Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c8f1d3a952bf245af6a3bd6a40cac750_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
c8f1d3a952bf245af6a3bd6a40cac750_NeikiAnalytics.exe
-
Size
95KB
-
MD5
c8f1d3a952bf245af6a3bd6a40cac750
-
SHA1
990bb0ce368c73bd8d2777f73e7a6d9b8c6893ad
-
SHA256
774ce49654e01c0721cdbf09dd548920001f31951a4500c41913e0e35bbcbf81
-
SHA512
463f5778cc6a833d046b8e980a47342ab1882a07c9daa87beaf5c36db3f7729563865efa1e6e740e64cdb4cca29fb2fe342b1f906620d910a53f227bf2be83f1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQA:ymb3NkkiQ3mdBjFIj+qNhvZuHQY0A
Malware Config
Signatures
-
Detect Blackmoon payload 28 IoCs
resource yara_rule behavioral2/memory/980-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4764-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1192-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4628-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3096-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1680-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3792-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/928-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4556-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4380-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4220-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1584-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3064-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4512-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4656-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3296-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3312-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3268-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4608-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3524-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/768-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/8-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3212-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5032-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5108-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2784-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/452-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4932-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 928 vvjdd.exe 4764 xxffxxf.exe 1192 lflfxxx.exe 3096 1tbbtb.exe 1680 tntttb.exe 4628 jvjdv.exe 3792 7pddd.exe 4576 tbbttn.exe 4556 nbnnnn.exe 4392 ddjdd.exe 4380 lllfffx.exe 4220 nthhtt.exe 1584 jjvvv.exe 3064 3rllllf.exe 4512 nhtnnn.exe 4656 hbttnn.exe 3296 ppjdd.exe 3312 rrxrrrl.exe 3268 htnhhh.exe 4608 bnntnn.exe 3524 vpvpd.exe 768 xlxrflx.exe 8 thhhhh.exe 3212 ththhh.exe 5032 dpjdv.exe 5108 5lxxrxr.exe 2784 hbhbbb.exe 452 hhhbtt.exe 4932 pvdvp.exe 4044 lrrrxrr.exe 3916 nhbbbt.exe 3572 hbnnhn.exe 4320 pddpv.exe 2696 llflffl.exe 4644 lrrrrxx.exe 2700 ttbttt.exe 4460 bnhhhh.exe 2772 dpvvv.exe 2600 flrffxx.exe 4472 xrllfff.exe 1200 tnbbtt.exe 2592 bntnnn.exe 1920 vvpdd.exe 1388 lfllxff.exe 4872 xrrxrrr.exe 1680 ttnnnn.exe 4760 ddppv.exe 2868 djvjj.exe 1284 rllfxxx.exe 2316 3frlfxx.exe 4392 1nbtnh.exe 4596 9tbnnh.exe 3144 ppvpp.exe 4220 xxfrrrx.exe 3848 hnttbb.exe 1796 djppp.exe 2140 7ppjj.exe 3988 7lrlxxx.exe 4660 fxrrxxr.exe 3296 nhnhhh.exe 1884 dpjdp.exe 4908 dvjpd.exe 2928 fxffxff.exe 4608 fxllllr.exe -
