Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe
-
Size
80KB
-
MD5
d21cc6347c13b05e708970b2272b9b00
-
SHA1
14e0ef66dd1aec7e4f02e51223e823b5c4745fb2
-
SHA256
54e9621b7292296660360a6710a18d9458a77e21348b0a21d8446d6a6a31da89
-
SHA512
c02022af7768403a44f18ea9a3e4d7d295f2f2186cf8090e9e79b808b04ce81bbf59d753d6dd3d2e4817a71ec19a49f40b139ba6fa23b18380271b31a088166b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5A:ymb3NkkiQ3mdBjFoLkmx/g8ZKzA
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral2/memory/3812-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/208-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3024-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/436-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2152-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4140-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4144-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/520-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2204-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4044-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4660-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3020-198-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4696-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/968-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/872-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4236-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3012-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3044-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1164-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3776-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3808-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3596-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1560-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 208 1dvvv.exe 1560 xflxrrl.exe 3596 flrxxll.exe 3024 hnntnn.exe 3808 bttnnh.exe 1772 pjpvj.exe 3776 fxrrrlx.exe 436 xxrrrxr.exe 4272 bhbbhh.exe 2152 ppjjp.exe 1164 vdppv.exe 2412 rxrrfxx.exe 4140 xrxrlrl.exe 4144 hnbbhn.exe 520 1vppj.exe 3432 9ffflrr.exe 4420 xrrrrlf.exe 4868 thhnhn.exe 3044 bnhttn.exe 3012 vpvvv.exe 380 llllxxl.exe 4236 lrffllr.exe 872 btbbhn.exe 968 ppvjd.exe 2204 vjpjd.exe 4044 rfrrrxx.exe 4696 9fxlxlf.exe 4964 thnttb.exe 1752 dpppv.exe 3020 pvdvp.exe 4660 xfxxrrx.exe 2320 xffxxxr.exe 4564 hbhbhh.exe 3856 hbbbbh.exe 3272 ppdjd.exe 5008 jjpvv.exe 2156 rrrrrxx.exe 4840 xflrrrr.exe 1812 hhnttt.exe 1456 jdddd.exe 860 jppdd.exe 2360 fxxrrlr.exe 2724 fflxrxr.exe 4540 htbbnt.exe 2712 1tbhhh.exe 4472 djvjv.exe 2324 lrfxllf.exe 3456 lfrrffr.exe 3216 bhnnnn.exe 4836 nthhtt.exe 2400 jvjdp.exe 2152 vvddv.exe 3992 llrlxxr.exe 2904 rrlfxrr.exe 4140 nhnnhb.exe 4040 7nbtnh.exe 1032 5pjdd.exe 3568 djjjd.exe 1036 rxrrrrl.exe 4524 ffrlfxr.exe 4420 tbhhhh.exe 3312 nnhhbh.exe 2020 ppddd.exe 380 dvvvp.exe -
