Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-05-2024 03:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
General
-
Target
84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exe
-
Size
122KB
-
MD5
84466ac43b4575dde674e9aaf216ad00
-
SHA1
eb64efa57ca3e30fbc6f984379a39db32f4a142b
-
SHA256
ecc6f2a9b8dff8cb0ac127ae33dac08ec3e56e8ab28018fd4c27b32e5708ca85
-
SHA512
f95a708c15fa1eb80eb919482fbcc2d6bea7dc737fb900c9b771b435738fde869e8cd3d04d97c72595983f1f3ab38fea016652fd411ee83f5c433507effe9f9e
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX90Ifcmp:n3C9BRW0j/uVEZFmIk+
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
Processes:
resource yara_rule behavioral1/memory/2256-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2900-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2556-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2172-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2828-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2404-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2296-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1888-287-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1680-296-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2092-269-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1960-242-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3048-225-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2236-216-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1356-189-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/488-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1256-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1576-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1544-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1500-125-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/880-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
thttbh.exexffxlfl.exehthntt.exehbnhtb.exedpdpp.exevpdpv.exexrfxffl.exerrflflx.exetnbntb.exe9hhnnb.exebthhnn.exedvjpv.exeddpvv.exefxlxffr.exe9xrrxfl.exehbtthh.exehbnnbb.exejpjpv.exe1dvdp.exerlfrfrx.exe3xrxlrl.exenhbbtb.exehtbthb.exe1vjpp.exedvpdd.exefxrfffr.exefxflxxl.exenhntbh.exe1hnnth.exe9nhnbb.exepvjjp.exedvppv.exelfrlxlr.exerffrrll.exettthtb.exenhtbnh.exenhttbh.exevvjjd.exe7ddjv.exeddvvd.exefxllrxf.exellfrlxf.exebthnbh.exe7nbbhb.exedvjpv.exedjpdp.exelxrrxfr.exellrlrrx.exerxrlfff.exebthnbh.exe1hbhtb.exedpdpp.exepjpjd.exejpjpv.exe7rlrfrf.exerflxxrx.exevjjjv.exe7ppvd.exelfllxxf.exe1vjdd.exe1pppp.exenhtthh.exe1nnnnt.exefrlrfll.exepid process 2900 thttbh.exe 2620 xffxlfl.exe 2656 hthntt.exe 2556 hbnhtb.exe 2172 dpdpp.exe 2404 vpdpv.exe 2828 xrfxffl.exe 2368 rrflflx.exe 880 tnbntb.exe 2684 9hhnnb.exe 2296 bthhnn.exe 1500 