Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe
-
Size
277KB
-
MD5
d1ee59a92917dd10adf2589ac66a12d0
-
SHA1
1e843e956d1360f249380b3550be08a348ec4f42
-
SHA256
04ee4cd7e7574936b9aea6ee2cdd1fbcbb2fc1b0a9e4e2c2e43ef1450e88a9fc
-
SHA512
622793da1593174234ac95d253edfc5826ffff8f4d54ba0e30ad039fdbe6c570c07c77dbeb358e516cd1c8590bf7be22072f0c41fd47f0fe1d9448f19c2b111c
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7Vveme:n3C9uYA71kSMuk
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral2/memory/940-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1032-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4364-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5064-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2420-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4576-49-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1388-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4728-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1620-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1460-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/996-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4180-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3196-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/756-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4584-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4296-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1380-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1648-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2052-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4028-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4824-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4364 xrxffll.exe 1032 hhnnhh.exe 5064 bnnntt.exe 2420 jpddv.exe 1388 llxrrfl.exe 4576 ttbbbb.exe 2728 pdpjj.exe 4728 lfffrxl.exe 1620 vpvvv.exe 1460 rlrrlll.exe 996 httnnn.exe 4180 jpjdv.exe 3196 dvvvv.exe 4948 lffffff.exe 756 tbbtbh.exe 4584 pjddj.exe 452 hhttht.exe 384 5ppjj.exe 4296 fxfxxxx.exe 1380 vvppj.exe 2304 7pvdd.exe 4832 nhttnn.exe 1648 dvdvd.exe 3684 xrxrfll.exe 4848 rxrxrrl.exe 2052 jdpdd.exe 4028 xfffxrr.exe 1876 nbnnnn.exe 2008 fxffrxx.exe 1252 frffxxx.exe 4824 nhtnhh.exe 1156 5vddv.exe 4420 ntbttt.exe 2360 bntbth.exe 2936 dpppj.exe 4620 lfxxrrl.exe 1256 btbtnb.exe 3008 5tnhbn.exe 4364 dvjjj.exe 3028 hhhhbb.exe 1092 nbtthh.exe 3052 fflffxl.exe 1400 fxxrrff.exe 4972 hnttnb.exe 2204 vppjd.exe 2892 3frllfl.exe 3532 nnnntt.exe 3868 5btnbb.exe 4772 djpjd.exe 1396 3ntnhn.exe 512 bttnbb.exe 4924 pddvp.exe 3520 3xxxxrx.exe 3676 htntbb.exe 3656 vjpdv.exe 1768 jppdj.exe 3196 lrrlfll.exe 1532 ttbtbn.exe 948 vvjdd.exe 4132 1jjvp.exe 5060 frrlfxr.exe 1280 hhnnhh.exe 1424 9thbbb.exe 1836 7dpdj.exe -
