Analysis
-
max time kernel
150s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe
-
Size
60KB
-
MD5
cbb5e6a0b06a0e94dc4e99776def9740
-
SHA1
4ab3d4ce960848cfab3124fabd539f105e945c6d
-
SHA256
2c9cb856ff3394f42f705d5f53177a17b7a509a70c9125a95ac08a7c8cb1b63d
-
SHA512
739934905286564eea7048c7608f25dc25a6fea33b163286b0d23b28d97d853595571ad488474e081da04592b19caed9dae04cbab2896b5a9165d6afb4e69b75
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJLA:ymb3NkkiQ3mdBjFIvAvA
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/3988-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1076-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1800-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2212-41-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2212-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2060-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3764-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2168-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3352-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/116-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2864-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4256-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/864-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3448-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4716-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5108-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4796-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4484-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5048-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3480-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3776-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2512-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1500-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4428-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4948-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1076 1tbtnt.exe 1800 dvjdd.exe 3764 fxrlffx.exe 2060 xlxxxrx.exe 2212 1thntt.exe 2168 thhhbh.exe 3352 flrffxx.exe 116 bnnnbt.exe 2864 pdjdd.exe 808 7rfrllf.exe 4256 nhhhhh.exe 864 nnttnn.exe 3232 dvddd.exe 3448 pdpjd.exe 4716 5xxxrrl.exe 5108 rfrlrlf.exe 4824 3nhhtt.exe 2360 jjjdd.exe 5068 lxxrllf.exe 4796 7fxrllf.exe 4484 nhhbnn.exe 5048 pvjdv.exe 3480 dppdv.exe 4500 xxlfflf.exe 64 ttbntn.exe 3776 nbtnbt.exe 2512 jdvpj.exe 1500 dpdvj.exe 4428 5lllxrr.exe 4948 ffflfxr.exe 4628 9bbbth.exe 4440 djvvj.exe 4556 lrrfxrl.exe 2764 1bbbtt.exe 1144 tntnbh.exe 2216 9pvvv.exe 4816 1rfxrrl.exe 3184 nhnhnn.exe 4704 hhnhhn.exe 1956 jvpvp.exe 2008 fxxrlxr.exe 3028 rlxrfxr.exe 2636 3bbtnn.exe 4424 7ttnbt.exe 1400 jdjdv.exe 2120 vvvpp.exe 1300 rfffrrl.exe 4812 fxrlfxf.exe 2856 tnnhbb.exe 3352 nnbthb.exe 536 pjjdv.exe 548 rlfrllx.exe 4524 rxxrrll.exe 3968 hthbbt.exe 4488 1pvpj.exe 2144 1jpjv.exe 4552 9fffrrl.exe 4000 lfrrxxf.exe 2936 htttnn.exe 5060 vpddj.exe 1824 9flfxfx.exe 4052 tnnnhh.exe 3244 pdjdp.exe 3264 frlffff.exe -