dvjpv.exe 1544 ddpvv.exe 1576 fxlxffr.exe 1256 9xrrxfl.exe 488 hbtthh.exe 868 hbnnbb.exe 2040 jpjpv.exe 1356 1dvdp.exe 1424 rlfrfrx.exe 2764 3xrxlrl.exe 2236 nhbbtb.exe 3048 htbthb.exe 1472 1vjpp.exe 1960 dvpdd.exe 344 fxrfffr.exe 472 fxflxxl.exe 2092 nhntbh.exe 2936 1hnnth.exe 1888 9nhnbb.exe 1680 pvjjp.exe 2964 dvppv.exe 1520 lfrlxlr.exe 2632 rffrrll.exe 2548 ttthtb.exe 2528 nhtbnh.exe 2656 nhttbh.exe 2652 vvjjd.exe 2388 7ddjv.exe 2472 ddvvd.exe 2420 fxllrxf.exe 1188 llfrlxf.exe 2368 bthnbh.exe 2584 7nbbhb.exe 2720 dvjpv.exe 2392 djpdp.exe 2176 lxrrxfr.exe 3040 llrlrrx.exe 1260 rxrlfff.exe 324 bthnbh.exe 576 1hbhtb.exe 1248 dpdpp.exe 868 pjpjd.exe 2980 jpjpv.exe 336 7rlrfrf.exe 1132 rflxxrx.exe 2376 vjjjv.exe 636 7ppvd.exe 332 lfllxxf.exe 1732 1vjdd.exe 3048 1pppp.exe 404 nhtthh.exe 1960 1nnnnt.exe 960 frlrfll.exe -
Processes:
resource yara_rule behavioral1/memory/2256-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2172-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2828-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2404-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2172-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2172-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2296-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1888-287-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1680-296-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2092-269-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1960-242-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3048-225-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2236-216-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1356-189-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/488-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1256-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1576-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1544-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1500-125-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/880-99-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exethttbh.exexffxlfl.exehthntt.exehbnhtb.exedpdpp.exevpdpv.exexrfxffl.exerrflflx.exetnbntb.exe9hhnnb.exebthhnn.exedvjpv.exeddpvv.exefxlxffr.exe9xrrxfl.exedescription pid process target process PID 2256 wrote to memory of 2900 2256 84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exe thttbh.exe PID 2256 wrote to memory of 2900 2256 84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exe thttbh.exe PID 2256 wrote to memory of 2900 2256 84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exe thttbh.exe PID 2256 wrote to memory of 2900 2256 84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exe thttbh.exe PID 2900 wrote