Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 14:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe
-
Size
68KB
-
MD5
d41c4e24eae97d765853d181e25c8f00
-
SHA1
2efd6c55f871d9cad0dab84efa73d8c7f7a15f28
-
SHA256
bc099c143841699b7e2efc40b044e61df5573bb131aeec3518c66dfe8597c61e
-
SHA512
950108f47bdcbe6de3b6183f1f7f1e439077b3a5515ddbbaa670390342137d7a75b062f8e36ab0139301370f36e8057d1e74bb2532709ff0557235adef35ccf0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbLMJ:ymb3NkkiQ3mdBjFIfvTfCD+Hx
Malware Config
Signatures
-
Detect Blackmoon payload 29 IoCs
resource yara_rule behavioral2/memory/1588-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3040-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2260-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4332-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1080-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3792-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1604-49-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4948-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3512-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/792-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2264-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4504-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/996-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3900-98-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5088-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2496-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3008-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4384-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2808-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1480-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4184-146-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3416-158-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4292-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2476-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/212-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4288-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3180-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4344-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1652-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4332 vpddd.exe 3040 rrlfrrf.exe 2260 tntnhh.exe 1080 nnnnhh.exe 3792 frxrlrl.exe 1604 hhttbh.exe 4948 vvvdv.exe 3512 rxffxxx.exe 792 llrllrr.exe 2264 bbtnnn.exe 4504 jjjjj.exe 996 vvvvj.exe 3900 llffxxr.exe 5088 bbhhbh.exe 2496 bbbbbh.exe 4740 vvjjv.exe 3008 rlfxrfl.exe 4384 ffrxflr.exe 2808 ttttnt.exe 1480 hthnhn.exe 4184 ppppp.exe 948 dvddd.exe 3416 lrrrrrf.exe 4292 hhnnht.exe 2476 nbhbbb.exe 212 dpvvp.exe 4288 fxfllrf.exe 3180 1hthtt.exe 2704 9vvdd.exe 4344 jdvvv.exe 1652 xxxrlrr.exe 2824 tbhnnn.exe 4568 pjdjp.exe 3632 xrrrrxl.exe 4892 frflffx.exe 4232 thttbn.exe 4532 jdddd.exe 4324 pppvv.exe 348 flrrrrr.exe 2388 llllxxx.exe 2924 bttttb.exe 2196 ntbbbb.exe 2800 vvjjd.exe 3436 pjpdv.exe 1080 vpvdj.exe 748 xrxxrfl.exe 5112 xxlllll.exe 3608 bnbnhn.exe 2016 ttnttb.exe 1432 ppddd.exe 1180 vvpvd.exe 3376 fflffll.exe 3712 rrflxff.exe 4964 bbnnbh.exe 2240 5thhnn.exe 2400 dvddd.exe 3384 1dppd.exe 1688 7frrflx.exe 4848 ffxrrxx.exe 4612 3thnbb.exe 4740 nbtbhn.exe 1592 jjjjd.exe 1676 vpvpp.exe 3956 xlrxrxx.exe -
