Analysis
-
max time kernel
149s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 14:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe
-
Size
81KB
-
MD5
d34e9839e9ad333eedb7c815c3112010
-
SHA1
233d9c5bba4ce6d966d29de7662f772867e67e1b
-
SHA256
6aeeab66aa3687c89dfcc35e59bb0784443940584a61791a85601539ebac3997
-
SHA512
89c31feb0e37fb27f626b650e41af5690cd8292c04e3ae7165f1d79b7c3fd4191be166c4eac585561c2c9f1f120c0536e225cfca0264ca7f9e53aa78d28edbf1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8njE:ymb3NkkiQ3mdBjFo7LAIbT6jE
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
resource yara_rule behavioral2/memory/736-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2468-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4496-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2520-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5040-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3388-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2128-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4760-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/792-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/868-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3616-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4772-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/632-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2264-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2232-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4840-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4668-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5048-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3208-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4852-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5092-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3384-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2864-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2500-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3632-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2156-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2468 jppjj.exe 4496 lxrlfxr.exe 2372 7rlfxrl.exe 2520 ttnhnn.exe 5040 hbthbh.exe 3388 pjjdp.exe 2128 rlfxxxr.exe 4760 lfxxrlf.exe 2836 1hhbtn.exe 792 dvvdd.exe 868 xrfxfxl.exe 3616 5bnhhh.exe 4772 hbttnh.exe 632 5jpjv.exe 2264 9vpjv.exe 2232 lllfxrl.exe 4840 dvppj.exe 4996 7ffrllf.exe 4668 lrxxrrr.exe 5048 bbhbnn.exe 3208 vvppp.exe 4852 lxllflx.exe 5092 7jpjv.exe 4532 3btnbb.exe 3384 pjjvj.exe 2864 jpdpj.exe 2500 rlxrrlf.exe 3632 9hnhnh.exe 2156 pdjvv.exe 4180 fllfxrf.exe 4940 lrxxrrl.exe 3280 hnttnn.exe 2676 vpvvp.exe 4064 fxxflfl.exe 872 nnttnb.exe 2688 pjpjd.exe 4856 vpvvd.exe 3600 xrlfrrl.exe 2244 3nhbtn.exe 4744 vpvpj.exe 3832 rlffxrr.exe 4308 tnbbhb.exe 4500 vvdvp.exe 3920 pjjdp.exe 2300 lflrrrr.exe 1760 7xrllff.exe 1252 1nbtbt.exe 3956 thnbbb.exe 2896 dpvvv.exe 3688 lflxrlf.exe 2332 tbhhbt.exe 1640 btnhbt.exe 3624 vjjjv.exe 2540 7lxrllf.exe 3156 lflfxrl.exe 3524 5nttnn.exe 3596 vpppj.exe 336 5dvpp.exe 1988 xrrlxrr.exe 2028 httthb.exe 4840 nbhbtn.exe 4792 bhnnnh.exe 1208 pjvpv.exe 1584 5jdvj.exe -
