Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe
-
Size
128KB
-
MD5
ca626b2ba3f67d205caf14bada317a20
-
SHA1
268bfe8a500a3726cbdcae1d0f1b510f0cf90155
-
SHA256
02350e205f62dad325010719661fde0f308d724dce4d7d839e79000a93821bf4
-
SHA512
024fdebbb908ee10151d9b2ba7d03cbfb04b328b4cee030cacdc523adf8db8dbce385fcd895aa87c41088aee1890a4b738ea6f98f44a6277fd4b7f6dc4dbd13e
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gtF:n3C9BRW0j/uVEZFJv7
Malware Config
Signatures
-
Detect Blackmoon payload 27 IoCs
resource yara_rule behavioral2/memory/3568-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1284-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4472-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/844-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4900-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3888-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4320-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1176-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1808-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2056-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4112-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3032-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2212-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4668-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2036-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2700-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3148-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4548-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4608-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2328-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1304-152-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2808-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4780-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4044-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3400-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3788-181-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1772-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1284 nhtntb.exe 4472 jdjjd.exe 844 jdvpd.exe 4900 flrrffr.exe 3888 hhnnhh.exe 4320 pdddv.exe 1176 llxrxrx.exe 1808 xrrlrll.exe 2056 bhbtbn.exe 4112 dpdvj.exe 3032 thnhhb.exe 2212 htnhtt.exe 4668 xrlfffx.exe 4552 fflllfl.exe 2036 pddvv.exe 2700 djppp.exe 3148 3rfxrrr.exe 4548 thtbtb.exe 1188 jvjdp.exe 4608 xrxxffl.exe 2328 7fxxxxr.exe 1304 bntnhb.exe 2808 vjjjj.exe 4780 ffxrxxr.exe 4044 vvjjj.exe 3400 7lfxrxr.exe 3788 rflllll.exe 1772 9nbnbb.exe 4524 9jddv.exe 1896 3hhnhh.exe 3428 9bbttt.exe 3864 pjpjd.exe 944 rlxxffl.exe 4744 htttnh.exe 4616 jvpjd.exe 2644 lfxrrll.exe 4368 rfrlfff.exe 2788 ttnnhh.exe 3796 dvvpj.exe 4436 ppddv.exe 1336 7lxrxxl.exe 3156 5bhttb.exe 2848 bthbbb.exe 1836 bhtnbn.exe 1000 vvdvp.exe 2692 rrlllll.exe 1092 fffffxx.exe 1860 ttbttn.exe 2816 hnnhtt.exe 5096 jdjdj.exe 4128 9rrlxxr.exe 2812 7bbhbt.exe 4580 bnnthh.exe 4876 1jjdv.exe 1980 5rxrlll.exe 232 flfxrrr.exe 3020 nbbtnb.exe 2700 nhbtnn.exe 372 vpddp.exe 3644 xxrfffr.exe 2104 tntnnh.exe 4928 tnnhtt.exe 3976 vvdvp.exe 3948 3frrlll.exe -