resource yara_rule behavioral2/memory/1588-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3040-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2260-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4332-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1080-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1080-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1080-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1080-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3792-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1604-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4948-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3512-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/792-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2264-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4504-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/996-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3900-98-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5088-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2496-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3008-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4384-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2808-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1480-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4184-146-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3416-158-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4292-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2476-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/212-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4288-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3180-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4344-199-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1652-206-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1588 wrote to memory of 4332 1588 d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe 84 PID 1588 wrote to memory of 4332 1588 d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe 84 PID 1588 wrote to memory of 4332 1588 d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe 84 PID 4332 wrote to memory of 3040 4332 vpddd.exe 85 PID 4332 wrote to memory of 3040 4332 vpddd.exe 85 PID 4332 wrote to memory of 3040 4332 vpddd.exe 85 PID 3040 wrote to memory of 2260 3040 rrlfrrf.exe 86 PID 3040 wrote to memory of 2260 3040 rrlfrrf.exe 86 PID 3040 wrote to memory of 2260 3040 rrlfrrf.exe 86 PID 2260 wrote to memory of 1080 2260 tntnhh.exe 87 PID 2260 wrote to memory of 1080 2260 tntnhh.exe 87 PID 2260 wrote to memory of 1080 2260 tntnhh.exe 87 PID 1080 wrote to memory of 3792 1080 nnnnhh.exe 88 PID 1080 wrote to memory of 3792 1080 nnnnhh.exe 88 PID 1080 wrote to memory of 3792 1080 nnnnhh.exe 88 PID 3792 wrote to memory of 1604 3792 frxrlrl.exe 89 PID 3792 wrote to memory of 1604 3792 frxrlrl.exe 89 PID 3792 wrote to memory of 1604 3792 frxrlrl.exe 89 PID 1604 wrote to memory of 4948 1604 hhttbh.exe 90 PID 1604 wrote to memory of 4948 1604 hhttbh.exe 90 PID 1604 wrote to memory of 4948 1604 hhttbh.exe 