Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe
-
Size
133KB
-
MD5
d28da18f1f2af127c96a3e675c713f40
-
SHA1
a3ab1845a4e17fa0b990d3d72036e68c99ae4109
-
SHA256
e5f3e9138b9372b522ebc40af47272a29112c15fc7f0b57c050152f021e661f2
-
SHA512
dbfe04154efce30fd1e00e3bc7463e9b25e93f1797316c2f4217fc5c70a5940cfa58c5edc1ede28d5b3437ca07b0c1f82e3e52d3079e17dbe74201c8270ee2f8
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73HUoMsAbrF3BTUwFBE:n3C9BRo7HCsAbhxYx
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral2/memory/3988-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4092-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2900-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1196-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4616-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2528-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2972-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4004-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3372-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1772-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4600-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3560-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3260-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2440-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4384-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1820-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4976-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5092-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5100-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4036-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3748-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2632-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2104-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4092 bnthhb.exe 2860 vpdvj.exe 4616 jjddd.exe 2900 1rrlrrl.exe 1196 bnnnht.exe 2528 vjjdj.exe 2972 jjjvp.exe 4004 rlxlfxl.exe 756 btnbth.exe 3372 tnnbnn.exe 1772 vpvpv.exe 4600 5fxllfr.exe 3560 hbthbt.exe 3260 dpvjd.exe 1892 jpvpj.exe 2440 rlxrlfr.exe 4992 nnbnnt.exe 4384 htttbt.exe 1820 ppdvj.exe 4632 xrlfrfr.exe 4976 3hhbtb.exe 884 3jdvj.exe 5092 lxxrfxr.exe 5100 xllrffl.exe 4036 bttbnb.exe 2632 vddvj.exe 3748 1fxfrrx.exe 4288 9frllff.exe 3272 bnbtnh.exe 2104 5nnhbb.exe 1884 vdvpp.exe 2400 dvdvj.exe 1736 fxfxrxx.exe 4332 7rrlxrf.exe 2028 3tbtnh.exe 4736 vpvjp.exe 5048 vdpdp.exe 3988 flrfrlf.exe 3696 7xxrrlf.exe 2516 hnbtnn.exe 1656 jppjv.exe 2748 dpjdj.exe 4552 lxlfxrr.exe 2580 ttthtt.exe 3492 jdvpd.exe 2024 7dpjd.exe 4004 9fxlxrf.exe 3808 hhhbtt.exe 4832 vdjvj.exe 4468 jvvpd.exe 4600 7llfrrl.exe 4232 xrlxrrf.exe 2412 bhhbtt.exe 4252 btthnh.exe 2512 pdjdp.exe 3928 5jvjj.exe 4452 9xfxffl.exe 4992 xlfxrlf.exe 2932 hnnhbt.exe 2216 nhhthb.exe 4080 pjjvp.exe 2420 3dpjv.exe 4976 1fxlxrl.exe 3268 hbttnh.exe -
