Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe
-
Size
80KB
-
MD5
d21cc6347c13b05e708970b2272b9b00
-
SHA1
14e0ef66dd1aec7e4f02e51223e823b5c4745fb2
-
SHA256
54e9621b7292296660360a6710a18d9458a77e21348b0a21d8446d6a6a31da89
-
SHA512
c02022af7768403a44f18ea9a3e4d7d295f2f2186cf8090e9e79b808b04ce81bbf59d753d6dd3d2e4817a71ec19a49f40b139ba6fa23b18380271b31a088166b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5A:ymb3NkkiQ3mdBjFoLkmx/g8ZKzA
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/2240-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3036-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1304-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1304-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2800-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2676-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2784-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2888-288-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2388-279-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/284-262-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1680-252-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1196-226-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1580-189-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1572-181-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1980-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1068-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2072-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2168-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2500-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2648-61-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2648-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2660-42-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2660-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3036 rlxflxl.exe 1304 hntttb.exe 2660 vpvdp.exe 2608 lflrllx.exe 2648 xxrxffr.exe 2800 tnhtbn.exe 2676 9thntt.exe 2500 hbhntb.exe 2168 7dvdj.exe 2784 7ppvj.exe 2804 ffxflfr.exe 2148 frlrxrl.exe 2072 nhhbhh.exe 1068 hbthtb.exe 380 tnhhnt.exe 2748 dvppp.exe 1980 5jvvj.exe 1572 lxlxrrl.exe 1580 llrflxx.exe 2864 xrflrxf.exe 2172 tnhntb.exe 384 tbhtnt.exe 1196 jdjjp.exe 1928 3dvdd.exe 1100 fffrxlx.exe 1680 5frrxxf.exe 284 5fxlrxf.exe 1768 nbbbhn.exe 2388 bbtttt.exe 2888 dvddd.exe 2536 pjdjj.exe 1632 vvvvp.exe 2640 lfflrxf.exe 2548 rfrrxlx.exe 2652 nhtbnb.exe 2088 nbhbhn.exe 2712 bbbhtb.exe 2716 vpvvj.exe 2648 jjdjv.exe 2456 5xrffrf.exe 2720 rrflrxr.exe 2140 lfxflxf.exe 1992 xrflrxf.exe 2452 hbnbnn.exe 2932 7ttttb.exe 2812 1jjvd.exe 2628 vpdjj.exe 1360 vpvpd.exe 2592 rlrlrxl.exe 936 xxrxflr.exe 2504 fxllxfx.exe 1668 hbntbh.exe 1464 tthhnt.exe 872 nntbht.exe 2184 dpjpd.exe 2300 ppjjv.exe 1808 fxlrlxx.exe 692 ffxxrxl.exe 540 9lxxlfr.exe 1500 lflxxfl.exe 1348 tthtbn.exe 1156 tnntnt.exe 1084 1dvpd.exe 2840 dvpvd.exe -