resource yara_rule behavioral2/memory/3812-7-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/208-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3024-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/436-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2152-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2152-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4140-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4144-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/520-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2204-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4044-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4660-204-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3020-198-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4696-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/968-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/872-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4236-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3012-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3044-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1164-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2152-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2152-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3776-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3808-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3596-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1560-19-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3812 wrote to memory of 208 3812 d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe 574 PID 3812 wrote to memory of 208 3812 d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe 574 PID 3812 wrote to memory of 208 3812 d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe 574 PID 208 wrote to memory of 1560 208 1dvvv.exe 84 PID 208 wrote to memory of 1560 208 1dvvv.exe 84 PID 208 wrote to memory of 1560 208 1dvvv.exe 84 PID 1560 wrote to memory of 3596 1560 xflxrrl.exe 85 PID 1560 wrote to memory of 3596 1560 xflxrrl.exe 85 PID 1560 wrote to memory of 3596 1560 xflxrrl.exe 85 PID 3596 wrote to memory of 3024 3596 flrxxll.exe 86 PID 3596 wrote to memory of 3024 3596 flrxxll.exe 86 PID 3596 wrote to memory of 3024 3596 flrxxll.exe 86 PID 3024 wrote to memory of 3808 3024 hnntnn.exe 87 PID 3024 wrote to memory of 3808 3024 hnntnn.exe 87 PID 3024 wrote to memory of 3808 3024 hnntnn.exe 87 PID 3808 wrote to memory of 1772 3808 bttnnh.exe 456 PID 3808 wrote to memory of 1772 3808 bttnnh.exe 456 PID 3808 wrote to memory of 1772 3808 bttnnh.exe 456 PID 1772 wrote to memory of 3776 1772 pjpvj.exe 89 PID 1772 wrote to memory of 3776 1772 pjpvj.exe 89 PID 1772 wrote to memory of 3776 1772 pjpvj.exe 89 PID 3776 wrote to memory of 436 3776 fxrrrlx.exe 90 PID 3776 wrote to memory of 436 3776 fxrrrlx.exe 90 PID 3776 wrote to memory of 436 3776 fxrrrlx.exe 90 PID 436 wrote to memory of 4272 436 xxrrrxr.exe 91 PID 436 wrote to memory of 4272 436 xxrrrxr.exe 91 PID 436 wrote to memory of 4272 436 xxrrrxr.exe 91 PID 4272 wrote to memory of 2152 4272 bhbbhh.exe 92 PID 4272 wrote to memory of 2152 4272 bhbbhh.exe 92 PID 4272 wrote to memory of 2152 4272 bhbbhh.exe 92 PID 2152 wrote to memory of 1164 2152 