90 PID 4948 wrote to memory of 3512 4948 vvvdv.exe 91 PID 4948 wrote to memory of 3512 4948 vvvdv.exe 91 PID 4948 wrote to memory of 3512 4948 vvvdv.exe 91 PID 3512 wrote to memory of 792 3512 rxffxxx.exe 92 PID 3512 wrote to memory of 792 3512 rxffxxx.exe 92 PID 3512 wrote to memory of 792 3512 rxffxxx.exe 92 PID 792 wrote to memory of 2264 792 llrllrr.exe 93 PID 792 wrote to memory of 2264 792 llrllrr.exe 93 PID 792 wrote to memory of 2264 792 llrllrr.exe 93 PID 2264 wrote to memory of 4504 2264 bbtnnn.exe 94 PID 2264 wrote to memory of 4504 2264 bbtnnn.exe 94 PID 2264 wrote to memory of 4504 2264 bbtnnn.exe 94 PID 4504 wrote to memory of 996 4504 jjjjj.exe 95 PID 4504 wrote to memory of 996 4504 jjjjj.exe 95 PID 4504 wrote to memory of 996 4504 jjjjj.exe 95 PID 996 wrote to memory of 3900 996 vvvvj.exe 96 PID 996 wrote to memory of 3900 996 vvvvj.exe 96 PID 996 wrote to memory of 3900 996 vvvvj.exe 96 PID 3900 wrote to memory of 5088 3900 llffxxr.exe 97 PID 3900 wrote to memory of 5088 3900 llffxxr.exe 97 PID 3900 wrote to memory of 5088 3900 llffxxr.exe 97 PID 5088 wrote to memory of 2496 5088 bbhhbh.exe 98 PID 5088 wrote to memory of 2496 5088 bbhhbh.exe 98 PID 5088 wrote to memory of 2496 5088 bbhhbh.exe 98 PID 2496 wrote to memory of 4740 2496 bbbbbh.exe 99 PID 2496 wrote to memory of 4740 2496 bbbbbh.exe 99 PID 2496 wrote to memory of 4740 2496 bbbbbh.exe 99 PID 4740 wrote to memory of 3008 4740 vvjjv.exe 100 PID 4740 wrote to memory of 3008 4740 vvjjv.exe 100 PID 4740 wrote to memory of 3008 4740 vvjjv.exe 100 PID 3008 wrote to memory of 4384 3008 rlfxrfl.exe 101 PID 3008 wrote to memory of 4384 3008 rlfxrfl.exe 101 PID 3008 wrote to memory of 4384 3008 rlfxrfl.exe 101 PID 4384 wrote to memory of 2808 4384 ffrxflr.exe 102 PID 4384 wrote to memory of 2808 4384 ffrxflr.exe 102 PID 4384 wrote to memory of 2808 4384 ffrxflr.exe 102 PID 2808 wrote to memory of 1480 2808 ttttnt.exe 103 PID 2808 wrote to memory of 1480 2808 ttttnt.exe 103 PID 2808 wrote to memory of 1480 2808 ttttnt.exe 103 PID 1480 wrote to memory of 4184 1480 hthnhn.exe 104 PID 1480 wrote to memory of 4184 1480 hthnhn.exe 104 PID 1480 wrote to memory of 4184 1480 hthnhn.exe 104 PID 4184 wrote to memory of 948 4184 ppppp.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d41c4e24eae97d765853d181e25c8f00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1588 -
\??\c:\vpddd.exec:\vpddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4332 -
\??\c:\rrlfrrf.exec:\rrlfrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\tntnhh.exec:\tntnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2260 -
\??\c:\nnnnhh.exec:\nnnnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1080 -
\??\c:\frxrlrl.exec:\frxrlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3792 -
\??\c:\hhttbh.exec:\hhttbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1604 -
\??\c:\vvvdv.exec:\vvvdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4948 -
\??\c:\rxffxxx.exec:\rxffxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3512 -
\??\c:\llrllrr.exec:\llrllrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:792 -
\??\c:\bbtnnn.exec:\bbtnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2264 -