resource yara_rule behavioral2/memory/3988-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4092-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2900-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1196-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4616-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2528-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2972-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4004-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3372-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1772-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4600-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3560-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3260-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2440-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4384-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1820-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4976-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5092-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5100-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4036-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3748-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2632-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2104-195-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3988 wrote to memory of 4092 3988 d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe 83 PID 3988 wrote to memory of 4092 3988 d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe 83 PID 3988 wrote to memory of 4092 3988 d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe 83 PID 4092 wrote to memory of 2860 4092 bnthhb.exe 84 PID 4092 wrote to memory of 2860 4092 bnthhb.exe 84 PID 4092 wrote to memory of 2860 4092 bnthhb.exe 84 PID 2860 wrote to memory of 4616 2860 vpdvj.exe 85 PID 2860 wrote to memory of 4616 2860 vpdvj.exe 85 PID 2860 wrote to memory of 4616 2860 vpdvj.exe 85 PID 4616 wrote to memory of 2900 4616 jjddd.exe 86 PID 4616 wrote to memory of 2900 4616 jjddd.exe 86 PID 4616 wrote to memory of 2900 4616 jjddd.exe 86 PID 2900 wrote to memory of 1196 2900 1rrlrrl.exe 87 PID 2900 wrote to memory of 1196 2900 1rrlrrl.exe 87 PID 2900 wrote to memory of 1196 2900 1rrlrrl.exe 87 PID 1196 wrote to memory of 2528 1196 bnnnht.exe 88 PID 1196 wrote to memory of 2528 1196 bnnnht.exe 88 PID 1196 wrote to memory of 2528 1196 bnnnht.exe 88 PID 2528 wrote to memory of 2972 2528 vjjdj.exe 89 PID 2528 wrote to memory of 2972 2528 vjjdj.exe 89 PID 2528 wrote to memory of 2972 2528 vjjdj.exe 89 PID 2972 wrote to memory of 4004 2972 jjjvp.exe 90 PID 2972 wrote to memory of 4004 2972 jjjvp.exe 90 PID 2972 wrote to memory of 4004 2972 jjjvp.exe 90 PID 4004 wrote to memory of 756 4004 rlxlfxl.exe 91 PID 4004 wrote to memory of 756 4004 rlxlfxl.exe 91 PID 4004 wrote to memory of 756 4004 rlxlfxl.exe 91 PID 756 wrote to memory of 3372 756 btnbth.exe 92 PID 756 wrote to memory of 3372 756 btnbth.exe 92 PID 756 wrote to memory of 3372 756 btnbth.exe 92 PID 3372 wrote to memory of 1772 3372 tnnbnn.exe 93 PID 3372 wrote to memory of 1772 3372 tnnbnn.exe 93 PID 3372 wrote to memory of 