ppjjp.exe 93 PID 2152 wrote to memory of 1164 2152 ppjjp.exe 93 PID 2152 wrote to memory of 1164 2152 ppjjp.exe 93 PID 1164 wrote to memory of 2412 1164 vdppv.exe 94 PID 1164 wrote to memory of 2412 1164 vdppv.exe 94 PID 1164 wrote to memory of 2412 1164 vdppv.exe 94 PID 2412 wrote to memory of 4140 2412 rxrrfxx.exe 95 PID 2412 wrote to memory of 4140 2412 rxrrfxx.exe 95 PID 2412 wrote to memory of 4140 2412 rxrrfxx.exe 95 PID 4140 wrote to memory of 4144 4140 xrxrlrl.exe 96 PID 4140 wrote to memory of 4144 4140 xrxrlrl.exe 96 PID 4140 wrote to memory of 4144 4140 xrxrlrl.exe 96 PID 4144 wrote to memory of 520 4144 hnbbhn.exe 97 PID 4144 wrote to memory of 520 4144 hnbbhn.exe 97 PID 4144 wrote to memory of 520 4144 hnbbhn.exe 97 PID 520 wrote to memory of 3432 520 1vppj.exe 98 PID 520 wrote to memory of 3432 520 1vppj.exe 98 PID 520 wrote to memory of 3432 520 1vppj.exe 98 PID 3432 wrote to memory of 4420 3432 9ffflrr.exe 913 PID 3432 wrote to memory of 4420 3432 9ffflrr.exe 913 PID 3432 wrote to memory of 4420 3432 9ffflrr.exe 913 PID 4420 wrote to memory of 4868 4420 xrrrrlf.exe 100 PID 4420 wrote to memory of 4868 4420 xrrrrlf.exe 100 PID 4420 wrote to memory of 4868 4420 xrrrrlf.exe 100 PID 4868 wrote to memory of 3044 4868 thhnhn.exe 101 PID 4868 wrote to memory of 3044 4868 thhnhn.exe 101 PID 4868 wrote to memory of 3044 4868 thhnhn.exe 101 PID 3044 wrote to memory of 3012 3044 bnhttn.exe 102 PID 3044 wrote to memory of 3012 3044 bnhttn.exe 102 PID 3044 wrote to memory of 3012 3044 bnhttn.exe 102 PID 3012 wrote to memory of 380 3012 vpvvv.exe 103 PID 3012 wrote to memory of 380 3012 vpvvv.exe 103 PID 3012 wrote to memory of 380 3012 vpvvv.exe 103 PID 380 wrote to memory of 4236 380 llllxxl.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d21cc6347c13b05e708970b2272b9b00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3812 -
\??\c:\1dvvv.exec:\1dvvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:208 -
\??\c:\xflxrrl.exec:\xflxrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1560 -
\??\c:\flrxxll.exec:\flrxxll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3596 -
\??\c:\hnntnn.exec:\hnntnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3024 -
\??\c:\bttnnh.exec:\bttnnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3808 -
\??\c:\pjpvj.exec:\pjpvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1772 -
\??\c:\fxrrrlx.exec:\fxrrrlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3776 -
\??\c:\xxrrrxr.exec:\xxrrrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:436 -
\??\c:\bhbbhh.exec:\bhbbhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4272 -
\??\c:\ppjjp.exec:\ppjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2152 -
\??\c:\vdppv.exec:\vdppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1164 -
\??\c:\rxrrfxx.exec:\rxrrfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\xrxrlrl.exec:\xrxrlrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4140 -
\??\c:\hnbbhn.exec:\hnbbhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4144 -