resource yara_rule behavioral2/memory/940-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1032-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4364-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5064-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5064-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5064-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5064-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2420-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4576-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1388-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4728-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4728-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1620-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1460-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1620-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1620-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/996-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4180-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3196-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/756-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4584-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4296-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1380-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1648-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2052-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4028-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4824-208-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 940 wrote to memory of 4364 940 d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe 82 PID 940 wrote to memory of 4364 940 d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe 82 PID 940 wrote to memory of 4364 940 d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe 82 PID 4364 wrote to memory of 1032 4364 xrxffll.exe 83 PID 4364 wrote to memory of 1032 4364 xrxffll.exe 83 PID 4364 wrote to memory of 1032 4364 xrxffll.exe 83 PID 1032 wrote to memory of 5064 1032 hhnnhh.exe 84 PID 1032 wrote to memory of 5064 1032 hhnnhh.exe 84 PID 1032 wrote to memory of 5064 1032 hhnnhh.exe 84 PID 5064 wrote to memory of 2420 5064 bnnntt.exe 85 PID 5064 wrote to memory of 2420 5064 bnnntt.exe 85 PID 5064 wrote to memory of 2420 5064 bnnntt.exe 85 PID 2420 wrote to memory of 1388 2420 jpddv.exe 86 PID 2420 wrote to memory of 1388 2420 jpddv.exe 86 PID 2420 wrote to memory of 1388 2420 jpddv.exe 86 PID 1388 wrote to memory of 4576 1388 llxrrfl.exe 87 PID 1388 wrote to memory of 4576 1388 llxrrfl.exe 87 PID 1388 wrote to memory of 4576 1388 llxrrfl.exe 87 PID 4576 wrote to memory of 2728 4576 ttbbbb.exe 88 PID 4576 wrote to memory of 2728 4576 ttbbbb.exe 88 PID 4576 wrote to memory of 2728 4576 ttbbbb.exe 88 PID 2728 wrote to memory of 4728 2728 pdpjj.exe 89 PID 2728 wrote to memory of 4728 2728 pdpjj.exe 89 PID 2728 wrote to memory of 4728 2728 pdpjj.exe 89 PID 4728 wrote to memory of 1620 4728 lfffrxl.exe 91 PID 4728 wrote to memory of 1620 4728 lfffrxl.exe 91 PID 4728 wrote to memory of 1620 4728 lfffrxl.exe 91 PID 1620 wrote to memory of 1460 1620 vpvvv.exe 92 PID 1620 wrote to memory of 1460 1620 vpvvv.exe 92 PID 1620 wrote to memory of 1460 1620 vpvvv.exe 92 PID 1460 wrote to memory of 996 1460 rlrrlll.exe 93 PID 