf.exec:\fxffxxf.exe63⤵
- Executes dropped EXE
PID:1064 -
\??\c:\5htntn.exec:\5htntn.exe64⤵
- Executes dropped EXE
PID:1376 -
\??\c:\tthbhn.exec:\tthbhn.exe65⤵
- Executes dropped EXE
PID:1860 -
\??\c:\dvdvd.exec:\dvdvd.exe66⤵
- Executes dropped EXE
PID:340 -
\??\c:\vjjpv.exec:\vjjpv.exe67⤵PID:1268
-
\??\c:\lflfllx.exec:\lflfllx.exe68⤵PID:956
-
\??\c:\xrxxfxl.exec:\xrxxfxl.exe69⤵PID:1716
-
\??\c:\7thnbb.exec:\7thnbb.exe70⤵PID:2760
-
\??\c:\nhtbhh.exec:\nhtbhh.exe71⤵PID:2280
-
\??\c:\vvpvp.exec:\vvpvp.exe72⤵PID:1992
-
\??\c:\3pppv.exec:\3pppv.exe73⤵PID:772
-
\??\c:\fxlllxl.exec:\fxlllxl.exe74⤵PID:2028
-
\??\c:\hbntbb.exec:\hbntbb.exe75⤵PID:3064
-
\??\c:\7ttnnt.exec:\7ttnnt.exe76⤵PID:2024
-
\??\c:\nbnhbh.exec:\nbnhbh.exe77⤵PID:3068
-
\??\c:\vpjpv.exec:\vpjpv.exe78⤵PID:2952
-
\??\c:\vjdvp.exec:\vjdvp.exe79⤵PID:2136
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe80⤵PID:2804
-
\??\c:\3rrfxrr.exec:\3rrfxrr.exe81⤵PID:2384
-
\??\c:\tbnbtb.exec:\tbnbtb.exe82⤵PID:2588
-
\??\c:\htttbb.exec:\htttbb.exe83⤵PID:2708
-
\??\c:\3ddpd.exec:\3ddpd.exe84⤵PID:2460
-
\??\c:\pppjv.exec:\pppjv.exe85⤵PID:2052
-
\??\c:\lxlxxrx.exec:\lxlxxrx.exe86⤵PID:2436
-
\??\c:\thnttn.exec:\thnttn.exe87⤵PID:1708
-
\??\c:\hbnntt.exec:\hbnntt.exe88⤵PID:1536
-
\??\c:\dpvpd.exec:\dpvpd.exe89⤵PID:548
-
\??\c:\jvjdj.exec:\jvjdj.exe90⤵PID:2644
-
\??\c:\jdjjp.exec:\jdjjp.exe91⤵PID:2700
-
\??\c:\1rfffff.exec:\1rfffff.exe92⤵PID:1040
-
\??\c:\lxfffxf.exec:\lxfffxf.exe93⤵PID:1876
-
\??\c:\nhtbbb.exec:\nhtbbb.exe94⤵PID:1928
-
\??\c:\jvppv.exec:\jvppv.exe95⤵PID:2008
-
\??\c:\vdjjd.exec:\vdjjd.exe96⤵PID:2220
-
\??\c:\lxfrfxf.exec:\lxfrfxf.exe97⤵PID:1604
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe98⤵PID:2300
-
\??\c:\tntbbh.exec:\tntbbh.exe99⤵PID:2056
-
\??\c:\5ttntn.exec:\5ttntn.exe100⤵PID:1392
-
\??\c:\9pdvd.exec:\9pdvd.exe101⤵PID:2808
-
\??\c:\dvvdj.exec:\dvvdj.exe102⤵PID:2112
-
\??\c:\7xrrxxx.exec:\7xrrxxx.exe103⤵PID:796
-
\??\c:\nbnntt.exec:\nbnntt.exe104⤵PID:1800
-
\??\c:\3ttthh.exec:\3ttthh.exe105⤵PID:1824
-
\??\c:\pdpjv.exec:\pdpjv.exe106⤵PID:1104
-
\??\c:\vjdvj.exec:\vjdvj.exe107⤵PID:2400
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe108⤵PID:1672
-
\??\c:\3flflfl.exec:\3flflfl.exe109⤵PID:1340
-
\??\c:\btbbhh.exec:\btbbhh.exe110⤵PID:960
-
\??\c:\5ntbht.exec:\5ntbht.exe111⤵PID:1288
-
\??\c:\9pvpv.exec:\9pvpv.exe112⤵PID:664
-
\??\c:\1vdjv.exec:\1vdjv.exe113⤵PID:2004
-
\??\c:\rlffllr.exec:\rlffllr.exe114⤵PID:1988
-
\??\c:\7rfrxxf.exec:\7rfrxxf.exe115⤵PID:2892
-
\??\c:\5tntbh.exec:\5tntbh.exe116⤵PID:1508
-
\??\c:\tthnbh.exec:\tthnbh.exe117⤵PID:1984
-
\??\c:\5vppv.exec:\5vppv.exe118⤵PID:1620
-
\??\c:\jpjvd.exec:\jpjvd.exe119⤵PID:1588
-
\??\c:\xfxrlxx.exec:\xfxrlxx.exe120⤵PID:2996
-
\??\c:\lflfrrf.exec:\lflfrrf.exe121⤵PID:2712
-
\??\c:\dvvpd.exec:\dvvpd.exe122⤵PID:2796
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-