\??\c:\1vppj.exec:\1vppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:520 -
\??\c:\9ffflrr.exec:\9ffflrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3432 -
\??\c:\xrrrrlf.exec:\xrrrrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4420 -
\??\c:\thhnhn.exec:\thhnhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4868 -
\??\c:\bnhttn.exec:\bnhttn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3044 -
\??\c:\vpvvv.exec:\vpvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3012 -
\??\c:\llllxxl.exec:\llllxxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:380 -
\??\c:\lrffllr.exec:\lrffllr.exe23⤵
- Executes dropped EXE
PID:4236 -
\??\c:\btbbhn.exec:\btbbhn.exe24⤵
- Executes dropped EXE
PID:872 -
\??\c:\ppvjd.exec:\ppvjd.exe25⤵
- Executes dropped EXE
PID:968 -
\??\c:\vjpjd.exec:\vjpjd.exe26⤵
- Executes dropped EXE
PID:2204 -
\??\c:\rfrrrxx.exec:\rfrrrxx.exe27⤵
- Executes dropped EXE
PID:4044 -
\??\c:\9fxlxlf.exec:\9fxlxlf.exe28⤵
- Executes dropped EXE
PID:4696 -
\??\c:\thnttb.exec:\thnttb.exe29⤵
- Executes dropped EXE
PID:4964 -
\??\c:\dpppv.exec:\dpppv.exe30⤵
- Executes dropped EXE
PID:1752 -
\??\c:\pvdvp.exec:\pvdvp.exe31⤵
- Executes dropped EXE
PID:3020 -
\??\c:\xfxxrrx.exec:\xfxxrrx.exe32⤵
- Executes dropped EXE
PID:4660 -
\??\c:\xffxxxr.exec:\xffxxxr.exe33⤵
- Executes dropped EXE
PID:2320 -
\??\c:\hbhbhh.exec:\hbhbhh.exe34⤵
- Executes dropped EXE
PID:4564 -
\??\c:\hbbbbh.exec:\hbbbbh.exe35⤵
- Executes dropped EXE
PID:3856 -
\??\c:\ppdjd.exec:\ppdjd.exe36⤵
- Executes dropped EXE
PID:3272 -
\??\c:\jjpvv.exec:\jjpvv.exe37⤵
- Executes dropped EXE
PID:5008 -
\??\c:\rrrrrxx.exec:\rrrrrxx.exe38⤵
- Executes dropped EXE
PID:2156 -
\??\c:\xflrrrr.exec:\xflrrrr.exe39⤵
- Executes dropped EXE
PID:4840 -
\??\c:\hhnttt.exec:\hhnttt.exe40⤵
- Executes dropped EXE
PID:1812 -
\??\c:\jdddd.exec:\jdddd.exe41⤵
- Executes dropped EXE
PID:1456 -
\??\c:\jppdd.exec:\jppdd.exe42⤵
- Executes dropped EXE
PID:860 -
\??\c:\fxxrrlr.exec:\fxxrrlr.exe43⤵
- Executes dropped EXE
PID:2360 -
\??\c:\fflxrxr.exec:\fflxrxr.exe44⤵
- Executes dropped EXE
PID:2724 -
\??\c:\htbbnt.exec:\htbbnt.exe45⤵
- Executes dropped EXE
PID:4540 -
\??\c:\1tbhhh.exec:\1tbhhh.exe46⤵
- Executes dropped EXE
PID:2712 -
\??\c:\djvjv.exec:\djvjv.exe47⤵
- Executes dropped EXE
PID:4472 -
\??\c:\lrfxllf.exec:\lrfxllf.exe48⤵
- Executes dropped EXE
PID:2324 -
\??\c:\lfrrffr.exec:\lfrrffr.exe49⤵
- Executes dropped EXE
PID:3456 -
\??\c:\bhnnnn.exec:\bhnnnn.exe50⤵
- Executes dropped EXE
PID:3216 -
\??\c:\nthhtt.exec:\nthhtt.exe51⤵
- Executes dropped EXE
PID:4836 -
\??\c:\jvjdp.exec:\jvjdp.exe52⤵
- Executes dropped EXE
PID:2400 -
\??\c:\vvddv.exec:\vvddv.exe53⤵
- Executes dropped EXE
PID:2152 -
\??\c:\llrlxxr.exec:\llrlxxr.exe54⤵
- Executes dropped EXE
PID:3992 -
\??\c:\rrlfxrr.exec:\rrlfxrr.exe55⤵
- Executes dropped EXE
PID:2904 -
\??\c:\nhnnhb.exec:\nhnnhb.exe56⤵
- Executes dropped EXE
PID:4140 -
\??\c:\7nbtnh.exec:\7nbtnh.exe57⤵
- Executes dropped EXE
PID:4040 -
\??\c:\5pjdd.exec:\5pjdd.exe58⤵
- Executes dropped EXE
PID:1032 -
\??\c:\djjjd.exec:\djjjd.exe59⤵
- Executes dropped EXE
PID:3568 -