\??\c:\jjjjj.exec:\jjjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4504 -
\??\c:\vvvvj.exec:\vvvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:996 -
\??\c:\llffxxr.exec:\llffxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3900 -
\??\c:\bbhhbh.exec:\bbhhbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5088 -
\??\c:\bbbbbh.exec:\bbbbbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\vvjjv.exec:\vvjjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4740 -
\??\c:\rlfxrfl.exec:\rlfxrfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3008 -
\??\c:\ffrxflr.exec:\ffrxflr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4384 -
\??\c:\ttttnt.exec:\ttttnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808 -
\??\c:\hthnhn.exec:\hthnhn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1480 -
\??\c:\ppppp.exec:\ppppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4184 -
\??\c:\dvddd.exec:\dvddd.exe23⤵
- Executes dropped EXE
PID:948 -
\??\c:\lrrrrrf.exec:\lrrrrrf.exe24⤵
- Executes dropped EXE
PID:3416 -
\??\c:\hhnnht.exec:\hhnnht.exe25⤵
- Executes dropped EXE
PID:4292 -
\??\c:\nbhbbb.exec:\nbhbbb.exe26⤵
- Executes dropped EXE
PID:2476 -
\??\c:\dpvvp.exec:\dpvvp.exe27⤵
- Executes dropped EXE
PID:212 -
\??\c:\fxfllrf.exec:\fxfllrf.exe28⤵
- Executes dropped EXE
PID:4288 -
\??\c:\1hthtt.exec:\1hthtt.exe29⤵
- Executes dropped EXE
PID:3180 -
\??\c:\9vvdd.exec:\9vvdd.exe30⤵
- Executes dropped EXE
PID:2704 -
\??\c:\jdvvv.exec:\jdvvv.exe31⤵
- Executes dropped EXE
PID:4344 -
\??\c:\xxxrlrr.exec:\xxxrlrr.exe32⤵
- Executes dropped EXE
PID:1652 -
\??\c:\tbhnnn.exec:\tbhnnn.exe33⤵
- Executes dropped EXE
PID:2824 -
\??\c:\pjdjp.exec:\pjdjp.exe34⤵
- Executes dropped EXE
PID:4568 -
\??\c:\xrrrrxl.exec:\xrrrrxl.exe35⤵
- Executes dropped EXE
PID:3632 -
\??\c:\frflffx.exec:\frflffx.exe36⤵
- Executes dropped EXE
PID:4892 -
\??\c:\thttbn.exec:\thttbn.exe37⤵
- Executes dropped EXE
PID:4232 -
\??\c:\jdddd.exec:\jdddd.exe38⤵
- Executes dropped EXE
PID:4532 -
\??\c:\pppvv.exec:\pppvv.exe39⤵
- Executes dropped EXE
PID:4324 -
\??\c:\flrrrrr.exec:\flrrrrr.exe40⤵
- Executes dropped EXE
PID:348 -
\??\c:\llllxxx.exec:\llllxxx.exe41⤵
- Executes dropped EXE
PID:2388 -
\??\c:\bttttb.exec:\bttttb.exe42⤵
- Executes dropped EXE
PID:2924 -
\??\c:\ntbbbb.exec:\ntbbbb.exe43⤵
- Executes dropped EXE
PID:2196 -
\??\c:\vvjjd.exec:\vvjjd.exe44⤵
- Executes dropped EXE
PID:2800 -
\??\c:\pjpdv.exec:\pjpdv.exe45⤵
- Executes dropped EXE
PID:3436 -
\??\c:\vpvdj.exec:\vpvdj.exe46⤵
- Executes dropped EXE
PID:1080 -
\??\c:\xrxxrfl.exec:\xrxxrfl.exe47⤵
- Executes dropped EXE
PID:748 -
\??\c:\xxlllll.exec:\xxlllll.exe48⤵
- Executes dropped EXE
PID:5112 -
\??\c:\bnbnhn.exec:\bnbnhn.exe49⤵
- Executes dropped EXE
PID:3608 -
\??\c:\ttnttb.exec:\ttnttb.exe50⤵
- Executes dropped EXE
PID:2016 -
\??\c:\ppddd.exec:\ppddd.exe51⤵
- Executes dropped EXE
PID:1432 -
\??\c:\vvpvd.exec:\vvpvd.exe52⤵
- Executes dropped EXE
PID:1180 -
\??\c:\fflffll.exec:\fflffll.exe53⤵
- Executes dropped EXE
PID:3376 -
\??\c:\rrflxff.exec:\rrflxff.exe54⤵
- Executes dropped EXE
PID:3712 -
\??\c:\bbnnbh.exec:\bbnnbh.exe55⤵
- Executes dropped EXE
PID:4964 -
\??\c:\5thhnn.exec:\5thhnn.exe56⤵
- Executes dropped EXE
PID:2240 -
\??\c:\dvddd.exec:\dvddd.exe57⤵