to memory of 2620 2900 thttbh.exe xffxlfl.exe PID 2900 wrote to memory of 2620 2900 thttbh.exe xffxlfl.exe PID 2900 wrote to memory of 2620 2900 thttbh.exe xffxlfl.exe PID 2900 wrote to memory of 2620 2900 thttbh.exe xffxlfl.exe PID 2620 wrote to memory of 2656 2620 xffxlfl.exe nhttbh.exe PID 2620 wrote to memory of 2656 2620 xffxlfl.exe nhttbh.exe PID 2620 wrote to memory of 2656 2620 xffxlfl.exe nhttbh.exe PID 2620 wrote to memory of 2656 2620 xffxlfl.exe nhttbh.exe PID 2656 wrote to memory of 2556 2656 hthntt.exe hbnhtb.exe PID 2656 wrote to memory of 2556 2656 hthntt.exe hbnhtb.exe PID 2656 wrote to memory of 2556 2656 hthntt.exe hbnhtb.exe PID 2656 wrote to memory of 2556 2656 hthntt.exe hbnhtb.exe PID 2556 wrote to memory of 2172 2556 hbnhtb.exe dpdpp.exe PID 2556 wrote to memory of 2172 2556 hbnhtb.exe dpdpp.exe PID 2556 wrote to memory of 2172 2556 hbnhtb.exe dpdpp.exe PID 2556 wrote to memory of 2172 2556 hbnhtb.exe dpdpp.exe PID 2172 wrote to memory of 2404 2172 dpdpp.exe vpdpv.exe PID 2172 wrote to memory of 2404 2172 dpdpp.exe vpdpv.exe PID 2172 wrote to memory of 2404 2172 dpdpp.exe vpdpv.exe PID 2172 wrote to memory of 2404 2172 dpdpp.exe vpdpv.exe PID 2404 wrote to memory of 2828 2404 vpdpv.exe xrfxffl.exe PID 2404 wrote to memory of 2828 2404 vpdpv.exe xrfxffl.exe PID 2404 wrote to memory of 2828 2404 vpdpv.exe xrfxffl.exe PID 2404 wrote to memory of 2828 2404 vpdpv.exe xrfxffl.exe PID 2828 wrote to memory of 2368 2828 xrfxffl.exe bthnbh.exe PID 2828 wrote to memory of 2368 2828 xrfxffl.exe bthnbh.exe PID 2828 wrote to memory of 2368 2828 xrfxffl.exe bthnbh.exe PID 2828 wrote to memory of 2368 2828 xrfxffl.exe bthnbh.exe PID 2368 wrote to memory of 880 2368 rrflflx.exe tnbntb.exe PID 2368 wrote to memory of 880 2368 rrflflx.exe tnbntb.exe PID 2368 wrote to memory of 880 2368 rrflflx.exe tnbntb.exe PID 2368 wrote to memory of 880 2368 rrflflx.exe tnbntb.exe PID 880 wrote to memory of 2684 880 tnbntb.exe 9hhnnb.exe PID 880 wrote to memory of 2684 880 tnbntb.exe 9hhnnb.exe PID 880 wrote to memory of 2684 880 tnbntb.exe 9hhnnb.exe PID 880 wrote to memory of 2684 880 tnbntb.exe 9hhnnb.exe PID 2684 wrote to memory of 2296 2684 9hhnnb.exe bthhnn.exe PID 2684 wrote to memory of 2296 2684 9hhnnb.exe bthhnn.exe PID 2684 wrote to memory of 2296 2684 9hhnnb.exe bthhnn.exe PID 2684 wrote to memory of 2296 2684 9hhnnb.exe bthhnn.exe PID 2296 wrote to memory of 1500 2296 bthhnn.exe dvjpv.exe PID 2296 wrote to memory of 1500 2296 bthhnn.exe dvjpv.exe PID 2296 wrote to memory of 1500 2296 bthhnn.exe dvjpv.exe PID 2296 wrote to memory of 1500 2296 bthhnn.exe dvjpv.exe PID 1500 wrote to memory of 1544 1500 dvjpv.exe ddpvv.exe PID 1500 wrote to memory of 1544 1500 