resource yara_rule behavioral2/memory/3568-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1284-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4472-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/844-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4900-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3888-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4320-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1176-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1808-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2056-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4112-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4112-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4112-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3032-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2212-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4668-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2036-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2700-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3148-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4548-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4608-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2328-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1304-152-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2808-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4780-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4044-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3400-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3788-181-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1772-187-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3568 wrote to memory of 1284 3568 ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe 83 PID 3568 wrote to memory of 1284 3568 ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe 83 PID 3568 wrote to memory of 1284 3568 ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe 83 PID 1284 wrote to memory of 4472 1284 nhtntb.exe 84 PID 1284 wrote to memory of 4472 1284 nhtntb.exe 84 PID 1284 wrote to memory of 4472 1284 nhtntb.exe 84 PID 4472 wrote to memory of 844 4472 jdjjd.exe 85 PID 4472 wrote to memory of 844 4472 jdjjd.exe 85 PID 4472 wrote to memory of 844 4472 jdjjd.exe 85 PID 844 wrote to memory of 4900 844 jdvpd.exe 86 PID 844 wrote to memory of 4900 844 jdvpd.exe 86 PID 844 wrote to memory of 4900 844 jdvpd.exe 86 PID 4900 wrote to memory of 3888 4900 flrrffr.exe 87 PID 4900 wrote to memory of 3888 4900 flrrffr.exe 87 PID 4900 wrote to memory of 3888 4900 flrrffr.exe 87 PID 3888 wrote to memory of 4320 3888 hhnnhh.exe 88 PID 3888 wrote to memory of 4320 3888 hhnnhh.exe 88 PID 3888 wrote to memory of 4320 3888 hhnnhh.exe 88 PID 4320 wrote to memory of 1176 4320 pdddv.exe 89 PID 4320 wrote to memory of 1176 4320 pdddv.exe 89 PID 4320 wrote to memory of 1176 4320 pdddv.exe 89 PID 1176 wrote to memory of 1808 1176 llxrxrx.exe 90 PID 1176 wrote to memory of 1808 1176 llxrxrx.exe 90 PID 1176 wrote to memory of 1808 1176 llxrxrx.exe 90 PID 1808 wrote to memory of 2056 1808 xrrlrll.exe 91 PID 1808 wrote to memory