1460 wrote to memory of 996 1460 rlrrlll.exe 93 PID 1460 wrote to memory of 996 1460 rlrrlll.exe 93 PID 996 wrote to memory of 4180 996 httnnn.exe 94 PID 996 wrote to memory of 4180 996 httnnn.exe 94 PID 996 wrote to memory of 4180 996 httnnn.exe 94 PID 4180 wrote to memory of 3196 4180 jpjdv.exe 96 PID 4180 wrote to memory of 3196 4180 jpjdv.exe 96 PID 4180 wrote to memory of 3196 4180 jpjdv.exe 96 PID 3196 wrote to memory of 4948 3196 dvvvv.exe 98 PID 3196 wrote to memory of 4948 3196 dvvvv.exe 98 PID 3196 wrote to memory of 4948 3196 dvvvv.exe 98 PID 4948 wrote to memory of 756 4948 lffffff.exe 99 PID 4948 wrote to memory of 756 4948 lffffff.exe 99 PID 4948 wrote to memory of 756 4948 lffffff.exe 99 PID 756 wrote to memory of 4584 756 tbbtbh.exe 100 PID 756 wrote to memory of 4584 756 tbbtbh.exe 100 PID 756 wrote to memory of 4584 756 tbbtbh.exe 100 PID 4584 wrote to memory of 452 4584 pjddj.exe 101 PID 4584 wrote to memory of 452 4584 pjddj.exe 101 PID 4584 wrote to memory of 452 4584 pjddj.exe 101 PID 452 wrote to memory of 384 452 hhttht.exe 102 PID 452 wrote to memory of 384 452 hhttht.exe 102 PID 452 wrote to memory of 384 452 hhttht.exe 102 PID 384 wrote to memory of 4296 384 5ppjj.exe 103 PID 384 wrote to memory of 4296 384 5ppjj.exe 103 PID 384 wrote to memory of 4296 384 5ppjj.exe 103 PID 4296 wrote to memory of 1380 4296 fxfxxxx.exe 104 PID 4296 wrote to memory of 1380 4296 fxfxxxx.exe 104 PID 4296 wrote to memory of 1380 4296 fxfxxxx.exe 104 PID 1380 wrote to memory of 2304 1380 vvppj.exe 105 PID 1380 wrote to memory of 2304 1380 vvppj.exe 105 PID 1380 wrote to memory of 2304 1380 vvppj.exe 105 PID 2304 wrote to memory of 4832 2304 7pvdd.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d1ee59a92917dd10adf2589ac66a12d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:940 -
\??\c:\xrxffll.exec:\xrxffll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4364 -
\??\c:\hhnnhh.exec:\hhnnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1032 -
\??\c:\bnnntt.exec:\bnnntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5064 -
\??\c:\jpddv.exec:\jpddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\llxrrfl.exec:\llxrrfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1388 -
\??\c:\ttbbbb.exec:\ttbbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4576 -
\??\c:\pdpjj.exec:\pdpjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2728 -
\??\c:\lfffrxl.exec:\lfffrxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4728 -
\??\c:\vpvvv.exec:\vpvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1620 -
\??\c:\rlrrlll.exec:\rlrrlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1460 -
\??\c:\httnnn.exec:\httnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:996 -
\??\c:\jpjdv.exec:\jpjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4180 -
\??\c:\dvvvv.exec:\dvvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3196 -
\??\c:\lffffff.exec:\lffffff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4948 -
\??\c:\tbbtbh.exec:\tbbtbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:756 -