resource yara_rule behavioral2/memory/3988-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1076-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1800-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2212-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2060-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3764-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2168-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3352-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/116-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2864-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4256-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/864-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3448-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4716-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5108-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4796-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4484-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5048-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3480-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3776-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2512-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1500-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4428-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4948-199-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3988 wrote to memory of 1076 3988 cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe 82 PID 3988 wrote to memory of 1076 3988 cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe 82 PID 3988 wrote to memory of 1076 3988 cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe 82 PID 1076 wrote to memory of 1800 1076 1tbtnt.exe 83 PID 1076 wrote to memory of 1800 1076 1tbtnt.exe 83 PID 1076 wrote to memory of 1800 1076 1tbtnt.exe 83 PID 1800 wrote to memory of 3764 1800 dvjdd.exe 84 PID 1800 wrote to memory of 3764 1800 dvjdd.exe 84 PID 1800 wrote to memory of 3764 1800 dvjdd.exe 84 PID 3764 wrote to memory of 2060 3764 fxrlffx.exe 85 PID 3764 wrote to memory of 2060 3764 fxrlffx.exe 85 PID 3764 wrote to memory of 2060 3764 fxrlffx.exe 85 PID 2060 wrote to memory of 2212 2060 xlxxxrx.exe 86 PID 2060 wrote to memory of 2212 2060 xlxxxrx.exe 86 PID 2060 wrote to memory of 2212 2060 xlxxxrx.exe 86 PID 2212 wrote to memory of 2168 2212 1thntt.exe 87 PID 2212 wrote to memory of 2168 2212 1thntt.exe 87 PID 2212 wrote to memory of 2168 2212 1thntt.exe 87 PID 2168 wrote to memory of 3352 2168 thhhbh.exe 88 PID 2168 wrote to memory of 3352 2168 thhhbh.exe 88 PID 2168 wrote to memory of 3352 2168 thhhbh.exe 88 PID 3352 wrote to memory of 116 3352 flrffxx.exe 89 PID 3352 wrote to memory of 116 3352 flrffxx.exe 89 PID 3352 wrote to memory of 116 3352 flrffxx.exe 89 PID 116 wrote to memory of 2864 116 bnnnbt.exe 90 PID 116 wrote to memory of 2864 116 bnnnbt.exe 90 PID 116 wrote to memory of 2864 116 bnnnbt.exe 90 PID 2864 wrote to memory of 808 2864 pdjdd.exe 91 PID 2864 wrote to memory of 808 2864 pdjdd.exe 91 PID 2864 wrote to memory of 808 2864 pdjdd.exe 91 