resource yara_rule behavioral2/memory/980-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4764-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1192-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4628-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3096-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1680-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3792-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3792-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/928-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4556-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4380-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4220-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1584-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3064-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4512-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4656-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3296-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3312-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3268-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4608-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3524-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/768-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/8-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3212-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5032-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5108-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2784-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/452-183-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4932-190-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 980 wrote to memory of 928 980 c8f1d3a952bf245af6a3bd6a40cac750_NeikiAnalytics.exe 82 PID 980 wrote to memory of 928 980 c8f1d3a952bf245af6a3bd6a40cac750_NeikiAnalytics.exe 82 PID 980 wrote to memory of 928 980 c8f1d3a952bf245af6a3bd6a40cac750_NeikiAnalytics.exe 82 PID 928 wrote to memory of 4764 928 vvjdd.exe 83 PID 928 wrote to memory of 4764 928 vvjdd.exe 83 PID 928 wrote to memory of 4764 928 vvjdd.exe 83 PID 4764 wrote to memory of 1192 4764 xxffxxf.exe 84 PID 4764 wrote to memory of 1192 4764 xxffxxf.exe 84 PID 4764 wrote to memory of 1192 4764 xxffxxf.exe 84 PID 1192 wrote to memory of 3096 1192 lflfxxx.exe 85 PID 1192 wrote to memory of 3096 1192 lflfxxx.exe 85 PID 1192 wrote to memory of 3096 1192 lflfxxx.exe 85 PID 3096 wrote to memory of 1680 3096 1tbbtb.exe 86 PID 3096 wrote to memory of 1680 3096 1tbbtb.exe 86 PID 3096 wrote to memory of 1680 3096 1tbbtb.exe 86 PID 1680 wrote to memory of 4628 1680 tntttb.exe 87 PID 1680 wrote to memory of 4628 1680 tntttb.exe 87 PID 1680 wrote to memory of 4628 1680 tntttb.exe 87 PID 4628 wrote to memory of 3792 4628 jvjdv.exe 88 PID 4628 wrote to memory of 3792 4628 jvjdv.exe 88 PID 4628 wrote to memory of 3792 4628 jvjdv.exe 88 PID 3792 wrote to memory of 4576 3792 7pddd.exe 89 PID 3792 wrote to memory of 4576 3792 7pddd.exe 89 PID 3792 wrote to memory of 4576 3792 