of 2056 1808 xrrlrll.exe 91 PID 1808 wrote to memory of 2056 1808 xrrlrll.exe 91 PID 2056 wrote to memory of 4112 2056 bhbtbn.exe 92 PID 2056 wrote to memory of 4112 2056 bhbtbn.exe 92 PID 2056 wrote to memory of 4112 2056 bhbtbn.exe 92 PID 4112 wrote to memory of 3032 4112 dpdvj.exe 93 PID 4112 wrote to memory of 3032 4112 dpdvj.exe 93 PID 4112 wrote to memory of 3032 4112 dpdvj.exe 93 PID 3032 wrote to memory of 2212 3032 thnhhb.exe 94 PID 3032 wrote to memory of 2212 3032 thnhhb.exe 94 PID 3032 wrote to memory of 2212 3032 thnhhb.exe 94 PID 2212 wrote to memory of 4668 2212 htnhtt.exe 95 PID 2212 wrote to memory of 4668 2212 htnhtt.exe 95 PID 2212 wrote to memory of 4668 2212 htnhtt.exe 95 PID 4668 wrote to memory of 4552 4668 xrlfffx.exe 96 PID 4668 wrote to memory of 4552 4668 xrlfffx.exe 96 PID 4668 wrote to memory of 4552 4668 xrlfffx.exe 96 PID 4552 wrote to memory of 2036 4552 fflllfl.exe 97 PID 4552 wrote to memory of 2036 4552 fflllfl.exe 97 PID 4552 wrote to memory of 2036 4552 fflllfl.exe 97 PID 2036 wrote to memory of 2700 2036 pddvv.exe 98 PID 2036 wrote to memory of 2700 2036 pddvv.exe 98 PID 2036 wrote to memory of 2700 2036 pddvv.exe 98 PID 2700 wrote to memory of 3148 2700 djppp.exe 99 PID 2700 wrote to memory of 3148 2700 djppp.exe 99 PID 2700 wrote to memory of 3148 2700 djppp.exe 99 PID 3148 wrote to memory of 4548 3148 3rfxrrr.exe 100 PID 3148 wrote to memory of 4548 3148 3rfxrrr.exe 100 PID 3148 wrote to memory of 4548 3148 3rfxrrr.exe 100 PID 4548 wrote to memory of 1188 4548 thtbtb.exe 101 PID 4548 wrote to memory of 1188 4548 thtbtb.exe 101 PID 4548 wrote to memory of 1188 4548 thtbtb.exe 101 PID 1188 wrote to memory of 4608 1188 jvjdp.exe 102 PID 1188 wrote to memory of 4608 1188 jvjdp.exe 102 PID 1188 wrote to memory of 4608 1188 jvjdp.exe 102 PID 4608 wrote to memory of 2328 4608 xrxxffl.exe 103 PID 4608 wrote to memory of 2328 4608 xrxxffl.exe 103 PID 4608 wrote to memory of 2328 4608 xrxxffl.exe 103 PID 2328 wrote to memory of 1304 2328 7fxxxxr.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ca626b2ba3f67d205caf14bada317a20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3568 -
\??\c:\nhtntb.exec:\nhtntb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1284 -
\??\c:\jdjjd.exec:\jdjjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4472 -
\??\c:\jdvpd.exec:\jdvpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:844 -
\??\c:\flrrffr.exec:\flrrffr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4900 -
\??\c:\hhnnhh.exec:\hhnnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3888 -
\??\c:\pdddv.exec:\pdddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4320 -
\??\c:\llxrxrx.exec:\llxrxrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1176 -
\??\c:\xrrlrll.exec:\xrrlrll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1808 -
\??\c:\bhbtbn.exec:\bhbtbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2056 -
\??\c:\dpdvj.exec:\dpdvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4112 -
\??\c:\thnhhb.exec:\thnhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\htnhtt.exec:\htnhtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\xrlfffx.exec:\xrlfffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4668 -