resource yara_rule behavioral1/memory/2240-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3036-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1304-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1304-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1304-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2800-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2676-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2784-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2888-288-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2388-279-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/284-262-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1680-252-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1196-226-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1580-189-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1572-181-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1980-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1068-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2072-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2168-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2500-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2648-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2660-40-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2240 wrote to memory of 3036 2240 d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe 28 PID 2240 wrote to memory of 3036 2240 d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe 28 PID 2240 wrote to memory of 3036 2240 d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe 28 PID 2240 wrote to memory of 3036 2240 d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe 28 PID 3036 wrote to memory of 1304 3036 rlxflxl.exe 29 PID 3036 wrote to memory of 1304 3036 rlxflxl.exe 29 PID 3036 wrote to memory of 1304 3036 rlxflxl.exe 29 PID 3036 wrote to memory of 1304 3036 rlxflxl.exe 29 PID 1304 wrote to memory of 2660 1304 hntttb.exe 30 PID 1304 wrote to memory of 2660 1304 hntttb.exe 30 PID 1304 wrote to memory of 2660 1304 hntttb.exe 30 PID 1304 wrote to memory of 2660 1304 hntttb.exe 30 PID 2660 wrote to memory of 2608 2660 vpvdp.exe 31 PID 2660 wrote to memory of 2608 2660 vpvdp.exe 31 PID 2660 wrote to memory of 2608 2660 vpvdp.exe 31 PID 2660 wrote to memory of 2608 2660 vpvdp.exe 31 PID 2608 wrote to memory of 2648 2608 lflrllx.exe 32 PID 2608 wrote to memory of 2648 2608 lflrllx.exe 32 PID 2608 wrote to memory of 2648 2608 lflrllx.exe 32 PID 2608 wrote to memory of 2648 2608 lflrllx.exe 32 PID 2648 wrote to memory of 2800 2648 xxrxffr.exe 33 PID 2648 wrote to memory of 2800 2648 xxrxffr.exe 33 PID 2648 wrote to memory of 2800 2648 xxrxffr.exe 33 PID 2648 wrote to memory of 2800 2648 xxrxffr.exe 33 PID 2800 wrote to memory of 2676 2800 tnhtbn.exe 34 PID 2800 wrote to memory of 2676 2800 tnhtbn.exe 34 PID 2800 wrote to memory of 2676 2800 tnhtbn.exe 34 PID 2800 wrote to memory of 2676 2800 tnhtbn.exe 34 PID 2676 wrote to memory of 2500 2676 9thntt.exe 35 PID 2676 wrote to memory of 2500 2676 