7pddd.exe 89 PID 4576 wrote to memory of 4556 4576 tbbttn.exe 90 PID 4576 wrote to memory of 4556 4576 tbbttn.exe 90 PID 4576 wrote to memory of 4556 4576 tbbttn.exe 90 PID 4556 wrote to memory of 4392 4556 nbnnnn.exe 91 PID 4556 wrote to memory of 4392 4556 nbnnnn.exe 91 PID 4556 wrote to memory of 4392 4556 nbnnnn.exe 91 PID 4392 wrote to memory of 4380 4392 ddjdd.exe 92 PID 4392 wrote to memory of 4380 4392 ddjdd.exe 92 PID 4392 wrote to memory of 4380 4392 ddjdd.exe 92 PID 4380 wrote to memory of 4220 4380 lllfffx.exe 93 PID 4380 wrote to memory of 4220 4380 lllfffx.exe 93 PID 4380 wrote to memory of 4220 4380 lllfffx.exe 93 PID 4220 wrote to memory of 1584 4220 nthhtt.exe 94 PID 4220 wrote to memory of 1584 4220 nthhtt.exe 94 PID 4220 wrote to memory of 1584 4220 nthhtt.exe 94 PID 1584 wrote to memory of 3064 1584 jjvvv.exe 95 PID 1584 wrote to memory of 3064 1584 jjvvv.exe 95 PID 1584 wrote to memory of 3064 1584 jjvvv.exe 95 PID 3064 wrote to memory of 4512 3064 3rllllf.exe 96 PID 3064 wrote to memory of 4512 3064 3rllllf.exe 96 PID 3064 wrote to memory of 4512 3064 3rllllf.exe 96 PID 4512 wrote to memory of 4656 4512 nhtnnn.exe 97 PID 4512 wrote to memory of 4656 4512 nhtnnn.exe 97 PID 4512 wrote to memory of 4656 4512 nhtnnn.exe 97 PID 4656 wrote to memory of 3296 4656 hbttnn.exe 98 PID 4656 wrote to memory of 3296 4656 hbttnn.exe 98 PID 4656 wrote to memory of 3296 4656 hbttnn.exe 98 PID 3296 wrote to memory of 3312 3296 ppjdd.exe 99 PID 3296 wrote to memory of 3312 3296 ppjdd.exe 99 PID 3296 wrote to memory of 3312 3296 ppjdd.exe 99 PID 3312 wrote to memory of 3268 3312 rrxrrrl.exe 100 PID 3312 wrote to memory of 3268 3312 rrxrrrl.exe 100 PID 3312 wrote to memory of 3268 3312 rrxrrrl.exe 100 PID 3268 wrote to memory of 4608 3268 htnhhh.exe 101 PID 3268 wrote to memory of 4608 3268 htnhhh.exe 101 PID 3268 wrote to memory of 4608 3268 htnhhh.exe 101 PID 4608 wrote to memory of 3524 4608 bnntnn.exe 102 PID 4608 wrote to memory of 3524 4608 bnntnn.exe 102 PID 4608 wrote to memory of 3524 4608 bnntnn.exe 102 PID 3524 wrote to memory of 768 3524 vpvpd.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8f1d3a952bf245af6a3bd6a40cac750_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c8f1d3a952bf245af6a3bd6a40cac750_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:980 -
\??\c:\vvjdd.exec:\vvjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:928 -
\??\c:\xxffxxf.exec:\xxffxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4764 -
\??\c:\lflfxxx.exec:\lflfxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1192 -
\??\c:\1tbbtb.exec:\1tbbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3096 -
\??\c:\tntttb.exec:\tntttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1680 -
\??\c:\jvjdv.exec:\jvjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4628 -
\??\c:\7pddd.exec:\7pddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3792 -
\??\c:\tbbttn.exec:\tbbttn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4576 -
\??\c:\nbnnnn.exec:\nbnnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4556 -
\??\c:\ddjdd.exec:\ddjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4392 -