resource yara_rule behavioral2/memory/736-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2468-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4496-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2520-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5040-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3388-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2128-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4760-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/792-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/868-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3616-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4772-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/632-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2264-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2232-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4840-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4668-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5048-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3208-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4852-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5092-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3384-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2864-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2500-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3632-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2156-188-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 736 wrote to memory of 2468 736 d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe 83 PID 736 wrote to memory of 2468 736 d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe 83 PID 736 wrote to memory of 2468 736 d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe 83 PID 2468 wrote to memory of 4496 2468 jppjj.exe 84 PID 2468 wrote to memory of 4496 2468 jppjj.exe 84 PID 2468 wrote to memory of 4496 2468 jppjj.exe 84 PID 4496 wrote to memory of 2372 4496 lxrlfxr.exe 85 PID 4496 wrote to memory of 2372 4496 lxrlfxr.exe 85 PID 4496 wrote to memory of 2372 4496 lxrlfxr.exe 85 PID 2372 wrote to memory of 2520 2372 7rlfxrl.exe 86 PID 2372 wrote to memory of 2520 2372 7rlfxrl.exe 86 PID 2372 wrote to memory of 2520 2372 7rlfxrl.exe 86 PID 2520 wrote to memory of 5040 2520 ttnhnn.exe 87 PID 2520 wrote to memory of 5040 2520 ttnhnn.exe 87 PID 2520 wrote to memory of 5040 2520 ttnhnn.exe 87 PID 5040 wrote to memory of 3388 5040 hbthbh.exe 88 PID 5040 wrote to memory of 3388 5040 hbthbh.exe 88 PID 5040 wrote to memory of 3388 5040 hbthbh.exe 88 PID 3388 wrote to memory of 2128 3388 pjjdp.exe 89 PID 3388 wrote to memory of 2128 3388 pjjdp.exe 89 PID 3388 wrote to memory of 2128 3388 pjjdp.exe 89 PID 2128 wrote to memory of 4760 2128 rlfxxxr.exe 90 PID 2128 wrote to memory of 4760 2128 rlfxxxr.exe 90 PID 2128 wrote to memory of 4760 2128 rlfxxxr.exe 90 PID 4760 wrote to memory of 2836 4760 lfxxrlf.exe 91 PID 4760 wrote to memory of 2836 4760 lfxxrlf.exe 91 PID 4760 wrote to memory of 2836 4760 