9thntt.exe 35 PID 2676 wrote to memory of 2500 2676 9thntt.exe 35 PID 2676 wrote to memory of 2500 2676 9thntt.exe 35 PID 2500 wrote to memory of 2168 2500 hbhntb.exe 36 PID 2500 wrote to memory of 2168 2500 hbhntb.exe 36 PID 2500 wrote to memory of 2168 2500 hbhntb.exe 36 PID 2500 wrote to memory of 2168 2500 hbhntb.exe 36 PID 2168 wrote to memory of 2784 2168 7dvdj.exe 37 PID 2168 wrote to memory of 2784 2168 7dvdj.exe 37 PID 2168 wrote to memory of 2784 2168 7dvdj.exe 37 PID 2168 wrote to memory of 2784 2168 7dvdj.exe 37 PID 2784 wrote to memory of 2804 2784 7ppvj.exe 38 PID 2784 wrote to memory of 2804 2784 7ppvj.exe 38 PID 2784 wrote to memory of 2804 2784 7ppvj.exe 38 PID 2784 wrote to memory of 2804 2784 7ppvj.exe 38 PID 2804 wrote to memory of 2148 2804 ffxflfr.exe 39 PID 2804 wrote to memory of 2148 2804 ffxflfr.exe 39 PID 2804 wrote to memory of 2148 2804 ffxflfr.exe 39 PID 2804 wrote to memory of 2148 2804 ffxflfr.exe 39 PID 2148 wrote to memory of 2072 2148 frlrxrl.exe 40 PID 2148 wrote to memory of 2072 2148 frlrxrl.exe 40 PID 2148 wrote to memory of 2072 2148 frlrxrl.exe 40 PID 2148 wrote to memory of 2072 2148 frlrxrl.exe 40 PID 2072 wrote to memory of 1068 2072 nhhbhh.exe 41 PID 2072 wrote to memory of 1068 2072 nhhbhh.exe 41 PID 2072 wrote to memory of 1068 2072 nhhbhh.exe 41 PID 2072 wrote to memory of 1068 2072 nhhbhh.exe 41 PID 1068 wrote to memory of 380 1068 hbthtb.exe 42 PID 1068 wrote to memory of 380 1068 hbthtb.exe 42 PID 1068 wrote to memory of 380 1068 hbthtb.exe 42 PID 1068 wrote to memory of 380 1068 hbthtb.exe 42 PID 380 wrote to memory of 2748 380 tnhhnt.exe 43 PID 380 wrote to memory of 2748 380 tnhhnt.exe 43 PID 380 wrote to memory of 2748 380 tnhhnt.exe 43 PID 380 wrote to memory of 2748 380 tnhhnt.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2240 -
\??\c:\rlxflxl.exec:\rlxflxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3036 -
\??\c:\hntttb.exec:\hntttb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1304 -
\??\c:\vpvdp.exec:\vpvdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2660 -
\??\c:\lflrllx.exec:\lflrllx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\xxrxffr.exec:\xxrxffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\tnhtbn.exec:\tnhtbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2800 -
\??\c:\9thntt.exec:\9thntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2676 -
\??\c:\hbhntb.exec:\hbhntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\7dvdj.exec:\7dvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2168 -
\??\c:\7ppvj.exec:\7ppvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\ffxflfr.exec:\ffxflfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2804 -
\??\c:\frlrxrl.exec:\frlrxrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2148 -
\??\c:\nhhbhh.exec:\nhhbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2072 -
\??\c:\hbthtb.exec:\hbthtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1068 -