\??\c:\lllfffx.exec:\lllfffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4380 -
\??\c:\nthhtt.exec:\nthhtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4220 -
\??\c:\jjvvv.exec:\jjvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\3rllllf.exec:\3rllllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3064 -
\??\c:\nhtnnn.exec:\nhtnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4512 -
\??\c:\hbttnn.exec:\hbttnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4656 -
\??\c:\ppjdd.exec:\ppjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3296 -
\??\c:\rrxrrrl.exec:\rrxrrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3312 -
\??\c:\htnhhh.exec:\htnhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3268 -
\??\c:\bnntnn.exec:\bnntnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4608 -
\??\c:\vpvpd.exec:\vpvpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3524 -
\??\c:\xlxrflx.exec:\xlxrflx.exe23⤵
- Executes dropped EXE
PID:768 -
\??\c:\thhhhh.exec:\thhhhh.exe24⤵
- Executes dropped EXE
PID:8 -
\??\c:\ththhh.exec:\ththhh.exe25⤵
- Executes dropped EXE
PID:3212 -
\??\c:\dpjdv.exec:\dpjdv.exe26⤵
- Executes dropped EXE
PID:5032 -
\??\c:\5lxxrxr.exec:\5lxxrxr.exe27⤵
- Executes dropped EXE
PID:5108 -
\??\c:\hbhbbb.exec:\hbhbbb.exe28⤵
- Executes dropped EXE
PID:2784 -
\??\c:\hhhbtt.exec:\hhhbtt.exe29⤵
- Executes dropped EXE
PID:452 -
\??\c:\pvdvp.exec:\pvdvp.exe30⤵
- Executes dropped EXE
PID:4932 -
\??\c:\lrrrxrr.exec:\lrrrxrr.exe31⤵
- Executes dropped EXE
PID:4044 -
\??\c:\nhbbbt.exec:\nhbbbt.exe32⤵
- Executes dropped EXE
PID:3916 -
\??\c:\hbnnhn.exec:\hbnnhn.exe33⤵
- Executes dropped EXE
PID:3572 -
\??\c:\pddpv.exec:\pddpv.exe34⤵
- Executes dropped EXE
PID:4320 -
\??\c:\llflffl.exec:\llflffl.exe35⤵
- Executes dropped EXE
PID:2696 -
\??\c:\lrrrrxx.exec:\lrrrrxx.exe36⤵
- Executes dropped EXE
PID:4644 -
\??\c:\ttbttt.exec:\ttbttt.exe37⤵
- Executes dropped EXE
PID:2700 -
\??\c:\bnhhhh.exec:\bnhhhh.exe38⤵
- Executes dropped EXE
PID:4460 -
\??\c:\dpvvv.exec:\dpvvv.exe39⤵
- Executes dropped EXE
PID:2772 -
\??\c:\flrffxx.exec:\flrffxx.exe40⤵
- Executes dropped EXE
PID:2600 -
\??\c:\xrllfff.exec:\xrllfff.exe41⤵
- Executes dropped EXE
PID:4472 -
\??\c:\tnbbtt.exec:\tnbbtt.exe42⤵
- Executes dropped EXE
PID:1200 -
\??\c:\bntnnn.exec:\bntnnn.exe43⤵
- Executes dropped EXE
PID:2592 -
\??\c:\vvpdd.exec:\vvpdd.exe44⤵
- Executes dropped EXE
PID:1920 -
\??\c:\lfllxff.exec:\lfllxff.exe45⤵
- Executes dropped EXE
PID:1388 -
\??\c:\xrrxrrr.exec:\xrrxrrr.exe46⤵
- Executes dropped EXE
PID:4872 -
\??\c:\ttnnnn.exec:\ttnnnn.exe47⤵
- Executes dropped EXE
PID:1680 -
\??\c:\ddppv.exec:\ddppv.exe48⤵
- Executes dropped EXE
PID:4760 -
\??\c:\djvjj.exec:\djvjj.exe49⤵
- Executes dropped EXE
PID:2868 -
\??\c:\rllfxxx.exec:\rllfxxx.exe50⤵
- Executes dropped EXE
PID:1284 -
\??\c:\3frlfxx.exec:\3frlfxx.exe51⤵
- Executes dropped EXE
PID:2316 -
\??\c:\1nbtnh.exec:\1nbtnh.exe52⤵
- Executes dropped EXE
PID:4392 -
\??\c:\9tbnnh.exec:\9tbnnh.exe53⤵
- Executes dropped EXE
PID:4596 -
\??\c:\ppvpp.exec:\ppvpp.exe54⤵
- Executes dropped EXE
PID:3144 -
\??\c:\xxfrrrx.exec:\xxfrrrx.exe55⤵
- Executes dropped EXE
PID:4220 -
\??\c:\hnttbb.exec:\hnttbb.exe56⤵
- Executes dropped EXE
PID:3848 -