- Executes dropped EXE
PID:2400 -
\??\c:\1dppd.exec:\1dppd.exe58⤵
- Executes dropped EXE
PID:3384 -
\??\c:\7frrflx.exec:\7frrflx.exe59⤵
- Executes dropped EXE
PID:1688 -
\??\c:\ffxrrxx.exec:\ffxrrxx.exe60⤵
- Executes dropped EXE
PID:4848 -
\??\c:\3thnbb.exec:\3thnbb.exe61⤵
- Executes dropped EXE
PID:4612 -
\??\c:\nbtbhn.exec:\nbtbhn.exe62⤵
- Executes dropped EXE
PID:4740 -
\??\c:\jjjjd.exec:\jjjjd.exe63⤵
- Executes dropped EXE
PID:1592 -
\??\c:\vpvpp.exec:\vpvpp.exe64⤵
- Executes dropped EXE
PID:1676 -
\??\c:\xlrxrxx.exec:\xlrxrxx.exe65⤵
- Executes dropped EXE
PID:3956 -
\??\c:\lxflrfx.exec:\lxflrfx.exe66⤵PID:3492
-
\??\c:\llxxllr.exec:\llxxllr.exe67⤵PID:4920
-
\??\c:\tttbtt.exec:\tttbtt.exe68⤵PID:884
-
\??\c:\vvddp.exec:\vvddp.exe69⤵PID:3872
-
\??\c:\jdpjd.exec:\jdpjd.exe70⤵PID:1720
-
\??\c:\rxffxff.exec:\rxffxff.exe71⤵PID:4348
-
\??\c:\nnthhn.exec:\nnthhn.exe72⤵PID:4292
-
\??\c:\jpjpj.exec:\jpjpj.exe73⤵PID:2476
-
\??\c:\xfxxrrr.exec:\xfxxrrr.exe74⤵PID:1960
-
\??\c:\nhbhtt.exec:\nhbhtt.exe75⤵PID:2892
-
\??\c:\hbnbbh.exec:\hbnbbh.exe76⤵PID:2980
-
\??\c:\pjppp.exec:\pjppp.exe77⤵PID:4448
-
\??\c:\7hbbtn.exec:\7hbbtn.exe78⤵PID:4456
-
\??\c:\3vjpp.exec:\3vjpp.exe79⤵PID:2548
-
\??\c:\jvdjj.exec:\jvdjj.exe80⤵PID:916
-
\??\c:\llllrxl.exec:\llllrxl.exe81⤵PID:4764
-
\??\c:\rrllrxr.exec:\rrllrxr.exe82⤵PID:2364
-
\??\c:\tttbhn.exec:\tttbhn.exe83⤵PID:2724
-
\??\c:\pvpjj.exec:\pvpjj.exe84⤵PID:3192
-
\??\c:\xrffxff.exec:\xrffxff.exe85⤵PID:3740
-
\??\c:\btthhn.exec:\btthhn.exe86⤵PID:2044
-
\??\c:\vpvdd.exec:\vpvdd.exe87⤵PID:4052
-
\??\c:\5lxrlrl.exec:\5lxrlrl.exe88⤵PID:4488
-
\??\c:\lrxfflr.exec:\lrxfflr.exe89⤵PID:3104
-
\??\c:\hnbbtb.exec:\hnbbtb.exe90⤵PID:3380
-
\??\c:\1pvpj.exec:\1pvpj.exe91⤵PID:444
-
\??\c:\jpddv.exec:\jpddv.exe92⤵PID:3232
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe93⤵PID:4428
-
\??\c:\htbbtb.exec:\htbbtb.exe94⤵PID:3640
-
\??\c:\pddvp.exec:\pddvp.exe95⤵PID:3692
-
\??\c:\1lxxxff.exec:\1lxxxff.exe96⤵PID:1380
-
\??\c:\xfxrrxx.exec:\xfxrrxx.exe97⤵PID:1712
-
\??\c:\bhbbtn.exec:\bhbbtn.exe98⤵PID:4948
-
\??\c:\httbbh.exec:\httbbh.exe99⤵PID:1752
-
\??\c:\vvdvp.exec:\vvdvp.exe100⤵PID:2300
-
\??\c:\fflrllf.exec:\fflrllf.exe101⤵PID:4564
-
\??\c:\hbbhhh.exec:\hbbhhh.exe102⤵PID:2344
-
\??\c:\tnhhnn.exec:\tnhhnn.exe103⤵PID:4996
-
\??\c:\thnntt.exec:\thnntt.exe104⤵PID:1384
-
\??\c:\jjddj.exec:\jjddj.exe105⤵PID:5012
-
\??\c:\vdvpp.exec:\vdvpp.exe106⤵PID:4960
-
\??\c:\llrlflx.exec:\llrlflx.exe107⤵PID:696
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe108⤵PID:4908
-
\??\c:\hnttbh.exec:\hnttbh.exe109⤵PID:656
-
\??\c:\vdjpp.exec:\vdjpp.exe110⤵PID:3008
-
\??\c:\ddvdv.exec:\ddvdv.exe111⤵PID:2384
-
\??\c:\xflrlrr.exec:\xflrlrr.exe112⤵PID:4608
-
\??\c:\bbbhht.exec:\bbbhht.exe113⤵PID:1676
-
\??\c:\jjjpj.exec:\jjjpj.exe114⤵PID:2280
-
\??\c:\vpvvv.exec:\vpvvv.exe115⤵PID:944
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe116⤵PID:4920
-
\??\c:\frflrxx.exec:\frflrxx.exe117⤵PID:5064
-
\??\c:\hnnntt.exec:\hnnntt.exe118⤵PID:4936
-
\??\c:\3nnhhh.exec:\3nnhhh.exe119⤵PID:1720
-
\??\c:\pvdjp.exec:\pvdjp.exe120⤵PID:3464
-
\??\c:\dpvdd.exec:\dpvdd.exe121⤵PID:3944
-
\??\c:\ffrlxfr.exec:\ffrlxfr.exe122⤵PID:3980
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-