lfxxrlf.exe 91 PID 2836 wrote to memory of 792 2836 1hhbtn.exe 92 PID 2836 wrote to memory of 792 2836 1hhbtn.exe 92 PID 2836 wrote to memory of 792 2836 1hhbtn.exe 92 PID 792 wrote to memory of 868 792 dvvdd.exe 93 PID 792 wrote to memory of 868 792 dvvdd.exe 93 PID 792 wrote to memory of 868 792 dvvdd.exe 93 PID 868 wrote to memory of 3616 868 xrfxfxl.exe 94 PID 868 wrote to memory of 3616 868 xrfxfxl.exe 94 PID 868 wrote to memory of 3616 868 xrfxfxl.exe 94 PID 3616 wrote to memory of 4772 3616 5bnhhh.exe 95 PID 3616 wrote to memory of 4772 3616 5bnhhh.exe 95 PID 3616 wrote to memory of 4772 3616 5bnhhh.exe 95 PID 4772 wrote to memory of 632 4772 hbttnh.exe 96 PID 4772 wrote to memory of 632 4772 hbttnh.exe 96 PID 4772 wrote to memory of 632 4772 hbttnh.exe 96 PID 632 wrote to memory of 2264 632 5jpjv.exe 97 PID 632 wrote to memory of 2264 632 5jpjv.exe 97 PID 632 wrote to memory of 2264 632 5jpjv.exe 97 PID 2264 wrote to memory of 2232 2264 9vpjv.exe 98 PID 2264 wrote to memory of 2232 2264 9vpjv.exe 98 PID 2264 wrote to memory of 2232 2264 9vpjv.exe 98 PID 2232 wrote to memory of 4840 2232 lllfxrl.exe 99 PID 2232 wrote to memory of 4840 2232 lllfxrl.exe 99 PID 2232 wrote to memory of 4840 2232 lllfxrl.exe 99 PID 4840 wrote to memory of 4996 4840 dvppj.exe 100 PID 4840 wrote to memory of 4996 4840 dvppj.exe 100 PID 4840 wrote to memory of 4996 4840 dvppj.exe 100 PID 4996 wrote to memory of 4668 4996 7ffrllf.exe 101 PID 4996 wrote to memory of 4668 4996 7ffrllf.exe 101 PID 4996 wrote to memory of 4668 4996 7ffrllf.exe 101 PID 4668 wrote to memory of 5048 4668 lrxxrrr.exe 102 PID 4668 wrote to memory of 5048 4668 lrxxrrr.exe 102 PID 4668 wrote to memory of 5048 4668 lrxxrrr.exe 102 PID 5048 wrote to memory of 3208 5048 bbhbnn.exe 103 PID 5048 wrote to memory of 3208 5048 bbhbnn.exe 103 PID 5048 wrote to memory of 3208 5048 bbhbnn.exe 103 PID 3208 wrote to memory of 4852 3208 vvppp.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d34e9839e9ad333eedb7c815c3112010_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:736 -
\??\c:\jppjj.exec:\jppjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\lxrlfxr.exec:\lxrlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4496 -
\??\c:\7rlfxrl.exec:\7rlfxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2372 -
\??\c:\ttnhnn.exec:\ttnhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\hbthbh.exec:\hbthbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5040 -
\??\c:\pjjdp.exec:\pjjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3388 -
\??\c:\rlfxxxr.exec:\rlfxxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2128 -
\??\c:\lfxxrlf.exec:\lfxxrlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4760 -
\??\c:\1hhbtn.exec:\1hhbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2836 -
\??\c:\dvvdd.exec:\dvvdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:792 -
\??\c:\xrfxfxl.exec:\xrfxfxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:868 -
\??\c:\5bnhhh.exec:\5bnhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3616 -
\??\c:\hbttnh.exec:\hbttnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4772 -