\??\c:\fflllfl.exec:\fflllfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4552 -
\??\c:\pddvv.exec:\pddvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2036 -
\??\c:\djppp.exec:\djppp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\3rfxrrr.exec:\3rfxrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3148 -
\??\c:\thtbtb.exec:\thtbtb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4548 -
\??\c:\jvjdp.exec:\jvjdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1188 -
\??\c:\xrxxffl.exec:\xrxxffl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4608 -
\??\c:\7fxxxxr.exec:\7fxxxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2328 -
\??\c:\bntnhb.exec:\bntnhb.exe23⤵
- Executes dropped EXE
PID:1304 -
\??\c:\vjjjj.exec:\vjjjj.exe24⤵
- Executes dropped EXE
PID:2808 -
\??\c:\ffxrxxr.exec:\ffxrxxr.exe25⤵
- Executes dropped EXE
PID:4780 -
\??\c:\vvjjj.exec:\vvjjj.exe26⤵
- Executes dropped EXE
PID:4044 -
\??\c:\7lfxrxr.exec:\7lfxrxr.exe27⤵
- Executes dropped EXE
PID:3400 -
\??\c:\rflllll.exec:\rflllll.exe28⤵
- Executes dropped EXE
PID:3788 -
\??\c:\9nbnbb.exec:\9nbnbb.exe29⤵
- Executes dropped EXE
PID:1772 -
\??\c:\9jddv.exec:\9jddv.exe30⤵
- Executes dropped EXE
PID:4524 -
\??\c:\3hhnhh.exec:\3hhnhh.exe31⤵
- Executes dropped EXE
PID:1896 -
\??\c:\9bbttt.exec:\9bbttt.exe32⤵
- Executes dropped EXE
PID:3428 -
\??\c:\pjpjd.exec:\pjpjd.exe33⤵
- Executes dropped EXE
PID:3864 -
\??\c:\rlxxffl.exec:\rlxxffl.exe34⤵
- Executes dropped EXE
PID:944 -
\??\c:\htttnh.exec:\htttnh.exe35⤵
- Executes dropped EXE
PID:4744 -
\??\c:\jvpjd.exec:\jvpjd.exe36⤵
- Executes dropped EXE
PID:4616 -
\??\c:\lfxrrll.exec:\lfxrrll.exe37⤵
- Executes dropped EXE
PID:2644 -
\??\c:\rfrlfff.exec:\rfrlfff.exe38⤵
- Executes dropped EXE
PID:4368 -
\??\c:\ttnnhh.exec:\ttnnhh.exe39⤵
- Executes dropped EXE
PID:2788 -
\??\c:\dvvpj.exec:\dvvpj.exe40⤵
- Executes dropped EXE
PID:3796 -
\??\c:\ppddv.exec:\ppddv.exe41⤵
- Executes dropped EXE
PID:4436 -
\??\c:\7lxrxxl.exec:\7lxrxxl.exe42⤵
- Executes dropped EXE
PID:1336 -
\??\c:\5bhttb.exec:\5bhttb.exe43⤵
- Executes dropped EXE
PID:3156 -
\??\c:\bthbbb.exec:\bthbbb.exe44⤵
- Executes dropped EXE
PID:2848 -
\??\c:\bhtnbn.exec:\bhtnbn.exe45⤵
- Executes dropped EXE
PID:1836 -
\??\c:\vvdvp.exec:\vvdvp.exe46⤵
- Executes dropped EXE
PID:1000 -
\??\c:\rrlllll.exec:\rrlllll.exe47⤵
- Executes dropped EXE
PID:2692 -
\??\c:\fffffxx.exec:\fffffxx.exe48⤵
- Executes dropped EXE
PID:1092 -
\??\c:\ttbttn.exec:\ttbttn.exe49⤵
- Executes dropped EXE
PID:1860 -
\??\c:\hnnhtt.exec:\hnnhtt.exe50⤵
- Executes dropped EXE
PID:2816 -
\??\c:\jdjdj.exec:\jdjdj.exe51⤵
- Executes dropped EXE
PID:5096 -
\??\c:\9rrlxxr.exec:\9rrlxxr.exe52⤵
- Executes dropped EXE
PID:4128 -
\??\c:\7bbhbt.exec:\7bbhbt.exe53⤵
- Executes dropped EXE
PID:2812 -
\??\c:\bnnthh.exec:\bnnthh.exe54⤵
- Executes dropped EXE
PID:4580 -
\??\c:\1jjdv.exec:\1jjdv.exe55⤵
- Executes dropped EXE
PID:4876 -
\??\c:\5rxrlll.exec:\5rxrlll.exe56⤵
- Executes dropped EXE
PID:1980 -
\??\c:\flfxrrr.exec:\flfxrrr.exe57⤵
- Executes dropped EXE
PID:232 -
\??\c:\nbbtnb.exec:\nbbtnb.exe58⤵