\??\c:\tnhhnt.exec:\tnhhnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:380 -
\??\c:\dvppp.exec:\dvppp.exe17⤵
- Executes dropped EXE
PID:2748 -
\??\c:\5jvvj.exec:\5jvvj.exe18⤵
- Executes dropped EXE
PID:1980 -
\??\c:\lxlxrrl.exec:\lxlxrrl.exe19⤵
- Executes dropped EXE
PID:1572 -
\??\c:\llrflxx.exec:\llrflxx.exe20⤵
- Executes dropped EXE
PID:1580 -
\??\c:\xrflrxf.exec:\xrflrxf.exe21⤵
- Executes dropped EXE
PID:2864 -
\??\c:\tnhntb.exec:\tnhntb.exe22⤵
- Executes dropped EXE
PID:2172 -
\??\c:\tbhtnt.exec:\tbhtnt.exe23⤵
- Executes dropped EXE
PID:384 -
\??\c:\jdjjp.exec:\jdjjp.exe24⤵
- Executes dropped EXE
PID:1196 -
\??\c:\3dvdd.exec:\3dvdd.exe25⤵
- Executes dropped EXE
PID:1928 -
\??\c:\fffrxlx.exec:\fffrxlx.exe26⤵
- Executes dropped EXE
PID:1100 -
\??\c:\5frrxxf.exec:\5frrxxf.exe27⤵
- Executes dropped EXE
PID:1680 -
\??\c:\5fxlrxf.exec:\5fxlrxf.exe28⤵
- Executes dropped EXE
PID:284 -
\??\c:\nbbbhn.exec:\nbbbhn.exe29⤵
- Executes dropped EXE
PID:1768 -
\??\c:\bbtttt.exec:\bbtttt.exe30⤵
- Executes dropped EXE
PID:2388 -
\??\c:\dvddd.exec:\dvddd.exe31⤵
- Executes dropped EXE
PID:2888 -
\??\c:\pjdjj.exec:\pjdjj.exe32⤵
- Executes dropped EXE
PID:2536 -
\??\c:\vvvvp.exec:\vvvvp.exe33⤵
- Executes dropped EXE
PID:1632 -
\??\c:\lfflrxf.exec:\lfflrxf.exe34⤵
- Executes dropped EXE
PID:2640 -
\??\c:\rfrrxlx.exec:\rfrrxlx.exe35⤵
- Executes dropped EXE
PID:2548 -
\??\c:\nhtbnb.exec:\nhtbnb.exe36⤵
- Executes dropped EXE
PID:2652 -
\??\c:\nbhbhn.exec:\nbhbhn.exe37⤵
- Executes dropped EXE
PID:2088 -
\??\c:\bbbhtb.exec:\bbbhtb.exe38⤵
- Executes dropped EXE
PID:2712 -
\??\c:\vpvvj.exec:\vpvvj.exe39⤵
- Executes dropped EXE
PID:2716 -
\??\c:\jjdjv.exec:\jjdjv.exe40⤵
- Executes dropped EXE
PID:2648 -
\??\c:\5xrffrf.exec:\5xrffrf.exe41⤵
- Executes dropped EXE
PID:2456 -
\??\c:\rrflrxr.exec:\rrflrxr.exe42⤵
- Executes dropped EXE
PID:2720 -
\??\c:\lfxflxf.exec:\lfxflxf.exe43⤵
- Executes dropped EXE
PID:2140 -
\??\c:\xrflrxf.exec:\xrflrxf.exe44⤵
- Executes dropped EXE
PID:1992 -
\??\c:\hbnbnn.exec:\hbnbnn.exe45⤵
- Executes dropped EXE
PID:2452 -
\??\c:\7ttttb.exec:\7ttttb.exe46⤵
- Executes dropped EXE
PID:2932 -
\??\c:\1jjvd.exec:\1jjvd.exe47⤵
- Executes dropped EXE
PID:2812 -
\??\c:\vpdjj.exec:\vpdjj.exe48⤵
- Executes dropped EXE
PID:2628 -
\??\c:\vpvpd.exec:\vpvpd.exe49⤵
- Executes dropped EXE
PID:1360 -
\??\c:\rlrlrxl.exec:\rlrlrxl.exe50⤵
- Executes dropped EXE
PID:2592 -
\??\c:\xxrxflr.exec:\xxrxflr.exe51⤵
- Executes dropped EXE
PID:936 -
\??\c:\fxllxfx.exec:\fxllxfx.exe52⤵
- Executes dropped EXE
PID:2504 -
\??\c:\hbntbh.exec:\hbntbh.exe53⤵
- Executes dropped EXE
PID:1668 -
\??\c:\tthhnt.exec:\tthhnt.exe54⤵
- Executes dropped EXE
PID:1464 -
\??\c:\nntbht.exec:\nntbht.exe55⤵
- Executes dropped EXE
PID:872 -
\??\c:\dpjpd.exec:\dpjpd.exe56⤵
- Executes dropped EXE
PID:2184 -
\??\c:\ppjjv.exec:\ppjjv.exe57⤵
- Executes dropped EXE
PID:2300 -
\??\c:\fxlrlxx.exec:\fxlrlxx.exe58⤵
- Executes dropped EXE
PID:1808 -
\??\c:\ffxxrxl.exec:\ffxxrxl.exe59⤵
- Executes dropped EXE