dvjpv.exe ddpvv.exe PID 1500 wrote to memory of 1544 1500 dvjpv.exe ddpvv.exe PID 1500 wrote to memory of 1544 1500 dvjpv.exe ddpvv.exe PID 1544 wrote to memory of 1576 1544 ddpvv.exe fxlxffr.exe PID 1544 wrote to memory of 1576 1544 ddpvv.exe fxlxffr.exe PID 1544 wrote to memory of 1576 1544 ddpvv.exe fxlxffr.exe PID 1544 wrote to memory of 1576 1544 ddpvv.exe fxlxffr.exe PID 1576 wrote to memory of 1256 1576 fxlxffr.exe 9xrrxfl.exe PID 1576 wrote to memory of 1256 1576 fxlxffr.exe 9xrrxfl.exe PID 1576 wrote to memory of 1256 1576 fxlxffr.exe 9xrrxfl.exe PID 1576 wrote to memory of 1256 1576 fxlxffr.exe 9xrrxfl.exe PID 1256 wrote to memory of 488 1256 9xrrxfl.exe hbtthh.exe PID 1256 wrote to memory of 488 1256 9xrrxfl.exe hbtthh.exe PID 1256 wrote to memory of 488 1256 9xrrxfl.exe hbtthh.exe PID 1256 wrote to memory of 488 1256 9xrrxfl.exe hbtthh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\84466ac43b4575dde674e9aaf216ad00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
\??\c:\thttbh.exec:\thttbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\xffxlfl.exec:\xffxlfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\hthntt.exec:\hthntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2656 -
\??\c:\hbnhtb.exec:\hbnhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2556 -
\??\c:\dpdpp.exec:\dpdpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2172 -
\??\c:\vpdpv.exec:\vpdpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\xrfxffl.exec:\xrfxffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2828 -
\??\c:\rrflflx.exec:\rrflflx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2368 -
\??\c:\tnbntb.exec:\tnbntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:880 -
\??\c:\9hhnnb.exec:\9hhnnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2684 -
\??\c:\bthhnn.exec:\bthhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2296 -
\??\c:\dvjpv.exec:\dvjpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1500 -
\??\c:\ddpvv.exec:\ddpvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1544 -
\??\c:\fxlxffr.exec:\fxlxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1576 -
\??\c:\9xrrxfl.exec:\9xrrxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1256 -
\??\c:\hbtthh.exec:\hbtthh.exe17⤵
- Executes dropped EXE
PID:488 -
\??\c:\hbnnbb.exec:\hbnnbb.exe18⤵
- Executes dropped EXE
PID:868 -
\??\c:\jpjpv.exec:\jpjpv.exe19⤵
- Executes dropped EXE
PID:2040 -
\??\c:\1dvdp.exec:\1dvdp.exe20⤵
- Executes dropped EXE
PID:1356 -
\??\c:\rlfrfrx.exec:\rlfrfrx.exe21⤵
- Executes dropped EXE
PID:1424 -
\??\c:\3xrxlrl.exec:\3xrxlrl.exe22⤵
- Executes dropped EXE
PID:2764 -
\??\c:\nhbbtb.exec:\nhbbtb.exe23⤵
- Executes dropped EXE
PID:2236 -