\??\c:\rxrrrrl.exec:\rxrrrrl.exe60⤵
- Executes dropped EXE
PID:1036 -
\??\c:\ffrlfxr.exec:\ffrlfxr.exe61⤵
- Executes dropped EXE
PID:4524 -
\??\c:\tbhhhh.exec:\tbhhhh.exe62⤵
- Executes dropped EXE
PID:4420 -
\??\c:\nnhhbh.exec:\nnhhbh.exe63⤵
- Executes dropped EXE
PID:3312 -
\??\c:\ppddd.exec:\ppddd.exe64⤵
- Executes dropped EXE
PID:2020 -
\??\c:\dvvvp.exec:\dvvvp.exe65⤵
- Executes dropped EXE
PID:380 -
\??\c:\lxfffrl.exec:\lxfffrl.exe66⤵PID:1860
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe67⤵PID:4236
-
\??\c:\ttnhhh.exec:\ttnhhh.exe68⤵PID:2588
-
\??\c:\ddpjj.exec:\ddpjj.exe69⤵PID:3100
-
\??\c:\dvddd.exec:\dvddd.exe70⤵PID:1404
-
\??\c:\lrxllfr.exec:\lrxllfr.exe71⤵PID:4044
-
\??\c:\ffllffl.exec:\ffllffl.exe72⤵PID:1232
-
\??\c:\3tbbtb.exec:\3tbbtb.exe73⤵PID:1720
-
\??\c:\tnttth.exec:\tnttth.exe74⤵PID:1480
-
\??\c:\3jvpj.exec:\3jvpj.exe75⤵PID:856
-
\??\c:\ppvvv.exec:\ppvvv.exe76⤵PID:548
-
\??\c:\lxxlffx.exec:\lxxlffx.exe77⤵PID:3996
-
\??\c:\btnbtn.exec:\btnbtn.exe78⤵PID:2432
-
\??\c:\nhnnhh.exec:\nhnnhh.exe79⤵PID:3956
-
\??\c:\ppppd.exec:\ppppd.exe80⤵PID:3276
-
\??\c:\ddddv.exec:\ddddv.exe81⤵PID:3296
-
\??\c:\lfffxfx.exec:\lfffxfx.exe82⤵PID:3104
-
\??\c:\lffffll.exec:\lffffll.exe83⤵PID:5008
-
\??\c:\btbbbb.exec:\btbbbb.exe84⤵PID:2964
-
\??\c:\bbhbbb.exec:\bbhbbb.exe85⤵PID:4840
-
\??\c:\7hhbnn.exec:\7hhbnn.exe86⤵PID:1812
-
\??\c:\5vddj.exec:\5vddj.exe87⤵PID:1188
-
\??\c:\dpvvj.exec:\dpvvj.exe88⤵PID:2844
-
\??\c:\xlxxrxf.exec:\xlxxrxf.exe89⤵PID:4768
-
\??\c:\lrrffxr.exec:\lrrffxr.exe90⤵PID:1864
-
\??\c:\nbhbtn.exec:\nbhbtn.exe91⤵PID:4036
-
\??\c:\bnnhbn.exec:\bnnhbn.exe92⤵PID:4704
-
\??\c:\ddvvv.exec:\ddvvv.exe93⤵PID:3772
-
\??\c:\pjvpj.exec:\pjvpj.exe94⤵PID:4916
-
\??\c:\fxxrrll.exec:\fxxrrll.exe95⤵PID:1524
-
\??\c:\lfffxxr.exec:\lfffxxr.exe96⤵PID:1624
-
\??\c:\lxlrrrl.exec:\lxlrrrl.exe97⤵PID:2872
-
\??\c:\ttnnnt.exec:\ttnnnt.exe98⤵PID:4836
-
\??\c:\hbtnbb.exec:\hbtnbb.exe99⤵PID:2400
-
\??\c:\9dvdd.exec:\9dvdd.exe100⤵PID:4324
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe101⤵PID:4404
-
\??\c:\btbtnn.exec:\btbtnn.exe102⤵PID:4692
-
\??\c:\bnbbtt.exec:\bnbbtt.exe103⤵PID:5092
-
\??\c:\vjpjj.exec:\vjpjj.exe104⤵PID:4500
-
\??\c:\dvdvp.exec:\dvdvp.exe105⤵PID:1416
-
\??\c:\lflllrr.exec:\lflllrr.exe106⤵PID:1760
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe107⤵PID:3164
-
\??\c:\fxffrrr.exec:\fxffrrr.exe108⤵PID:3340
-
\??\c:\hthbbb.exec:\hthbbb.exe109⤵PID:1184
-
\??\c:\btttnn.exec:\btttnn.exe110⤵PID:2020
-
\??\c:\3jjjd.exec:\3jjjd.exe111⤵PID:2624
-
\??\c:\dppjj.exec:\dppjj.exe112⤵PID:2124
-
\??\c:\rrllxxx.exec:\rrllxxx.exe113⤵PID:1180
-
\??\c:\ffrrlrr.exec:\ffrrlrr.exe114⤵PID:1828
-
\??\c:\ttntnt.exec:\ttntnt.exe115⤵PID:3060
-
\??\c:\nhtttb.exec:\nhtttb.exe116⤵PID:3524
-
\??\c:\nhnhhh.exec:\nhnhhh.exe117⤵PID:904
-
\??\c:\vppjj.exec:\vppjj.exe118⤵PID:1720
-
\??\c:\jpjdj.exec:\jpjdj.exe119⤵PID:2528
-
\??\c:\9xffxff.exec:\9xffxff.exe120⤵PID:2616
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe121⤵PID:3704
-
\??\c:\xffxxrx.exec:\xffxxrx.exe122⤵PID:2032
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-