1772 3372 tnnbnn.exe 93 PID 1772 wrote to memory of 4600 1772 vpvpv.exe 94 PID 1772 wrote to memory of 4600 1772 vpvpv.exe 94 PID 1772 wrote to memory of 4600 1772 vpvpv.exe 94 PID 4600 wrote to memory of 3560 4600 5fxllfr.exe 95 PID 4600 wrote to memory of 3560 4600 5fxllfr.exe 95 PID 4600 wrote to memory of 3560 4600 5fxllfr.exe 95 PID 3560 wrote to memory of 3260 3560 hbthbt.exe 96 PID 3560 wrote to memory of 3260 3560 hbthbt.exe 96 PID 3560 wrote to memory of 3260 3560 hbthbt.exe 96 PID 3260 wrote to memory of 1892 3260 dpvjd.exe 97 PID 3260 wrote to memory of 1892 3260 dpvjd.exe 97 PID 3260 wrote to memory of 1892 3260 dpvjd.exe 97 PID 1892 wrote to memory of 2440 1892 jpvpj.exe 98 PID 1892 wrote to memory of 2440 1892 jpvpj.exe 98 PID 1892 wrote to memory of 2440 1892 jpvpj.exe 98 PID 2440 wrote to memory of 4992 2440 rlxrlfr.exe 99 PID 2440 wrote to memory of 4992 2440 rlxrlfr.exe 99 PID 2440 wrote to memory of 4992 2440 rlxrlfr.exe 99 PID 4992 wrote to memory of 4384 4992 nnbnnt.exe 100 PID 4992 wrote to memory of 4384 4992 nnbnnt.exe 100 PID 4992 wrote to memory of 4384 4992 nnbnnt.exe 100 PID 4384 wrote to memory of 1820 4384 htttbt.exe 101 PID 4384 wrote to memory of 1820 4384 htttbt.exe 101 PID 4384 wrote to memory of 1820 4384 htttbt.exe 101 PID 1820 wrote to memory of 4632 1820 ppdvj.exe 103 PID 1820 wrote to memory of 4632 1820 ppdvj.exe 103 PID 1820 wrote to memory of 4632 1820 ppdvj.exe 103 PID 4632 wrote to memory of 4976 4632 xrlfrfr.exe 104 PID 4632 wrote to memory of 4976 4632 xrlfrfr.exe 104 PID 4632 wrote to memory of 4976 4632 xrlfrfr.exe 104 PID 4976 wrote to memory of 884 4976 3hhbtb.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d28da18f1f2af127c96a3e675c713f40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3988 -
\??\c:\bnthhb.exec:\bnthhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4092 -
\??\c:\vpdvj.exec:\vpdvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2860 -
\??\c:\jjddd.exec:\jjddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4616 -
\??\c:\1rrlrrl.exec:\1rrlrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\bnnnht.exec:\bnnnht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1196 -
\??\c:\vjjdj.exec:\vjjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\jjjvp.exec:\jjjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2972 -
\??\c:\rlxlfxl.exec:\rlxlfxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4004 -
\??\c:\btnbth.exec:\btnbth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:756 -
\??\c:\tnnbnn.exec:\tnnbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3372 -
\??\c:\vpvpv.exec:\vpvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1772 -
\??\c:\5fxllfr.exec:\5fxllfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4600 -
\??\c:\hbthbt.exec:\hbthbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3560 -
\??\c:\dpvjd.exec:\dpvjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3260 -
\??\c:\jpvpj.exec:\jpvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1892 -