\??\c:\htbthb.exec:\htbthb.exe24⤵
- Executes dropped EXE
PID:3048 -
\??\c:\1vjpp.exec:\1vjpp.exe25⤵
- Executes dropped EXE
PID:1472 -
\??\c:\dvpdd.exec:\dvpdd.exe26⤵
- Executes dropped EXE
PID:1960 -
\??\c:\fxrfffr.exec:\fxrfffr.exe27⤵
- Executes dropped EXE
PID:344 -
\??\c:\fxflxxl.exec:\fxflxxl.exe28⤵
- Executes dropped EXE
PID:472 -
\??\c:\nhntbh.exec:\nhntbh.exe29⤵
- Executes dropped EXE
PID:2092 -
\??\c:\1hnnth.exec:\1hnnth.exe30⤵
- Executes dropped EXE
PID:2936 -
\??\c:\9nhnbb.exec:\9nhnbb.exe31⤵
- Executes dropped EXE
PID:1888 -
\??\c:\pvjjp.exec:\pvjjp.exe32⤵
- Executes dropped EXE
PID:1680 -
\??\c:\dvppv.exec:\dvppv.exe33⤵
- Executes dropped EXE
PID:2964 -
\??\c:\lfrlxlr.exec:\lfrlxlr.exe34⤵
- Executes dropped EXE
PID:1520 -
\??\c:\rffrrll.exec:\rffrrll.exe35⤵
- Executes dropped EXE
PID:2632 -
\??\c:\ttthtb.exec:\ttthtb.exe36⤵
- Executes dropped EXE
PID:2548 -
\??\c:\nhtbnh.exec:\nhtbnh.exe37⤵
- Executes dropped EXE
PID:2528 -
\??\c:\nhttbh.exec:\nhttbh.exe38⤵
- Executes dropped EXE
PID:2656 -
\??\c:\vvjjd.exec:\vvjjd.exe39⤵
- Executes dropped EXE
PID:2652 -
\??\c:\7ddjv.exec:\7ddjv.exe40⤵
- Executes dropped EXE
PID:2388 -
\??\c:\ddvvd.exec:\ddvvd.exe41⤵
- Executes dropped EXE
PID:2472 -
\??\c:\fxllrxf.exec:\fxllrxf.exe42⤵
- Executes dropped EXE
PID:2420 -
\??\c:\llfrlxf.exec:\llfrlxf.exe43⤵
- Executes dropped EXE
PID:1188 -
\??\c:\bthnbh.exec:\bthnbh.exe44⤵
- Executes dropped EXE
PID:2368 -
\??\c:\7nbbhb.exec:\7nbbhb.exe45⤵
- Executes dropped EXE
PID:2584 -
\??\c:\dvjpv.exec:\dvjpv.exe46⤵
- Executes dropped EXE
PID:2720 -
\??\c:\djpdp.exec:\djpdp.exe47⤵
- Executes dropped EXE
PID:2392 -
\??\c:\lxrrxfr.exec:\lxrrxfr.exe48⤵
- Executes dropped EXE
PID:2176 -
\??\c:\llrlrrx.exec:\llrlrrx.exe49⤵
- Executes dropped EXE
PID:3040 -
\??\c:\rxrlfff.exec:\rxrlfff.exe50⤵
- Executes dropped EXE
PID:1260 -
\??\c:\bthnbh.exec:\bthnbh.exe51⤵
- Executes dropped EXE
PID:324 -
\??\c:\1hbhtb.exec:\1hbhtb.exe52⤵
- Executes dropped EXE
PID:576 -
\??\c:\dpdpp.exec:\dpdpp.exe53⤵
- Executes dropped EXE
PID:1248 -
\??\c:\pjpjd.exec:\pjpjd.exe54⤵
- Executes dropped EXE
PID:868 -
\??\c:\jpjpv.exec:\jpjpv.exe55⤵
- Executes dropped EXE
PID:2980 -
\??\c:\7rlrfrf.exec:\7rlrfrf.exe56⤵
- Executes dropped EXE
PID:336 -
\??\c:\rflxxrx.exec:\rflxxrx.exe57⤵
- Executes dropped EXE
PID:1132 -
\??\c:\vjjjv.exec:\vjjjv.exe58⤵
- Executes dropped EXE
PID:2376 -
\??\c:\7ppvd.exec:\7ppvd.exe59⤵
- Executes dropped EXE
PID:636 -
\??\c:\lfllxxf.exec:\lfllxxf.exe60⤵
- Executes dropped EXE
PID:332 -
\??\c:\1vjdd.exec:\1vjdd.exe61⤵
- Executes dropped EXE
PID:1732 -
\??\c:\1pppp.exec:\1pppp.exe62⤵
- Executes dropped EXE
PID:3048 -
\??\c:\nhtthh.exec:\nhtthh.exe63⤵
- Executes dropped EXE
PID:404 -
\??\c:\1nnnnt.exec:\1nnnnt.exe64⤵