\??\c:\pjddj.exec:\pjddj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4584 -
\??\c:\hhttht.exec:\hhttht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:452 -
\??\c:\5ppjj.exec:\5ppjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:384 -
\??\c:\fxfxxxx.exec:\fxfxxxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4296 -
\??\c:\vvppj.exec:\vvppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1380 -
\??\c:\7pvdd.exec:\7pvdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2304 -
\??\c:\nhttnn.exec:\nhttnn.exe23⤵
- Executes dropped EXE
PID:4832 -
\??\c:\dvdvd.exec:\dvdvd.exe24⤵
- Executes dropped EXE
PID:1648 -
\??\c:\xrxrfll.exec:\xrxrfll.exe25⤵
- Executes dropped EXE
PID:3684 -
\??\c:\rxrxrrl.exec:\rxrxrrl.exe26⤵
- Executes dropped EXE
PID:4848 -
\??\c:\jdpdd.exec:\jdpdd.exe27⤵
- Executes dropped EXE
PID:2052 -
\??\c:\xfffxrr.exec:\xfffxrr.exe28⤵
- Executes dropped EXE
PID:4028 -
\??\c:\nbnnnn.exec:\nbnnnn.exe29⤵
- Executes dropped EXE
PID:1876 -
\??\c:\fxffrxx.exec:\fxffrxx.exe30⤵
- Executes dropped EXE
PID:2008 -
\??\c:\frffxxx.exec:\frffxxx.exe31⤵
- Executes dropped EXE
PID:1252 -
\??\c:\nhtnhh.exec:\nhtnhh.exe32⤵
- Executes dropped EXE
PID:4824 -
\??\c:\5vddv.exec:\5vddv.exe33⤵
- Executes dropped EXE
PID:1156 -
\??\c:\ntbttt.exec:\ntbttt.exe34⤵
- Executes dropped EXE
PID:4420 -
\??\c:\bntbth.exec:\bntbth.exe35⤵
- Executes dropped EXE
PID:2360 -
\??\c:\dpppj.exec:\dpppj.exe36⤵
- Executes dropped EXE
PID:2936 -
\??\c:\lfxxrrl.exec:\lfxxrrl.exe37⤵
- Executes dropped EXE
PID:4620 -
\??\c:\btbtnb.exec:\btbtnb.exe38⤵
- Executes dropped EXE
PID:1256 -
\??\c:\5tnhbn.exec:\5tnhbn.exe39⤵
- Executes dropped EXE
PID:3008 -
\??\c:\dvjjj.exec:\dvjjj.exe40⤵
- Executes dropped EXE
PID:4364 -
\??\c:\hhhhbb.exec:\hhhhbb.exe41⤵
- Executes dropped EXE
PID:3028 -
\??\c:\nbtthh.exec:\nbtthh.exe42⤵
- Executes dropped EXE
PID:1092 -
\??\c:\fflffxl.exec:\fflffxl.exe43⤵
- Executes dropped EXE
PID:3052 -
\??\c:\fxxrrff.exec:\fxxrrff.exe44⤵
- Executes dropped EXE
PID:1400 -
\??\c:\hnttnb.exec:\hnttnb.exe45⤵
- Executes dropped EXE
PID:4972 -
\??\c:\vppjd.exec:\vppjd.exe46⤵
- Executes dropped EXE
PID:2204 -
\??\c:\3frllfl.exec:\3frllfl.exe47⤵
- Executes dropped EXE
PID:2892 -
\??\c:\nnnntt.exec:\nnnntt.exe48⤵
- Executes dropped EXE
PID:3532 -
\??\c:\5btnbb.exec:\5btnbb.exe49⤵
- Executes dropped EXE
PID:3868 -
\??\c:\djpjd.exec:\djpjd.exe50⤵
- Executes dropped EXE
PID:4772 -
\??\c:\3ntnhn.exec:\3ntnhn.exe51⤵
- Executes dropped EXE
PID:1396 -
\??\c:\bttnbb.exec:\bttnbb.exe52⤵
- Executes dropped EXE
PID:512 -
\??\c:\pddvp.exec:\pddvp.exe53⤵
- Executes dropped EXE
PID:4924 -
\??\c:\3xxxxrx.exec:\3xxxxrx.exe54⤵
- Executes dropped EXE
PID:3520 -
\??\c:\htntbb.exec:\htntbb.exe55⤵
- Executes dropped EXE
PID:3676 -
\??\c:\vjpdv.exec:\vjpdv.exe56⤵
- Executes dropped EXE
PID:3656 -
\??\c:\jppdj.exec:\jppdj.exe57⤵
- Executes dropped EXE
PID:1768 -
\??\c:\lrrlfll.exec:\lrrlfll.exe58⤵
- Executes dropped EXE
PID:3196 -
\??\c:\ttbtbn.exec:\ttbtbn.exe59⤵
- Executes dropped EXE