\??\c:\5jpjv.exec:\5jpjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:632 -
\??\c:\9vpjv.exec:\9vpjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2264 -
\??\c:\lllfxrl.exec:\lllfxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2232 -
\??\c:\dvppj.exec:\dvppj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4840 -
\??\c:\7ffrllf.exec:\7ffrllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4996 -
\??\c:\lrxxrrr.exec:\lrxxrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4668 -
\??\c:\bbhbnn.exec:\bbhbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5048 -
\??\c:\vvppp.exec:\vvppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3208 -
\??\c:\lxllflx.exec:\lxllflx.exe23⤵
- Executes dropped EXE
PID:4852 -
\??\c:\7jpjv.exec:\7jpjv.exe24⤵
- Executes dropped EXE
PID:5092 -
\??\c:\3btnbb.exec:\3btnbb.exe25⤵
- Executes dropped EXE
PID:4532 -
\??\c:\pjjvj.exec:\pjjvj.exe26⤵
- Executes dropped EXE
PID:3384 -
\??\c:\jpdpj.exec:\jpdpj.exe27⤵
- Executes dropped EXE
PID:2864 -
\??\c:\rlxrrlf.exec:\rlxrrlf.exe28⤵
- Executes dropped EXE
PID:2500 -
\??\c:\9hnhnh.exec:\9hnhnh.exe29⤵
- Executes dropped EXE
PID:3632 -
\??\c:\pdjvv.exec:\pdjvv.exe30⤵
- Executes dropped EXE
PID:2156 -
\??\c:\fllfxrf.exec:\fllfxrf.exe31⤵
- Executes dropped EXE
PID:4180 -
\??\c:\lrxxrrl.exec:\lrxxrrl.exe32⤵
- Executes dropped EXE
PID:4940 -
\??\c:\hnttnn.exec:\hnttnn.exe33⤵
- Executes dropped EXE
PID:3280 -
\??\c:\vpvvp.exec:\vpvvp.exe34⤵
- Executes dropped EXE
PID:2676 -
\??\c:\fxxflfl.exec:\fxxflfl.exe35⤵
- Executes dropped EXE
PID:4064 -
\??\c:\nnttnb.exec:\nnttnb.exe36⤵
- Executes dropped EXE
PID:872 -
\??\c:\pjpjd.exec:\pjpjd.exe37⤵
- Executes dropped EXE
PID:2688 -
\??\c:\vpvvd.exec:\vpvvd.exe38⤵
- Executes dropped EXE
PID:4856 -
\??\c:\xrlfrrl.exec:\xrlfrrl.exe39⤵
- Executes dropped EXE
PID:3600 -
\??\c:\3nhbtn.exec:\3nhbtn.exe40⤵
- Executes dropped EXE
PID:2244 -
\??\c:\vpvpj.exec:\vpvpj.exe41⤵
- Executes dropped EXE
PID:4744 -
\??\c:\rlffxrr.exec:\rlffxrr.exe42⤵
- Executes dropped EXE
PID:3832 -
\??\c:\tnbbhb.exec:\tnbbhb.exe43⤵
- Executes dropped EXE
PID:4308 -
\??\c:\vvdvp.exec:\vvdvp.exe44⤵
- Executes dropped EXE
PID:4500 -
\??\c:\pjjdp.exec:\pjjdp.exe45⤵
- Executes dropped EXE
PID:3920 -
\??\c:\lflrrrr.exec:\lflrrrr.exe46⤵
- Executes dropped EXE
PID:2300 -
\??\c:\7xrllff.exec:\7xrllff.exe47⤵
- Executes dropped EXE
PID:1760 -
\??\c:\1nbtbt.exec:\1nbtbt.exe48⤵
- Executes dropped EXE
PID:1252 -
\??\c:\thnbbb.exec:\thnbbb.exe49⤵
- Executes dropped EXE
PID:3956 -
\??\c:\dpvvv.exec:\dpvvv.exe50⤵
- Executes dropped EXE
PID:2896 -
\??\c:\lflxrlf.exec:\lflxrlf.exe51⤵
- Executes dropped EXE
PID:3688 -
\??\c:\tbhhbt.exec:\tbhhbt.exe52⤵
- Executes dropped EXE
PID:2332 -
\??\c:\btnhbt.exec:\btnhbt.exe53⤵
- Executes dropped EXE
PID:1640 -
\??\c:\vjjjv.exec:\vjjjv.exe54⤵
- Executes dropped EXE
PID:3624 -
\??\c:\7lxrllf.exec:\7lxrllf.exe55⤵
- Executes dropped EXE
PID:2540 -
\??\c:\lflfxrl.exec:\lflfxrl.exe56⤵
- Executes dropped EXE
PID:3156 -
\??\c:\5nttnn.exec:\5nttnn.exe57⤵
- Executes dropped EXE
PID:3524 -
\??\c:\vpppj.exec:\vpppj.exe58⤵