- Executes dropped EXE
PID:3020 -
\??\c:\nhbtnn.exec:\nhbtnn.exe59⤵
- Executes dropped EXE
PID:2700 -
\??\c:\vpddp.exec:\vpddp.exe60⤵
- Executes dropped EXE
PID:372 -
\??\c:\xxrfffr.exec:\xxrfffr.exe61⤵
- Executes dropped EXE
PID:3644 -
\??\c:\tntnnh.exec:\tntnnh.exe62⤵
- Executes dropped EXE
PID:2104 -
\??\c:\tnnhtt.exec:\tnnhtt.exe63⤵
- Executes dropped EXE
PID:4928 -
\??\c:\vvdvp.exec:\vvdvp.exe64⤵
- Executes dropped EXE
PID:3976 -
\??\c:\3frrlll.exec:\3frrlll.exe65⤵
- Executes dropped EXE
PID:3948 -
\??\c:\lrrxrlf.exec:\lrrxrlf.exe66⤵PID:3000
-
\??\c:\nttnhb.exec:\nttnhb.exe67⤵PID:4780
-
\??\c:\1vppd.exec:\1vppd.exe68⤵PID:3908
-
\??\c:\llrrrrf.exec:\llrrrrf.exe69⤵PID:1152
-
\??\c:\1frrllx.exec:\1frrllx.exe70⤵PID:4680
-
\??\c:\btbtnn.exec:\btbtnn.exe71⤵PID:1484
-
\??\c:\7pvjv.exec:\7pvjv.exe72⤵PID:2452
-
\??\c:\pjvpv.exec:\pjvpv.exe73⤵PID:540
-
\??\c:\frrrllf.exec:\frrrllf.exe74⤵PID:4524
-
\??\c:\xlrrfff.exec:\xlrrfff.exe75⤵PID:3584
-
\??\c:\tbbttt.exec:\tbbttt.exe76⤵PID:1096
-
\??\c:\pddvp.exec:\pddvp.exe77⤵PID:4248
-
\??\c:\dpddv.exec:\dpddv.exe78⤵PID:4620
-
\??\c:\xfrrlll.exec:\xfrrlll.exe79⤵PID:2072
-
\??\c:\rxfflxf.exec:\rxfflxf.exe80⤵PID:4744
-
\??\c:\bnnnhh.exec:\bnnnhh.exe81⤵PID:4408
-
\??\c:\3hhbnn.exec:\3hhbnn.exe82⤵PID:2644
-
\??\c:\pvdvp.exec:\pvdvp.exe83⤵PID:4904
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe84⤵PID:4764
-
\??\c:\hhbbtb.exec:\hhbbtb.exe85⤵PID:1284
-
\??\c:\vpjdp.exec:\vpjdp.exe86⤵PID:1668
-
\??\c:\vpdvd.exec:\vpdvd.exe87⤵PID:3608
-
\??\c:\frrlxxx.exec:\frrlxxx.exe88⤵PID:1336
-
\??\c:\hnnbtn.exec:\hnnbtn.exe89⤵PID:1348
-
\??\c:\nbhbtn.exec:\nbhbtn.exe90⤵PID:3928
-
\??\c:\jvddp.exec:\jvddp.exe91⤵PID:1272
-
\??\c:\vjjdv.exec:\vjjdv.exe92⤵PID:3936
-
\??\c:\rfffxxx.exec:\rfffxxx.exe93⤵PID:2208
-
\??\c:\lfffffr.exec:\lfffffr.exe94⤵PID:740
-
\??\c:\nnbtnn.exec:\nnbtnn.exe95⤵PID:4052
-
\??\c:\nhhbbn.exec:\nhhbbn.exe96⤵PID:3392
-
\??\c:\jpvvv.exec:\jpvvv.exe97⤵PID:2832
-
\??\c:\vjjjd.exec:\vjjjd.exe98⤵PID:2812
-
\??\c:\xlllrrr.exec:\xlllrrr.exe99⤵PID:3652
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe100⤵PID:2036
-
\??\c:\thhhbb.exec:\thhhbb.exe101⤵PID:4464
-
\??\c:\thhbth.exec:\thhbth.exe102⤵PID:1948
-
\??\c:\7dvpp.exec:\7dvpp.exe103⤵PID:1508
-
\??\c:\5vvpp.exec:\5vvpp.exe104⤵PID:364
-
\??\c:\rlffxrx.exec:\rlffxrx.exe105⤵PID:4928
-
\??\c:\hnbnhn.exec:\hnbnhn.exe106⤵PID:3124
-
\??\c:\1httht.exec:\1httht.exe107⤵PID:4284
-
\??\c:\1ppjd.exec:\1ppjd.exe108⤵PID:4780
-
\??\c:\vddvj.exec:\vddvj.exe109⤵PID:3836
-
\??\c:\lffxrll.exec:\lffxrll.exe110⤵PID:2556
-
\??\c:\3xfxffx.exec:\3xfxffx.exe111⤵PID:5116
-
\??\c:\hbtnnn.exec:\hbtnnn.exe112⤵PID:4696
-
\??\c:\vjdvp.exec:\vjdvp.exe113⤵PID:1476
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe114⤵PID:3616
-
\??\c:\xrxfxxx.exec:\xrxfxxx.exe115⤵PID:2028
-
\??\c:\bhbbbb.exec:\bhbbbb.exe116⤵PID:3692
-
\??\c:\vpvpj.exec:\vpvpj.exe117⤵PID:3864
-
\??\c:\1rxrfff.exec:\1rxrfff.exe118⤵PID:3756
-
\??\c:\ppjjd.exec:\ppjjd.exe119⤵PID:2188
-
\??\c:\fxfxlfx.exec:\fxfxlfx.exe120⤵PID:2864
-
\??\c:\1nbnbh.exec:\1nbnbh.exe121⤵PID:4556
-
\??\c:\ttbtnn.exec:\ttbtnn.exe122⤵PID:2408
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-