PID:1532 -
\??\c:\vvjdd.exec:\vvjdd.exe60⤵
- Executes dropped EXE
PID:948 -
\??\c:\1jjvp.exec:\1jjvp.exe61⤵
- Executes dropped EXE
PID:4132 -
\??\c:\frrlfxr.exec:\frrlfxr.exe62⤵
- Executes dropped EXE
PID:5060 -
\??\c:\hhnnhh.exec:\hhnnhh.exe63⤵
- Executes dropped EXE
PID:1280 -
\??\c:\9thbbb.exec:\9thbbb.exe64⤵
- Executes dropped EXE
PID:1424 -
\??\c:\7dpdj.exec:\7dpdj.exe65⤵
- Executes dropped EXE
PID:1836 -
\??\c:\flffrrx.exec:\flffrrx.exe66⤵PID:2524
-
\??\c:\xflxrlf.exec:\xflxrlf.exe67⤵PID:4532
-
\??\c:\ppdjd.exec:\ppdjd.exe68⤵PID:1380
-
\??\c:\5lrlxxf.exec:\5lrlxxf.exe69⤵PID:2516
-
\??\c:\btbttt.exec:\btbttt.exe70⤵PID:4488
-
\??\c:\bbnhnb.exec:\bbnhnb.exe71⤵PID:3204
-
\??\c:\vvdvj.exec:\vvdvj.exe72⤵PID:4032
-
\??\c:\5rlfxxr.exec:\5rlfxxr.exe73⤵PID:4108
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe74⤵PID:2052
-
\??\c:\tnbthb.exec:\tnbthb.exe75⤵PID:2900
-
\??\c:\vpvvp.exec:\vpvvp.exe76⤵PID:800
-
\??\c:\dvpjd.exec:\dvpjd.exe77⤵PID:3776
-
\??\c:\rxlxrrf.exec:\rxlxrrf.exe78⤵PID:364
-
\??\c:\nnhhnn.exec:\nnhhnn.exe79⤵PID:1240
-
\??\c:\bnnnnt.exec:\bnnnnt.exe80⤵PID:1552
-
\??\c:\dpdvp.exec:\dpdvp.exe81⤵PID:3960
-
\??\c:\jppjj.exec:\jppjj.exe82⤵PID:4444
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe83⤵PID:1692
-
\??\c:\nnhnnh.exec:\nnhnnh.exe84⤵PID:940
-
\??\c:\jppjd.exec:\jppjd.exe85⤵PID:3972
-
\??\c:\lxffxxr.exec:\lxffxxr.exe86⤵PID:3008
-
\??\c:\3xffflx.exec:\3xffflx.exe87⤵PID:4364
-
\??\c:\tbhbtt.exec:\tbhbtt.exe88⤵PID:1420
-
\??\c:\jjjjj.exec:\jjjjj.exe89⤵PID:1276
-
\??\c:\vppdv.exec:\vppdv.exe90⤵PID:2112
-
\??\c:\frxrrll.exec:\frxrrll.exe91⤵PID:3144
-
\??\c:\hhtttb.exec:\hhtttb.exe92⤵PID:2852
-
\??\c:\htthbh.exec:\htthbh.exe93⤵PID:1268
-
\??\c:\vvjdj.exec:\vvjdj.exe94⤵PID:3496
-
\??\c:\ffrlfxf.exec:\ffrlfxf.exe95⤵PID:2764
-
\??\c:\nttnnn.exec:\nttnnn.exe96⤵PID:2484
-
\??\c:\vvvpp.exec:\vvvpp.exe97⤵PID:4308
-
\??\c:\llflxxx.exec:\llflxxx.exe98⤵PID:5036
-
\??\c:\xllrfff.exec:\xllrfff.exe99⤵PID:3920
-
\??\c:\httbnt.exec:\httbnt.exe100⤵PID:4652
-
\??\c:\djdvp.exec:\djdvp.exe101⤵PID:3656
-
\??\c:\5vdpj.exec:\5vdpj.exe102⤵PID:1768
-
\??\c:\lxffxxr.exec:\lxffxxr.exe103⤵PID:3196
-
\??\c:\hbthbt.exec:\hbthbt.exe104⤵PID:756
-
\??\c:\1hnhbb.exec:\1hnhbb.exe105⤵PID:1672
-
\??\c:\ppvpp.exec:\ppvpp.exe106⤵PID:1356
-
\??\c:\7vdvj.exec:\7vdvj.exe107⤵PID:1424
-
\??\c:\rllxrrx.exec:\rllxrrx.exe108⤵PID:1836
-
\??\c:\lflxxlf.exec:\lflxxlf.exe109⤵PID:4756
-
\??\c:\nthhtt.exec:\nthhtt.exe110⤵PID:1648
-
\??\c:\vjvpj.exec:\vjvpj.exe111⤵PID:4488
-
\??\c:\3jjvp.exec:\3jjvp.exe112⤵PID:4800
-
\??\c:\lrfxxxx.exec:\lrfxxxx.exe113⤵PID:3056
-
\??\c:\hhbtnh.exec:\hhbtnh.exe114⤵PID:2336
-
\??\c:\bbbtnt.exec:\bbbtnt.exe115⤵PID:2340
-
\??\c:\dvpjv.exec:\dvpjv.exe116⤵PID:3732
-
\??\c:\jdvpv.exec:\jdvpv.exe117⤵PID:3632
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe118⤵PID:548
-
\??\c:\5bhbtn.exec:\5bhbtn.exe119⤵PID:1844
-
\??\c:\ppdvp.exec:\ppdvp.exe120⤵PID:544
-
\??\c:\ffxfxxx.exec:\ffxfxxx.exe121⤵PID:2360
-
\??\c:\bbtnhb.exec:\bbtnhb.exe122⤵PID:876
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-