PID 808 wrote to memory of 4256 808 7rfrllf.exe 92 PID 808 wrote to memory of 4256 808 7rfrllf.exe 92 PID 808 wrote to memory of 4256 808 7rfrllf.exe 92 PID 4256 wrote to memory of 864 4256 nhhhhh.exe 93 PID 4256 wrote to memory of 864 4256 nhhhhh.exe 93 PID 4256 wrote to memory of 864 4256 nhhhhh.exe 93 PID 864 wrote to memory of 3232 864 nnttnn.exe 94 PID 864 wrote to memory of 3232 864 nnttnn.exe 94 PID 864 wrote to memory of 3232 864 nnttnn.exe 94 PID 3232 wrote to memory of 3448 3232 dvddd.exe 95 PID 3232 wrote to memory of 3448 3232 dvddd.exe 95 PID 3232 wrote to memory of 3448 3232 dvddd.exe 95 PID 3448 wrote to memory of 4716 3448 pdpjd.exe 96 PID 3448 wrote to memory of 4716 3448 pdpjd.exe 96 PID 3448 wrote to memory of 4716 3448 pdpjd.exe 96 PID 4716 wrote to memory of 5108 4716 5xxxrrl.exe 98 PID 4716 wrote to memory of 5108 4716 5xxxrrl.exe 98 PID 4716 wrote to memory of 5108 4716 5xxxrrl.exe 98 PID 5108 wrote to memory of 4824 5108 rfrlrlf.exe 99 PID 5108 wrote to memory of 4824 5108 rfrlrlf.exe 99 PID 5108 wrote to memory of 4824 5108 rfrlrlf.exe 99 PID 4824 wrote to memory of 2360 4824 3nhhtt.exe 100 PID 4824 wrote to memory of 2360 4824 3nhhtt.exe 100 PID 4824 wrote to memory of 2360 4824 3nhhtt.exe 100 PID 2360 wrote to memory of 5068 2360 jjjdd.exe 101 PID 2360 wrote to memory of 5068 2360 jjjdd.exe 101 PID 2360 wrote to memory of 5068 2360 jjjdd.exe 101 PID 5068 wrote to memory of 4796 5068 lxxrllf.exe 102 PID 5068 wrote to memory of 4796 5068 lxxrllf.exe 102 PID 5068 wrote to memory of 4796 5068 lxxrllf.exe 102 PID 4796 wrote to memory of 4484 4796 7fxrllf.exe 103 PID 4796 wrote to memory of 4484 4796 7fxrllf.exe 103 PID 4796 wrote to memory of 4484 4796 7fxrllf.exe 103 PID 4484 wrote to memory of 5048 4484 nhhbnn.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cbb5e6a0b06a0e94dc4e99776def9740_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3988 -
\??\c:\1tbtnt.exec:\1tbtnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1076 -
\??\c:\dvjdd.exec:\dvjdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\fxrlffx.exec:\fxrlffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3764 -
\??\c:\xlxxxrx.exec:\xlxxxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2060 -
\??\c:\1thntt.exec:\1thntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\thhhbh.exec:\thhhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2168 -
\??\c:\flrffxx.exec:\flrffxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3352 -
\??\c:\bnnnbt.exec:\bnnnbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:116 -
\??\c:\pdjdd.exec:\pdjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\7rfrllf.exec:\7rfrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:808 -
\??\c:\nhhhhh.exec:\nhhhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4256 -
\??\c:\nnttnn.exec:\nnttnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:864 -
\??\c:\dvddd.exec:\dvddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3232 -
\??\c:\pdpjd.exec:\pdpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3448 -