\??\c:\djppp.exec:\djppp.exe57⤵
- Executes dropped EXE
PID:1796 -
\??\c:\7ppjj.exec:\7ppjj.exe58⤵
- Executes dropped EXE
PID:2140 -
\??\c:\7lrlxxx.exec:\7lrlxxx.exe59⤵
- Executes dropped EXE
PID:3988 -
\??\c:\fxrrxxr.exec:\fxrrxxr.exe60⤵
- Executes dropped EXE
PID:4660 -
\??\c:\nhnhhh.exec:\nhnhhh.exe61⤵
- Executes dropped EXE
PID:3296 -
\??\c:\dpjdp.exec:\dpjdp.exe62⤵
- Executes dropped EXE
PID:1884 -
\??\c:\dvjpd.exec:\dvjpd.exe63⤵
- Executes dropped EXE
PID:4908 -
\??\c:\fxffxff.exec:\fxffxff.exe64⤵
- Executes dropped EXE
PID:2928 -
\??\c:\fxllllr.exec:\fxllllr.exe65⤵
- Executes dropped EXE
PID:4608 -
\??\c:\nbbbtt.exec:\nbbbtt.exe66⤵PID:220
-
\??\c:\dvdjj.exec:\dvdjj.exe67⤵PID:3700
-
\??\c:\ddjjv.exec:\ddjjv.exe68⤵PID:916
-
\??\c:\1fxrllf.exec:\1fxrllf.exe69⤵PID:4668
-
\??\c:\xlrrlrl.exec:\xlrrlrl.exe70⤵PID:2328
-
\??\c:\1nnttb.exec:\1nnttb.exe71⤵PID:3880
-
\??\c:\htbtnh.exec:\htbtnh.exe72⤵PID:3164
-
\??\c:\jvddp.exec:\jvddp.exe73⤵PID:4964
-
\??\c:\vjvvv.exec:\vjvvv.exe74⤵PID:3952
-
\??\c:\xxxxrll.exec:\xxxxrll.exe75⤵PID:452
-
\??\c:\1xlfrxf.exec:\1xlfrxf.exe76⤵PID:1752
-
\??\c:\nnttnt.exec:\nnttnt.exe77⤵PID:3776
-
\??\c:\jdjjj.exec:\jdjjj.exe78⤵PID:1744
-
\??\c:\djjdj.exec:\djjdj.exe79⤵PID:4692
-
\??\c:\rllfxrl.exec:\rllfxrl.exe80⤵PID:864
-
\??\c:\llxxrrl.exec:\llxxrrl.exe81⤵PID:2268
-
\??\c:\flfffll.exec:\flfffll.exe82⤵PID:2768
-
\??\c:\bnttnn.exec:\bnttnn.exe83⤵PID:1476
-
\??\c:\vjpvv.exec:\vjpvv.exe84⤵PID:1600
-
\??\c:\jjjjd.exec:\jjjjd.exe85⤵PID:1760
-
\??\c:\ffrrrrf.exec:\ffrrrrf.exe86⤵PID:4460
-
\??\c:\tnhhbb.exec:\tnhhbb.exe87⤵PID:3584
-
\??\c:\thnnnt.exec:\thnnnt.exe88⤵PID:4028
-
\??\c:\jjjjd.exec:\jjjjd.exe89⤵PID:880
-
\??\c:\jvddj.exec:\jvddj.exe90⤵PID:1200
-
\??\c:\fffxxxx.exec:\fffxxxx.exe91⤵PID:2592
-
\??\c:\rlxrlrl.exec:\rlxrlrl.exe92⤵PID:1920
-
\??\c:\thhntn.exec:\thhntn.exe93⤵PID:1388
-
\??\c:\vpvjd.exec:\vpvjd.exe94⤵PID:2352
-
\??\c:\jddjd.exec:\jddjd.exe95⤵PID:3792
-
\??\c:\frxrlrl.exec:\frxrlrl.exe96⤵PID:4536
-
\??\c:\3lllffx.exec:\3lllffx.exe97⤵PID:4332
-
\??\c:\tthhbb.exec:\tthhbb.exe98⤵PID:3948
-
\??\c:\dvdvp.exec:\dvdvp.exe99⤵PID:2316
-
\??\c:\dpvpj.exec:\dpvpj.exe100⤵PID:4392
-
\??\c:\9llffll.exec:\9llffll.exe101⤵PID:3264
-
\??\c:\rlffrlr.exec:\rlffrlr.exe102⤵PID:1880
-
\??\c:\nnbbhn.exec:\nnbbhn.exe103⤵PID:1316
-
\??\c:\bnnbnn.exec:\bnnbnn.exe104⤵PID:5024
-
\??\c:\pvvjv.exec:\pvvjv.exe105⤵PID:5036
-
\??\c:\jpjjv.exec:\jpjjv.exe106⤵PID:2392
-
\??\c:\5frrrrr.exec:\5frrrrr.exe107⤵PID:2988
-
\??\c:\rrllfrr.exec:\rrllfrr.exe108⤵PID:3000
-
\??\c:\nhtthh.exec:\nhtthh.exe109⤵PID:3148
-
\??\c:\pjpjv.exec:\pjpjv.exe110⤵PID:3180
-
\??\c:\pjdvv.exec:\pjdvv.exe111⤵PID:2928
-
\??\c:\1llffff.exec:\1llffff.exe112⤵PID:3872
-
\??\c:\flrrxfx.exec:\flrrxfx.exe113⤵PID:3416
-
\??\c:\tttnnn.exec:\tttnnn.exe114⤵PID:1924
-
\??\c:\nbhntn.exec:\nbhntn.exe115⤵PID:848
-
\??\c:\1djdv.exec:\1djdv.exe116⤵PID:688
-
\??\c:\dvdvp.exec:\dvdvp.exe117⤵PID:5032
-
\??\c:\ffrrrxf.exec:\ffrrrxf.exe118⤵PID:2560
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe119⤵PID:4744
-
\??\c:\9thhhh.exec:\9thhhh.exe120⤵PID:2232
-
\??\c:\hbhhbb.exec:\hbhhbb.exe121⤵PID:3768
-
\??\c:\9dvpp.exec:\9dvpp.exe122⤵PID:320
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-