\??\c:\rlxrlfr.exec:\rlxrlfr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2440 -
\??\c:\nnbnnt.exec:\nnbnnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4992 -
\??\c:\htttbt.exec:\htttbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4384 -
\??\c:\ppdvj.exec:\ppdvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1820 -
\??\c:\xrlfrfr.exec:\xrlfrfr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4632 -
\??\c:\3hhbtb.exec:\3hhbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4976 -
\??\c:\3jdvj.exec:\3jdvj.exe23⤵
- Executes dropped EXE
PID:884 -
\??\c:\lxxrfxr.exec:\lxxrfxr.exe24⤵
- Executes dropped EXE
PID:5092 -
\??\c:\xllrffl.exec:\xllrffl.exe25⤵
- Executes dropped EXE
PID:5100 -
\??\c:\bttbnb.exec:\bttbnb.exe26⤵
- Executes dropped EXE
PID:4036 -
\??\c:\vddvj.exec:\vddvj.exe27⤵
- Executes dropped EXE
PID:2632 -
\??\c:\1fxfrrx.exec:\1fxfrrx.exe28⤵
- Executes dropped EXE
PID:3748 -
\??\c:\9frllff.exec:\9frllff.exe29⤵
- Executes dropped EXE
PID:4288 -
\??\c:\bnbtnh.exec:\bnbtnh.exe30⤵
- Executes dropped EXE
PID:3272 -
\??\c:\5nnhbb.exec:\5nnhbb.exe31⤵
- Executes dropped EXE
PID:2104 -
\??\c:\vdvpp.exec:\vdvpp.exe32⤵
- Executes dropped EXE
PID:1884 -
\??\c:\dvdvj.exec:\dvdvj.exe33⤵
- Executes dropped EXE
PID:2400 -
\??\c:\fxfxrxx.exec:\fxfxrxx.exe34⤵
- Executes dropped EXE
PID:1736 -
\??\c:\7rrlxrf.exec:\7rrlxrf.exe35⤵
- Executes dropped EXE
PID:4332 -
\??\c:\3tbtnh.exec:\3tbtnh.exe36⤵
- Executes dropped EXE
PID:2028 -
\??\c:\vpvjp.exec:\vpvjp.exe37⤵
- Executes dropped EXE
PID:4736 -
\??\c:\vdpdp.exec:\vdpdp.exe38⤵
- Executes dropped EXE
PID:5048 -
\??\c:\flrfrlf.exec:\flrfrlf.exe39⤵
- Executes dropped EXE
PID:3988 -
\??\c:\7xxrrlf.exec:\7xxrrlf.exe40⤵
- Executes dropped EXE
PID:3696 -
\??\c:\hnbtnn.exec:\hnbtnn.exe41⤵
- Executes dropped EXE
PID:2516 -
\??\c:\jppjv.exec:\jppjv.exe42⤵
- Executes dropped EXE
PID:1656 -
\??\c:\dpjdj.exec:\dpjdj.exe43⤵
- Executes dropped EXE
PID:2748 -
\??\c:\lxlfxrr.exec:\lxlfxrr.exe44⤵
- Executes dropped EXE
PID:4552 -
\??\c:\ttthtt.exec:\ttthtt.exe45⤵
- Executes dropped EXE
PID:2580 -
\??\c:\jdvpd.exec:\jdvpd.exe46⤵
- Executes dropped EXE
PID:3492 -
\??\c:\7dpjd.exec:\7dpjd.exe47⤵
- Executes dropped EXE
PID:2024 -
\??\c:\9fxlxrf.exec:\9fxlxrf.exe48⤵
- Executes dropped EXE
PID:4004 -
\??\c:\hhhbtt.exec:\hhhbtt.exe49⤵
- Executes dropped EXE
PID:3808 -
\??\c:\vdjvj.exec:\vdjvj.exe50⤵
- Executes dropped EXE
PID:4832 -
\??\c:\jvvpd.exec:\jvvpd.exe51⤵
- Executes dropped EXE
PID:4468 -
\??\c:\7llfrrl.exec:\7llfrrl.exe52⤵
- Executes dropped EXE
PID:4600 -
\??\c:\xrlxrrf.exec:\xrlxrrf.exe53⤵
- Executes dropped EXE
PID:4232 -
\??\c:\bhhbtt.exec:\bhhbtt.exe54⤵
- Executes dropped EXE
PID:2412 -
\??\c:\btthnh.exec:\btthnh.exe55⤵
- Executes dropped EXE
PID:4252 -
\??\c:\pdjdp.exec:\pdjdp.exe56⤵
- Executes dropped EXE
PID:2512 -
\??\c:\5jvjj.exec:\5jvjj.exe57⤵
- Executes dropped EXE
PID:3928 -
\??\c:\9xfxffl.exec:\9xfxffl.exe58⤵
- Executes dropped EXE
PID:4452 -
\??\c:\xlfxrlf.exec:\xlfxrlf.exe59⤵
- Executes dropped EXE
PID:4992 -