\??\c:\5xxxrrl.exec:\5xxxrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4716 -
\??\c:\rfrlrlf.exec:\rfrlrlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5108 -
\??\c:\3nhhtt.exec:\3nhhtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4824 -
\??\c:\jjjdd.exec:\jjjdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360 -
\??\c:\lxxrllf.exec:\lxxrllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5068 -
\??\c:\7fxrllf.exec:\7fxrllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4796 -
\??\c:\nhhbnn.exec:\nhhbnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4484 -
\??\c:\pvjdv.exec:\pvjdv.exe23⤵
- Executes dropped EXE
PID:5048 -
\??\c:\dppdv.exec:\dppdv.exe24⤵
- Executes dropped EXE
PID:3480 -
\??\c:\xxlfflf.exec:\xxlfflf.exe25⤵
- Executes dropped EXE
PID:4500 -
\??\c:\ttbntn.exec:\ttbntn.exe26⤵
- Executes dropped EXE
PID:64 -
\??\c:\nbtnbt.exec:\nbtnbt.exe27⤵
- Executes dropped EXE
PID:3776 -
\??\c:\jdvpj.exec:\jdvpj.exe28⤵
- Executes dropped EXE
PID:2512 -
\??\c:\dpdvj.exec:\dpdvj.exe29⤵
- Executes dropped EXE
PID:1500 -
\??\c:\5lllxrr.exec:\5lllxrr.exe30⤵
- Executes dropped EXE
PID:4428 -
\??\c:\ffflfxr.exec:\ffflfxr.exe31⤵
- Executes dropped EXE
PID:4948 -
\??\c:\9bbbth.exec:\9bbbth.exe32⤵
- Executes dropped EXE
PID:4628 -
\??\c:\djvvj.exec:\djvvj.exe33⤵
- Executes dropped EXE
PID:4440 -
\??\c:\lrrfxrl.exec:\lrrfxrl.exe34⤵
- Executes dropped EXE
PID:4556 -
\??\c:\1bbbtt.exec:\1bbbtt.exe35⤵
- Executes dropped EXE
PID:2764 -
\??\c:\tntnbh.exec:\tntnbh.exe36⤵
- Executes dropped EXE
PID:1144 -
\??\c:\9pvvv.exec:\9pvvv.exe37⤵
- Executes dropped EXE
PID:2216 -
\??\c:\1rfxrrl.exec:\1rfxrrl.exe38⤵
- Executes dropped EXE
PID:4816 -
\??\c:\nhnhnn.exec:\nhnhnn.exe39⤵
- Executes dropped EXE
PID:3184 -
\??\c:\hhnhhn.exec:\hhnhhn.exe40⤵
- Executes dropped EXE
PID:4704 -
\??\c:\jvpvp.exec:\jvpvp.exe41⤵
- Executes dropped EXE
PID:1956 -
\??\c:\fxxrlxr.exec:\fxxrlxr.exe42⤵
- Executes dropped EXE
PID:2008 -
\??\c:\rlxrfxr.exec:\rlxrfxr.exe43⤵
- Executes dropped EXE
PID:3028 -
\??\c:\3bbtnn.exec:\3bbtnn.exe44⤵
- Executes dropped EXE
PID:2636 -
\??\c:\7ttnbt.exec:\7ttnbt.exe45⤵
- Executes dropped EXE
PID:4424 -
\??\c:\jdjdv.exec:\jdjdv.exe46⤵
- Executes dropped EXE
PID:1400 -
\??\c:\vvvpp.exec:\vvvpp.exe47⤵
- Executes dropped EXE
PID:2120 -
\??\c:\rfffrrl.exec:\rfffrrl.exe48⤵
- Executes dropped EXE
PID:1300 -
\??\c:\fxrlfxf.exec:\fxrlfxf.exe49⤵
- Executes dropped EXE
PID:4812 -
\??\c:\tnnhbb.exec:\tnnhbb.exe50⤵
- Executes dropped EXE
PID:2856 -
\??\c:\nnbthb.exec:\nnbthb.exe51⤵
- Executes dropped EXE
PID:3352 -
\??\c:\pjjdv.exec:\pjjdv.exe52⤵
- Executes dropped EXE
PID:536 -
\??\c:\rlfrllx.exec:\rlfrllx.exe53⤵
- Executes dropped EXE
PID:548 -
\??\c:\rxxrrll.exec:\rxxrrll.exe54⤵
- Executes dropped EXE
PID:4524 -
\??\c:\hthbbt.exec:\hthbbt.exe55⤵
- Executes dropped EXE
PID:3968 -
\??\c:\1pvpj.exec:\1pvpj.exe56⤵
- Executes dropped EXE
PID:4488 -
\??\c:\1jpjv.exec:\1jpjv.exe57⤵
- Executes dropped EXE
PID:2144 -
\??\c:\9fffrrl.exec:\9fffrrl.exe58⤵
- Executes dropped EXE
PID:4552 -
\??\c:\lfrrxxf.exec:\lfrrxxf.exe59⤵