- Executes dropped EXE
PID:1960 -
\??\c:\frlrfll.exec:\frlrfll.exe65⤵
- Executes dropped EXE
PID:960 -
\??\c:\jdvpv.exec:\jdvpv.exe66⤵PID:2268
-
\??\c:\nbtthb.exec:\nbtthb.exe67⤵PID:2088
-
\??\c:\jvjvd.exec:\jvjvd.exe68⤵PID:2092
-
\??\c:\5jvvv.exec:\5jvvv.exe69⤵PID:1720
-
\??\c:\7flxlll.exec:\7flxlll.exe70⤵PID:2920
-
\??\c:\rrflxxr.exec:\rrflxxr.exe71⤵PID:2244
-
\??\c:\7xrxflx.exec:\7xrxflx.exe72⤵PID:1556
-
\??\c:\bbnbnb.exec:\bbnbnb.exe73⤵PID:2488
-
\??\c:\9htntb.exec:\9htntb.exe74⤵PID:3036
-
\??\c:\pjpvd.exec:\pjpvd.exe75⤵PID:2640
-
\??\c:\9pddd.exec:\9pddd.exe76⤵PID:2672
-
\??\c:\jdjvv.exec:\jdjvv.exe77⤵PID:2676
-
\??\c:\rlllxrf.exec:\rlllxrf.exe78⤵PID:2560
-
\??\c:\5xlllrf.exec:\5xlllrf.exe79⤵PID:820
-
\??\c:\7htbbb.exec:\7htbbb.exe80⤵PID:2172
-
\??\c:\bthnbh.exec:\bthnbh.exe81⤵PID:1940
-
\??\c:\5pppd.exec:\5pppd.exe82⤵PID:2472
-
\??\c:\7vpdj.exec:\7vpdj.exe83⤵PID:2836
-
\??\c:\xrxxxxl.exec:\xrxxxxl.exe84⤵PID:2648
-
\??\c:\fxxfrxr.exec:\fxxfrxr.exe85⤵PID:2700
-
\??\c:\frxxffr.exec:\frxxffr.exe86⤵PID:2460
-
\??\c:\5hbbbb.exec:\5hbbbb.exe87⤵PID:1896
-
\??\c:\5bnhhn.exec:\5bnhhn.exe88⤵PID:1728
-
\??\c:\jdjvj.exec:\jdjvj.exe89⤵PID:2300
-
\??\c:\1jvvd.exec:\1jvvd.exe90⤵PID:1020
-
\??\c:\fxrxrfr.exec:\fxrxrfr.exe91⤵PID:920
-
\??\c:\lxllxxl.exec:\lxllxxl.exe92⤵PID:780
-
\??\c:\nththh.exec:\nththh.exe93⤵PID:1212
-
\??\c:\3tnnnn.exec:\3tnnnn.exe94⤵PID:1252
-
\??\c:\vddjd.exec:\vddjd.exe95⤵PID:1844
-
\??\c:\1pddd.exec:\1pddd.exe96⤵PID:868
-
\??\c:\7rfxxrr.exec:\7rfxxrr.exe97⤵PID:3016
-
\??\c:\lfffllr.exec:\lfffllr.exe98⤵PID:2056
-
\??\c:\btnbhh.exec:\btnbhh.exe99⤵PID:1432
-
\??\c:\1nnntt.exec:\1nnntt.exe100⤵PID:1348
-
\??\c:\3ddvv.exec:\3ddvv.exe101⤵PID:2816
-
\??\c:\dvppj.exec:\dvppj.exe102⤵PID:2344
-
\??\c:\rlxfrlr.exec:\rlxfrlr.exe103⤵PID:2728
-
\??\c:\xrfflrx.exec:\xrfflrx.exe104⤵PID:3048
-
\??\c:\1hbntb.exec:\1hbntb.exe105⤵PID:1232
-
\??\c:\nhnnnn.exec:\nhnnnn.exe106⤵PID:960
-
\??\c:\jdddv.exec:\jdddv.exe107⤵PID:2352
-
\??\c:\vjdjj.exec:\vjdjj.exe108⤵PID:1092
-
\??\c:\rfxxffl.exec:\rfxxffl.exe109⤵PID:1200
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe110⤵PID:1672
-
\??\c:\1nntnt.exec:\1nntnt.exe111⤵PID:1224
-
\??\c:\5tnnbb.exec:\5tnnbb.exe112⤵PID:1680
-
\??\c:\tnttbb.exec:\tnttbb.exe113⤵PID:1644
-
\??\c:\vvvvj.exec:\vvvvj.exe114⤵PID:2644
-
\??\c:\ddpdj.exec:\ddpdj.exe115⤵PID:2592
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe116⤵PID:276
-
\??\c:\1rfrlxx.exec:\1rfrlxx.exe117⤵PID:2604
-
\??\c:\hthhbh.exec:\hthhbh.exe118⤵PID:696
-
\??\c:\nhttbb.exec:\nhttbb.exe119⤵PID:2568
-
\??\c:\jdpvv.exec:\jdpvv.exe120⤵PID:2556
-
\??\c:\djppp.exec:\djppp.exe121⤵PID:2440
-
\??\c:\frffxxf.exec:\frffxxf.exe122⤵PID:2540
-
\??\c:\xrllrrf.exec:\xrllrrf.exe123⤵PID:1636