PID:692 -
\??\c:\9lxxlfr.exec:\9lxxlfr.exe60⤵
- Executes dropped EXE
PID:540 -
\??\c:\lflxxfl.exec:\lflxxfl.exe61⤵
- Executes dropped EXE
PID:1500 -
\??\c:\tthtbn.exec:\tthtbn.exe62⤵
- Executes dropped EXE
PID:1348 -
\??\c:\tnntnt.exec:\tnntnt.exe63⤵
- Executes dropped EXE
PID:1156 -
\??\c:\1dvpd.exec:\1dvpd.exe64⤵
- Executes dropped EXE
PID:1084 -
\??\c:\dvpvd.exec:\dvpvd.exe65⤵
- Executes dropped EXE
PID:2840 -
\??\c:\ppvdj.exec:\ppvdj.exe66⤵PID:1984
-
\??\c:\xrffrfr.exec:\xrffrfr.exe67⤵PID:2308
-
\??\c:\lffflrx.exec:\lffflrx.exe68⤵PID:2272
-
\??\c:\ffxfrrf.exec:\ffxfrrf.exe69⤵PID:1460
-
\??\c:\3bbbhh.exec:\3bbbhh.exe70⤵PID:1740
-
\??\c:\nnnnnt.exec:\nnnnnt.exe71⤵PID:1624
-
\??\c:\nhbhhn.exec:\nhbhhn.exe72⤵PID:2796
-
\??\c:\pppvj.exec:\pppvj.exe73⤵PID:1324
-
\??\c:\3xrflxl.exec:\3xrflxl.exe74⤵PID:2128
-
\??\c:\dpdvv.exec:\dpdvv.exe75⤵PID:2672
-
\??\c:\llrrxxl.exec:\llrrxxl.exe76⤵PID:2560
-
\??\c:\hbttnt.exec:\hbttnt.exe77⤵PID:2612
-
\??\c:\5vppd.exec:\5vppd.exe78⤵PID:2464
-
\??\c:\pjvjv.exec:\pjvjv.exe79⤵PID:3016
-
\??\c:\xrfxxfr.exec:\xrfxxfr.exe80⤵PID:2568
-
\??\c:\3thnhh.exec:\3thnhh.exe81⤵PID:2468
-
\??\c:\djjjv.exec:\djjjv.exe82⤵PID:2920
-
\??\c:\vpddj.exec:\vpddj.exe83⤵PID:2516
-
\??\c:\fxrxrxr.exec:\fxrxrxr.exe84⤵PID:2708
-
\??\c:\bthnbb.exec:\bthnbb.exe85⤵PID:3000
-
\??\c:\pjvpv.exec:\pjvpv.exe86⤵PID:2904
-
\??\c:\xrfflfl.exec:\xrfflfl.exe87⤵PID:2432
-
\??\c:\tnnnbn.exec:\tnnnbn.exe88⤵PID:2544
-
\??\c:\ddpdp.exec:\ddpdp.exe89⤵PID:2000
-
\??\c:\llffrlx.exec:\llffrlx.exe90⤵PID:2472
-
\??\c:\bbttbt.exec:\bbttbt.exe91⤵PID:2012
-
\??\c:\5pdjd.exec:\5pdjd.exe92⤵PID:2700
-
\??\c:\pdddj.exec:\pdddj.exe93⤵PID:3004
-
\??\c:\7hntht.exec:\7hntht.exe94⤵PID:1660
-
\??\c:\vvpvd.exec:\vvpvd.exe95⤵PID:1552
-
\??\c:\fxlrllr.exec:\fxlrllr.exe96⤵PID:2756
-
\??\c:\bbbntb.exec:\bbbntb.exe97⤵PID:1996
-
\??\c:\7thhht.exec:\7thhht.exe98⤵PID:2844
-
\??\c:\nnbnbn.exec:\nnbnbn.exe99⤵PID:600
-
\??\c:\dvddj.exec:\dvddj.exe100⤵PID:564
-
\??\c:\vvjpj.exec:\vvjpj.exe101⤵PID:588
-
\??\c:\rlxxlrr.exec:\rlxxlrr.exe102⤵PID:856
-
\??\c:\rllrxxr.exec:\rllrxxr.exe103⤵PID:1128
-
\??\c:\7xxlrxl.exec:\7xxlrxl.exe104⤵PID:1160
-
\??\c:\9hbthn.exec:\9hbthn.exe105⤵PID:276
-
\??\c:\hhttnt.exec:\hhttnt.exe106⤵PID:2392
-
\??\c:\vpdjv.exec:\vpdjv.exe107⤵PID:284
-
\??\c:\vvvjv.exec:\vvvjv.exe108⤵PID:1312
-
\??\c:\fxlrffr.exec:\fxlrffr.exe109⤵PID:2412
-
\??\c:\rllrllx.exec:\rllrllx.exe110⤵PID:1280
-
\??\c:\tnbhbn.exec:\tnbhbn.exe111⤵PID:2740
-
\??\c:\nntnbh.exec:\nntnbh.exe112⤵PID:3032
-
\??\c:\nnbnbh.exec:\nnbnbh.exe113⤵PID:2940
-
\??\c:\vpddj.exec:\vpddj.exe114⤵PID:3040
-
\??\c:\1vvpv.exec:\1vvpv.exe115⤵PID:2684
-
\??\c:\lfrrffr.exec:\lfrrffr.exe116⤵PID:2080
-
\??\c:\rrrllrl.exec:\rrrllrl.exe117⤵PID:1684
-
\??\c:\nhtnhh.exec:\nhtnhh.exe118⤵PID:1620
-
\??\c:\9nhttb.exec:\9nhttb.exe119⤵PID:884
-
\??\c:\jdpvd.exec:\jdpvd.exe120⤵PID:1044
-
\??\c:\pjppv.exec:\pjppv.exe121⤵PID:2648
-
\??\c:\xrxfrrf.exec:\xrxfrrf.exe122⤵PID:2456
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-