- Executes dropped EXE
PID:3596 -
\??\c:\5dvpp.exec:\5dvpp.exe59⤵
- Executes dropped EXE
PID:336 -
\??\c:\xrrlxrr.exec:\xrrlxrr.exe60⤵
- Executes dropped EXE
PID:1988 -
\??\c:\httthb.exec:\httthb.exe61⤵
- Executes dropped EXE
PID:2028 -
\??\c:\nbhbtn.exec:\nbhbtn.exe62⤵
- Executes dropped EXE
PID:4840 -
\??\c:\bhnnnh.exec:\bhnnnh.exe63⤵
- Executes dropped EXE
PID:4792 -
\??\c:\pjvpv.exec:\pjvpv.exe64⤵
- Executes dropped EXE
PID:1208 -
\??\c:\5jdvj.exec:\5jdvj.exe65⤵
- Executes dropped EXE
PID:1584 -
\??\c:\frllxrr.exec:\frllxrr.exe66⤵PID:3448
-
\??\c:\5tttnn.exec:\5tttnn.exe67⤵PID:4884
-
\??\c:\3pjjd.exec:\3pjjd.exe68⤵PID:5096
-
\??\c:\jdvpd.exec:\jdvpd.exe69⤵PID:4896
-
\??\c:\djjdp.exec:\djjdp.exe70⤵PID:4144
-
\??\c:\lflfxrx.exec:\lflfxrx.exe71⤵PID:4804
-
\??\c:\7nthnn.exec:\7nthnn.exe72⤵PID:3412
-
\??\c:\hthbnn.exec:\hthbnn.exe73⤵PID:2060
-
\??\c:\pdjdd.exec:\pdjdd.exe74⤵PID:1492
-
\??\c:\pvpjv.exec:\pvpjv.exe75⤵PID:2500
-
\??\c:\9lfrlrr.exec:\9lfrlrr.exe76⤵PID:3632
-
\??\c:\fxxlfxr.exec:\fxxlfxr.exe77⤵PID:3972
-
\??\c:\9thhhb.exec:\9thhhb.exe78⤵PID:4340
-
\??\c:\dvvvj.exec:\dvvvj.exe79⤵PID:3848
-
\??\c:\rrxlfxr.exec:\rrxlfxr.exe80⤵PID:4212
-
\??\c:\httnbb.exec:\httnbb.exe81⤵PID:4100
-
\??\c:\1bhbbb.exec:\1bhbbb.exe82⤵PID:684
-
\??\c:\vvjdv.exec:\vvjdv.exe83⤵PID:4088
-
\??\c:\jpvpj.exec:\jpvpj.exe84⤵PID:4980
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe85⤵PID:2508
-
\??\c:\5tnnnn.exec:\5tnnnn.exe86⤵PID:4328
-
\??\c:\3bhhtt.exec:\3bhhtt.exe87⤵PID:3332
-
\??\c:\vvdjv.exec:\vvdjv.exe88⤵PID:4944
-
\??\c:\ppdpv.exec:\ppdpv.exe89⤵PID:3892
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe90⤵PID:2884
-
\??\c:\xxlxrlf.exec:\xxlxrlf.exe91⤵PID:1272
-
\??\c:\tthhbh.exec:\tthhbh.exe92⤵PID:3564
-
\??\c:\thbthb.exec:\thbthb.exe93⤵PID:2520
-
\??\c:\dpvvp.exec:\dpvvp.exe94⤵PID:4156
-
\??\c:\1jdpd.exec:\1jdpd.exe95⤵PID:3940
-
\??\c:\fxffxrl.exec:\fxffxrl.exe96⤵PID:3388
-
\??\c:\tnttnt.exec:\tnttnt.exe97⤵PID:3948
-
\??\c:\bnnnhh.exec:\bnnnhh.exe98⤵PID:1144
-
\??\c:\pjjdd.exec:\pjjdd.exe99⤵PID:324
-
\??\c:\dpvpp.exec:\dpvpp.exe100⤵PID:3624
-
\??\c:\lfxxrxr.exec:\lfxxrxr.exe101⤵PID:3896
-
\??\c:\7xfxlfx.exec:\7xfxlfx.exe102⤵PID:3240
-
\??\c:\bbhbbt.exec:\bbhbbt.exe103⤵PID:3616
-
\??\c:\9bhbbt.exec:\9bhbbt.exe104⤵PID:2040
-
\??\c:\jdvpv.exec:\jdvpv.exe105⤵PID:2100
-
\??\c:\5vdvj.exec:\5vdvj.exe106⤵PID:2180
-
\??\c:\1rfxfrr.exec:\1rfxfrr.exe107⤵PID:2000
-
\??\c:\ttbbtt.exec:\ttbbtt.exe108⤵PID:4928
-
\??\c:\bthntt.exec:\bthntt.exe109⤵PID:4996
-
\??\c:\9ttnnn.exec:\9ttnnn.exe110⤵PID:780
-
\??\c:\7djdj.exec:\7djdj.exe111⤵PID:1660
-
\??\c:\7vvjd.exec:\7vvjd.exe112⤵PID:1428
-
\??\c:\fxxfrrr.exec:\fxxfrrr.exe113⤵PID:1168
-
\??\c:\1hnnhb.exec:\1hnnhb.exe114⤵PID:4916
-
\??\c:\vddvv.exec:\vddvv.exe115⤵PID:2248
-
\??\c:\vvpjd.exec:\vvpjd.exe116⤵PID:2384
-
\??\c:\fxflxrr.exec:\fxflxrr.exe117⤵PID:4532
-
\??\c:\7llfxlf.exec:\7llfxlf.exe118⤵PID:4676
-
\??\c:\nbbttn.exec:\nbbttn.exe119⤵PID:3412
-
\??\c:\7hhhbb.exec:\7hhhbb.exe120⤵PID:2864
-
\??\c:\vpvvd.exec:\vpvvd.exe121⤵PID:2660
-
\??\c:\9pjdd.exec:\9pjdd.exe122⤵PID:2720
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-