-
\??\c:\nbhbth.exec:\nbhbth.exe124⤵PID:2456
-
\??\c:\hbntbb.exec:\hbntbb.exe125⤵PID:1188
-
\??\c:\jppdp.exec:\jppdp.exe126⤵PID:2436
-
\??\c:\9ppvd.exec:\9ppvd.exe127⤵PID:864
-
\??\c:\fxrxflr.exec:\fxrxflr.exe128⤵PID:1600
-
\??\c:\7xfrrxf.exec:\7xfrrxf.exe129⤵PID:240
-
\??\c:\9bnntn.exec:\9bnntn.exe130⤵PID:2288
-
\??\c:\hhbhhn.exec:\hhbhhn.exe131⤵PID:2120
-
\??\c:\9dvvv.exec:\9dvvv.exe132⤵PID:1604
-
\??\c:\7jvvd.exec:\7jvvd.exe133⤵PID:1256
-
\??\c:\7vjjj.exec:\7vjjj.exe134⤵PID:1168
-
\??\c:\fxffffl.exec:\fxffffl.exe135⤵PID:2036
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe136⤵PID:2044
-
\??\c:\hbnntt.exec:\hbnntt.exe137⤵PID:1296
-
\??\c:\tnhnnt.exec:\tnhnnt.exe138⤵PID:1028
-
\??\c:\jdvvd.exec:\jdvvd.exe139⤵PID:2768
-
\??\c:\llxfrxl.exec:\llxfrxl.exe140⤵PID:1128
-
\??\c:\lflfrlr.exec:\lflfrlr.exe141⤵PID:592
-
\??\c:\frfflrf.exec:\frfflrf.exe142⤵PID:2236
-
\??\c:\nhtbnt.exec:\nhtbnt.exe143⤵PID:1488
-
\??\c:\3thhht.exec:\3thhht.exe144⤵PID:1660
-
\??\c:\vvpvd.exec:\vvpvd.exe145⤵PID:412
-
\??\c:\jdppv.exec:\jdppv.exe146⤵PID:1064
-
\??\c:\lfxfrfx.exec:\lfxfrfx.exe147⤵PID:344
-
\??\c:\lfflxxx.exec:\lfflxxx.exe148⤵PID:608
-
\??\c:\nhhntb.exec:\nhhntb.exe149⤵PID:2228
-
\??\c:\3tbhnb.exec:\3tbhnb.exe150⤵PID:2104
-
\??\c:\vpddj.exec:\vpddj.exe151⤵PID:896
-
\??\c:\5dpvv.exec:\5dpvv.exe152⤵PID:1672
-
\??\c:\fflrrfr.exec:\fflrrfr.exe153⤵PID:2256
-
\??\c:\ffrxrrx.exec:\ffrxrrx.exe154⤵PID:1680
-
\??\c:\tnhhtt.exec:\tnhhtt.exe155⤵PID:1520
-
\??\c:\bbntbt.exec:\bbntbt.exe156⤵PID:2400
-
\??\c:\dvdjv.exec:\dvdjv.exe157⤵PID:2544
-
\??\c:\dvpdv.exec:\dvpdv.exe158⤵PID:276
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe159⤵PID:2608
-
\??\c:\lxfflrx.exec:\lxfflrx.exe160⤵PID:2448
-
\??\c:\nbnttt.exec:\nbnttt.exe161⤵PID:2180
-
\??\c:\hbnnbb.exec:\hbnnbb.exe162⤵PID:2408
-
\??\c:\jjvvv.exec:\jjvvv.exe163⤵PID:2832
-
\??\c:\5jvpv.exec:\5jvpv.exe164⤵PID:900
-
\??\c:\xxlxrrx.exec:\xxlxrrx.exe165⤵PID:2380
-
\??\c:\lxffrrx.exec:\lxffrrx.exe166⤵PID:2508
-
\??\c:\tnhhnt.exec:\tnhhnt.exe167⤵PID:1848
-
\??\c:\1nhbhh.exec:\1nhbhh.exe168⤵PID:2696
-
\??\c:\pjppv.exec:\pjppv.exe169⤵PID:2292
-
\??\c:\9vpvj.exec:\9vpvj.exe170⤵PID:1504
-
\??\c:\pjpvd.exec:\pjpvd.exe171⤵PID:280
-
\??\c:\lfxfrlr.exec:\lfxfrlr.exe172⤵PID:1448
-
\??\c:\9fflrxr.exec:\9fflrxr.exe173⤵PID:3040
-
\??\c:\thnntt.exec:\thnntt.exe174⤵PID:1656
-
\??\c:\1nbbtb.exec:\1nbbtb.exe175⤵PID:544
-
\??\c:\9djjj.exec:\9djjj.exe176⤵PID:2680
-
\??\c:\dvddd.exec:\dvddd.exe177⤵PID:3028
-
\??\c:\5rxxffl.exec:\5rxxffl.exe178⤵PID:720
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe179⤵PID:1684
-
\??\c:\tthtnt.exec:\tthtnt.exe180⤵PID:832
-
\??\c:\nhbnbb.exec:\nhbnbb.exe181⤵PID:2764
-
\??\c:\5vpjd.exec:\5vpjd.exe182⤵PID:636
-