\??\c:\hnnhbt.exec:\hnnhbt.exe60⤵
- Executes dropped EXE
PID:2932 -
\??\c:\nhhthb.exec:\nhhthb.exe61⤵
- Executes dropped EXE
PID:2216 -
\??\c:\pjjvp.exec:\pjjvp.exe62⤵
- Executes dropped EXE
PID:4080 -
\??\c:\3dpjv.exec:\3dpjv.exe63⤵
- Executes dropped EXE
PID:2420 -
\??\c:\1fxlxrl.exec:\1fxlxrl.exe64⤵
- Executes dropped EXE
PID:4976 -
\??\c:\hbttnh.exec:\hbttnh.exe65⤵
- Executes dropped EXE
PID:3268 -
\??\c:\tttnbt.exec:\tttnbt.exe66⤵PID:2856
-
\??\c:\3jjdd.exec:\3jjdd.exe67⤵PID:1872
-
\??\c:\vppjp.exec:\vppjp.exe68⤵PID:4012
-
\??\c:\9rxrlll.exec:\9rxrlll.exe69⤵PID:3768
-
\??\c:\5bbnbn.exec:\5bbnbn.exe70⤵PID:4580
-
\??\c:\5vvpj.exec:\5vvpj.exe71⤵PID:3160
-
\??\c:\vppdp.exec:\vppdp.exe72⤵PID:216
-
\??\c:\rrxlfxr.exec:\rrxlfxr.exe73⤵PID:2140
-
\??\c:\lflfxxx.exec:\lflfxxx.exe74⤵PID:624
-
\??\c:\hntnhb.exec:\hntnhb.exe75⤵PID:3004
-
\??\c:\btthnb.exec:\btthnb.exe76⤵PID:4788
-
\??\c:\vdjdp.exec:\vdjdp.exe77⤵PID:2072
-
\??\c:\9ffxllf.exec:\9ffxllf.exe78⤵PID:3552
-
\??\c:\fxrlrxx.exec:\fxrlrxx.exe79⤵PID:3772
-
\??\c:\httnhh.exec:\httnhh.exe80⤵PID:4344
-
\??\c:\nbbtnn.exec:\nbbtnn.exe81⤵PID:3620
-
\??\c:\7vjvj.exec:\7vjvj.exe82⤵PID:4052
-
\??\c:\vppdp.exec:\vppdp.exe83⤵PID:852
-
\??\c:\xxfxllf.exec:\xxfxllf.exe84⤵PID:4472
-
\??\c:\fxfxrll.exec:\fxfxrll.exe85⤵PID:3284
-
\??\c:\hbtnht.exec:\hbtnht.exe86⤵PID:4460
-
\??\c:\hhtbtb.exec:\hhtbtb.exe87⤵PID:4516
-
\??\c:\vvpjj.exec:\vvpjj.exe88⤵PID:380
-
\??\c:\lfffrrl.exec:\lfffrrl.exe89⤵PID:4016
-
\??\c:\bnhbtn.exec:\bnhbtn.exe90⤵PID:2580
-
\??\c:\dppdv.exec:\dppdv.exe91⤵PID:2776
-
\??\c:\rrrlxrl.exec:\rrrlxrl.exe92⤵PID:4324
-
\??\c:\xxlllfr.exec:\xxlllfr.exe93⤵PID:5116
-
\??\c:\3ttnhb.exec:\3ttnhb.exe94⤵PID:1780
-
\??\c:\dpjdp.exec:\dpjdp.exe95⤵PID:3560
-
\??\c:\djjpp.exec:\djjpp.exe96⤵PID:3212
-
\??\c:\xlfxxrl.exec:\xlfxxrl.exe97⤵PID:3260
-
\??\c:\7lfxrxr.exec:\7lfxrxr.exe98⤵PID:2472
-
\??\c:\bthtnb.exec:\bthtnb.exe99⤵PID:1892
-
\??\c:\9pjvp.exec:\9pjvp.exe100⤵PID:676
-
\??\c:\dvdvp.exec:\dvdvp.exe101⤵PID:4028
-
\??\c:\1xrlxfr.exec:\1xrlxfr.exe102⤵PID:4384
-
\??\c:\hthtth.exec:\hthtth.exe103⤵PID:2896
-
\??\c:\bbtbbt.exec:\bbtbbt.exe104⤵PID:3060
-
\??\c:\3ppjd.exec:\3ppjd.exe105⤵PID:2292
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe106⤵PID:3496
-
\??\c:\7rrxlll.exec:\7rrxlll.exe107⤵PID:408
-
\??\c:\ntbthh.exec:\ntbthh.exe108⤵PID:468
-
\??\c:\jdjdv.exec:\jdjdv.exe109⤵PID:2764
-
\??\c:\vdvjj.exec:\vdvjj.exe110⤵PID:1516
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe111⤵PID:2436
-
\??\c:\xxxrllf.exec:\xxxrllf.exe112⤵PID:2868
-
\??\c:\7nnhbb.exec:\7nnhbb.exe113⤵PID:2372
-
\??\c:\1jvpj.exec:\1jvpj.exe114⤵PID:2012
-
\??\c:\xrrrllr.exec:\xrrrllr.exe115⤵PID:5080
-
\??\c:\7ffxllf.exec:\7ffxllf.exe116⤵PID:3272
-
\??\c:\7thbtt.exec:\7thbtt.exe117⤵PID:4376
-
\??\c:\hnhtnb.exec:\hnhtnb.exe118⤵PID:4604
-
\??\c:\dvjdv.exec:\dvjdv.exe119⤵PID:4788
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe120⤵PID:3612
-
\??\c:\5xxrxxr.exec:\5xxrxxr.exe121⤵PID:3552
-
\??\c:\nhbbbh.exec:\nhbbbh.exe122⤵PID:3772
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-