- Executes dropped EXE
PID:4000 -
\??\c:\htttnn.exec:\htttnn.exe60⤵
- Executes dropped EXE
PID:2936 -
\??\c:\vpddj.exec:\vpddj.exe61⤵
- Executes dropped EXE
PID:5060 -
\??\c:\9flfxfx.exec:\9flfxfx.exe62⤵
- Executes dropped EXE
PID:1824 -
\??\c:\tnnnhh.exec:\tnnnhh.exe63⤵
- Executes dropped EXE
PID:4052 -
\??\c:\pdjdp.exec:\pdjdp.exe64⤵
- Executes dropped EXE
PID:3244 -
\??\c:\frlffff.exec:\frlffff.exe65⤵
- Executes dropped EXE
PID:3264 -
\??\c:\tnbtbb.exec:\tnbtbb.exe66⤵PID:3076
-
\??\c:\bhhbtn.exec:\bhhbtn.exe67⤵PID:396
-
\??\c:\jdpjj.exec:\jdpjj.exe68⤵PID:5068
-
\??\c:\rllfxrl.exec:\rllfxrl.exe69⤵PID:4024
-
\??\c:\nhhhbb.exec:\nhhhbb.exe70⤵PID:736
-
\??\c:\dvvdv.exec:\dvvdv.exe71⤵PID:3480
-
\??\c:\jdppp.exec:\jdppp.exe72⤵PID:632
-
\??\c:\pddpj.exec:\pddpj.exe73⤵PID:4728
-
\??\c:\rrrrllf.exec:\rrrrllf.exe74⤵PID:2544
-
\??\c:\hhhhbb.exec:\hhhhbb.exe75⤵PID:2512
-
\??\c:\tnnhht.exec:\tnnhht.exe76⤵PID:3832
-
\??\c:\vvpjd.exec:\vvpjd.exe77⤵PID:1972
-
\??\c:\pppvj.exec:\pppvj.exe78⤵PID:772
-
\??\c:\3lrlfxr.exec:\3lrlfxr.exe79⤵PID:1648
-
\??\c:\btbtnn.exec:\btbtnn.exe80⤵PID:4328
-
\??\c:\tntttb.exec:\tntttb.exe81⤵PID:4464
-
\??\c:\vdppd.exec:\vdppd.exe82⤵PID:1508
-
\??\c:\3rfxrxr.exec:\3rfxrxr.exe83⤵PID:2092
-
\??\c:\tnhnhh.exec:\tnhnhh.exe84⤵PID:2628
-
\??\c:\1ttnht.exec:\1ttnht.exe85⤵PID:1696
-
\??\c:\vdjpj.exec:\vdjpj.exe86⤵PID:5100
-
\??\c:\dvvpj.exec:\dvvpj.exe87⤵PID:836
-
\??\c:\rlrllxr.exec:\rlrllxr.exe88⤵PID:4816
-
\??\c:\5nhnnh.exec:\5nhnnh.exe89⤵PID:2756
-
\??\c:\9nttnn.exec:\9nttnn.exe90⤵PID:4376
-
\??\c:\vddvp.exec:\vddvp.exe91⤵PID:4248
-
\??\c:\5dpjd.exec:\5dpjd.exe92⤵PID:1232
-
\??\c:\xrrlffx.exec:\xrrlffx.exe93⤵PID:4044
-
\??\c:\7nhttt.exec:\7nhttt.exe94⤵PID:1800
-
\??\c:\hbhttn.exec:\hbhttn.exe95⤵PID:2540
-
\??\c:\3dddv.exec:\3dddv.exe96⤵PID:1652
-
\??\c:\pjdpd.exec:\pjdpd.exe97⤵PID:2212
-
\??\c:\fllfrlf.exec:\fllfrlf.exe98⤵PID:4420
-
\??\c:\rffxrlf.exec:\rffxrlf.exe99⤵PID:3720
-
\??\c:\nhhnnh.exec:\nhhnnh.exe100⤵PID:3468
-
\??\c:\pvpjv.exec:\pvpjv.exe101⤵PID:2888
-
\??\c:\3fxrllf.exec:\3fxrllf.exe102⤵PID:2132
-
\??\c:\thhhnb.exec:\thhhnb.exe103⤵PID:2884
-
\??\c:\hhhbtt.exec:\hhhbtt.exe104⤵PID:808
-
\??\c:\5jpjv.exec:\5jpjv.exe105⤵PID:3968
-
\??\c:\pjjdj.exec:\pjjdj.exe106⤵PID:4488
-
\??\c:\rxfxxrr.exec:\rxfxxrr.exe107⤵PID:4552
-
\??\c:\xllfxxr.exec:\xllfxxr.exe108⤵PID:1552
-
\??\c:\nnhbnh.exec:\nnhbnh.exe109⤵PID:3240
-
\??\c:\vjpjd.exec:\vjpjd.exe110⤵PID:1824
-
\??\c:\ddddj.exec:\ddddj.exe111⤵PID:4620
-
\??\c:\fxxrrxf.exec:\fxxrrxf.exe112⤵PID:4316
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe113⤵PID:4380
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe114⤵PID:4684
-
\??\c:\bbttnh.exec:\bbttnh.exe115⤵PID:1448
-
\??\c:\hhhttn.exec:\hhhttn.exe116⤵PID:1012
-
\??\c:\djdvp.exec:\djdvp.exe117⤵PID:3124
-
\??\c:\xrfrffx.exec:\xrfrffx.exe118⤵PID:4728
-
\??\c:\rllfxfx.exec:\rllfxfx.exe119⤵PID:5096
-
\??\c:\nhhhbh.exec:\nhhhbh.exe120⤵PID:2512
-
\??\c:\dpvvp.exec:\dpvvp.exe121⤵PID:4732
-
\??\c:\7xfxrxr.exec:\7xfxrxr.exe122⤵PID:1972
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-