\??\c:\ddppv.exec:\ddppv.exe183⤵PID:2252
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe184⤵PID:1732
-
\??\c:\9llrflr.exec:\9llrflr.exe185⤵PID:1620
-
\??\c:\ttbhtb.exec:\ttbhtb.exe186⤵PID:1472
-
\??\c:\btbbbt.exec:\btbbbt.exe187⤵PID:1640
-
\??\c:\tnhhtb.exec:\tnhhtb.exe188⤵PID:2216
-
\??\c:\3pjdj.exec:\3pjdj.exe189⤵PID:472
-
\??\c:\5pjdd.exec:\5pjdd.exe190⤵PID:2984
-
\??\c:\5llfffl.exec:\5llfffl.exe191⤵PID:2988
-
\??\c:\xrffrxl.exec:\xrffrxl.exe192⤵PID:2032
-
\??\c:\btnhtn.exec:\btnhtn.exe193⤵PID:2932
-
\??\c:\nhtthb.exec:\nhtthb.exe194⤵PID:2864
-
\??\c:\dpddj.exec:\dpddj.exe195⤵PID:3060
-
\??\c:\vpdjv.exec:\vpdjv.exe196⤵PID:2112
-
\??\c:\frlxfxl.exec:\frlxfxl.exe197⤵PID:2620
-
\??\c:\fxlfllr.exec:\fxlfllr.exe198⤵PID:2400
-
\??\c:\nbbbhb.exec:\nbbbhb.exe199⤵PID:2572
-
\??\c:\nthbhh.exec:\nthbhh.exe200⤵PID:2116
-
\??\c:\ttbbhh.exec:\ttbbhh.exe201⤵PID:2412
-
\??\c:\jjpjd.exec:\jjpjd.exe202⤵PID:2824
-
\??\c:\lfxlxfl.exec:\lfxlxfl.exe203⤵PID:2404
-
\??\c:\5frrxrx.exec:\5frrxrx.exe204⤵PID:992
-
\??\c:\7xrrxxx.exec:\7xrrxxx.exe205⤵PID:2828
-
\??\c:\bthhtb.exec:\bthhtb.exe206⤵PID:1840
-
\??\c:\thttbb.exec:\thttbb.exe207⤵PID:1868
-
\??\c:\jdjdd.exec:\jdjdd.exe208⤵PID:2588
-
\??\c:\ppjjv.exec:\ppjjv.exe209⤵PID:1548
-
\??\c:\xlxxffl.exec:\xlxxffl.exe210⤵PID:2696
-
\??\c:\xrxlrxl.exec:\xrxlrxl.exe211⤵PID:2536
-
\??\c:\nnttbb.exec:\nnttbb.exe212⤵PID:1500
-
\??\c:\bbhtnn.exec:\bbhtnn.exe213⤵PID:1668
-
\??\c:\pjpdp.exec:\pjpdp.exe214⤵PID:1508
-
\??\c:\ppvdj.exec:\ppvdj.exe215⤵PID:324
-
\??\c:\xxrfrxf.exec:\xxrfrxf.exe216⤵PID:2432
-
\??\c:\nhbnbh.exec:\nhbnbh.exe217⤵PID:1216
-
\??\c:\7vpjp.exec:\7vpjp.exe218⤵PID:2680
-
\??\c:\jpdpj.exec:\jpdpj.exe219⤵PID:3032
-
\??\c:\xxlfrrf.exec:\xxlfrrf.exe220⤵PID:2712
-
\??\c:\fxxxfxf.exec:\fxxxfxf.exe221⤵PID:2772
-
\??\c:\3thhnn.exec:\3thhnn.exe222⤵PID:2224
-
\??\c:\5hhtbh.exec:\5hhtbh.exe223⤵PID:1572
-
\??\c:\5jvpp.exec:\5jvpp.exe224⤵PID:1152
-
\??\c:\5vppv.exec:\5vppv.exe225⤵PID:320
-
\??\c:\rlflrxf.exec:\rlflrxf.exe226⤵PID:1968
-
\??\c:\rlxflrf.exec:\rlxflrf.exe227⤵PID:3048
-
\??\c:\hthnbb.exec:\hthnbb.exe228⤵PID:772
-
\??\c:\hthbnh.exec:\hthbnh.exe229⤵PID:960
-
\??\c:\jdvjj.exec:\jdvjj.exe230⤵PID:2352
-
\??\c:\pjpvv.exec:\pjpvv.exe231⤵PID:472
-
\??\c:\9frrrrr.exec:\9frrrrr.exe232⤵PID:2984
-
\??\c:\llxfrfr.exec:\llxfrfr.exe233⤵PID:908
-
\??\c:\tnhnbn.exec:\tnhnbn.exe234⤵PID:1224
-
\??\c:\hbhhbb.exec:\hbhhbb.exe235⤵PID:1524
-
\??\c:\hbhhnn.exec:\hbhhnn.exe236⤵PID:1496
-
\??\c:\9vpjp.exec:\9vpjp.exe237⤵PID:2600
-
\??\c:\5lflllr.exec:\5lflllr.exe238⤵PID:2500
-
\??\c:\rlrrxfl.exec:\rlrrxfl.exe239⤵PID:1016
-
\??\c:\9lflrrf.exec:\9lflrrf.exe240⤵PID:2708
-
\??\c:\nhnbnt.exec:\nhnbnt.exe241⤵PID:2656
-
\??\c:\3dppp.exec:\3dppp.exe242⤵PID:2568